Advanced App Compliance settings
The Advanced App Compliance feature uses blocklists or allowlists to deny or allow universal and desktops apps for Windows 10+ desktops, laptops, and tablets.
The Advanced App Compliance setting can block or allow apps based on their publisher, file path, or file hash. You can manage numerous blocklist and allowlist entries from this feature.
Policy setting | Description | Supported devices |
---|---|---|
Blocklist (Deny) Native Apps | Adds the application name to the list of apps that are restricted on managed
devices. Native apps are a list of apps that are required for Windows OS to function normally. Enabling this option can affect basic functions of Windows. For a list of Windows native apps that are enabled by default, see Windows native apps that are enabled by default for Advanced App Compliance. |
Windows 10+ Professional, Education, Enterprise |
Configure App Blocklist and Allowlist | Adds the app name and/or the publisher name for packaged apps (.appx)
that are restricted on managed devices. All other packaged apps are allowed. For steps on how to
obtain the app name and the publisher name, see Using the Windows App Management Admin Tool to obtain Windows app IDs. Note: Use
* in the app name to block all apps for a publisher.
|
Windows 10+ Professional, Education, Enterprise |
Blocklist/Allowlist Name | The type of blocklist or allowlist action that is taken on the app. | Windows 10+ Professional, Education, Enterprise |
Publisher Name | Provide the publisher name of the app that is blocked or allowed. For steps on how to obtain
the app name and the publisher name, see Obtaining the app ID for Universal Windows Packages (UWP). Note: Use
* in the app name to block all apps for a publisher.
|
Windows 10+ Professional, Education, Enterprise |
App Name | Allows all apps with the name that is provided. All other apps are blocked. You can also
specify that certain apps from this publisher are blocked by using the exception app names. Note:
The value added for the name of the app to be blocklisted or allowlisted is the
packageidentityname.
|
Windows 10+ Professional, Education, Enterprise |
Exceptions | Enable this option to exclude apps from the blocklist or allowlist. | Windows 10+ Professional, Education, Enterprise |
Associated Blocklist/Allowlist Name | The universal app blocklist or allowlist name that applies to the exception. | Windows 10+ Professional, Education, Enterprise |
Application | Publisher name | App name |
---|---|---|
MaaS360 App | CN=IBM, O=IBM, L=Armonk, S=New York, C=US | d8ef93cc-03f9-45ef-ba13-b6546ce79792 |
MaaS360 VPN | CN=4035BB11-B01C-481D-AEE1-46989E741C61 | FiberlinkCommunicationsCo.ibm.maas360.vpn |
MaaS360 Secure Browser | CN=IBM, O=IBM, L=Armonk, S=New York, C=US | 7c67e744-3118-4529-899a-705f29604e06 |
Policy setting | Description | Supported devices |
---|---|---|
Blocklist (Deny) essential Windows binaries | Adds the binary to the list of denied Windows binaries. All other packaged apps are allowed. For steps on how to obtain the app name and the publisher name, see Using the Windows App Management Admin Tool to obtain Windows app IDs. Note: Use
* in the app name to block all desktop apps.
|
Windows 10+ Professional, Education, Enterprise |
Configure App Blocklist and Allowlist | Adds the app name and/or the publisher name for executable files (.exe) or Windows installer files (.msi), or scripts that are restricted on managed devices. | Windows 10+ Professional, Education, Enterprise |
Blocklist/Allowlist Name | Provide a unique name to identify this blocklist or allowlist. | Windows 10+ Professional, Education, Enterprise |
App Type | Specifies the type of application/binary (.exe, .msi, or scripts). | Windows 10+ Professional, Education, Enterprise |
Action | The type of blocklist or allowlist action that is taken on the app. | Windows 10+ Professional, Education, Enterprise |
Based On | Specifies the category of the blocklist or allowlist based on the publisher, file path, or file hash of the app. | Windows 10+ Professional, Education, Enterprise |
Exceptions | Enable this option to exclude apps from the blocklist or the allowlist. | Windows 10+ Professional, Education, Enterprise |
Associated Blocklist/Allowlist Name | The universal app blocklist or allowlist name that applies to the exception. | Windows 10+ Professional, Education, Enterprise |
Directory |
---|
Path="%PROGRAMFILES%\IBM MaaS360\*" |
Path="%PROGRAMFILES%\BigFix\*" |
Path="%PROGRAMFILES%\BigFix Enterprise\*" |