Rules & Quarantine
The device group rules feature allows an administrator to create a whitelist, blacklist, or required list of apps for a group of devices. We recommend using this feature only when device supervision is not an option. Otherwise, app restrictions in conjunction with supervised devices is a much more powerful option.
In the absence of device supervision, app rules establish rules that a device should follow. Since SimpleMDM cannot force these settings on the device, it alternatively allows an administrator to take away permissions and privileges when rules are broken. As long as a device follows the established rules, it benefits from the configuration options of its assigned group. If it breaks the rules, it ends up in the Quarantine Group.
In the absence of device supervision, app rules establish rules that a device should follow. Since SimpleMDM cannot force these settings on the device, it alternatively allows an administrator to take away permissions and privileges when rules are broken. As long as a device follows the established rules, it benefits from the configuration options of its assigned group. If it breaks the rules, it ends up in the Quarantine Group.
The Quarantine Group is like any other group except that devices only end up here when they are breaking the rules of their assigned group. You will likely want to reconfigure the Quarantine Group to be more restrictive than your other groups. Perhaps you disable the iTunes Store and Multiplayer Gaming. Or, maybe disabling Safari makes more sense. You could also change which wireless network they have access to. You aren't able to remove apps, but you are able to make it not worth the tradeoff of having them.
Devices in quarantine will remain in quarantine until SimpleMDM has detected that they are no longer breaking the rules.
Setting Rules
Rules can be defined for each device group. Rules currently allow an administrator to:
- Set a minimum version of iOS
- Require some apps to be installed
- Only allow certain apps to be installed
- Disallow certain apps from being installed
- Click "Devices" on the left hand side of the screen.
- The quarantine device group appears at the bottom of the page. Click the "edit" link next to the group name.
- Click the "Rules" tab.
- Define the desired rules and click "Save".
Common Questions
Q: I have a device in quarantine. I edited the rule that placed it there but the device hasn't moved back to it's native device group. What's happening?
The devices interface shows what group each device is currently in, not the group that the device should be in.
If a device is in quarantine and the rule that placed it there is removed, SimpleMDM must communicate with the device to update its configuration. If the device doesn't respond to SimpleMDM, due to a lack of internet for instance, it will remain in the quarantine group until it contacts SimpleMDM.