Remediation messages for device assurance
If users are denied access due to noncompliance with a device assurance policy, they receive remediation instructions if you enable this option on the Device Assurance Policies page in the Admin Console. See Add user help for device assurance.
The tables show what messages are triggered for various unsatisfied device conditions.
Users on Android devices
| Unsatisfied device condition |
Message in the Sign-In Widget |
| Minimum Android version
|
Update to Android {version} |
| Lock screen must be enabled
|
Enable lock screen |
| Biometrics must be enabled
|
Enable lock screen and biometrics |
| Disk encryption
|
Encrypt your device |
| Hardware keystore
|
Your device doesn’t meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
| Rooting
|
Your device doesn’t meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
Users on iOS devices
| Device assurance condition not satisfied |
Message in the Sign-In Widget |
| Minimum iOS version
|
Update to iOS {version} |
| Lock screen. Passcode must be set
|
Set a passcode for the lock screen |
| Touch ID or Face ID must be enabled
|
Set a passcode for the lock screen and enable Touch ID or Face ID |
| Jailbreak
|
Your device doesn’t meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
Users on macOS devices
| Device assurance condition not satisfied |
Message in the Sign-In Widget |
| Minimum macOS version
|
Update to macOS {version} |
| Lock screen must be enabled
|
Set a passcode for the lock screen |
| Disk encryption
|
Turn on FileVault |
| Secure Enclave
|
Your device doesn’t meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
Users on Windows devices
| Device assurance condition not satisfied |
Message in the Sign-In Widget |
| Minimum Windows version
|
Update to Windows {version} |
| Windows Hello must be enabled
|
Enable Windows Hello for the lock screen |
| Disk encryption
|
Encrypt all internal disks with BitLocker |
| Trusted Platform Module
|
Your device doesn’t meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
Related topics
Add user help for device assurance
