In current Bring-Your-Own-Device (BYOD) settings, companies struggle to assess and control the security level of their employee's smartphones. Application distribution points like the Apple Application Store and Google Play provide application reviews and malware checks, but these measures are opaque and not aligned with corporate-specific security guidelines. In this paper, we present a framework which allows companies to run automated security checks, tailored to their specific security requirements and independent of app markets. Our framework orchestrates different plug-in security services for checking mobile devices for malware, misbehaving application, and configurations. The framework operates on a virtual replica which is created from the physical device, thereby allowing deeper inspection than current industry's state-of-the-art solutions. We implemented the framework as a prototype and evaluated its performance and feasibility.