The Mobile App Store Control policy allows you to restrict app downloads to specific app stores.

To configure the Mobile App Store Control policy:

1. Go to Policies > Access Control > Internet & SaaS > Mobile App Store Control.
2. Click Add Mobile App Store Control Rule.
3. Specify the Mobile App Store Control rule attributes:
   • Rule Order: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order. You can change the value, but if you've enabled Admin Rank, your assigned admin rank determines the Rule Order values you can select.
   • Admin Rank: This option appears if you enabled the Admin Rank feature on the Advanced Settings page.
     Enter a value from 0-7 (0 is the highest rank). Your assigned admin rank determines the values you can select. You cannot select a rank that is higher than your own. The rule's Admin Rank determines the value you can select in the Rule Order, so that a rule with a higher Admin Rank always precedes a rule with a lower Admin Rank.
   • Rule Name: Enter a unique name for the Mobile App Store Control rule, or use the default name.
   • Rule Status: A rule’s status can be Enabled or Disabled. An enabled rule is actively enforced. A disabled rule is not actively enforced; neither does it lose its place in the Rule Order scheme. The service simply skips it and moves to the next rule.
   • Rule Label: Select a rule label to associate it with the rule. To learn more, see About Rule Label.
4. Define the criteria:
   • App Stores: Select Any to block all app stores, or select any number of app stores you want to block.
   • Users: Select Any to apply the rule to all users, or select up to 4 users under General Users. If you've enabled the Policy for Unauthenticated Traffic, you can select Special Users to apply this rule to all unauthenticated users, or select specific types of unauthenticated users. You can search for users or click the Add icon to add a new user.
   • Groups: Select Any to apply the rule to all groups, or select up to 8 groups. You can search for groups or click the Add icon to add a new group.

   • Departments: Select Any to apply the rule to all departments, or select any number of departments. If you've enabled the Policy for Unauthenticated Traffic, you can select Special Departments to apply this rule to all unauthenticated transactions. You can search for departments or click the Add icon to add a new department.

     Any rule that applies to unauthenticated traffic must apply to all Groups and Departments. If you have chosen to apply this rule to unauthenticated traffic for either Users or Departments, select Any from the drop-down menus for Groups and Departments.

   • Locations: Select Any to apply the rule to all locations, or select up to 8 locations. You can also search for a location or click the Add icon to add a new location.
   • Location Groups: Select Any to apply the rule to all location groups, or select up to 32 location groups. You can also search for a location group.
   • Time: Select Always to apply this rule to all time intervals, or select up to two time intervals. You can also search for a time interval or click the Add icon to add a new time interval.
5. Choose the action:
   • Application Download: Select to Allow or Block application downloads from the app store. If you choose to block an app store, users can browse the app store, but they are blocked from downloading apps from it.
6. (Optional) Enter a description. The description cannot exceed 10,240 characters.
7. Click Save and activate the change.

To see how this policy fits into the overall order of policy enforcement, see Understanding Policy Enforcement.