Policy Deployment

Associating Application Groups

Users with the same role generally require similar applications. You can assign applications to individual users based on their requirements, or create custom groups of users and associate those groups with application allowlists specifically built to satisfy their needs using relevant policies. Application Control Plus' application allowlisting feature allows you to associate multiple application allowlists with the same custom group, and vice versa.

How to associate applications with custom groups?

• Log in to the Endpoint Central web console with administrative privileges and navigate to App Ctrl -> Application Groups to create an Allowlist or Blocklist. To know more about the creation of application groups, refer to this page.
• Under Deployment, go to Deploy Policy and create a custom group or select an already existing custom group.
• Select the already existing application group that needs to be associated with the custom group.
• If required, enable the option to Associate Privileged Application List.
• Select the required option to run the applications either on Audit mode or Strict mode.
• While running in Strict mode, the unmanaged applications can be requested if the option is enabled.
• Enable Custom notifications and Alert messages according to your preference.
• Click Deploy or Deploy immediately.
  

  

You have successfully associated applications with custom groups. By associating applications with custom groups in Endpoint Central, you can create logical groupings that allow for easier management, access control, and reporting. This association enables you to define policies, permissions, and restrictions at the group level, providing granular control over the applications used within your organization.

Flexibility Regulator

Every enterprise, regardless of size, has different application control requirements. Traditional application control solutions might not satisfy the needs of all the enterprises alike. ManageEngine Endpoint Central's Application Control is a smart solution that can meet the demands of different kinds of enterprises of all sizes. Application Control functions in several modes, each built to satisfy various levels of flexibility preferred by different enterprises. The different application control modes available are:

Audit Mode

Enterprise IT admins that have just begun their application control process can leverage this mode to get a clear picture of how they should build their application control framework. In the beginning, the admin might not know what applications users in their organization need; in this instance, the best option is to enable high flexibility mode.

All applications present in the allowlist and the unmanaged applications will be allowed to run smoothly in this mode, and event collection will be enabled. The admin can monitor events for as long as needed as a reference to know when to shift applications from the unmanaged application list to the allowlist, depending on the frequency and legitimacy of their use.

Strict Mode

This is a strict enforcement mode. By choosing this mode, none of the unmanaged applications will be accessible to the user. Only applications that are a part of the allowlist can be used. In case the user tries to access an unmanaged application, they'll immediately be notified that the use of this particular application is prohibited.

Note: Blocklisted applications will not function in any endpoints in any of the above modes, ensuring enhanced security for organizations that utilize various applications for different business functions.

Alert settings

A custom alert can be configured to be shown when the end-user tries to open a blocked application.

If you have any further questions, please refer to our Frequently Asked Questions section for more information.