In the Workspace ONE UEM console, if you configure the Privacy settings of the Personal Application as Do Not Collect the system does not collect the personal app information from the devices. That is, the end user’s personal application information is not transmitted from their devices.

The Privacy settings however have the following caveats that impact the Application List Compliance and Application Control profile settings:

  • The compliance policy for the Application List checks to verify that a device has the appropriate applications (blacklisted, whitelisted, or required). If the system does not query for the Application List, it might not check for these applications. As a result, the devices that contain certain blacklisted applications are not marked as ‘non-compliant’. Similarly the devices that do contain certain ‘required’ (personal) applications is marked as ‘non- compliant’.
  • Application control profile with the action on 'blacklisted' apps is not applied to the devices whose personal app privacy is set to Do Not Collect and is applied only on the devices for which we collect the personal app information.
If you want to take actions on your end-user’s personal applications list, keep a track of the personal app privacy configuration for the concerned device ownership type at all OGs, and verify the following:
  • Ensure that the configuration is not set to Do Not Collect. If you want to ensure privacy of your end-users and detect any malicious applications, set the privacy configuration to Collect but do not display.
  • Ensure that your end-user devices have the entitlements to receive the applications, that you intend to take actions on, from Workspace ONE UEM.