Product Documentation

Configuring Network Access Controls

Feb 24, 2013

If you have a Network Access Control (NAC) appliance set up in your network (such as a Cisco ISE), you can enable filters to set devices as compliant or not compliant for NAC-based on rules or properties. If a Device Manager managed device does not meet the specified criteria , and thus is marked Not Compliant, the device will be blocked on your network by the NAC appliance.

To set unmanaged devices as not compliant, enable the associated filter and set to "Not Compliant". The "Implicit Compliant / Not Compliant" filter sets the default value only on devices that are managed by XenMobile. For example, any devices that have a blacklisted app installed and/or are anonymous (not enrolled) are marked as Not-Compliant and will be blocked from your network by the NAC appliance.

The NAC compliance filters are as follows:

  • Blacklisted Apps. Device has a blacklisted app installed.
  • Rooted Android/Jailbroken iOS Devices
  • Revoked Status. Device has been revoked.
  • Unmanaged Devices. Device is in an unmanaged state.
  • Suggested Apps Only. Device has "suggested" app installed.
  • Inactive Devices. Device is in an inactive state.
  • Anonymous Devices. Device is anonymous.
  • Out of Compliance Devices. Device has property of Out of Compliance set to True.
  • Encryption. The device has disk encryption enabled.
  • Implicit Compliant/Non-Compliant. Indicates that if none of the above filters match, return device to be compliant or not (according to the option selected).