To configure a rule to restrict app downloads to specific app stores, see the instructions below. See also the recommended Mobile App Store Control policy.
- Go to Policy > Mobile > Mobile App Store Control.
- Click Add Mobile App Store Control Rule.
- Specify the Mobile App Store Control rule attributes:
- Rule Order: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order. You can change the value, but if you've enabled Admin Rank, your assigned admin rank determines the Rule Order values you can select.
- Admin Rank: This option appears if you enabled the Admin Rank feature in the Advanced Settings page.
Enter a value from 1-7 (1 is the highest rank). Your assigned admin rank determines the values you can select. You cannot select a rank that is higher than your own. The rule's Admin Rank determines the value you can select in the Rule Order, so that a rule with a higher Admin Rank always precedes a rule with a lower Admin Rank.
- Rule Name: Enter a unique name for the Mobile App Store Control rule, or use the default name.
- Rule Status: A rule’s status can be Enabled or Disabled. An enabled rule is actively enforced. A disabled rule is not actively enforced; neither does it lose its place in the Rule Order scheme. The service simply skips it and moves to the next rule.
- Define the criteria:
- App Stores: Select Any to block all app stores, or select any number of app stores you want to block.
- Users: Select Any to apply the rule to all users, or select up to 4 users under General Users. If you've enabled the unauthenticated users policy, you can select Special Users to apply this rule to all unauthenticated users, or select specific types of unauthenticated users. You can search for users or click the Add icon to add a new user.
- Groups: Select Any to apply the rule to all groups, or select up to 8 groups. You can search for groups or click the Add icon to add a new group.
- Departments: Select Any to apply the rule to all departments, or select any number of departments. If you've enabled the unauthenticated users policy, you can select Special Departments to apply this rule to all unauthenticated transactions. You can search for departments or click the Add icon to add a new department.
- Locations: Select Any to apply the rule to all locations, or select up to 8 locations. You can also search for a location or click the Add icon to add a new location. To apply this rule to unauthenticated traffic, the rule must apply to all locations.
- Time: Select Always to apply this rule to all time intervals, or select up to two time intervals. You can also search for a time interval or click the Add icon to add a new time interval.
- Choose the action:
- Application Download: Select to Allow or Block application downloads from the app store. If you choose to block an app store, users can browse the app store, but they are blocked from downloading apps from it.
- Description: Optionally, enter additional notes or information. The description cannot exceed 10,240 characters.
- Click Save and activate the change.
To see how this policy fits into the overall order of policy enforcement, see How does the Zscaler service enforce policies?