What's new 
I’m trying to understand how Hexnode app allowlist and blocklist policies work on Windows and macOS. From what I’ve read, it sounds like an app that is not on the allowlist may only make a Windows device non-compliant, while macOS may actually block the app. Is that correct? I also see both Application Compliance and allowlist/blocklist options under device restrictions. Can these be used together? And in the app selector, does “Store Apps” mean all apps installed across our enrolled devices, or only apps that were added somewhere in Hexnode?
14 Views
Replies (4)
Marked SolutionPending Review
Participant
19 hours ago
Jun 22, 2026
Marked SolutionPending Review
That helps. One thing still confuses me: on macOS, the allowlist/blocklist app picker shows a huge number of local apps, including native system tools. On Windows, I don’t see the same kind of populated list. Is macOS pulling those directly from enrolled devices?
Marked SolutionPending Review
Hexnode Expert
17 hours ago
Jun 22, 2026
Marked SolutionPending Review
Yes. This is an important platform difference. On macOS, Hexnode receives a local application inventory from enrolled Mac devices. This can include regular installed apps as well as native macOS utilities. Hexnode can then populate those discovered applications in the allowlist/blocklist selection dropdown, making it easier to select apps without manually entering identifiers.
Windows behaves differently. Hexnode does not automatically populate the restrictions dropdown with every local executable or system app from enrolled Windows devices. To configure app restrictions for Windows, you need to explicitly define the app using one of the available methods, such as:
- Store Apps: Apps that have been manually added to the Hexnode App Repository.
- Path: The installation or executable path of the Windows application.
- App ID/AUMID: The application’s unique Windows app identifier, where applicable.
So, if the Windows list appears empty, that does not necessarily indicate an issue. It usually means the Windows apps need to be added or defined manually for restriction targeting.
Marked SolutionPending Review
Participant
13 hours ago
Jun 22, 2026
Marked SolutionPending Review
So “Store Apps” is not a combined inventory of everything installed on all devices, right? It only refers to public apps we added to the central app repository?
Marked SolutionPending Review
Hexnode Expert
12 hours ago
Jun 22, 2026
Marked SolutionPending Review
Correct. In this context, Store Apps refers to apps available in the Hexnode App Repository, not a collective list of all applications installed on enrolled devices.
For macOS, the policy selector may also show discovered local apps because macOS app inventory is reported differently. For Windows, you should expect to add the app manually through the repository, path, or App ID before using it in allowlist/blocklist restrictions.
Save