UEM Application Blocking

Application blocking is one of the new features available in UEM 9 that I have been taking a closer look at recently.

This element is disabled by default but when switched on blocks all executables from running bar those that reside in %PROGRAMFILES% or the WINDOWS directory.  You can enable this from the global configuration as shown below.  In this case I am blocking apps when a user is offline.

Exceptions can then be configured to create white and black lists.  This can be coupled alongside UEMs conditions to control which apps a user can execute in certain defined scenarios.  In the below example I am blocking the use of notepad.

You may have spotted from the first screenshot that you can also customise the pop up message that appears depending on requirements.

So now we have a simple way of authorising users to launch applications.  A great use case would be the creation of application sets for user(s) for when they are accessing their desktop internally or externally to the network. 

Application blocking could also be utilised to restrict 3rd party contactors from running applications that are not desirable or appropriate for them to access and there are numerous advantages for both physical hot-desking and VDI.

However, I see this as being particularly powerful when used in conjunction with VMware’s Application Volumes and/or Horizon View to reduce both the amount of desktop pools and appstacks required and to increase the number of applications that can be provided in the same stack, simplifying the environment substantially whilst providing more granular access to applications.

So if you are currently running a previous version of UEM take a look, the upgrade path is simple https://www.vmware.com/support/pubs/uem-pubs.html

And you can deploy into a test environment in about an hour.


A fully functioning trial is available if you want to try the new features of UEM for yourself.