Black or Whitelist applications on Windows Phone 8.1 with Windows Intune
Do you want to blacklist a specific application from being installed or started on Windows Phone 8.1? Today it’s possible to:
- Black or whitelist a specific application
- Black or whitelist a specific vendor
Bear in mind that as of today, we can only do this using Intune UDM (Windows Intune in combination with ConfigMgr).
In this example we will prohibit users from installing or starting a specific app.
Step 1 – Create a new Configuration Item
Create a new Configuration Item and specify something a “Name”. Make sure you select “Mobile device” in the drop-down list box. Hit “Next”.
Select “Configure additional settings that are not in the default settings group” and hit “Next”.
In the next dialog, hit “add” followed by “Create setting”.
Enter a descriptive name, select “OMA URI” in the “Setting Type” drop-down list box.
Select “String” in the “Data Type” drop-down list box.
In the “OMA-URI” field, copy and past the following line:
./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions
Hit “OK”.
Search for the setting we just created and hit “Select”.
In the “Create Rule” dialog, make sure that:
- The “Rule type” is set to “Value”
- The second drop-down list box contains “Equals”
- The “the following values” textfield contains the line of XML required to blacklist (or whitelist) the product ID.
In our example, the XML required will be:
<AppPolicy Version="1" xmlns=" https://schemas.microsoft.com/phone/2013/policy" ><Deny><App ProductId="{9168c4f3-217b-4a29-b543-7513bb4ae2ed}" /></Deny></AppPolicy>
Notice the two variables in this line of XML:
- <Deny></Deny>
- ProductId
You can either blacklist by using “Deny” or whitelist by using “Allow”
How to find the product ID:
- Open a browser and navigate to the Windows Phone store
- Search for the game/application, open the link to the specific game/application if you get multiple hits.
- Look at the URL, this contains a GUID. This GUID is the ProductId.
After entering the line of XML according to the desired behaviour, the dialog should look similair to this:
Select “OK” and “Close”. Afterwards hit “Next”.
Select “Windows Phone 8.1” and hit “Summary”. Followed by “Next” and “Close”
Navigate to “Configuration Baselines”, create a new Baseline and select “add” followed by “Configuration Items”
Add the Configuration Item we just created and hit “OK”
Select “Remediate noncomplaint rules when supported” and select a collection to target this policy against.
Wait until the policy is applied on the device, you can speed this up by going to “Workplace” on the Windows Phone and pressing the “sync” icon.
Now when browsing the store, users will get a notification and will be unable to install an app. If the app is already installed – users will be unable to start the app.
A big thanks for the great information goes out to my fellow TSP’s Bjorn Axell, Paul Goodson, Dan Andersen and Bob Roudebush.
Please consider leaving a reply in case this post helped you.
Comments
- Anonymous
January 01, 2003
thanks - Anonymous
October 06, 2014
The comment has been removed - Anonymous
October 06, 2014
The comment has been removed - Anonymous
October 06, 2014
Hi Pwigle, that is an option but I am interested in knowing what alternative methods there are of obtaining the ProductID of an application? - Anonymous
April 23, 2015
The comment has been removed - Anonymous
June 10, 2015
The Windows Phone 8.1 SSP APP GUID is 01914a77-09e7-4f01-88d1-099162777f9b - Anonymous
June 10, 2015
If you have reason to believe the GUID may have changed or you have another .xap you need the guid for, open the WMAppManifest.xml and look for the App ProductID. The one I posted above is from
http://www.microsoft.com/en-us/download/details.aspx?id=36060 - Anonymous
July 30, 2015
So uh, the store has changed and no longer shows the guid of an app in the url. How do I find the guid then ? - Anonymous
July 30, 2015
The comment has been removed