security: settings reporting reference table (#22444)

sarahsanders-docker · aevesdocker · web-flow · commit 9362a99260f5 · 2025-04-29T10:29:01.000-04:00
## Description - Adds a section to understand compliance status w/ a reference table of possible status combinations - Preview: https://deploy-preview-22444--docsdocker.netlify.app/security/for-admins/hardened-desktop/settings-management/compliance-reporting/#understand-compliance-status ## Related issues or tickets - https://docker.atlassian.net/browse/ENGDOCS-2561 ## Reviews - [ ] Editorial review - [ ] Product review --------- Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md
@@ -59,6 +59,54 @@ and non-compliant users.
 7. Select a username to view more details about their compliance status, and for
 steps to resolve non-compliant users.
 
+## Understand compliance status
+
+Docker evaluates compliance status based on:
+
+- Compliance status: Whether a user has fetched and applied the latest settings. This is the primary label shown on the reporting page.
+- Domain status: Whether the user's email matches a verified domain.
+- Settings status: Whether a settings policy is applied to the user.
+
+The combination of these statuses determines what actions you need to take.
+
+### Compliance status reference
+
+This reference explains how each status is determined in the reporting dashboard
+based on user domain and settings data. The Admin Console displays the
+highest-priority applicable status according to the following rules.
+
+**Compliance status**
+
+| Compliance status | What it means |
+|-------------------|---------------|
+| Uncontrolled domain | The user's email domain is not verified. |
+| No policy assigned | The user does not have any policy assigned to them. |
+| Non-compliant | The user fetched the correct policy, but hasn't applied it. |
+| Outdated | The user fetched a previous version of the policy. |
+| Unknown | The user hasn't fetched any policy yet, or their compliance can't be determined. |
+| Compliant | The user fetched and applied the latest assigned policy. |
+
+**Domain status**
+
+This reflects how the user’s email domain is evaluated based on the organization’s domain setup.
+
+| Domain status | What it means |
+|---------------|---------------|
+| Verified | The user’s email domain is verified. |
+| Guest user | The user's email domain is not verified. |
+| Domainless | Your organization has no verified domains, and the user's domain is unknown. |
+| Unknown user | Your organization has verified domains, but the user's domain is unknown. |
+
+**Settings status**
+
+This shows whether and how the user is assigned a settings policy.
+
+| Settings status | What it means |
+|-----------------|---------------|
+| Global policy | The user is assigned your organzation's default policy. |
+| User policy | The user is assigned a specific custom policy. |
+| No policy assigned | The user is not assigned to any policy. |
+
 ## Resolve compliance status
 
 To resolve compliance status, you must view a user's compliance status details
@@ -80,8 +128,8 @@ Desktop settings reporting dashboard. Select a compliant user to open their
 compliance status details. Compliant users have the following status details:
 
 - **Compliance status**: Compliant
-- **Domain status**: Verified domain
-- **Settings status**: Compliant
+- **Domain status**: Verified
+- **Settings status**: Global policy or user policy
 - **User is compliant** indicator
 
 No resolution steps are needed for compliant users.
