Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getprimo.com/llms.txt

Use this file to discover all available pages before exploring further.

Compliance answers two questions for IT and security teams:
  • Are my devices still in line with our policies? For example, is the disk encrypted, is the operating system up to date, is the antivirus running, is the device still enrolled and online?
  • Which deviations should I be alerted about? You decide which device statuses count as a violation. Anything you do not flag is ignored.
Every time a device syncs, Primo re-evaluates it against your compliance rules and updates the alert list automatically. There is no separate scan to launch and no alert to acknowledge by hand.

Where Compliance lives

Compliance is accessed from a single page in the dashboard:
  • Go to MDM > Compliance Alerts to see the live list of devices currently violating your policies — your daily triage queue.
  • From the same page, click Manage rules in the top-right to open the configuration panel where you choose which statuses (per rule type) count as a violation.
A device only appears in the alerts list if its current status matches a status you marked as non-compliant in Manage rules. Tune the rules, and the alert list updates on the next device sync.

Key concepts

  • Rule type — A category Primo audits. Enrollment Status and Online Status are global and apply to every device. Every other rule type (encryption, OS update, password policy, firewall, Wi-Fi, antivirus, admin user management, and so on) is tied to a specific MDM control and is only configurable once that control exists.
  • Status — A rule-specific value such as Encrypted, Not encrypted, Up to date, Offline 7+ days. Each rule type has its own set of possible statuses.
  • Compliance alert rule — A per-company configuration that lists which statuses, for a given rule type, should trigger an alert.
  • Compliance alert — A device that currently reports a status flagged as non-compliant by one of your rules.

How alerts work

1

Device syncs with Primo

Whenever a managed device checks in, Primo re-runs every compliance rule against it.
2

Primo computes a status per rule

Each rule returns a status — for example Encrypted for the encryption rule, Offline 7+ days for the online rule.
3

Primo compares the status to your rules

If the status appears in the non-compliant list you configured for that rule, the device is flagged with an alert. Otherwise it is considered compliant.
4

Alerts auto-resolve

When a device’s status improves — encryption completes, the OS updates, the device comes back online — the alert clears on the next sync. There is no acknowledge or snooze action.

Platform coverage

Compliance applies to every platform Primo manages: macOS, Windows, Linux, iOS, iPadOS, and Android. Each rule only returns meaningful results on platforms where the underlying control runs. For example, FileVault encryption applies only to macOS, BitLocker only to Windows, and SentinelOne to desktop platforms.

Permissions

ActionPermission
View alerts and rulesMDM_READ
Edit alert rulesMDM_WRITE

Next steps

Configure compliance alert rules

Choose which device statuses count as a violation.

Monitor compliance alerts

Triage devices that drift from your policies.