Skip to main content
This guide applies to all device platforms

About Application Blocking

Iru Endpoint allows you to block specific applications across macOS, Windows, and Android devices. The App Blocking library item is cross-platform and can be configured to block applications on enrolled devices. If a user tries to open a blocked app, it will immediately close, and they’ll see a message explaining the block. To block apps on iOS or iPadOS devices, use a Restrictions Library Item instead.
As of January 8 2025, Application Blocking is configured using a Library Item for macOS. This Library Item replaces the previous Application Blocking Parameter. Classic Blueprints that already include the Application Blocking Parameter can still be edited, but this Parameter can’t be added to Blueprints that don’t already have it configured.

How It Works

Application blocking works by intercepting application launch attempts and preventing blocked apps from running. When a user tries to open a blocked application, the system immediately closes it and displays a customizable message explaining why the app is blocked.

Blocking an Application using the App Blocking Library Item

To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.
  • macOS/Windows
  • Android (Personal Profile)

Configure App Blocking for macOS and Windows

1

Name the library item

Give the new Application Blocking Library Item a Name.
2

Assign to Blueprints

Assign to your desired Blueprints.
3

4

Configure blocking rules

Configure the processes, paths, developer IDs or bundle IDs you’d like to block.Select the desired Match type.
5

  • Contains: Matches that contain the string.
  • Exact: Matches the exact string provided.
  • Regex: Matches based on regular expression using Swift regex syntax.
    Regex is a very powerful tool that should be used with caution. Ensure that you test the implementation before broadly deploying it.
    • 6

    Customize user message

    Optionally, customize the message, button title, and button URL users will be presented with when an application is blocked.
    7

    Save the configuration

    Click Save.

    Blocking an Application from Device Record (macOS/Windows)

    Adding an item to the Block list can also be performed from an individual device record for macOS and Windows devices. These updates can either be added to an existing App Blocking Library Item or you can create a new one.
    1

    Open device record

    Log in to Iru Endpoint and open a device record with the Application you wish to block installed.
    2

    Locate the application

    Click the Apps tab and locate the Application in question.
    3

    Block the application

    Click the More (…) button to the right of the Application and click “Block Application”.
    4

    Configure blocking rule

    Select the Add rule to the following Library Item(s) drop-down and select a Library Item or type to create new one.Select the desired Blueprint that should receive the Blocking Rule, and customize the identifiers as needed.
    5

    Create the rule

    Click Create.

    How to find a BundleID (macOS)

    To find the bundle ID of a macOS app, you can use the codesign command in Terminal, replacing /path/to/yourapp.app with the path to your desired application: 
    codesign -dr - /path/to/yourapp.app
    The output of this command will include information about the app, including the Team ID, Bundle ID, and Code Requirement which can be helpful when creating PPPC Profiles. The Bundle ID will usually be at the end of the output, after the word “identifier”. In the example output below, the Bundle ID for Keynote is com.apple.iWork.Keynote.

    How to find an Android Package Name

    For Android devices, you need the application’s package name to block it. Package names follow the format com.company.appname. You can find package names by:
    • Searching online for “[app name] package name”
    • Using the Google Play Store URL (the package name is the id parameter)
    • Checking the app details in the Iru Endpoint device record under the Apps tab
    Example: The package name for Google Chrome is com.android.chrome

    Application Blocking Considerations

    • Cross-Platform: The App Blocking Library Item works across macOS, Windows, and Android devices. Configure platform-specific settings by selecting which platforms to target in the “Installs on” field.
    • macOS/Windows: You can import settings from the existing Application Blocking Parameter in a Blueprint into the new App Blocking Library Item.
    • Android: Blocked apps in the personal profile will be automatically removed if already installed. This only affects the personal profile on company-owned work profile devices.
    • Multiple App Blocking Library Items can be added to an Assignment Map. All of the App Blocking rules will be combined and applied to devices.
    • Classic Blueprints that already include the Application Blocking Parameter can still be edited, but this Parameter can’t be added to Blueprints that don’t already have it configured.
    • When both a Library Item and a Parameter exist in a Blueprint, Iru Endpoint will prioritize the Library Item’s settings.
    • Blocked actions are logged in both the device and Blueprint activity streams.

    User Experience

    Users attempting to open a Blocked Application receive a popup with the customizable block message. Users who click Learn More will be directed to the URL specified in the Block Message. You can read more about this in our User Experience with Application Blocking article.