14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Deploying and Managing Apps
  3. macOS

Category filter

How to blacklist/whitelist apps on macOS devices?

Jump To

Application blacklisting is a prohibitive mechanism that prevents users from accessing specific applications on the devices. As determined by the organization, apps that hinder productivity or appear to be malicious in a workplace environment can be blacklisted. The app blacklisting policy enables you to restrict specific apps on macOS devices from the Hexnode UEM console. It raises a blocked-access prompt on the devices as the user tries to open the blacklisted applications.

Whitelisting allows users to access only those applications that are explicitly defined by the organization. The users can install/access them conveniently without any restrictions. All other apps, except the whitelisted ones will be blocked on the device. Based on the requirement, you can define the applications to be denied or allowed access on macOS devices.

Notes:

  • Supported only on macOS 10.11+.
  • Blacklist/Whitelist policy requires the latest version of the Hexnode agent app installed on the devices.
  • The Hexnode MDM agent present on the device is responsible for sending the app paths (app identifiers or bundle identifiers) to the portal. Apps can be selected from the policy for blacklisting/whitelisting only after a macOS device is enrolled, the device scan is completed, and the agent updates the app paths with the portal.

Blacklist apps on macOS devices

To block apps on macOS devices:

  1. Login to your Hexnode UEM portal.
  2. Navigate to Policies > New Policy > macOS > App Management > Blacklist/Whitelist. Click on Configure.
  3. Enter the policy name and description.
    • Policy name – Enter an appropriate name for the policy. This is a mandatory field.
    • Description – Add a brief description of the policy.
  4. Click on the Blacklist button.
  5. Click on +Add to add either an app or a group of apps to be blacklisted. You can blacklist Enterprise app, Store app, or VPP apps on macOS devices.
  6. After selecting the desired apps, click Done.
  7. Next, associate the policy with the target devices by clicking on Policy Targets.
  8. Select the Devices/Device Groups/User/User Groups/Domains with which the policy is to be attached.
  9. Click Save.



Exception:


Certain system apps like Finder, Siri, etc., relaunch themselves every time and always remain open on macOS. As these system apps try to open automatically, blacklisting them generates infinite blocked-access pop-ups on the device.

Whitelist apps on macOS devices

To limit access to a specific set of applications:

  1. Login to your Hexnode UEM portal.
  2. Navigate to Policies > New Policy > macOS > App Management > Blacklist/Whitelist. Click on Configure.
  3. Enter the policy name and description.
    • Policy name – Enter an appropriate name for the policy. This is a mandatory field.
    • Description – Add a brief description of the policy.
  4. Click on the Whitelist button.
  5. Click on +Add to add either an app or a group of apps to be whitelisted. Selecting a single application limits the device usage only to the given application, and all other apps remain inaccessible on the device. Enterprise apps, Store apps, and VPP apps can be whitelisted on the devices.
  6. After selecting the desired apps, click Done.
  7. Next, associate the policy with the target devices by clicking on Policy Targets.
  8. Select the Devices/Device Groups/User/User Groups/Domains to apply the policy.
  9. Choose the device and click Save. The policy will be pushed to the device.


Whitelist an app present on the macOS device

  1. Click on the +Add button and select the Choose an app from the device option.
  2. Enter the name of the app you want to whitelist under App name.
  3. Enter the path of the app on the device under Specify the file path to the app on the device.
  4. Click Add.
  5. Next, associate the policy with the target devices by clicking on Policy Targets.
  6. Select the Devices/Device Groups/User/User Groups/Domains to apply the policy.
  7. Choose the device and click Save. The policy will be pushed to the device.

    8. Note:

    • Blacklisting an application that is not currently installed on the device will not prevent its installation, however, once installed, the app will be inaccessible.
    • Whitelisting and Blacklisting the same app will blacklist the app on the device.
    • To whitelist the Safari app, you should also specify the following path using the Choose an app from the device option for the Safari app: /System/Volumes/Preboot/Cryptexes/App/System/Applications/Safari.app/Contents/MacOS/Safari
    • If you specify the location of a folder that contains a number of apps inside it in the Choose an app from the device option, all the apps inside that folder will be whitelisted. For example, specifying the ‘/Application/’ folder in the Choose an app from the device option will whitelist all the apps inside the folder ‘Applications’.

    Exception:


    Enterprise apps uploaded using DMG files cannot be blacklisted/whitelisted. Since the app identifier or bundle identifier cannot be fetched for DMGs, they will not be listed among the apps, and the user cannot add them to the policy.

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Deploying and Managing Apps