In the management of enterprise Android devices, it is essential not only to define security and usage policies but also to ensure that these policies are effectively enforced. Policy Enforcement Rules are designed to automatically detect and respond to policy violations, helping organizations maintain compliance and protect their device fleet.
The main purpose of this configuration is to provide administrators with a flexible mechanism to automate corrective actions when a device falls out of compliance. Depending on the type or severity of the violation, the system can execute predefined responses—such as blocking device access, performing a remote wipe, or notifying the user—to immediately mitigate risks and restore compliance.
By implementing Policy Enforcement Rules, organizations can ensure continuous protection, real-time control, and operational efficiency across all managed Android devices, minimizing security gaps and reducing the need for manual intervention.
Configuring Policy Enforcement Rules #
Once in the Applivery Dashboard, navigate to Device Management > Policies (1).
Select the Android policy where you want to enforce password security. Then, go to the Compliance (2) section in the left-hand menu. Locate the Policy Enforcement Rules (3) configuration, then click the + Add element button.
Block Action #
Defines an automatic action that restricts access to applications and data on a managed device or work profile when it fails to comply with the selected policy.
It is also recommended to configure the Wipe Action to complete the full compliance enforcement cycle.
- Block After Days: Specifies the number of days a device or profile may remain non-compliant before the block is applied. A value of 0 applies the block immediately. If configured with a delay, access will be restricted once that period elapses.
-
Block Scope: Determines the scope of the block, typically whether it applies to the entire device or only the work profile. For example, selecting WORK PROFILE limits the block to corporate apps and data, leaving personal content unaffected.
Setting Name #
Specifies the name of the top-level policy to enforce (for example: passwordPolicies). This helps identify which policy governs the rule and simplifies tracking and management.
Wipe Action #
Defines an automatic action that either performs a factory reset or removes the work profile if compliance is not restored within the specified timeframe.
It is recommended to configure this action together with Block Action.
- Preserve FRP: Indicates whether Factory Reset Protection (FRP) by Google should remain enabled after a wipe. Applicable only to fully managed devices, not work profiles.
-
Wipe After Days: Defines the number of days of non-compliance before the device or profile is wiped. This value should be greater than the one set for Block After Days, ensuring that blocking occurs first, followed by a wipe if compliance is not reestablished.
These settings enable administrators to tailor rules for different types of non-compliance, defining tolerance periods, scope, and corrective actions. This ensures flexible, automated, and secure management of Android devices.
Proper configuration and management of Policy Enforcement Rules are key to maintaining corporate security and policy compliance.
By automating responses to non-compliance — such as blocking, notifying, or wiping — administrators can adapt enforcement severity to each context, minimize risks, and maintain operational control over the mobile fleet.
Strategic implementation of these rules promotes proactive, efficient, and secure device management, reinforcing both trust and compliance within the organization.