You can use application groups (app groups) and compliance policies to protect resources in your Workspace ONE UEM environment.Application groups identify permitted and restricted applications so that compliance policies can act on devices that do not follow protective standards.

You can configure app groups for several platforms but you cannot combine all of them with compliance polices. For those platforms that you cannot combine with compliance policies, apply an application control profile.

Table 1. App Groups and Compliance Policies by Platform
App Group Platform Works with Compliance Policies Works with Application Control Profiles
Android Yes Yes
Apple iOS Yes No
Windows Phone No Yes

You are not required to configure application groups. However, application groups enhance the efficacy and reach of your compliance policies with minimal configurations.

Table 2. Relationships Between Application Groups and Compliance Policies
Application Group Description Compliance Policy Action
Whitelisted Managed devices can install these applications from the AirWatch Catalog.

If an application is not on the list, it is not permitted on managed devices.

Contains Non-Whitelisted Apps The compliance engine identifies applications not in the whitelisted app group installed on the device and applies the actions that are configured in the compliance rule.
Blacklisted Managed devices do not install these applications from the AirWatch Catalog.

If an application is on this list, it is not allowed on managed devices.

Contains Blacklisted Apps The compliance engine identifies applications from the blacklisted app group on the device and applies the actions that are configured in the compliance rule.
Required Managed devices are required to install these applications from the AirWatch Catalog.

If an application is on this list, it is required device users install it on managed devices.

Does Not Contain Required Apps The compliance engine identifies applications from the required app group missing on the device and applies the actions that are configured in the compliance rule.
Note: An application that is set for auto deployment mode in the UEM console does not automatically deploy under the following conditions:
  • Adding the application to the Blacklist app group that assigned to the device.
  • Excluding the application in the Whitelist app group that is assigned to the device.