In my experiences there are no good applications that do this for macOS. Your typical go to's for Windows like Carbon Black, Sentinel One, and CyberArc do not reliably provide App Control on MacOS if they provide it at all.

This is a security problem, not a device management problem. I would tell the Security Division in your IT infrastructure that they need to find the solution they want to use to close the finding.

JAMF Pro has two options.

• Application Black Listing (only use this to block what is absolutely needed to be blocked)
• A configuration Profile to set gatekeeper to only allow AppStore Apps to run (this is easily defeated as apple does not prevent a user from disabling gatekeeper within the MDM framework)

@kdpk Take a look at Google's Santa project: https://github.com/google/santa  It supports application allow/deny

I use your tips , and set only allow Appstore Apps , then I block Appstore app, it kind of tricky way but works perfect. 

Thanks for advice :D 

woot, I am happy that worked. 

I see this is an old thread, but I’m looking to see if anyone has ever been able to figure out a way to get the whitelistedAppBundleIDs setting in a configuration profile to work in macOS.

I’m in need of getting this working somehow for our environment. I’m using iMazingProfileEditor to test this out, but no matter what I do, I can’t get it to actually work for some reason.

If anyone has been able to do this, I’d love to get an idea on how you did it.