App Blacklisting

Introduction

App Management is one of the most complex tasks for IT administrators especially if the organization has a mobile-first workforce. In such a scenario, there arises a new problem - non-compliant apps installed on the devices. Non-compliant apps are those apps not distributed via MDM, while the corporate apps distributed via MDM are the managed apps. In such a scenario, the IT administrator must ensure these non-compliant apps do not access/share corporate data. Though there are several ways of achieving this using profiles, the most optimal solution for this is app blacklisting.

App blacklisting lets you select non-compliant apps and ensure these apps are removed in case they are installed or are prevented from being installed in future. In case of eligible devices, you can choose to either remove the apps instantly or notify the users and then remove it. For other devices, you can notify the users regarding the same.

Eligible Devices

Devices on which you can remove the apps automatically without user intervention are Eligible Devices. The list of devices is provided below:

OPERATING SYSTEM CONDITION
iOS Device must be Supervised and running 9.3 or later versions.
Android Device must be a Samsung device or must be provisioned as Profile Owner/Device Owner.
Windows Device must be running Windows 10 or later versions.

Blacklisting apps on the server

The advantage of MDM's app blacklisting is that it not only allows you to manage user-installed apps, it also lets you manage apps pre-installed on the device. Further, it also lets you send multiple mailers to the device users regarding the blacklisted app present on the device. Further, you can also integrate with ServiceDesk Plus(SDP) and ensure the blacklist app alerts are raised as tickets in the SDP portal.

Understanding the blacklist dashboard/settings

The blacklist dashboard is the centralized location providing granular details regarding the blacklisted apps - right from the devices with a particular app to the list of blacklisted apps installed on a device. The dashboard data is populated based on the settings configured for the same. The high-level data view also provides you with the following:

PARAMETER DESCRIPTION
Discovered Apps All the apps present on the device but not managed by MDM. This count is dependent on the Blacklist settings configured.
Managed Apps Number of apps managed by MDM.
Blacklisted Apps Number of apps blacklisted using MDM.
Devices with Blacklisted Apps Number of devices having at least one blacklisted app installed.

Blacklist apps across the organization

In case your organization is worried about installation of malicious apps, you would obviously want to disable it across the organization. You can do so by selecting an app or a set of apps and then blacklist it for all managed devices. It also ensures any device enrolled after the app has been blacklisted, will have the app automatically blacklisted.

Blacklist apps on specific devices/groups

In case you want to restrict non-compliant apps for all the contract employees, you can do so by choosing to blacklist the apps only for the group containing the contract employees. Similarly, if you do not have a group of contract employees and they are present in multiple groups, you can choose to blacklist the apps for specific devices as well.

Procedure to blacklist apps

If a device is moved from one group to another, the blacklisted apps corresponding to the new group will be automatically associated to the device and the blacklisted apps corresponding to the older group will be removed if need be.
Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine