Meraki

dagarva · ‎Jul 12 2024

Hi, we are deploying SM in our enviroment and I had a question that I was not able to find.

Is it possible to allow all play store by default and just block apps that we want?

Right now as it works, only allowed apps are showed on the Play Store but we would like to do the invert process, allow all apps and only block some of them

PhilipDAth · ‎Jul 12 2024

Try defining an application blacklist and leaving it blank.

dagarva · ‎Jul 12 2024

yes, we did that and it works for native apps, but not for Play Store apps.

alemabrahao · ‎Jul 12 2024

This can be achieved by configuring the payload as a blocklist.

The block list selectively blocks specific apps and allows all others, so you can add the unique app ID or bundle ID of an app to the block list. For example, “com.meraki.sm”, “com.google.*”.

Take a look at the documentation.

App allowing/denying list in security policies - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

dagarva · ‎Jul 12 2024

Sorry I don't follow you, please confirm if you mean this:

On security policies -> All devices enable Application as block list and specify there only one app that I don't use.

Then the policy will block only this app and will show the rest of the apps inside the play store?

alemabrahao · ‎Jul 12 2024

According to the documentation it's supposed to work, but you'll have to test it yourself.

Give it a try and let us know.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PhilipDAth · ‎Jul 12 2024

Correct, but don't specify any apps. Zip. Nada. Zero.

dagarva · ‎Jul 15 2024

Hi both @alemabrahao @PhilipDAth

tried with only one app and without apps and it didn't work.

Without apps cannot be saved, you can do something like this:

but after save it, the check is not selected

I can login with a personal google account, switch to it and install whatever I want, but I would like to don't need google accounts on devices as we don't work with G environment.

van604 · ‎Jul 12 2024

@dagarva just curious on your approach for allow all and block certain ones. as it seems intuitive to just allow the ones you want to allow, as there are so many suspect apps lurking in the all list

dagarva · ‎Jul 12 2024

first MDM, big&young company and very heterogeny environment so we cannot make this list for now, we will need time to know what we need to allow and don't stop the business

van604 · ‎Jul 12 2024

interesting, thanks for that info, i guess Billy-Sue need's their candy crush fix.

PaulF · ‎Jul 15 2024

So long as you haven't blocked the ability to modify account settings, the user can very easily click the icon top right of Google Play, click the down arrow next to the AFW account, and then add another account giving them access to all of google play

dagarva · ‎Jul 16 2024

Hi Paul,

yep, but I would like to block their gmail accounts and provide access to all of the apps, if they connect gmail account the data control is so hard as we don't use nothing around G environment

Meraki

Community

Allow entire Play Store apps

Allow entire Play Store apps