Rule ID
SV-284246r1223987_rule
Version
V1R1
CCIs
Access control of mobile devices to DoW sensitive information or access to DoW networks must be controlled so that DoW data will not be compromised. The primary method of access control of mobile devices is via enrollment of authorized mobile devices on the UEM server. Therefore, the UEM server must have the capability to enforce a policy for this control. Satisfies: FMT_UNR_EXT.1.1
Authenticate to the Workspace ONE UEM console as an administrator. Navigate to Groups & Settings >> All Settings >> Devices & Users >> Android >> Intelligent Hub Settings. If "Block User Unenrollment" is not "Enabled", this is a finding. Navigate to Groups & Settings >> All Settings >> Devices & Users >> Apple >> Automated Device Enrollment. Edit the DEP profile and navigate to "MDM features". If "Lock MDM Profile" is not "Enabled", this is a finding.
Authenticate to the Workspace ONE UEM console as an administrator. Navigate to Groups & Settings >> All Settings >> Devices & Users >> Android >> Intelligent Hub Settings. Find "Block User Unenrollment" and choose "Enabled". Click "Save". Navigate to Groups & Settings >> All Settings >> Devices & Users >> Apple >> Automated Device Enrollment. Edit the DEP profile and navigate to "MDM features". Choose "Enabled" for "Lock MDM Profile". Click "Save".