14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Deploying and Managing Apps
  3. Windows

Category filter

How to Blocklist / Allowlist apps on Windows devices

Jump To

Some situations demand organizations to keep track of the apps used by the endpoints to determine that no insecure apps are present on corporate devices. Hexnode UEM lets you either blocklist or allowlist apps, which helps restrict unwanted apps and allows only company-approved apps on the device. In addition, it enables the administrators to take remedial actions so that the users do not access any untrusted apps from corporate devices.

Note:

  • Blocklist/Allowlist policy is supported on all editions of Windows 10 and Windows 11, with the exception of Home.
  • The following Hexnode apps are automatically allowlisted in the background:
    • Hexnode Remote Assist
    • Hexnode UEM

App Blocklisting/Allowlisting

  1. Log in to your Hexnode UEM portal.
  2. Navigate to Policies > New Policy. Click on New Policy to create a new one or select an existing one to make edits. Then, enter the Policy Name and Description in the provided fields.
  3. Go to Windows > App Management > Blocklist/Allowlist. Click on Configure.
  4. You can configure the blocklist/allowlist settings by two ways,
    • Add Apps: You can select the apps to be blocklisted/allowlisted from a list of store apps to create a blocklist/allowlist.
    • Add Rules: You can create rules to block or allow apps based on their publisher or file path.

    Add Apps

    • Choose Blocklist/Allowlist.
    • Click on +Add App.
    • Select the store apps to be blocklisted or allowlisted. Then, click on Done.
    Note:


    In allowlisting, all inbox applications on the device will be allowlisted by default. If you wish to block Inbox apps, you need to create block rules for the individual inbox apps in the Add Rules section.

    Add Rules


    The following fields are to be configured for adding a rule,

    • Action: Choose the action (Block/Allow) associated with the rule. You can choose to block or allow access to apps on the device by the rule.
    • Rule Name: Enter a name for the identification of the rule.
    • App Type: Choose the type of apps to which the rule will apply. You can choose between two types of apps,
      • Packaged Apps/Packaged Apps Installers (.appx)
      • Executables (.exe)
    • Rule Condition: Choose the rule condition to block or allow the applications. You can block/allow the apps based on two attributes:
      • Publisher: If this option is selected, the apps will be blocked/allowed by the name of the application(s) publisher.
      • File Path: If this option is selected, the app will be blocked by specifying the file path of the application.
    • Publisher Name: If the rule condition is chosen as Publisher, specify the name of the application(s) publisher.
    • App Name: Specify the name of the application.
    • File Path: Specify the location of the application on the user’s device.
  5. Click on Save.
Note:


When creating block rules for a specific app type, ensure that you also create allow rules explicitly for the required apps within that type. If not, all apps of that type will be blocked by default.

Associate the policy with target entities

If you haven’t saved the policy,

  1. Navigate to Policy Targets.
  2. Select the required Devices, Users, Device Groups, User Groups or Domains.
  3. Click on Save.

If you have already saved the policy,

  1. Navigate to Policies > My Policies and select the required policy.
  2. Click on Manage > Associate Targets.
  3. Select the required Devices, Users, Device Groups, User Groups or Domains.
  4. Click on Associate.
Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Deploying and Managing Apps