Category filter

How to Blocklist / Allowlist apps on Windows devices

Some situations demand organizations to keep track of the apps used by the endpoints to determine that no insecure apps are present on corporate devices. Hexnode UEM lets you either blocklist or allowlist apps, which helps restrict unwanted apps and allows only company-approved apps on the device. In addition, it enables the administrators to take remedial actions so that the users do not access any untrusted apps from corporate devices.

Note

  • This feature is available only on Hexnode UEM’s Ultimate and Ultra subscription plans.
  • Blocklist/Allowlist policy is supported only on Windows 10 and Windows 11 devices.

App Blocklisting

  1. Login to your Hexnode UEM portal > Navigate to Policies tab > Click on New Policy to create a new one or click on any policy to edit an existing one > Enter the Policy Name and Description in the provided fields.
  2. Go to Windows > From App Management, choose Blocklist/Allowlist > Click on Configure.
  3. Choose Blocklist as the Type > Click on +Add button > Choose either Add App or Add Group.
  4. Select Add App,
    From Local Apps, search and select the required apps > Click Done.
    Or

    Select Public Store to install apps directly from the public app store > Search and select the required apps > Click Done.

    Select Add Group,
    search and select the required app group(s) > Click Done.

  5. Navigate to Policy Targets > Click on +Add Devices > Select the target devices > Click OK > Save.
Note


To associate policies to a device group, select Device Groups from the left pane under Policy Targets, and follow the above instructions. Similarly, you can associate the policy to Users, User Groups or Domains from the same pane.

On applying the Blocklist policy to Windows device(s)

Blocklisting of unwanted apps on Windows devices

The device will be marked as non-compliant if any of the blocklisted apps are present on the device. The device summary page shows the exact number of blocklisted apps present on the device.
Note


Navigate to Admin tab > General Settings > Compliance Settings > Enable the option Device is not application compliant. The device will not be marked as non-compliant unless you’ve enabled this option.

App Allowlisting

  1. Login to your Hexnode UEM portal > Navigate to the Policies tab > Click on New Policy to create a new one or click on any policy to edit an existing one > Enter the Policy Name and Description in the provided fields.
  2. Go to Windows > From App Management, choose Blocklist/Allowlist > Click on Configure.
  3. Choose Allowlist as the Type > Click on +Add button > Choose either Add App or Add Group.
  4. Select Add App,
    from Local Apps, search and select the required apps > Click Done.
    Or

    Select Public Store to install apps directly from the public app store > Search and select the required apps > Click Done.

    Select Add Group,
    search and select the required app group(s) > Click Done.

  5. Navigate to Policy Targets > Click on +Add Devices > Select the target devices > Click OK > Save.
Note


To associate the policies to a device group, select Device Groups from the left pane under Policy Targets, and follow the above instructions. Similarly, you can associate the policy to Users, User Groups or Domains from the same pane.

On applying the Allowlist policy to Windows device(s)


The apps that are not allowlisted will be treated as blocklisted, thus marking the device non-compliant.
Note


Navigate to Admin tab > General Settings > Compliance Settings > Enable the option Device is not application compliant. The device will not be marked as non-compliant unless you’ve enabled this option.

  • Deploying and Managing Apps