App Blocklisting

Introduction

App Management is one of the most complex tasks for IT administrators especially if the organization has a mobile-first workforce. In such a scenario, there arises a new problem - non-compliant apps installed on the devices. Non-compliant apps are those apps not distributed via MDM, while the corporate apps distributed via MDM are the managed apps. In such a scenario, the IT administrator must ensure these non-compliant apps do not access/share corporate data. Though there are several ways of achieving this using profiles, the most optimal solution for this is app blocklisting.

App blocklisting lets you select non-compliant apps and ensure these apps are removed in case they are installed or are prevented from being installed in the future. In the case of eligible devices, you can choose to either remove the apps instantly or notify the users and then remove it. For other devices, you can notify the users regarding the same.

Eligible Devices

Devices on which you can remove the apps automatically without user intervention are Eligible Devices. The list of devices is provided below:

OPERATING SYSTEM CONDITION
iOS Device must be Supervised and running 9.3 or later versions.
Android Device must be a Samsung device or must be provisioned as Profile Owner/Device Owner.
Windows Device must be running Windows 10 or later versions.

Blocklisting apps on the server

The advantage of MDM's app blocklisting is that it not only allows you to manage user-installed apps, it also lets you manage apps pre-installed on the device. Further, it also lets you send multiple mailers to the device users regarding the blocklisted app present on the device. Further, you can also integrate with ServiceDesk Plus(SDP) and ensure the Blocklist app alerts are raised as tickets in the SDP portal.

NOTE:
  • Device administrator apps present on the devices cannot be blocklisted.
  • If apps like the Huawei app are blocklisted, the system update option will not be shown on the device, as this app has a different package for system apps.

Understanding the Blocklist dashboard/settings

The Blocklist dashboard is the centralized location providing granular details regarding the blocklisted apps - right from the devices with a particular app to the list of blocklisted apps installed on a device. The dashboard data is populated based on the settings configured for the same. The high-level data view also provides you with the following:

PARAMETER DESCRIPTION
Discovered Apps All the apps present on the device but not managed by MDM. This count is dependent on the Blocklist settings configured.
Managed Apps Number of apps managed by MDM.
Blocklisted Apps Number of apps blocklisted using MDM.
Devices with blocklisted Apps Number of devices having at least one blocklisted app installed.

Blocklist apps across the organization

In case your organization is worried about the installation of malicious apps, you would obviously want to disable it across the organization. You can do so by selecting an app or a set of apps and then Blocklist it for all managed devices. It also ensures any device enrolled after the app has been blocklisted, has the app automatically blocklisted.

Blocklist apps on specific devices/groups

In case you want to restrict non-compliant apps for all the contract employees, you can do so by choosing to Blocklist the apps only for the group containing the contract employees. Similarly, if you do not have a group of contract employees and they are present in multiple groups, you can choose to Blocklist the apps for specific devices as well.

Procedure to Blocklist apps

Points to Note

Copyright © 2021, ZOHO Corp. All Rights Reserved.
ManageEngine