Access policies in EPM macOS control which applications users are allowed to execute on their devices, based on criteria defined by the administrator. These policies are composed of access lists (Allowlist/Denylist) and can include additional rules such as approval requests and session recording.
Registering policies
Policies can be registered using the following segregation levels:
- General: policies applied to all devices with EPM macOS active.
- Devices: policies applied to specific devices.
- Users: policies applied to specific users.
Segregation defines the scope of the policy and can be combined with different rules and actions.
Available actions
Access policies allow the following actions to be configured for each item in the list:
- Allow
- Deny
- Request approval
- Allow with session recording
- Deny with alert
Example use case
An access policy can be used to:
- Allow only the corporate browser.
- Block utilities such as Terminal.app.
- Require approval before launching code editors.
- Record sessions for sensitive applications.