The ability to block specific dangerous / malicious applications
The ability to block specific dangerous / malicious applications for iOS and Android. (competition can do it)
Gerald Wiltse commented
I would also like Intune Engineer comments, because I believe this feature exists (although I haven't tested).
Under android policy, general configuration, it says "allowed or blocked apps.".
Can any Intune engineer comment on this?
This is the only thing keeping me from deploying Android devices in our environment.
Or on Android just a way to block applications being installed that don't come from the Google Play store. With iOS there really aren't any apps that are malicious that come from the App Store. Same with the Play Store. At least they do have some control of the process.
The issue I have found is Android users who are non-malicious and get a link to an app package that is from a third party source. They download the app, go into settings and allow installation from untrusted sources, install the app, and BAM....whatever nasty payload the app was carrying is now on the phone and potentially now in your internal network.
Why isn't there a feature to disable allowing untrusted sources in the first place? That seems like the biggest security hole from an enterprise perspective. At least with iOS you need to jailbreak it to get any apps that are not in the app store and all MDM products I have tested allow the ability to detect jailbroken devices.