For more information about security policies, and how to create/use them, please read the article on Security Policies for Devices in Systems Manager.
In each of these fields, the names of apps can be entered in multiple ways. Matches can also make use of a the wildcard '*' character.
Application Name: This is the friendly display name of the app, and can be used across both desktop and mobile devices. Ex. "Google Chrome", "Facebook", "*SMS*".
Note: An application may have a slightly different name dependent on the platform it is on, so the wildcard can be useful for matching across multiple device types.
Application Identifier: This can be the unique app ID or bundle ID for an app, and can only be used with iOS and Android. Ex. "com.meraki.sm", "com.google.*", "472572194".
Note: Using the wildcard with the bundle ID (ex. com.meraki.*) can be used to easily block all apps from a particular vendor.
Bundle ID can be found for apps in the Google Play store and will appear in the URL as shown below. If known, the bundle ID can also be used for iOS apps.
App ID can be found for apps in iTunes and will appear in the URL as shown below.
To add an app or pattern, click in the box provided and begin to type. Once the desired app or pattern has been entered, click Add option. The app or pattern will then appear as its own bubble.
The options under All devices for Application blacklist / whitelist and Mandatory applications can be used to track which devices have installed restricted apps, or are missing required apps.
Behavior of this option will depend on whether blacklist or whitelist is chosen.
Application 'blacklist' will mark a device as violating the policy if it has any apps installed that ARE listed. It indicates apps that are not allowed.
Application 'whitelist' will mark a device as violating the policy if it has any apps installed that AREN'T listed. It indicates apps that are allowed.
The next two examples will illustrate using the list of apps/patterns shown below.
These entries would match on the following:
A blacklist means these apps are NOT allowed, but others are. The apps in red are not permitted, while those in green are.
A whitelist means ONLY these apps are allowed, and others aren't. The apps in red are not permitted, while those in green are.
Mandatory applications operate similarly to application whitelist / blacklist above, but indicates apps that MUST be installed. This list is compared to the managed apps assigned to a device on the MDM > Apps page, and if an app matches in both places, it is checked on the device. If it is not present, the device is considered to be violating.
As an example if the app Meraki is listed as a mandatory app AND is assigned to a device on the MDM > Apps page, it MUST be present on the device. However, if the Meraki app is listed as a mandatory app but is NOT assigned to the device on the MDM > Apps page, it is NOT required.
Requirements can also be created around which applications are currently running on desktop devices. These are evaluated based on whether the application is running as a service or active program. Formatting of these entries is done similarly to the Application blacklist / whitelist functions above.
The Running apps blacklist will consider a device to be violating the policy if ANY of the apps listed are currently running.
ALL apps listed under Mandatory running apps MUST be running, otherwise the device will be considered violating the policy.