GET IN TOUCH

hello@expandreality.io

Learn about how to create and manage security rules for Meta Quest devices enrolled in Meta Quest for Business. Plus, how to change security settings for devices.Add and manage a security rule for Meta Quest devices in Admin CentreApply security rules to Meta Quest devices in Admin CentreChange security settings for Meta Quest devices in Admin CentreEncryption at rest in Meta Quest for Business

How to add and manage security rules for Meta Quest for business

Create a security rule for Meta Quest devices

  1. Access Security Settings:

    • Click Devices in the left menu of Admin Centre.
    • Click Security in the left menu.
  2. Create New Rule:

    • Click Create security rule in the top right corner.
  3. Name the Rule:

    • Enter a name for the security rule.
  4. Define Trigger Conditions:

    • Click the drop-down menu under When the following happens. Select one or more options:
      • Root access or jailbreak: Unauthorized access to device operating system code.
      • Bootloader unlocked: Unauthorized unlocking of the device bootloader.
      • Verified boot fail: Detection of untrusted code.
      • Malware detected: Identification of malicious files, apps, or software. Apps are flagged if their APK matches a known harmful app in the malware detection database.
  5. Specify Actions:

    • Click the drop-down menu under Take the following action(s). Choose one or more actions:
      • Perform a device wipe
      • Force logout sessions
      • Remove organisation-issued certificates
      • Remove organisation-issued networks
      • Notify IT admin
      • Notify employee
      • Mark device as untrusted
  6. Create Rule:

    • Click Create to finalize and apply the rule.

Manage a Security Rule

  1. Access Security Rules:

    • Click Devices in the left menu of Admin Centre.
    • Click Security in the left menu.
  2. Manage Rule:

    • Click the ellipsis (three dots) next to the security rule you want to manage.
    • Select Edit rule to modify the rule, or Delete rule to remove it.
  3. Edit or Delete:

    • If you select Edit rule, make your changes and click Confirm.
    • If you select Delete rule, review the information and click Delete. Note that deleting the rule will also remove it from any applied device profiles or Meta Quest devices.

Apply a Security Rule

  • Learn how to apply security rules to Meta Quest devices in Admin Centre.

Apply security rules to Meta Quest devices

Apply a security rule to a device profile

  1. Access Device Profiles:

    • Click Devices in the left menu of Admin Centre.
    • Click Device profiles in the left menu.
  2. Select Device Profile:

    • Click the name of the device profile you want to apply a security rule to.
  3. Manage Security Rules:

    • Click the Security tab.
    • Click Manage security rules.
  4. Apply Security Rule:

    • Enter the name of the security rule(s) you want to apply. Select the rule(s) from the drop-down menu.
    • Click Confirm.

Apply a Security Rule Directly to a Meta Quest Device

  1. Find the Device:

    • Click Devices in the left menu of Admin Centre.
    • Locate the device you want to apply a security rule to and click its name.
  2. Note:

    • Security rules can only be applied to devices configured independently.
  3. Manage Security Rules:

    • Click the Security tab.
    • Click Manage security rules.
  4. Apply Security Rule:

    • Enter the name of the security rule(s) you want to apply. Select the rule(s) from the drop-down menu.
    • Click Confirm.

Change Security Settings

  • Learn how to adjust device security settings, such as system update policies and passcode requirements.

Change security settings for Meta Quest for Business Devices

Change security settings for Meta Quest for Business devices

  1. Access Security Settings:

    • Click Devices in the left menu of Admin Centre.
    • Then:
      • If changing security settings for an independently configured device, click the name of the device.
      • If changing security settings for a device profile, click Device profiles in the left menu and then click the name of the device profile.
  2. Edit Security Settings:

    • Click the Security tab.
    • Click Edit next to the security setting you want to change.
  3. Make Changes:

    • Adjust the settings as needed, then click Confirm.

Device Security Settings You Can Change

  • Passcode: Decide if a passcode is required to unlock devices. For Individual Mode devices, configure settings such as the number of failed passcode attempts before a wipe is triggered. For Shared Mode devices, sessions will end if there's no activity for more than 5 minutes if no passcode is set.

  • USB Debugging: Choose whether to disable USB debugging and other debugging features.

  • System Update Policy: Set how and when system updates are installed:

    • None: Users choose when to install updates.
    • Automatic: Updates are installed as soon as they are available.
    • Windowed: Updates are installed during a specified maintenance window. Set start and end times for the window.
    • Postpone: Updates are installed 30 days after becoming available.
  • Installation of Apps from Unknown Sources (for Individual Mode devices or profiles only): Decide if apps from sources other than the Meta Quest Store can be installed. Apps from Android Debug Bridge and trusted app stores are excluded.

  • Admin Passcode (for Shared Mode devices or profiles only): Create a 4-6 digit passcode if you want to restrict access to Wi-Fi, boundary settings, and USB debugging on Shared Mode devices.

Additional Information

  • View Device Security Insights: Learn how to access insights related to device security.
  • Security Rules: In addition to setting security settings, you can create and apply security rules for Meta Quest for Business.

Encryption at rest in Meta quest for Business 

By default, Meta Quest for Business encrypts your organisation’s key data while it is stored at rest, except for instances where Meta uses the data to:
- Promote safety, integrity, and security
- Process billing
- Comply with applicable laws

Data encrypted when stored at rest in Meta Quest for Business includes:

- **User Profile Information:**
  - Name
  - Department
  - Position or job title
  - Location
  - Mobile phone number (except when used for sending SMS)
  - Email address (except when used for sending email notifications)
  - Profile picture
  - Date of birth
  - Mobile phone number used for two-factor authentication
  - Company name and logo

- **People Directory Information:**
  - Role name
  - File export details
  - Names and email addresses of added and edited accounts
  - Location, job title, department, and mobile phone numbers of edited accounts
  - Group names and descriptions

- **Security Logs:**
  - Saved search queries and their titles
  - Exports of security logs

- **Single Sign-On (SSO) Information:**
  - Setup name
  - SAML URL
  - SAML issuer URL
  - SAML certificate
  - SAML single logout URL
  - Integration names, descriptions, and logos

- **Meta Quest for Business Groups and Apps Information:**
  - App name
  - App download link
  - Content hash
  - Custom request headers key and value
  - Expansion file name, link, and hash
  - Wi-Fi name
  - VPN name and description
  - Identity

- **Meta Quest for Business Integration Information:**
  - Component name
  - Package download location
  - Hash
  - Package download cookie header
  - Extra bundles key and value

- **Meta Quest for Business Security:**
  - Rule name
  - Certificates details: name, alias, and certificate

- **Billing Information:**
  - Credit card number
  - Cardholder name
  - Expiry date
  - CVV

Useful Links

Networks and certificates for Meta Quest for Business

The Enterprise Guide to Microsoft Mesh & Meta Quest