Overview

The Compliance Center now supports group-level compliance controls, enabling organizations to define, manage, and apply custom compliance requirements at the device group level. This enhancement provides greater flexibility and granularity in compliance management, allowing device groups to override or supplement organization-wide compliance controls.

Key Features

1. Group-Level Compliance Controls

• Custom Controls at Group Level:
  Administrators can now create custom compliance controls specific to a device group. These controls are managed within the Device Group’s Compliance Center.

  
  

• Checklist Integration:
  Custom group-level controls can be added to the device compliance checklist, alongside system default and organization-level controls.

• Configuration and Visibility:

  • Configure group compliance controls via Device Group > Configure Group Compliance controls.

  • View all applied controls and their status in Compliance Center > Device Group controls.

    

2. Device Compliance Checklist Enhancements

• Unified Checklist:
  The device compliance checklist now supports a mix of system defaults, organization-level, and group-level controls.

• Dynamic Calculation:
  Device compliance status is recalculated based on the latest group assignment and the controls active in that group.

3. Control Management Improvements

• Toggle and Reset:

  • Each control in the group compliance checklist features a toggle switch for activation/deactivation.

  • A reset option allows administrators to remove all group-level overrides and revert to organization defaults.

• Override Logic:

  • Group-level controls can override organization-level controls for devices assigned to that group.

  • Only the controls from the most recently assigned group are used for compliance calculation if a device belongs to multiple groups.

4. User Experience and Workflow

• Creation Flow:

  • Users can create new group-specific controls or override existing organization controls for a group.

  • The interface ensures that only group controls are editable; organization-level controls require an override to be customized at the group level.

• Clear Compliance Status:

  • Devices display a single compliance status, determined by the controls of their latest assigned group.

  • When a device is reassigned to a different group, compliance is recalculated using the new group’s controls.

5. Testing and Scenarios

• Comprehensive testing scenarios were implemented, including:

  • Creating and managing custom group-level controls.

  • Adding controls to checklists and verifying their application.

  • Ensuring compliance status updates correctly when devices are moved between groups or assigned to multiple groups.

  • Validating that group-level controls can be created independently of organization-level controls.

Benefits

• Granular Compliance:
  Organizations can tailor compliance requirements for specific device groups, improving security and operational flexibility.

• Simplified Management:
  The new workflow and UI enhancements make it easier to create, manage, and audit compliance controls at both the organization and group levels.

• Accurate Compliance Reporting:
  Devices always reflect the correct compliance status based on their current group assignment and applicable controls.

This update empowers administrators with more precise control over device compliance, supporting complex organizational structures and evolving security needs.