Use this checklist to ensure your organization meets core device-security controls across macOS, Windows, and Linux. You can view each control’s status on an individual device’s Security Compliance pane or in the global Compliance Center.
1. Auto-apply Security Patches (Control SW-1)
What it is:
Devices automatically download and install operating system and application updates.
How to verify:
Per-device view: “Software Update policy” shows Deployed.
Compliance Center: SW-1 status is Complete.
Policy to configure:macOS – Software Update Policy
Windows – Windows Software Update Policy
Linux – Linux Software Update Policy
2. Screensaver Lock & Full-Disk Encryption (Control SW-2)
Sub-Control | What it is | How to verify | Policy to configure |
Screensaver lock | Locks the screen after inactivity. | Status Deployed | Screensaver Policy |
Full-disk encryption | Ensures the startup disk is encrypted at rest. | Status Turned On or Deployed | macOS – FileVault Policy Windows – BitLocker Auto Policy |
3. Login Window Policy (Control SW-4)
What it is:
Configures the login window to require credentials and display user names appropriately.
How to verify:
Per-device view: “Login Window policy” shows Deployed.
Compliance Center: SW-4 status is Complete.
Policy to configure:macOS – Login Window Policy
4. Password Validation & Manager (Control SW-5)
Sub-Control | What it is | How to verify | Policy to configure |
Password complexity & history | Enforces minimum length, complexity, age, history, and reuse rules. | Shows Deployed | Password Policy (macOS, Windows, Linux) |
Password-manager installation | Ensures an approved password-manager app is present on all devices. | Shows Deployed | Add the “Password Manager” App Policy |
5. (Optional) Malware Detection
What it is:
Ensures an antivirus solution is installed and running.
How to verify:
Per-device view: “Device must have Antivirus installed” shows Deployed.
Policy to configure:Antivirus Installation Policy
Where to Check Status
Per-Device Security Compliance
From Device Management > Device Inventory, click any device’s row to open its details pane.
Under Security Compliance, each control lists its Requirements and current Status.
Compliance Center
Navigate to Compliance Center in the sidebar.
Locate controls SW-1 through SW-5.
Incomplete or Not Supported controls include a Recommended Action link—click it to jump straight to the policy setup page.
Pro Tip:
If a control shows Not Supported, ensure the device OS meets the policy’s minimum requirements.
Use the Generate Report button in either view to export your compliance status for audits or executive review.