Manage Blocklisted Apps
App Management is one of the complex task, in managing a mobile device. Every user brings in a lot of apps to the enterprise, which could cause a serious threat to data security. Mobile device management is always incomplete if administrators are unable to check the usage and authenticity of the apps that are used in the network. Using Mobile Device Manager Plus, system administrators can have a complete control over the apps that are installed in the managed mobile devices. This document will explain you on the following:
Mobile Device Manager Plus helps administrators to categorize apps as blocklisted and allowlisted, to manage them. If the usage of a specific app is supposed to be restricted in the corporate network, then that app can be marked as blocklisted. Every managed mobile device will be scanned periodically and all the apps that are detected will be classified into blocklisted and allowlisted apps. Administrator can Allowlist apps, which means these apps can be used in the enterprise.
How to Blocklist Apps?
Apps can be blocklisted automatically or manually. Administrators can mark all the newly detected apps as blocklisted, which means all the apps that are newly detected on the managed mobile device will automatically be marked as blocklisted, except for the allowlisted apps. So, every time a new app is discovered, it will be listed under blocklisted apps. Administrators choose to mark all newly detected apps as allowlisted, in that case, they can manually select the apps and Blocklist them.
Manage Blocklisted Apps
Administrators can perform various actions on the blocklisted apps, which includes warning the end users through email, disabling the app, or uninstalling the app silently. These actions will differ based on the operating system. Actions performed on the blocklisted apps will be applicable for apps that are manually marked as blocklisted and all the apps that are newly discovered as blocklisted.
When a blocklisted app is discovered on an iOS / Android /Windows device, then administrators can warn the end users through email to remove the blocklisted apps. Administrators can specify how many times, should the end user be warned. Warning emails will be sent once in every 24 hours. If the end user fails to remove the blocklisted app after the specified number of warnings, then Administrator will be notified by email everyday until the blocklisted app is removed from the managed mobile device. Administrator can then decide to revoke the corporate access for the specific user or force the user to remove the blocklisted apps.
Administrators have enhanced control over the SAFE and KNOX devices, which enables them to perform various operations like uninstalling or disabling the blocklisted apps. If a blocklisted app is discovered on a SAFE device or KNOX device/container, administrator can force uninstallation or disable the app without the user's intervention. Apps once uninstalled cannot be revoked or installed by the user until the app is marked as allowlisted by the administrator. If an app is disabled, then the app will become inactive for the end user, user will not be able to use the app. Administrator has to mark the app as allowlisted to enable the app. Follow the steps mentioned below to configure actions that need to be performed on blocklisted apps for SAFE and KNOX devices:
- On the web console, under Inventory select Apps
- Select the Settings tab
- Under Action on Blocklisted Apps, click SAFE tab.
- Choose the type of the device and the action that needs to be performed.
For example: You can choose to uninstall the blocklisted apps on corporate devices and disable them on personal devices. This action can be performed immediately or after warning the end users.
- Specify the number of days, for the end user to be warned. Emails with the warning message will be sent to the end users, once in a day.
- Configure the mail that needs to be sent to the end user after performing the specified action.
- Specify the administrator's email address to which the mail notifications need to be sent.
- Click Save to save the changes.
If you have chosen to uninstall the blocklisted apps and the settings to manage apps is configured to mark all newly discovered apps as blocklisted, then all the apps that are newly discovered in the SAFE and KNOX devices will be uninstalled automatically. Uninstalled apps cannot be revoked.
- What will happen if the action to be performed on blocklisted apps is changed from uninstall to disable?
- What will happen if the action to be performed on blocklisted apps is changed from disable to uninstall?
- What will be the behavior, if you have set to mark all newly discovered apps as blocklisted and the action on discovering a blocklisted app as "Uninstall"?
If the action to be performed on blocklisted apps is changed from uninstall to disable, then all the subsequently discovered blocklisted apps will be moved to a disable state. User will not be able to use the blocklisted apps. If the user tries to install a new app which has been blocklisted by the administrator, then the app installation will be succeeded but the app will be in disabled state.
If the action to be performed on blocklisted apps is changed from disable to uninstall, then all the apps that has been disabled will be uninstalled from the mobile device. End user will be not allowed to install any apps that are marked as blocklisted by administrators. Apps that are uninstalled cannot be revoked or installed again until the administrators mark the app as allowlisted.
If the default app management settings is configured to mark all the newly discovered apps as blocklisted and the Action is set to uninstall the blocklisted apps on SAFE and KNOX devices, then all the newly discovered apps in the network, which are not allowlisted be uninstalled automatically.