Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Protect Mobile for UEM
  3. BlackBerry Protect Overview and Administration Guide
  4. Using hardware certificate attestation for BlackBerry Dynamics apps on Android devices
  5. Configure compliance actions to take when a device fails attestation

Configure compliance actions to take when a device fails attestation

  1. In the management console, on the menu bar, click 
    Policies and profiles > Compliance > Compliance
    .
  2. Create a new compliance profile or select and edit an existing compliance profile.
  3. On the 
    Android
     tab, select the 
    Required security patch level is not installed
     check box.
    1. Add the required device models and corresponding security patches.
    2. Configure the prompt settings and enforcement settings for the device and 
      BlackBerry Dynamics
       apps if the device does not satisfy the required patch level.
  4. In the 
    BlackBerry Protect
     section, select the 
    Hardware attestation failed
     check box.
    1. Configure the prompt settings (behavior, method, count, and interval) as desired.
    2. In the 
      Enforcement action for BlackBerry Dynamics apps
       drop-down list, choose one of the following actions to take when a device fails attestation or does not respond in the configured grace period:
      • To log information about the compliance issue without taking a compliance action for 
        BlackBerry Dynamics
         apps, click 
        Monitor and log
        .
      • To prevent the user from accessing 
        BlackBerry Dynamics
         apps while out of compliance, click 
        Do not allow BlackBerry Dynamics apps to run
        .
  5. If you want to set the minimum security level for the hardware attestation certificate and the actions that are executed if that level is not met, select the 
    Hardware attestation security level
     check box.
    1. In the 
      Minimum security level
       required drop-down list, select the appropriate option (Software, Trusted Environment, or StrongBox). For more information, see SecurityLevel on the Android Developers site.
    2. Configure the prompt settings (behavior, method, count, and interval) as desired.
    3. In the 
      Enforcement action for BlackBerry Dynamics apps
       drop-down list, choose one of the following actions:
      • To log information about the compliance issue without taking a compliance action for 
        BlackBerry Dynamics
         apps, click 
        Monitor and log
        .
      • To prevent the user from accessing 
        BlackBerry Dynamics
         apps while out of compliance, click 
        Do not allow BlackBerry Dynamics apps to run
        .
  6. If you want to execute compliance actions when the hardware attestation boot state is unverified, select the 
    Hardware attestation boot state is unverified
     check box.
    1. Configure the prompt settings (behavior, method, count, and interval) as desired.
    2. In the 
      Enforcement action for BlackBerry Dynamics apps
       drop-down list, choose one of the following actions:
      • To log information about the compliance issue without taking a compliance action for 
        BlackBerry Dynamics
         apps, click 
        Monitor and log
        .
      • To prevent the user from accessing 
        BlackBerry Dynamics
         apps while out of compliance, click 
        Do not allow BlackBerry Dynamics apps to run
        .
  7. Click 
    Add
     or 
    Save
    .
  • Assign the profile to users and groups.
  • You can view information about compliance violations on the Managed devices screen (filter by compliance violations) or in a user's device details.