Application Blocking

  • hC
  • nP
  • CJ
 Prev Next

Kandji allows you to block specific applications from being opened on enrolled Mac computers. If a user tries to open a blocked app, it will immediately close, and they’ll see a message explaining the block. To block apps on iOS or iPadOS devices, use a Restrictions Library Item instead.

As of January 8 2025, Application Blocking is configured using a Library Item for macOS. This Library Item replaces the previous Application Blocking Parameter. Classic Blueprints that already include the Application Blocking Parameter can still be edited, but this Parameter cannot be added to Blueprints that don’t already have it configured.

Blocking an Application using the App Blocking Library Item

In order to add this Library Item to your Kandji Library, follow the steps outlined in the Library Overview article.

  1. Give the new Application Blocking Library Item a Name.

  2. Assign to your desired Blueprints.

  3. Configure the processes, paths, developer IDs or bundle IDs you'd like to block.

  4. Optionally, customize the message, button title, and button URL users will be presented with when an application is blocked.

  5. Click Save.

Blocking an Application from Device Record

Adding an item to the Block list can also be performed from an individual device record. These updates can either be added to an existing App Blocking Library Item or you can create a new one.

  1. Log in to Kandji and open a device record with the Application you wish to block installed.

  2. Click the Apps tab and locate the Application in question.

  3. Click the More (...) button to the right of the Application and click "Block Application".

  4. Select the Add rule to the following Library Item(s) drop-down and select a Library Item or type to create new one.

  5. Select the desired Blueprint that should receive the Blocking Rule, and customize the identifiers as needed.

  6. Click Create.

How to find a BundleID

To find the bundle ID of a macOS app, you can use the codesign command in Terminal, replacing /path/to/yourapp.app with the path to your desired application:

codesign -dr - /path/to/yourapp.app

The output of this command will include information about the app, including the Team ID, Bundle ID, and Code Requirement which can be helpful when creating PPPC Profiles. The Bundle ID will usually be at the end of the output, after the word "identifier".  In the example output below, the Bundle ID for Keynote is com.apple.iWork.Keynote.

Application Blocking Considerations

  • You can import settings from the existing Application Blocking Parameter in a Blueprint into the new App Blocking Library Item.

  • Multiple App Blocking Library Items can be added to an Assignment Map. All of the App Blocking rules will be combined and applied to devices.

  • Classic Blueprints that already include the Application Blocking Parameter can still be edited, but this Parameter cannot be added to Blueprints that don’t already have it configured.

  • When both a Library Item and a Parameter exist in a Blueprint, Kandji will prioritize the Library Item’s settings.

  • Blocked actions are logged in both the device and Blueprint activity streams.

User Experience

Users attempting to open a Blocked Application receive a popup with the customizable block message. Users who click Learn More will be directed to the URL specified in the Block Message. You can read more about this in our User Experience with Application Blocking article.