Alert Rules
Configure which conditions trigger alerts and auto-create tickets
Disk encryption disabled
High Auto-ticketFileVault (macOS) or BitLocker (Windows) is not enabled
encryption_off
Firewall disabled
High Auto-ticketApplication firewall is turned off
firewall_off
OS update overdue
Medium Auto-ticketDevice OS version is behind the target after the grace period
Grace period: 7 days after target version set
os_outdated
Device offline
Low Auto-ticketDevice has not checked in for over 48 hours
Threshold: 48h offline
device_offline
MDM unenrolled
High Auto-ticketDevice has been removed from MDM management
mdm_unenrolled
Profile installation failed
Medium Auto-ticketA configuration profile failed to install
profile_failed
Certificate expiring soon
Medium Auto-ticketAPNs or SCEP certificate expires within 30 days
Warn: 30 days before expiry
cert_expiring
Prohibited application detected
Medium Auto-ticketA blocklisted application is installed on the device
Blocklist:
Tor Browser
Transmission
BitTorrent
uTorrent
prohibited_app
Low disk space
Low Auto-ticketAvailable storage is below 10%
Threshold: 10% free space
disk_space_low
Rules are evaluated after every telemetry update. Per-customer overrides can be configured in
/certs-data/admin/alert_rules.json.