Skip to main content

Policies

You can create and manage device security policies to enforce specific security rules for your organization’s devices. The policy displayed below is the default policy provided by XFA.

You have the flexibility to customize these rules and add Enforcement integrations to ensure that devices comply with your organization’s security standards.

Available Security Checks

The default policy includes the following checks:

  1. Add devices to organization

    • When enabled, devices will be added and reported to the organization.

  2. Allow users to skip the device verification

    • Users will be able to skip the device verification process and gain access to the application.

  3. Allow unsupported devices to access the application

    • Devices that aren’t supported by XFA can still access the application.

  4. Validate Operating System version

    • XFA will verify the OS version of each device. You can:
      • Warn users after a specified period.
      • Block users after a set period if the OS version doesn’t comply.

  5. Validate Operating System autoupdate setting

    • XFA checks if devices have auto-updates enabled. You can:
      • Warn users if autoupdates are disabled.
      • Block users without autoupdates enabled.

  6. Validate browser version

    • XFA verifies the browser version of each device and allows you to:
      • Warn users after a period of time.
      • Block users for outdated browsers after a certain time.

  7. Validate disk encryption

    • Devices without disk encryption will trigger warnings or can be blocked based on your settings.

  8. Validate screen lock

    • XFA checks whether devices have screen lock enabled and allows for warnings or blocking users without it.

  9. Validate antivirus

    • The system verifies whether antivirus software is active on the device, with options to warn or block users without it.

  10. Validate password manager

    • Ensures users have a password manager enabled. You can decide whether to warn or block users who don’t comply.

  11. (Desktop-only) Native client needs to be installed

    • On desktop devices, installing the XFA native client is required for further insights into device security.

Enforcement Integrations

You can integrate this policy with various enforcement tools (e.g., Microsoft, Google, Okta) to ensure that only compliant devices have access to your business platforms. This helps automate device security across your organization and guarantees that users meet the required security standards.

To modify or enforce these rules, visit your dashboard and configure the enforcement settings to fit your organization's needs.

For more details on enforcement, refer to our enforcement documentation.