Configuring Required Applications policies

You can configure and activate a Required Applications policy to monitor if specific applications are installed on your devices and meet your established criteria.

To configure and activate Required Applications policies, your user role needs to be granted the Manage permission for Policies. Devices associated with a Required Applications policy must meet the policy prerequisites to report their compliance status.

To configure a Required Applications policy:

  1. Log in to the Secure Endpoint Console as a user with the Manage permission for Policies.

  2. Do one of the following:

    Application Policies page

    To configure a new Required Applications policy:

    1. On the navigation bar, click Policies > Application.
    2. Click Create Policy.
    3. Click Required.
    4. Click Add title and enter a name for the policy.

    5. Under Application, click the field, begin typing the name of an application, and then select it from the search results.

      The search results only include installed applications that have been detected on your account's devices.

      The policy's edit configuration dialog opens.

    To configure an existing Required Applications policy:

    1. On the navigation bar, click Policies > Application.
    2. Search for the policy you want to configure (Required Applications policies are labeled as REQUIRED).

    3. Hovering over the policy's row and click .

      The policy's edit configuration dialog opens.

    Policy Groups page
    1. On the navigation bar, click Policies > Policy Groups.
    2. On the Policy Groups sidebar, search for and then click the policy group that contains the policy that you want to configure.

    3. Next to Required Applications, click Configure.

      The Required Applications dialog opens with a list of all existing Required Applications policies for each application, including their name and version requirement.

      • Policies currently assigned to the selected policy group are listed under the Assigned heading.

      • Policies not currently assigned to the selected policy group are listed under the Unassigned heading.

      • Policies not currently activated are labeled as Inactive.

    4. Do one of the following:

      • To configure an existing Required Applications policy, enter the name of the application whose policy you want to update in Search, or scroll through the list of applications. When you find the application policy you want to update, hover over it and click . The policy's edit configuration dialog opens.

      • To configure a new Required Applications policy, click Create Policy and click Add title to enter a name for the policy. Under Application, click the field, begin typing the name of an application, and then select it from the search results.

        The search results only include installed applications that have been detected on your account's devices.

  3. [Optional] If the application you selected is installed on both Windows and Mac devices, and you want to include both platforms in the same policy, ensure both Windows and macOS are selected under Requirements.

    When both platforms are selected, you have the option of customizing the application requirements for each platform in the next step.

  4. Under Windows and/or macOS (depending on the platforms selected in the previous step), define the requirements that must be met for the application to be deemed compliant:

    1. To specify that a particular version or version range must be installed, select one of the following options from the Required version drop-down list (the default selection, Is any, indicates no version requirement is applied):

      • Is equal or greater than – the application version must be equal to or greater than the version number you enter in the Minimum field.

      • Is equal or less than – the application version must be equal to or less than the version number you enter in the Maximum field.

      • Is between – the application version must fall within the range you enter in the Minimum and Maximum fields (the minimum and maximum values are inclusive).

        The version numbers shown in the drop-down list under the Minimum and Maximum fields when you click them represent all the installed versions of the application detected on your devices.

    2. To include an authenticity check of the installed application, select one of the following options under the Authenticity: Validate application signatures as part of compliance... checkbox (alternatively, you can clear this checkbox if you do not want to include an authenticity check in the policy):

      • If no signatures are found, application will omit authenticity check – every detected application signature must be validated. However, if the application contains no signatures, the authenticity check is skipped and the application is considered compliant.

      • At least one valid application signature is required to be considered compliant – every detected application signature must be validated, and the application must have at least one valid signature to be considered compliant.

    3. If the application is an anti-malware product, select the Anti-virus: application must be active and up-to-date checkbox to require that the application is actively protecting the device and that its definition file is current.
  5. Under Scope, click the field and select each policy group to assign to this Required Applications policy. Note that you can't select a policy group that is already assigned to another Required Applications policy for this application. To remove a policy group, click its icon.

    If any of the selected policy groups include devices that do not meet the policy prerequisites, those devices are ineligible and will be excluded from the Required Applications policy.

  6. Click Save to save the policy.

    If you're configuring a new or inactive policy, you can also click Save and activate if you want to save and activate the policy at the same time.