Do pre-installed macOS system apps need to be manually added to an allowlist policy?Solved

Some fundamental system apps like Finder, Siri, etc., bypass the restriction and stay accessible because they constantly run in the background. However, any other standard pre-installed applications like System Settings, Terminal, etc., you want your users to access will definitely be blocked if you don’t explicitly add them to the allowlist.

Ok got it. Can I push two allowlist policies to same device? Because I want to allow some common apps to all devices and users but want to allow specific apps based on their departments.

Hello @lila_ace , 

Hexnode UEM allows you to associate multiple allowlist policies with the same device by merging the payloads on the endpoint. This enables you to deploy your configurations efficiently using a layered approach: 

• Create a Baseline Policy: Build a primary allowlist policy containing your essential system utilities and company-wide applications (like communication or browsing tools) and target it to all your Mac endpoints. 
• Layer Departmental Policies: Associate separate, supplementary allowlist policies tailored to specific teams (such as developers or marketing groups) with their respective devices to grant access to specialized applications. 

When both policies are associated with a device, Hexnode UEM compiles them seamlessly, granting the user access to the combined list of permitted applications. 

For even more detailed information about the allowlist policy, refer to our guide on Blocklist/Allowlist apps on macOS devices. 

Regards, 
Simon Scott 
Hexnode UEM