In our example:
We want to mark the device to “Out of Compliance” if an app is installed on the device ( forbidden app)
We then want to restrict this device so user cannot use the “Camera”.
Furthermore, once the user removes the forbidden app, we want the device to be marked “In- Compliance” and remove the restriction so user can use Camera again.

---

Instructions

Summary of Policies and Automated Actions that need to be set up:

1. configure “ APP ACCESS” policy, forbidding an APP (CNN App for example)
2. configure “OUT of COMPLINACE” Automated Action (Based on App Access Policy configured in previous section)
3. Configure Restriction Policy with “Advance Deployment Rule”
4. Configure “Compliance” when Forbidden App is removed from device
5. Configure “Profile Removal” Policy once the device is back in compliance, using “Advance Deployment Rule”

 
NOTE: Deployment order is important


1)Configure “APP ACCESS” policy, forbidding an APP (CNN App for example)
We want to configure policy to forbid installation of CNN app
Note: this policy does NOT block the device from installing the forbidden App
Configure -> Device Policies -> More -> Apps -> App Access:


2)Configure “OUT of COMPLINACE” Automated Action
We want to set the device to out of compliance when the CNN app is installed
Configure -> Actions -> Add


3)Configure Restriction Policy with “Advance Deployment Rule”
This policy will remove “Camera Icon from device, If the device is out of compliance with app access policy”
Configure -> Device policies -> Add 

4)Configure “Compliance” when Forbidden App is removed from device
Automated action to mark the compliance when the forbidden app is removed from device
Configure -> Actions-> Add

5)Configure “Profile Removal” Policy once the device is back in compliance, using “Advance Deployment Rule”
Here we need to remove “restriction” policy that removes “Camera” Icon, after device is marked as “Compliance”
Configure -> Device Policies -> Add -> More -> Removal -> Profile Removal


NOTE: when you deploy theses policies and automated actions, the order in which to deploy is important. The Order should be the same order as it is described in the previous steps on this document.
Below you can find a screenshot of the order for the above policies and Automated actions:





 
 

The following document describes how to set up policies along with automated actions to achieve the following use case scenario: Set up out of compliance policy based on a criteria and apply restrictions when the device is out of compliant. After the device becomes compliant again, we want to remove the restrictions.