Compliance Check for Profiles (iOS/Android etc) with Action Possibility
In the current version 3.0, if a user removes an installed profile (a profiled transferred by SMC), we see only a non-compliancy X in the overview or details of the device.
We should implement the possibility to take action like in the "passcode required" compliancy check, so that we define a set of profiles as "required", like we currently to with app white/blacklisting and if one or more of these profiles are removed by the user we can take action with our 3 step method (EAS block, Notification, Taskbundle).
But this can be avoided all together, if profiles are marked as not deleteable. Why is this not sufficient?
Yannick Escudero commented
Good point Thomas, I agree with Alexis's comment and I would even go step further and put all the "Profiles" with settings that can be changed afterwards by the user manually, in a new category, for example in iOS that's the option "Roaming/Hotspot settings", even if the profile is on the device the device should show up as non-compliant, because the user changed or deleted the setting/value.
Maybe this is more something for the compliance check tab.
non-removable only works for iOS
and the main issue here is with Android where we can't verify if the profile is still applied on the device : wifi, vpn, exchange, pwd, restrictions ....