Hello,
Thanks for reaching out to Hexnode Connect.
To answer your questions, Application Compliance and active app blocking are two separate workflows in Hexnode:
- Compliance vs. Blocking: Application Compliance is strictly for monitoring and reporting; it marks a device as non-compliant if unapproved apps are detected, but it does not block them from launching. For active enforcement, you must use platform-specific allowlist or blocklist restrictions. These two modes are mutually exclusive enforcement strategies: blocklist mode allows everything except explicitly blocked apps, while allowlist mode blocks everything except explicitly allowed apps.
- App Picker Differences: This behavior is expected. macOS natively allows Hexnode to discover and report installed applications (including built-in utilities), populating them in the picker. Windows handles app inventory differently, meaning applications usually need to be defined explicitly using rules (Store app, File path, App ID, or Publisher).
- Store Apps: This does not mean a combined list of all apps installed across your managed devices. It specifically refers to public store apps that have been added to your Hexnode App Repository.
- Bulk Upload: Currently, bulk selection and CSV uploads are not available in the Windows Application Compliance selection grid; apps must be selected manually. If active restriction is your goal, using Publisher-based rules in an enforcement policy is much more manageable for large deployments.
- Versioning: Allowlisting is based on the application’s unique identifier (like Bundle ID or package name), not the display version. If you allow an app, all versions sharing that exact identifier are permitted, so older versions will not suddenly stop working.
I hope this helps or resolves your issue. Feel free to reach out if you have any more doubts or need further assistance.
Best regards,
George,
Hexnode UEM