diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md index ffa67066c8..f7304b4484 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md @@ -59,6 +59,54 @@ and non-compliant users. 7. Select a username to view more details about their compliance status, and for steps to resolve non-compliant users. +## Understand compliance status + +Docker evaluates compliance status based on: + +- Compliance status: Whether a user has fetched and applied the latest settings. This is the primary label shown on the reporting page. +- Domain status: Whether the user's email matches a verified domain. +- Settings status: Whether a settings policy is applied to the user. + +The combination of these statuses determines what actions you need to take. + +### Compliance status reference + +This reference explains how each status is determined in the reporting dashboard +based on user domain and settings data. The Admin Console displays the +highest-priority applicable status according to the following rules. + +**Compliance status** + +| Compliance status | What it means | +|-------------------|---------------| +| Uncontrolled domain | The user's email domain is not verified. | +| No policy assigned | The user does not have any policy assigned to them. | +| Non-compliant | The user fetched the correct policy, but hasn't applied it. | +| Outdated | The user fetched a previous version of the policy. | +| Unknown | The user hasn't fetched any policy yet, or their compliance can't be determined. | +| Compliant | The user fetched and applied the latest assigned policy. | + +**Domain status** + +This reflects how the user’s email domain is evaluated based on the organization’s domain setup. + +| Domain status | What it means | +|---------------|---------------| +| Verified | The user’s email domain is verified. | +| Guest user | The user's email domain is not verified. | +| Domainless | Your organization has no verified domains, and the user's domain is unknown. | +| Unknown user | Your organization has verified domains, but the user's domain is unknown. | + +**Settings status** + +This shows whether and how the user is assigned a settings policy. + +| Settings status | What it means | +|-----------------|---------------| +| Global policy | The user is assigned your organzation's default policy. | +| User policy | The user is assigned a specific custom policy. | +| No policy assigned | The user is not assigned to any policy. | + ## Resolve compliance status To resolve compliance status, you must view a user's compliance status details @@ -80,8 +128,8 @@ Desktop settings reporting dashboard. Select a compliant user to open their compliance status details. Compliant users have the following status details: - **Compliance status**: Compliant -- **Domain status**: Verified domain -- **Settings status**: Compliant +- **Domain status**: Verified +- **Settings status**: Global policy or user policy - **User is compliant** indicator No resolution steps are needed for compliant users.