Whitelist and Blacklist Apps

In the context of an individual Organization, some apps are always allowed on user devices, such as enterprise private apps. Some apps are not ever allowed, such as malware.

Whitelisting

To simplify app management, you can flag the always-allowed apps as belonging to a whitelist. Apps that you whitelist using Add to Whitelist, regardless of whether they violate an app policy, do not trigger any remediation. An auto-whitelisted app will be always allowed even when new versions of the app are installed.

Blacklisting

The opposite is true for apps that you do not want to allow on a user device. Apps that you blacklist using Add to Blacklist are assigned an App Risk Score of 10. They are also tracked by the built-in TI called "Blacklisted by IT". By default it is inactive and must be activated and added to a custom App Policy before the blacklist can take effect.

To see whitelisted and blacklisted apps

  1. Go to the Apps tab.
  2. Locate the app.
  3. Locate the whitelist/blacklist column.
  • If the app is whitelisted, the icon displays as white. If it is auto-whitelisted, an A is inside the icon.
  • If the app is blacklisted, the icon displays as black. If it is auto-blacklisted, an A is inside the icon.
  • If the app is not on a list, it displays a hyphen.

To add apps to the whitelist or blacklist

  1. Go to the Apps tab.
  2. Select an app.
  3. Click Actions > Add to Whitelist... or Add to Blacklist.... A popup opens.
  4. Select an option in Add to Whitelist:
    • Apply to selected app versions only: Add only the selected app, at its listed version, to the whitelist.
    • Auto-whitelist selected apps: Turn on auto-whitelist to automatically whitelist all versions (including future versions) of the selected app.

      You can select app developer signing certificates to be whitelisted. Current and future private apps with a matching developer certificate are automatically excluded from the sideloaded app list.

The same options apply to blacklisting options in Add to Blacklist.

To remove an app from the whitelist or blacklist

  1. Go to the Apps tab.
  2. Select an app.
  3. Click Actions > Add to Whitelist... or Add to Blacklist.... A popup opens.
  4. Select an option in Remove from Whitelist:
    • Apply to selected app versions only: Remove only the selected app version from the whitelist.
    • Apply to all versions of selected apps: Remove all versions of selected apps from the whitelist.
      Caution: This also removes any apps that are set to auto-whitelist.

The same options apply to blacklisting options in Remove from Blacklist.

To activate the blacklist TI and custom policy

After you finish creating a blacklist, you activate the TI and assign it to a policy.

  1. Go to Compliance > Threat Indicators.
  2. Use Search to locate the "Blacklisted by IT" TI.
  3. Optionally change the default Risk.
  4. Select it and click Actions > Activate.
  5. Go to Compliance > App Policies and create a new policy, such as "Appthority Blacklist", using the Blacklisted by IT TI. See Create a Custom App Policy.

AirWatch Notes and Next Steps

When using the MTP workflow

After syncing, the App Policy you create (that has the Blacklisted by IT Threat Indicator) is listed as a device group in the AirWatch Groups & Settings > Assignment Groups list. The device group lists the devices that have apps that were flagged by Appthority MTP as Blacklisted by IT.

See Configure Policy Enforcement when Using the MTP Workflow.

When using the App Scan workflow

After syncing, apps blacklisted in Appthority MTP appear in a global blacklist app group in AirWatch. See Configure Policy Enforcement when Using the App Scan Workflow.

Copyright ©Appthority, Inc. 2017-2018 All Rights Reserved. Contact Support