STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 7 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Omnissa WS1 UEM Agent Security Technical Implementation Guide

V-284246

CAT II (Medium)

The Omnissa WS1 UEM Agent must be configured to perform one of the following actions upon an attempt to unenroll the mobile device from management: - Prevent the unenrollment from occurring. - Wipe the device to factory default settings. - Wipe the work profile with all associated applications and data.

Rule ID

SV-284246r1223987_rule

STIG

Omnissa WS1 UEM Agent Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366

Discussion

Access control of mobile devices to DoW sensitive information or access to DoW networks must be controlled so that DoW data will not be compromised. The primary method of access control of mobile devices is via enrollment of authorized mobile devices on the UEM server. Therefore, the UEM server must have the capability to enforce a policy for this control. Satisfies: FMT_UNR_EXT.1.1

Check Content

Authenticate to the Workspace ONE UEM console as an administrator.

Navigate to Groups & Settings >> All Settings >> Devices & Users >> Android >> Intelligent Hub Settings.

If "Block User Unenrollment" is not "Enabled", this is a finding.

Navigate to Groups & Settings >> All Settings >> Devices & Users >> Apple >> Automated Device Enrollment.

Edit the DEP profile and navigate to "MDM features". If "Lock MDM Profile" is not "Enabled", this is a finding.

Fix Text

Authenticate to the Workspace ONE UEM console as an administrator.

Navigate to Groups & Settings >> All Settings >> Devices & Users >> Android >> Intelligent Hub Settings.

Find "Block User Unenrollment" and choose "Enabled". Click "Save".

Navigate to Groups & Settings >> All Settings >> Devices & Users >> Apple >> Automated Device Enrollment.

Edit the DEP profile and navigate to "MDM features". Choose "Enabled" for "Lock MDM Profile". Click "Save".