Chia sẻ qua

Blocking Apps on iOS with Intune

  • Bài viết

A very (very) common ask from our customers is whether or not we can whitelist/blacklist apps on iOS devices.

From iOS 9.3, Apple made this option available for all Supervised devices, exposing it via the SDK and Apple Configurator.

Microsoft Intune now supports the ability to allow/block individual apps via the Show or Hide Apps feature!

The feature is very simple to use, requiring just the App name and URL or Bundle ID. You can either configure the policy in two ways:

Hide the listed apps from users, meaning the listed apps are no longer available to the end user.

Show only the listed apps to users, meaning all apps will be hidden except the apps listed.

To configure the setting, open your Intune console and browse to Policy > Configuration Policies > Add > iOS > General Configuration

Then browse to Supervised Mode and turn on the Show or Hide Apps policy.

Add the apps you want to allow/block and deploy the policy.

image

If users targeted by this policy don’t currently have this app installed, when they attempt to install it they will be blocked.

If users targeted by this policy do currently have the app installed, the app will disappear and will be unavailable to use at all. This includes searching for the app in Spotlight. It’s important to note that the app is not uninstalled, rather hidden from use.

Please also be aware that this feature is ONLY available for Supervised iOS devices. This means the device must be prepared using either Apple Configurator or the Apple Device Enrolment Program. Apple do not make this feature available for non-Supervised devices, so for you BYO devices, you’ll need to continue to report on compliant/non-compliant apps instead of allow/blocking.

Matt Shadbolt
Senior Program Manager
Enterprise Client and Mobility – Intune

Comments

  • Anonymous
    September 01, 2016
    Nice article.But how can our organization supervise the ios devices it owns ? specially to control access to web traffic within orgazation's guidelines.And will this be effective to the same extent in the newely released iphone 7 https://beginnerwebs.com/iphone-7-release-date-apple-is-expected-to-launch-its-new-smartphone-next-week/
    • Anonymous
      September 01, 2016
      Hey Jose. You can supervise any deivice retrospectively using Apple Configurator. Apple DEP can be used for your newly purchased devices. See here for the different techniques available to enroll your corporate owned iOS devices. Matt
  • Anonymous
    September 02, 2016
    it was really helpful
  • Anonymous
    October 06, 2016
    There is another option in the iOS configuration policy that blocks the AppStore but it seems that the applications deployed through Intune are still allowed to install. This will not uninstall previously installed apps but once applied, only apps distributed by Intune will be allowed. It works for non-supervised devices
    • Anonymous
      October 06, 2016
      The comment has been removed
  • Anonymous
    December 13, 2016
    The comment has been removed
    • Anonymous
      December 29, 2016
      The comment has been removed
  • Anonymous
    September 07, 2017
    Hi Matt,We deployed in-house app to users via Intune Hybrid(SCCM). Application works fine on iPad 3rd and 4th Generation models but not on iPad 5th generation. We have other few apps not working on iPad models.Note : same application on Same iPad model works fine on other MDM like XenMobile,What could be the issue in Intune/application?Regards,Ramesh T
    • Anonymous
      October 16, 2017
      Hey Ramesh. Ensure there's no deployment requirements (iOS version usually) on the app, and if there aren't any please raise a free Intune support case. This should not happen assuming everything is setup correctly! Matt
  • Anonymous
    October 27, 2017
    The comment has been removed
    • Anonymous
      October 27, 2017
      Hey David. Have you tried using the BundleId instead of the URL? Looking at the Apple Spec, the whitelistedAppBundleID's is the key used to 'un-hide' the apps rather than the app uri so as long as the BundleId is correct it should unhide it. If not, please feel free to raise a support case (it's free!) and get our support engineers to give you a hand. Matt