Compliance Enforcement Setting

The Compliance Enforcement Setting page in the BigFix WebUI allows administrators to create automated links between a device's security status and a specific Policy Group. When a device is identified as "Potentially compromised" (Jailbroken or Rooted), the system automatically enforces the associated policy to mitigate risks.

About this task

To access this page in the BigFix WebUI:

Procedure

  1. In the BigFix MCM WebUI app, navigate to Admin > Jailbreak > Compliance Enforcement Setting.
  2. The next page displays list of all enforcement settings created already in a grid
    Feature Description
    Create compliance enforcement setting Button to launch the configuration wizard for a new enforcement rule.
    Name The unique identifier for the setting (e.g., Jailbreak_IOS_Device_Setting).
    Associated Device Groups The number of specific device groups targeted by this enforcement rule.
    Action Targeted on Defines the trigger condition, typically set to "Potentially compromised."
    Policy Group The specific set of restrictions or profiles deployed when the condition is met.
    Table Actions Icons to edit current settings or delete an enforcement
  3. Click the Create Compliance Enforcement Setting button to open the configuration wizard.
  4. In the Name field, enter a descriptive name that identifies the purpose and target of the rule (e.g., iOS_HighSecurity_AutoWipe).
  5. Go to the Associate Device Groups section.
  6. Click the Target Groups button.
  7. From the pop-up list, select the Smart Group(s) you want to monitor.
  8. Click Apply to attach these groups to the rule.
  9. Under Apply Actions On, choose the sensitivity level for the trigger:
    • Compromised: Select this for definitive, high-confidence detection of a jailbreak or root.
    • Potentially Compromised: Select this if you want to include devices that show suspicious integrity patterns or fail minor security checks.
  10. Configure Remediation Actions: Choose one or more of the following Compliance Actions by checking the corresponding box:
    • Notifications: Check this to automatically send a warning message to the user via the BigFix Mobile app.
    • Device Actions: Check this to trigger a remote command.

      • Sub-step: Once checked, select the specific command (e.g., Lock, Selective Wipe, or Full Wipe) from the resulting dropdown menu.

    • Policy Group: Check this to force a specific Policy Group onto the device, replacing its current configuration with more restrictive settings.

  11. Review all fields to ensure the logic follows your security protocol and click Save Compliance Setting to finalize. To confirm it is active, verify that the new rule appears in the Compliance Enforcement Setting summary table.
  • Missing Groups: If your groups don't appear in the "Target Groups" list, ensure they have been created and published under the Smart Groups section of the Admin menu.
  • Action Failures: If a "Wipe" or "Lock" command fails to execute, check the device's last heartbeat in the Devices list to ensure it is still communicating with the MDM server.