A deny access rule can be created in the Workspace ONE Access console to deny access to an application by network range and by device type.


  1. In the Workspace ONE Access console Resources > Policies page, click Add Policy.
  2. Add a policy name and description in the respective text boxes.
  3. In the Applies To section, type the application in the Search text box, and select the applications to associate with this policy.
  4. Click Next.
  5. Click Add Policy Rule to add a rule.
    Option Description
    If a user's network range is Select the network range.
    and user accessing content from Select the device type that this rule manages.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy rule applies to all users.

    Then perform this action Select Deny access.
  6. Click Save.