Category filter

How to Blacklist / Whitelist Apps on Windows Devices

Some situations demand organizations to keep track of the apps used by the endpoints to determine that no insecure apps are present on corporate devices. Hexnode UEM lets you either blacklist or whitelist apps, which helps restrict unwanted apps and allows only company-approved apps on the device. In addition, it enables the administrators to take remedial actions so that the users do not access any untrusted apps from corporate devices.

Note

  • This feature is available only on Hexnode UEM’s Ultimate and Ultra subscription plans.
  • Blacklist/Whitelist policy is supported only on Windows 10 and Windows 11 devices.

App Blacklisting

  1. Login to your Hexnode UEM portal > Navigate to Policies tab > Click on New Policy to create a new one or click on any policy to edit an existing one > Enter the Policy Name and Description in the provided fields.
  2. Go to Windows > From App Management, choose Blacklist/Whitelist > Click on Configure.
  3. Choose Blacklist as the Type > Click on +Add button > Choose either Add App or Add Group.
  4. Select Add App,
    From Local Apps, search and select the required apps > Click Done.
    Or

    Select Public Store to install apps directly from the public app store > Search and select the required apps > Click Done.

    Select Add Group,
    search and select the required app group(s) > Click Done.

  5. Navigate to Policy Targets > Click on +Add Devices > Select the target devices > Click OK > Save.
Note


To associate policies to a device group, select Device Groups from the left pane under Policy Targets, and follow the above instructions. Similarly, you can associate the policy to Users, User Groups or Domains from the same pane.

On applying the Blacklist policy to Windows device(s)


The device will be marked as non-compliant if any of the blacklisted apps are present on the device. The device summary page shows the exact number of blacklisted apps present on the device.
Note


Navigate to Admin tab > General Settings > Compliance Settings > Enable the option Device is not application compliant. The device will not be marked as non-compliant unless you’ve enabled this option.

App Whitelisting

  1. Login to your Hexnode UEM portal > Navigate to the Policies tab > Click on New Policy to create a new one or click on any policy to edit an existing one > Enter the Policy Name and Description in the provided fields.
  2. Go to Windows > From App Management, choose Blacklist/Whitelist > Click on Configure.
  3. Choose Whitelist as the Type > Click on +Add button > Choose either Add App or Add Group.
  4. Select Add App,
    from Local Apps, search and select the required apps > Click Done.
    Or

    Select Public Store to install apps directly from the public app store > Search and select the required apps > Click Done.

    Select Add Group,
    search and select the required app group(s) > Click Done.

  5. Navigate to Policy Targets > Click on +Add Devices > Select the target devices > Click OK > Save.
Note


To associate the policies to a device group, select Device Groups from the left pane under Policy Targets, and follow the above instructions. Similarly, you can associate the policy to Users, User Groups or Domains from the same pane.

On applying the Whitelist policy to Windows device(s)


The apps that are not whitelisted will be treated as blacklisted, thus marking the device non-compliant.
Note


Navigate to Admin tab > General Settings > Compliance Settings > Enable the option Device is not application compliant. The device will not be marked as non-compliant unless you’ve enabled this option.

  • Deploying and Managing Apps