Skip to main content

Shadow IT – Block Applications from the Device Group page

Updated today

This article explains how to use the Manage blocklist workflow from the Device Group page to block Shadow IT applications and domains across your fleet. It also calls out important OS‑specific behavior (especially for Windows) and how block entries are displayed.

This feature is part of the consolidated blocking experience for Shadow IT in the Swif.ai web app.

What you can do from a Device Group

From a device group, you can:

  • Block applications (by known app catalog entry or custom app name)

  • Block domains (typed manually or uploaded via file)

  • Target specific OS platforms the app supports

  • See a consolidated view of all block entries that apply to that device group

The key difference versus other blocklist flows is that, on the Device Group page:

  • The device group context is locked (pre‑selected and cannot be changed)

  • When launched from a specific application row, the application is pre‑selected and cannot be changed in that modal

Launching “Manage blocklist” from a Device Group

  1. Go to Device Management → Device Groups in Swif.

  2. Open a device group.

  3. On the Applications table within that device group:

    • Select an application, then

    • Click Manage blocklist.

The Manage blocklist modal opens with:

  • The device group pre‑selected (not editable)

  • If launched from an app row, the application pre‑selected and disabled, so you can’t accidentally change it

Choosing what to block

Inside the Manage blocklist modal, you can choose between:

  1. Applications

    • Select from known apps (Swif catalog)

    • Enter custom application name (manual entry)

  2. Domains

    • Enter domain (manual)

    • Upload file (for many domains at once)

To keep the UI focused, Swif hides irrelevant options based on your selection:

  • When you select Select from known apps, the custom app name input is hidden.

  • When you select Enter custom application name, the known app dropdown is hidden.

  • When you select Domain → Enter domain, the file upload options are hidden.

  • When you select Domain → Upload file, the manual domain input is hidden.

Target OS platform behavior

When you block an application from a device group:

  • The Target OS dropdown only lists the platforms that the selected application actually supports (derived from its supported platforms).

  • For apps that support multiple platforms, an All option is available and used as the default.

  • Options that are not currently supported for blocking (such as Android and iOS in this context) are not shown, even if the app’s metadata lists them.

This ensures that:

  • You only see platforms where blocking is technically enforced.

  • Selecting All correctly applies the policy across all supported desktop OSes for that app.

Special behavior for Windows app blocking (appPath requirement)

For Windows devices, blocking is enforced via app blocker policies and requires the application path.

When the device group includes Windows

If your Target OS includes Windows (for example, you select All, or specifically Windows):

  • You will see an Application path (or similar) input.

  • The placeholder text will indicate a Windows path format (for example, C:\Program Files\App\app.exe).

  • This field is required. If you don’t provide it, you’ll see an error:

“Application path is required for Windows”

and you won’t be able to proceed.

When the device group is macOS / Linux only

If you’re targeting macOS and/or Linux only:

  • The application can be blocked by app name.

  • No appPath is required.

Entering custom app names and domains

Placeholder behavior

Where you can type a value directly (for both app names and domains), the placeholder text is:

Type an Application Name / Domain and press Enter

Behavior:

  • Type your custom application name or domain.

  • Press Enter to add it to the queue.

  • This helps clarify that typing alone is not enough; pressing Enter confirms the entry.

“Enter Custom Application Name” interactions

When you choose Enter Custom Application Name:

  • You get a plain input box instead of an immediate dropdown.

  • The known app dropdown is not opened by default.

  • As you type, if there are matches in the application catalog:

    • Those are suggested in a dropdown.

    • You can select one of the matches, or just continue with your manual string.

  • This avoids confusion with the Select from known apps option and makes it clear that this field:

    • Accepts free‑text values, and

    • Optionally helps you find catalog entries if they exist.

Adding domains via manual input or file (web filtering)

You can block domains in two ways:

  1. Enter domain

    • Type a domain (for example, example.com).

    • Press Enter to add it.

    • Repeat for additional domains.

  2. Upload file

    • Upload a CSV or supported file with many domains.

    • To prevent UI overload, the blocklist display will:

      • Show the file name.

      • Show the count of domains in that file.

      • It does not list every individual domain for very large files.

To make the choice clear, the UI includes an “OR” spacer between:

  • Upload file, and

  • Select from pre‑loaded file (if applicable),

so it’s obvious these are alternative paths.

Reviewing the blocklist for a Device Group

After you complete the steps and save:

  • The blocked items appear in the blocklist table associated with the device group.

  • For each block entry, you’ll see:

    • Type:

      • Application Name

      • Domain

    • Target OS (for app blocking)

    • For Windows entries: the Application path you configured

    • Policy / Block type information

    • Status

When domains were added via file upload:

  • The table shows:

    • The file name.

    • The number of domains in that file.

  • This keeps the UI usable even for thousands of domains.

Viewing blocklist details on an individual device

From Device details → Applications:

  • You can review how block policies apply to that specific device.

  • For each blocked item, the UI shows:

  1. Application Name

    • The string that was used as the app identifier (for custom names, this is exactly what the admin typed).

  2. Block type / Usage (via policy name)

    • The policy name is displayed and acts as a link to that specific policy.

    • This lets you quickly jump from device‑level view into policy configuration.

  3. Rule types tooltip

    • A chip / badge indicates how many rule types the policy has.

    • Hovering over it shows a tooltip with more detail.

  4. Domain file entries

    • As with device groups, file‑based domain entries show:

      • The file name.

      • Domain count (not an inline list of all domains).

Behavioral notes and troubleshooting

  • Device list and device groups dropdowns inside this flow may be disabled by design when the context is already fixed (for example, when launched from a specific device group).

  • If a blocked app does not appear in the blocklist or on the device:

    • After this consolidated blocking work, a policy not being assigned is considered a bug, not a “MDM delay” by design.

    • Confirm the Target OS and, for Windows, that a valid appPath was provided.

Related Articles
Linux Application Block Policy
Apple Application Block Policy
Shadow IT – Manage Blocklist Key Features
Shadow IT – Block Applications from Device Details
Shadow IT – Block Applications from the Software page
Did this answer your question?