Purpose
The Compliance Job in SureMDM is designed to configure and enforce compliance rules based on parameters such as operating system version, device connectivity to the SureMDM server, and battery levels. It enables administrators to proactively trigger predefined actions, such as blocking devices or wiping data, when non-compliance is detected.
SureMDM also leverages Compliance Jobs to monitor changes in SureMDM Agent permissions. This feature allows administrators to receive alerts and take necessary actions if critical agent permissions are modified or disabled.
This article provides a step-by-step guide to enable SureMDM Agent permission compliance on macOS devices.
Prerequists
Supported on SureMDM Agent version 7.2 and above
Steps
- Navigate to SureMDM Web Console > Jobs > New Job > macOS > Compliance Jobs
- In the Compliance Job window:
- Enter a Job Name
- Enable the option “Enable Compliance Job”
- Search for Agent Permissions Compliance and click Configure
- In the Compliance Rules section:
- Enable “Device must comply with the selected Agent Permissions applied”
- Select the required permissions based on your use case:
- Full Disk Access Permission
- Location Permission
- Remote Support Permission
- Modern Remote Support Permission
- Notification Permission
Out of Compliance Actions
Select the appropriate action(s) to be triggered when compliance rules are violated:
| Option Name | Description |
| Send Message | Send a custom message to the SureMDM Console. |
| Move to Blocklist | Move the device to the blocklist to restrict its access. |
| Wipe Device | Remotely wipe all data from the device. |
| Lock Device | Remotely lock the device to prevent unauthorized usage. |
| E-mail Notification | Send an email alert to the configured recipient(s). |
| Apply Job | Apply a predefined job to the device for remediation. |
| Send SMS | Send an SMS to the device’s registered number. |
- Click Add Action to configure additional Out of Compliance actions.
- Click Save to create the job.
Once the Job has been configured, Navigate to Home and select the device on which the job needs to be deployed>>click on Apply>>select the job and apply it on the devices.
Conclusion:
If any of the selected permissions are disabled for the SureMDM Agent on the device, the configured Out of Compliance actions will be automatically triggered.