Cortado Support

My Tickets Visit www.cortado.com
Welcome
Login

How to place default iOS apps on the deny list or allow list

Company-owned iOS devices can be entirely managed via MDM. For that purpose, the devices are set to supervised mode. In the following, we’ll show you how to place system applications (those that don’t come from the iTunes Store) on supervised devices onto a deny list or a allow list.

Aim

On a fully managed device (supervised device), a deny list can be used to block system applications (such as the mail app or the camera app) or any other apps (from the App Store). Whereas, if only genuine (system) applications are to be made available, they can be placed on a allow list. Then only the apps on the allow list will appear on the device – all other apps will be hidden. In this How-To you will learn how to create block or permission lists with the help of a policy and assign them to your users.

Note! Use kiosk mode if you only want users to have access to a single app.

Implementation

  • Select Administration→ Policies in the Administration Portal.
  • Click on the plus button to create a new Policy (arrow in illus.).

a screenshot of a computer.

  • Then select iOS/iPadOS.
  • Keep the supervised devices enrollment method (arrow in the illus.).

a screenshot of a computer.

  • Under Restrict app usage you can choose between:
    • Allow all apps
    • Do not allow some apps (deny list)
    • Only allow some apps (allow list).
  • Select one of these options (example in illus., upper arrow).
  • Use the search button (lower arrow) to add apps that are located in the Apple App Store onto the list (example in illus.).

only allow some apps

  • Enter the name of the app in the search field (arrow in illus.) and then click on the magnifying glass.

a screenshot of a computer screen with a number of options.

  • In the example, the system apps Camera and Safari are allowed in addition to the Pages app (arrow in the illustration).
  • Enter the bundle IDs of the (system) app/s. A list of the system apps can be found here.

enter bundle IDs

  • Now assign the policy to the users, groups or devices.

a screenshot of a computer.

Note! The settings app and the phone app are always displayed and cannot be hidden with a deny list or a allow list.

  • If you create a allow list for multiple apps, only those apps will be displayed on the device (example in illus.).

allowed apps on an iPhone

  • Conversely, if you create a deny list with one or more apps, those apps will no longer be available to the user.
  • In the example, the Photos, Music and FaceTime apps have been placed on the deny list (see the illus. on the right).

denied apps on an iPhone

You can see a list of the bundle IDs of all system apps that are able to be deny list or allow list here:

App Storecom.apple.AppStore
Calculatorcom.apple.calculator
Calendarcom.apple.mobilecal
Cameracom.apple.camera
Clockcom.apple.mobiletimer
Contactscom.apple.MobileAddressBook
FaceTimecom.apple.facetime
Filescom.apple.DocumentsApp
FindFriendscom.apple.mobileme.fmf1
FindiPhonecom.apple.mobileme.fmip1
Mailcom.apple.mobilemail
Mapscom.apple.Maps
Musiccom.apple.Music
Newscom.apple.news
Notescom.apple.mobilenotes
Photoscom.apple.mobileslideshow
Podcastscom.apple.podcasts
Reminderscom.apple.reminders
Safaricom.apple.mobilesafari

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.