Getting started with Required Applications policies

In today’s distributed work environment, maintaining software consistency across endpoints is a growing challenge for IT administrators. With users spread across locations, platforms, and device types, ensuring that every device has the correct software is time-consuming and often unreliable without the right tools.

Required Applications policies can help you ensure that critical software is consistently installed and properly configured across all targeted devices. At a minimum, these policies allow you to designate that an application is required by your organization so you have clear visibility into which devices are compliant and which have missing installations. Optionally, you can also:

  • Specify a required version or version range of the application
  • Verify the authenticity of the application's files by checking digital signatures
  • For anti-malware applications, verify their device protection and definition file status

  • Set unique requirements for Windows and Mac devices

Installations of the application that satisfy the criteria set in the policy are deemed to be Compliant. For installations that do not satisfy the criteria, you can use the Application Compliance report to identify missing, outdated, or misconfigured installations and then take remedial action to bring them into compliance.

To learn more about Required Applications policies, visit the Learning Hub. To access the Learning Hub, click (Help and Support) on the quick access toolbar and then click Resources > The Learning Hub.

You can activate Required Applications policies on devices running a supported version of the Windows or Mac operating system. To report on the status of an application, devices must meet the following prerequisites:

  • The device must be regularly connecting to the Absolute Monitoring Center using Secure Endpoint Agent version 9.1.0.1 or higher.
  • The Installed Applications policy is also activated in the device's policy group
  • An Absolute Resilience base license is assigned to the device

You can create Required Applications policies for any application that is listed in the Installed Applications report.

Required Applications policies rely on information collected by the Installed Applications policy, which uses the SNG component A lightweight software component of the Secure Endpoint Agent that detects software applications installed on a device. The SNG component is deployed on a device only when the device is associated with a policy group in which the Installed Software policy is activated. of the Secure Endpoint Agent to collect all available information about the software applications installed on your devices.

The SNG component performs scans on devices at 5 minute intervals. If a change is detected, a payload is uploaded within the next 15 minutes. In addition, a full scan is performed and results are uploaded on a weekly basis.

While you can set up Required Applications policies in the Global Policy Group, best practice is to create custom policy groups, then create and activate Required Applications policies for each policy group, as required.

From the Application Policies area, you can manage all application policies associated with your Absolute account, including Required Applications policies.

To access the Application Policies area:

  1. Log in to the Secure Endpoint Console as a user with the View or Manage permission for Policies.
  2. On the navigation bar, click Policies > Application.

    The Application Policies area shows all existing Required Applications and Application Resilience policies.

Users with the Manage permission for Policies can:

Compliance-related information for an application is available in the following report columns:

Column Description
Application Compliance > Status

The application's compliance status based on the requirements set in active application policies
Application Compliance > Status details

The issues that are causing the application to be non-compliant
Application Compliance > Last scan

The date and time the Secure Endpoint Agent last scanned a device for installed application information

This column is not available in the Application Compliance report.

Application compliance columns are available in the following pages and reports: