Dealing with Jailbroken/Roted devices in ConfigMgr 2012 R2 & Intune

As you enroll a mobile device into Intune/ConfigMgr 2012 R2, inventory data will automatically be uploaded to the ConfigMgr database. One of the data being collected is the Jailbroken/rooted condition. In the below example the device is being detected as a jailbroken device.

image

One of the many benefits of using Intune as the MDM solution is the integration with System Center 2012 R2 Configuration Manager. Once data is in the database we can use the entire ConfigMgr engine to manage the device. MDM devices in ConfigMgr can be managed using the Application Model and the Compliance Management feature. Especially the Compliance Management feature is powerful and can be used to apply special security settings on a device or retire/wipe the device.

How to create the dynamic collection

  1. Create a new collection limited to All Mobile Devices
  2. Open the Collection Properties, select the Membership Rules tab, click Add Rule, Query Rule.
  3. Name the rule Jailbroken Devices and click Edit Query Statement.
  4. Select the Criteria tab and create a new criteria.
  5. Select Mobile Device Computer System as the Attribute Class and Jailbroken or rooted device as the Attribute

    image

  6. Type 1 as the value and finish the collection

    image

  7. With a collection it’s now up to your security policies to determine what should happen to the device. Right click the device and click Retire/Wipe to remove/wipe the device from Intune and by doing that prevent user access to data from the device.

    image

  8. In the console you will also find a link to the primary user on the device. That way you can start deploying more restrictive security settings, block access to mail profiles, WIFI profiles etc.

Leave a Reply