Hello there,
Blocking access to desktop apps is easily done using Local Group Policy
User Configuration > Administrative Templates > System
Scroll down the policies on the right column and double click the Don’t run specified Windows applications policy.
Select the Enabled option on the upper left side of the Window.
Under the Options section, click the Show button.
Enter the apps you want to block access on each line, including the “.exe” file extension. In this example, we are blocking access to Command Prompt, PowerShell, and Google Chrome.
Click OK when done
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–