7.4 Ensure that users cannot connect from devices that are jail broken or rooted

Information

You should not allow your users to use to connect with mobile devices that have been jail broken or rooted.

Rationale:

These devices have had basic protections disabled to run software that is often malicious and could very easily lead to an account or data breach.

Impact:

Impact should be minimal however, in the event that a device is Jailbroken or running a developer build of a mobile Operating System it will be blocked from connecting.

Solution

To set mobile device management policies, use the Microsoft 365 Admin Center:

Under Admin Centers select Endpoint Manager.

Select Devices and then select Compliance policies

Select Create Policy

Set a Name for the policy, choose the appropriate Platform

Under Settings and Device Health ensure that Jailbroken devices is set to Block.

See Also

https://workbench.cisecurity.org/files/3433