Security for Meta Quest for Business

Create a security rule for Meta Quest devices

1. Access Security Settings:

   • Click Devices in the left menu of Admin Centre.
   • Click Security in the left menu.

2. Create New Rule:

   • Click Create security rule in the top right corner.

3. Name the Rule:

   • Enter a name for the security rule.

4. Define Trigger Conditions:

   • Click the drop-down menu under When the following happens. Select one or more options:
     • Root access or jailbreak: Unauthorized access to device operating system code.
     • Bootloader unlocked: Unauthorized unlocking of the device bootloader.
     • Verified boot fail: Detection of untrusted code.
     • Malware detected: Identification of malicious files, apps, or software. Apps are flagged if their APK matches a known harmful app in the malware detection database.

5. Specify Actions:

   • Click the drop-down menu under Take the following action(s). Choose one or more actions:
     • Perform a device wipe
     • Force logout sessions
     • Remove organisation-issued certificates
     • Remove organisation-issued networks
     • Notify IT admin
     • Notify employee
     • Mark device as untrusted

6. Create Rule:

   • Click Create to finalize and apply the rule.

Manage a Security Rule

1. Access Security Rules:

   • Click Devices in the left menu of Admin Centre.
   • Click Security in the left menu.

2. Manage Rule:

   • Click the ellipsis (three dots) next to the security rule you want to manage.
   • Select Edit rule to modify the rule, or Delete rule to remove it.

3. Edit or Delete:

   • If you select Edit rule, make your changes and click Confirm.
   • If you select Delete rule, review the information and click Delete. Note that deleting the rule will also remove it from any applied device profiles or Meta Quest devices.

Apply a Security Rule

• Learn how to apply security rules to Meta Quest devices in Admin Centre.

Apply a security rule to a device profile

1. Access Device Profiles:

   • Click Devices in the left menu of Admin Centre.
   • Click Device profiles in the left menu.

2. Select Device Profile:

   • Click the name of the device profile you want to apply a security rule to.

3. Manage Security Rules:

   • Click the Security tab.
   • Click Manage security rules.

4. Apply Security Rule:

   • Enter the name of the security rule(s) you want to apply. Select the rule(s) from the drop-down menu.
   • Click Confirm.

Apply a Security Rule Directly to a Meta Quest Device

1. Find the Device:

   • Click Devices in the left menu of Admin Centre.
   • Locate the device you want to apply a security rule to and click its name.

2. Note:

   • Security rules can only be applied to devices configured independently.

3. Manage Security Rules:

   • Click the Security tab.
   • Click Manage security rules.

4. Apply Security Rule:

   • Enter the name of the security rule(s) you want to apply. Select the rule(s) from the drop-down menu.
   • Click Confirm.

Change Security Settings

• Learn how to adjust device security settings, such as system update policies and passcode requirements.

Change security settings for Meta Quest for Business devices

By default, Meta Quest for Business encrypts your organisation’s key data while it is stored at rest, except for instances where Meta uses the data to:
- Promote safety, integrity, and security
- Process billing
- Comply with applicable laws

Data encrypted when stored at rest in Meta Quest for Business includes:

- **User Profile Information:**
  - Name
  - Department
  - Position or job title
  - Location
  - Mobile phone number (except when used for sending SMS)
  - Email address (except when used for sending email notifications)
  - Profile picture
  - Date of birth
  - Mobile phone number used for two-factor authentication
  - Company name and logo

- **People Directory Information:**
  - Role name
  - File export details
  - Names and email addresses of added and edited accounts
  - Location, job title, department, and mobile phone numbers of edited accounts
  - Group names and descriptions

- **Security Logs:**
  - Saved search queries and their titles
  - Exports of security logs

- **Single Sign-On (SSO) Information:**
  - Setup name
  - SAML URL
  - SAML issuer URL
  - SAML certificate
  - SAML single logout URL
  - Integration names, descriptions, and logos

- **Meta Quest for Business Groups and Apps Information:**
  - App name
  - App download link
  - Content hash
  - Custom request headers key and value
  - Expansion file name, link, and hash
  - Wi-Fi name
  - VPN name and description
  - Identity

- **Meta Quest for Business Integration Information:**
  - Component name
  - Package download location
  - Hash
  - Package download cookie header
  - Extra bundles key and value

- **Meta Quest for Business Security:**
  - Rule name
  - Certificates details: name, alias, and certificate

- **Billing Information:**
  - Credit card number
  - Cardholder name
  - Expiry date
  - CVV

Useful Links

Networks and certificates for Meta Quest for Business

The Enterprise Guide to Microsoft Mesh & Meta Quest