Posted on 06-08-2024 01:10 AM
Dear Team,
I know that with Jamf Protect can do App Control to block all the know apps with attribute like hash file/team id/sign id....
Can Jamf Protect support to control the all black list apps not only App Store but also the third-part apps.
Example my Org has many departments. Each departments will have the whitelist apps. Therefore, it is not in the whistlist the apps should not launch. The thing here is due to user's role need administrator permission, it is hard to control except check inventory manually.
Mass thank
Posted on 06-09-2024 03:17 AM
If you are looking for extended allowlist/blocklist control, maybe you should take a peek at Google Santa.
https://github.com/google/santa
Posted on 06-10-2024 05:55 AM
It sounds like your needs are beyond what Jamf offers. The Allowed Apps from Appstore Only is an MDM Configuration from Jamf Pro with managing gatekeeper trust app locations, not Jamf Protect. Jamf Pro does support Application Blacklisting, but I would not recommend relying on that function and only use it for situations that matter to device management, like blocking an macOS installer or messages.app for example. Jamf Protect is more or less an EDR and cannot manage application white/blacklisting.
What you need is a permissions management tool. I suggest looking into something like CyberArk EPM. This will allow you to remove Admin access from your users (which they should not have anyway) and elevate the various functions your users need to perform without them having admin access. You can also set up application white/blacklists and target the policies at user/devices specifically to block or allow applications, and binaries based on role.