Category Filter

How to blacklist/whitelist apps on macOS devices?

Application blacklisting is a prohibitive mechanism that prevents users from accessing specific applications on the devices. As determined by the organization, apps that hinder productivity or appear to be malicious in nature in a workplace environment can be blacklisted. The app blacklisting policy enables you to restrict specific apps on macOS devices from the Hexnode MDM console. It raises a blocked-access prompt on the devices as the user tries to open the blacklisted applications.

Whitelisting allows users to access only those applications that are explicitly defined by the organization. The users can install/access them conveniently without any restrictions. All other apps, except the whitelisted ones will be blocked on the device. Based on the requirement, you can define the applications to be denied or allowed access on macOS devices.

Notes:

  • Supported only on macOS 10.11+.
  • Blacklist/Whitelist policy requires the latest version of the Hexnode agent app installed on the devices.
  • Hexnode MDM agent present on the device is responsible for sending the app paths (app identifiers or bundle identifiers) to the portal. Apps can be selected from the policy for blacklisting/whitelisting only after a macOS device is enrolled, the device scan is completed, and the agent updates the app paths with the portal.

Blacklist apps on macOS devices

To block apps on macOS devices:

  1. Login to your Hexnode MDM portal.
  2. Navigate to Policies > New Policy > macOS > App Management > Blacklist/Whitelist. Click on Configure.
  3. Enter the policy name and description.
    • Policy name – Enter an appropriate name for the policy. This is a mandatory field.
    • Description – Add a brief description of the policy.
  4. Click on the Blacklist button.
  5. Click on +Add to add either an app or a group of apps to be blacklisted. You can blacklist Enterprise app, Store app or VPP apps on macOS devices.
  6. After selecting the desired apps, click Done.
  7. Next, associate the policy with the target devices by clicking on Policy Targets.
  8. Select the Devices/Device Groups/User/User Groups/Domains with which the policy is to be attached.
  9. Click Save.



Exception:


Certain system apps like Finder, Siri, etc., relaunch themselves every time and always remain open on macOS. As these system apps try to open automatically, blacklisting them generates infinite blocked-access pop-ups on the device.

Whitelist apps on macOS devices

To limit access to a specific set of applications:

  1. Login to your Hexnode MDM portal.
  2. Navigate to Policies > New Policy > macOS > App Management > Blacklist/Whitelist. Click on Configure.
  3. Enter the policy name and description.
    1. Policy name – Enter an appropriate name for the policy. This is a mandatory field.
    2. Description – Add a brief description of the policy.
    3. Click on the Whitelist button.
    4. Click on +Add to add either an app or a group of apps to be whitelisted. Selecting a single application limits the device usage only to the given application, and all other apps remain inaccessible on the device. Enterprise apps, Store apps and VPP apps can be whitelisted on the devices.
    5. After selecting the desired apps, click Done.
    6. Next, associate the policy with the target devices by clicking on Policy Targets.
    7. Select the Devices/Device Groups/User/User Groups/Domains to apply the policy.
    8. Choose the device and click Save. The policy will be pushed to the device.



    Exception:


    Enterprise apps uploaded using DMG files cannot be blacklisted/whitelisted. Since the app identifier or bundle identifier cannot be fetched for DMGs, they will not be listed among the apps, and the user cannot add them in the policy.