Blocking Apps on iOS with Intune

A very (very) common ask from our customers is whether or not we can whitelist/blacklist apps on iOS devices.

From iOS 9.3, Apple made this option available for all Supervised devices, exposing it via the SDK and Apple Configurator.

Microsoft Intune now supports the ability to allow/block individual apps via the Show or Hide Apps feature!

The feature is very simple to use, requiring just the App name and URL or Bundle ID. You can either configure the policy in two ways:

Hide the listed apps from users, meaning the listed apps are no longer available to the end user.

Show only the listed apps to users, meaning all apps will be hidden except the apps listed.

To configure the setting, open your Intune console and browse to Policy > Configuration Policies > Add > iOS > General Configuration

Then browse to Supervised Mode and turn on the Show or Hide Apps policy.

Add the apps you want to allow/block and deploy the policy.


If users targeted by this policy don’t currently have this app installed, when they attempt to install it they will be blocked.

If users targeted by this policy do currently have the app installed, the app will disappear and will be unavailable to use at all. This includes searching for the app in Spotlight. It’s important to note that the app is not uninstalled, rather hidden from use.

Please also be aware that this feature is ONLY available for Supervised iOS devices. This means the device must be prepared using either Apple Configurator or the Apple Device Enrolment Program. Apple do not make this feature available for non-Supervised devices, so for you BYO devices, you’ll need to continue to report on compliant/non-compliant apps instead of allow/blocking.

Matt Shadbolt
Senior Program Manager
Enterprise Client and Mobility – Intune