Select in the Administration Portal Administration→ Settings→ Android Enterprise→ Configure.
Action on failure of basic integrity check/Action on CTS Profile Match check failure: Specify here what ought to happen during and after configuration of the Android devices if and when they fail Google’s SafetyNet test.
While configuring a device, and then every 10 minutes thereafter, Cortado MDM asks Google if any security breaches have occurred on the device. The following security irregularities are considered relevant according to Google:
If Google reports such a violation to the Cortado management console, you can specify here how it must proceed:
- Do Nothing: There is no reaction to a safety violation during the SafetyNet check. In addition, an already locked device can be unlocked again by changing the setting from Lock to Do Nothing.
- Lock: All managed apps will be blocked.
- Reset: Fully managed devices can be reset to factory default settings. For devices that have a work profile, the work profile is deleted from the device.
It is generally sufficient to select the Lock option and then check the user’s device to determine what the problem is.
Locked devices can be selected under Administration→ Devices and unlocked with Unlock Workspace. However, the lock is repeated after 10 minutes if the cause of the lock has not been removed.
You can also put these settings in place in the Android Enterprise policies and thus determine different settings for selected users, groups, or devices. Depending on the circumstances, it may take up to 10 minutes after configuring the devices for these policies to take effect. If settings are set up in the Policies, they will have a higher priority than in the Settings. The latter will then be applied only to those users for whom no policies have been created and distributed.