How to disable Compromised Protection and compliance policies containing compromised detection

How to identify which users are not using supported applications

In the AirWatch Console, navigate to Hub > Reports & Analytics > Reports.  Find and run the Device Application Detail report.  Using this report, you can identity which version of each app is installed on every device specified in the report.  Devices that have not updated to the iOS 10.3 supported versions of AirWatch apps will be flagged as compromised upon upgrading to iOS 10.3.  Configure this report as follows:

  • Select All for the Organization Groups
  • Select "All Apps" for Application Type
  • For the Applications, you have two options:  
    • First, you can  manually add all of the older versions of a specific app. For example, in the screenshot below we have selected the 5.0.2 version of the Agent (Note: the 5.3 version is required for iOS 10 so all versions below 5.3 should be selected)
    • Second, you can run this report against all applications in your environment, and filter through the report once it has been exported to identify all users using unsupported versions of applications.
  • Select Download
  • Once opening the report, select the whole sheet and then navigate in Excel to Data > Remove Duplicates. Then select Remove Duplicates.
  • If you have chosen the second option above when exporting the report, make sure to identify only those AirWatch apps (or internal apps using the AirWatch SDK/App Wrapping) that are on unsupported versions.



How to disable Compromised Protection

To disable compromise detection from the console navigate to Apps > Settings and Policies > Security Policies and switch Compromised Protection to Disabled.  

Important: If you currently have Integrated Authentication enabled and are utilizing a Defined Certificate Authority, saving this page will result in new certificates being generated for all assigned devices.  Customers in Shared SaaS environments should not disable Compromised Protection if this is critical functionality, as users may experience significant downtime during the certificate deployment.  In these cases, you must make sure that all affected users with iOS devices update to the iOS 10 supported versions of AirWatch apps.



How to disable Compromised Protection for SDK profiles

If you have any apps deployed that are leveraging custom SDK profiles, make sure that Compromised Protection is disabled for each SDK profile as well.  Navigate to each profile and select the Compliance tab.  Make sure Enable Compromised Protection is unchecked.  If this setting needs to be updated, make sure to republish the profile.

How to disable a compliance policy containing Compromised detection

If you have any compliance policy that contains a Compromised Status check, you can disable this compliance policy to ensure that iOS 10 devices not using supported apps are affect.  First, verify that a specific compliance policy is checking for compromised status by looking for the following rule:


This policy can be inactivated by navigating to the Compliance Policy list view and selecting the grey circle to the left of the compliance policy name.  When a compliance policy is inactive, it will no longer be applied to all assigned devices.  


When a compliance policy is inactive, it will not appear in the default list view.  To view it again, select the Status drop-down menu and choose either All or Inactive.



Compromised Detection for Mobile Email Management

If you have Mobile Email Management configured in the AirWatch Console, there is a setting to deny email access to compromised devices.  View your Managed Device Polices under the MEM configuration.  You can disable the Device Compromised policy by selecting the gray circle in the left-hand column (which will appear as red when the policy is disabled).  This can be re-enabled by selecting the green circle (which will appear as grey when the policy is disabled).


Have more questions? Submit a request


Article is closed for comments.