7.4 Ensure that users cannot connect from devices that are jail broken or rooted

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

You should not allow your users to use to connect with mobile devices that have been jail broken or rooted.

Rationale:

These devices have had basic protections disabled to run software that is often malicious and could very easily lead to an account or data breach.

Impact:

Impact should be minimal however, in the event that a device is Jailbroken or running a developer build of a mobile Operating System it will be blocked from connecting.

Solution

To set mobile device management policies, use the Microsoft 365 Admin Center:

Under Admin Centers select Endpoint Management.

Select Devices and then under Policy select Configuration profiles

Select Create Policy

Set a Name for the policy, choose the appropriate Platform

Under Settings and Device Health ensure that Jailbroken devices or Rooted devices is set to Block.

See Also

https://workbench.cisecurity.org/files/3729