Connect
Ask Community
Ask the community
Ask Community
  • Home
  • App Management
  • How to restrict access to corporate apps based on office location and working hours

How to restrict access to corporate apps based on office location and working hoursSolved

Profile photo of benjay
benjay
Participant
Discussion
Hexnode UEM
4 days ago Mar 12, 2026

Hi everyone, we manage a few sensitive applications such as our internal CRM and finance tools through Hexnode. The leadership team wants to ensure these apps can only be accessed from the office and only during working hours. 

For example, if someone tries to open the CRM from home or late at night, the app should not be accessible on the managed device. 

Is there a way in Hexnode to enforce something before allowing access to these apps?

topic view count 10 Views

Tags

App Management (363) Restrictions (56)
Reply

Replies (1)

Marked SolutionPending Review
Profile photo of kylian_parker Hexnode Expert image
kylian_parker
Hexnode Expert
3 days ago Mar 13, 2026
Marked SolutionPending Review

@benjay , yes, this can be implemented in Hexnode by combining Geofencing, App restriction policies, and Automations. The idea is to enforce a restriction policy whenever the device is outside the office location or outside the approved operational hours. 

Step 1: Define the Office Location (Geofence) 

First, create a geofence that represents the physical office location. 

  1. Navigate to Admin → Geofencing. 

  1. Select Create Fence. 

  1. Mark your office location on the map. 

  1. Configure a radius (for example 200 meters) to account for GPS drift. 

  1. Save the fence with a clear name such as Main Office. 

This allows Hexnode to determine whether a device is inside or outside the approved location. 

Step 2: Create a Restriction Policy for Sensitive Apps 

Next, create a policy that blocks the applications you want to restrict. 

  1. Go to Policies → New Policy. 

  1. Select the required platform. 

  1. Navigate to App Management → Blocklist / Allowlist. 

  1. Add the sensitive apps (for example CRM or finance tools) to the Blocklist. 

  1. Save the policy (example name: After-Hours App Lockdown). 

This policy will be applied when the device violates either the location condition or the time condition. 

 

Step 3: Enforce Restrictions After Working Hours 

Create a time-based automation that associates the lockdown policy after work hours. 

  1. Navigate to Automate → New Automation. 

  1. Choose Action → Associate Policy. 

  1. Select the Lockdown policy. 

  1. Under Trigger, choose Time. 

  1. Configure the schedule: 

  • Days: Monday–Friday 

  • Time: for example 18:00 

  1. Select the target device groups. 

This ensures the restriction policy activates outside your operational window. 

 

Step 4: Enforce Restrictions When Devices Leave the Office 

Create a second automation based on location activity. 

  1. Go to Automate → New Automation. 

  1. Choose Action → Associate Policy. 

  1. Select the same lockdown policy. 

  1. Under Trigger, choose Activity. 

  1. Configure InitiateOn Location Non-Compliance. 

  1. Add the required device groups. 

Now, if the device leaves the geofence, the restriction policy is applied automatically. 

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Pro image
bram
2200 pts
Profile photo of timo-liam Veteran image
timo-liam
1525 pts
Profile photo of eliiza Novice image
eliza
1492 pts
Profile photo of finn Veteran image
finn
1400 pts
Profile photo of leo_scott Novice image
leo_scott
1367 pts
View all

Popular Tags

ABM (54)
Android (482)
iOS (363)
macOS (483)
Windows (329)
Apple TV (33)
App Management (363)
Enrollment (110)
Location (30)
Kiosk (229)
Scripts (90)
ADE (50)
OS Updates (79)
Android Enterprise (145)
View all