Skip to main content

Policies

You can create and manage device security policies to enforce specific security rules for your organization's devices.

You have the flexibility to customize these rules and add Enforcement integrations to ensure that devices comply with your organization's security standards.

✅ Available Security Checks

A policy can include the following checks:

  1. Add devices to organization

    • When enabled, devices will be added and reported to the organization.

  2. Allow users to skip the device verification

    • Users will be able to skip the device verification process and gain access to the application.

  3. Allow unsupported devices to access the application

    • Devices that aren't supported by XFA can still access the application.

  4. Validate Operating System version

    • XFA will verify the OS version of each device. You can:
      • Warn users after a specified period.
      • Block users after a set period if the OS version doesn't comply.
      • Warn or block users with specific beta versions to access the application.
      • Warn or block users with specific versions that are still supported (even when it's not the latest version) to access the application.

  5. Validate Operating System autoupdate setting

    • XFA checks if devices have auto-updates enabled. You can:
      • Warn users if autoupdates are disabled.
      • Block users without autoupdates enabled.

  6. Validate browser version

    • XFA verifies the browser version of each device and allows you to:
      • Warn users after a period of time.
      • Block users for outdated browsers after a certain time.
      • Warn or block users with specific beta versions to access the application.
      • Warn or block users with specific versions that are still supported (even when it's not the latest version) to access the application.

  7. Validate disk encryption

    • Devices without disk encryption will trigger warnings or can be blocked based on your settings.

  8. Validate screen lock

    • XFA checks whether devices have screen lock enabled and allows for warnings or blocking users without it.

  9. Validate antivirus

    • The system verifies whether antivirus software is active on the device, with options to warn or block users without it.

  10. Validate password manager

    • Ensures users have a password manager enabled. You can decide whether to warn or block users who don't comply.

  11. Validate biometric authentication

  • Enforce users to use biometric authentication on their device. You can decide whether to warn or block users who don't comply.
  1. Validate device reboot
  • Enforce users to regularry reboot their devices. Rebooting the device ensures that the device is up to date and secure. You can decide whether to warn or block users who don't comply.
  1. Validate Windows Recall
  • XFA checks whether Windows Recall is disabled on Windows devices to protect sensitive data from being captured and stored. You can decide whether to warn or block users who have Windows Recall enabled.

Enforcement Integrations

You can integrate this policy with various enforcement tools (e.g., Microsoft, Google, Okta) to ensure that only compliant devices have access to your business platforms. This helps automate device security across your organization and guarantees that users meet the required security standards.

To modify or enforce these rules, visit your dashboard and configure the enforcement settings to fit your organization's needs.

For more details on enforcement, refer to our enforcement documentation.