Skip to main content

How to Customize General Compliance Requirements for Your Organization

1. Access the Compliance Settings

  1. In the SWIF console, go to Settings.

  2. Select the Compliance tab at the top.

You will see two main sections here:

  • Device Security Compliance: Toggles for features like Password manager records and Malware detection.

  • General Compliance Requirements: The checklist rules you can define for your organization’s security and compliance posture.

2. Reset or Customize Default Settings

Within General Compliance Requirements, you can either:

  • Click Reset Default Settings to revert to SWIF’s recommended defaults.

  • Manually configure each policy to tailor the requirements to your organization’s needs.

3. Review and Adjust Individual Controls

Under General Compliance Requirements, you’ll see a table of controls. Each control is grouped under a broader category (like “Software Update Policy,” “System Preferences,” etc.). Here’s how to interpret each column:

  1. Control: A label or category grouping certain policies (for example, “SW-1: Software Control”).

  2. Policy: Specific policy names (e.g., “Software Update Policy,” “Screen Saver Policy,” etc.).

  3. Requirement: What the policy enforces on each operating system or feature. For example, it may specify that macOS must have automatic updates turned on, or Windows must enable auto-updates.

  4. Recommended Setting: SWIF’s suggested configuration.

  5. Current Setting: The actual value applied. You can adjust this by selecting from the dropdown or toggling the option to match your desired level of compliance.

Some common policy examples include:

  • Software Update Policy (macOS, Windows, Linux)

  • Screen Saver Policy (lock intervals, idle delay)

  • FileVault Policy (encryption for macOS)

  • Bitlocker Auto Policy (encryption for Windows)

  • Login Window Policy (to show or hide user lists)

  • Password Manager Policies (minimum passcode length, special character requirements, etc.)

4. Specify Qualified Applications

Below the compliance table, you’ll find the Qualified Applications section. Here you can decide which applications are allowed or disallowed under compliance rules. For instance, you might:

  1. Select Allow only some apps or Deny some apps from the dropdown.

  2. Enter an application name (e.g., antivirus software) and specify its type—like Antivirus or something else.

  3. Add as many applications as needed to shape your approved or restricted software list.

5. Block or Exclude Certain Devices

The Blocklist Devices section lets you exclude devices, device groups, or operating systems from your compliance checks. Excluded items won't be counted in compliance reports or the compliance center dashboard.

"Exclude devices, groups, or operating systems from the compliance criteria. Those devices will not be accounted in the compliance center data."

Exclude Individual Devices

  1. Choose an Exclusion Rule (e.g., Exclude selected devices).

  2. Find the device by name or serial number.

  3. Add that device to your exclusion list.

Exclude Device Groups

  1. In the Blocklist Devices section, open the device group dropdown.

  2. Device groups are sorted alphabetically and grouped by team — use the search field to filter.

  3. Select one or more device groups to exclude, then confirm.

  4. A success notification will confirm the groups have been added.

  5. Excluded groups and their associated team will appear in the exclusion list.

Exclude by Operating System

  • You can also exclude all devices running a specific operating system (e.g., iOS) from compliance checks.

Important Notes on Group Exclusions

  • Exclusions are the union of individually excluded devices and all devices belonging to excluded groups. If a device belongs to an excluded group, it remains excluded even if you remove it from the individual device exclusion list.

  • To re-include a device that belongs to an excluded group, you must either remove the group from the exclusion list or remove the device from that group.

  • If you attempt to individually include a device that's still in an excluded group, a toast message will display:
    "Device is still excluded via group [Group Name]. Remove the group or the device from the group to include it."

Removing Exclusions

  • To remove a device group from the exclusion list, click the remove action next to the group and confirm in the dialog.

  • A success notification will confirm the removal.

6. Confirm and Save

After adjusting all relevant policies, application rules, and exclusions:

  1. Review your changes to ensure they align with your organization’s security requirements.

  2. Click Save to finalize your updated compliance settings.

Tip: If you ever need to revert to the defaults, click Reset Default Settings within the General Compliance Requirements section. This will restore SWIF’s original recommendations for each policy.

That’s it! By following these steps, you can tailor SWIF’s General Compliance Requirements to match your organization’s security needs, manage approved or restricted applications, and exclude any devices you don’t want included in the compliance checks.

Related Articles
Set up Swif integration with Vanta
Custom Compliance Controls in Swif
Apple Tracking Policy
Apple Tracking Policy (App Blocking Tracking)
Device Compliance Rules
Did this answer your question?