Product Documentation

How Automated Actions Work

May 25, 2013

You can configure Automated Actions in Device Manager to trigger an event when a user device is out of compliance. You configure the following settings when you configure Automated Actions:

  • Trigger. The state that must exist to cause the event. .
  • Condition. The setting that defines the trigger explicitly.
  • Action. The result that occurs if the trigger conditions are met.
  • Options. The ability to delay an action to notify users of the policy violation and allow time for users to remedy the condition.

Before you start using Automated Actions, consider the following:

  • If devices are shared between two users and you want to re-enroll the device to the second user, make sure that you delete the device entry from the Device Manager Devices tab before enrolling the second user.
  • Automated Actions are only triggered when a device connects to Device Manager. For example, a notification is not sent to a device until the device attempts a connection back to the server, Likewise, if any of the managed devices are currently blocked by Secure Mobile Gateway, notifications are not sent to those devices until users initiate an Active Sync activity, such as receiving email or if the device synchronizes with Exchange.
  • You can deploy Automated Actions to anonymous devices if you deploy the package to anonymous users. You cannot perform Notify (SMTP/SMS) Automated Actions on anonymous (unauthenticated) users.
  • The only Automated Actions you can perform on unmanaged devices - that is, on devices that are revoked, have been selectively wiped, or are not enrolled -are the Notification and Set as Out Of Compliance actions.
  • The Out Of Compliance action keeps a device in that state until another action explicitly changes the state of the Out of Compliance property.
  • You cannot set the Secure Mobile Gateway block notification cannot on a device that is not enrolled.
  • If you are using an Automated Action to detect when users disable their location servers on an iOS device and you want to send a notification, wipe, or revoke the device, you must enable Report if location services are disabled when you configure an iOS geo-tracking policy. For details, see To configure an iOS Geo-tracking policy.
  • If you want to create an Automated Action based upon a user whose Active Directory account is disabled, you can use the Event Trigger named 'AD Disabled User'.
  • If you create custom notification templates of the following type - Out of Compliance and AD Disabled User - you cannot select the templates when you configure an Automated Notification.
  • There is a default one-hour waiting period for event-based triggers. Recurring notifications may be delayed due to the original event that causes the notification to be sent. For example, if you configure Device Manager to send a recurring notification every hour, but users do not receive the notifications. The reason for the delay is due to the fact that recurring notifications are not sent until the configured trigger occurs again after the Repeated Wait time expires. .