Allow \ Deny of iOS and Android Applications

December 3, 2014 at 1:13 pm in Uncategorized by nsienaert


Hi All,

Earlier this year I wrote a blog about Allow and Deny applications on Windows Phone Devices, we can do this by leveraging OMA-URI.

In that particular blog I wrote about the Hybrid mode (integration with ConfigMgr) but since the new Intune releases of last week you have also similar capabilities in the Cloud-Only, standalone mode. Actually today there is support for iOS and Android. Windows Phone support (with OMA-URI) will come in the release of December (if I’m not mistaken).

Allow and Deny Application support for iOS and Android in the Hybrid model will be something for 2015.

So back to the Cloud-Only model, let’s discover how Black and White Listing is possible today on iOS and Android.

Like any other feature within the Intune console most features are fairly simple to configure. This also applies for this subject.

Under policies you select an iOS or Android Configuration Policy and in this wizard you can Allow or Deny Applications based on their URL.

Let’s take Flappy World again as an example. :-)


Deploy this to the required Users or Devices.


After a few minutes go to your Reports and open the “non-compliance” report.


The Result should look like this.


Important 1: Yes indeed, today Allow & Deny App for iOS and Android is a reporting feature. In the future this will probably change meaning you will able to real block an App from installation OR usage on a device like you can do already today with Windows Phone (cf other Blog that was mentioned before).

So today there is no experience on the device.

Important 2: Notice the App Name in the report. That is not really user friendly right? The list of installed apps comes from issuing an InstalledApplicationList command, which then responds back with a list of entries that includes BundleID, Version, App Name, … It seems that only the BundleID in the reporting gets showed. This is not really nice to read as there is no mapping between the BundleID and the App Name. I have discussed this with the Prod Team and a DCR is filed for that.

Important 3: Windows Phone will be supported soon. The way you will do it is very similar as with the Hybrid model (with OMA-URI) but I’ll write a blog about that once that is released.

Till next time!

Nico Sienaert (Twitter: @nsienaert)