Managing application policies

Application policies help you ensure that essential software remains present, functional, and compliant across your managed devices. By defining and enforcing these policies, you can improve operational consistency, reduce manual intervention, and enhance the overall security posture of your device fleet.

Absolute includes two types of application policies, each designed to address specific aspects of application management:

  • Required Applications policies – these policies monitor if designated applications are installed and conform to established criteria on all targeted devices, whether it be for security, compliance, or operational reasons.

  • Application Resilience policies – these policies continuously monitor critical applications and automatically repair or reinstall them if they are removed or become non-functional, ensuring uninterrupted operation of vital software and reducing downtime.

    Application Resilience policies are supported on Windows devices only.

You can manage all application policies associated with your Absolute account from the Policies > Application area.

To manage application policies, your user role needs to be granted the Manage permission for Policies.

To view existing application policies:

  1. On the navigation bar, click Policies > Application.

  2. To search for an application policy, do one or more of the following:

    • Enter all or part of a policy name in the Search field.
    • Click the Policy type field and select Required to show Required Applications policies only or Resilient to show Application Resilience policies only.
    • Click the Applications field and search for or select an application name to show policies associated with that application only.
    • Click the Policy Groups field and search for or select a policy group name to show policies assigned to that policy group only.
    • Click the Policy Name field and search for or select the name of a policy.
  3. When you create an application policy, you can set it to either active or inactive. Inactive policies are not yet applied to any devices. To show only active policies, click the Show inactive checkbox to clear it.

The Application Policies page shows the following information about each application policy:

  • The policy name
  • The policy type
    • Required Applications policies are labeled as REQUIRED
    • Application Resilience policies are labeled as RESILIENT

  • The name and number of policy groups associated with the policy

    If there are numerous policy groups, you can hover over the icon to view them all in a tooltip.

  • Whether the policy applies to Windows devices, Mac devices, or both

  • The percentage of eligible devices in the specified policy groups that satisfy the policy's requirements and are therefore deemed to be Compliant

  • A slider showing the activation status of the policy (On/Off)
  • Date and user associated with the most recent update of the policy

To view more information about an application policy, click anywhere on the row background. The policy overview dialog opens to the right of the work area.

The following information is available:

Area Description
Header

Shows the following information about the application policy:

  • Name of the policy
  • Activation status of the policy (Active/Inactive)
  • Policy type (REQUIRED/RESILIENT)

  • Date and user associated with the most recent update of the policy

    You can hover over this area to see the exact date and time in a tooltip.

If your user role is granted the Manage permission for Policies, you can click Edit to edit the application policy.
Application and publisher name

Shows the following information about the devices the application policy applies to:

  • Donut chart: shows the breakdown of devices by status. The percentage of devices that are Compliant shows in the center of the chart. Hover over a slice to view the number of devices with a particular status.

    • Compliant: all requirements set in the policy have been met
    • Non-compliant: one or more requirements set in the policy have not been met
    • Missing: the application is not installed on the device
    • Pending: the policy has been activated, but the device has not yet uploaded new application data

    • Unknown: a compliance status could not be calculated

      Application compliance information is unavailable and a status of Unknown is reported when there is an issue with the application's installation, such as:

      • The Secure Endpoint Agent can't find or access the installation location.

      • The installation was not completed successfully.

  • Bar chart: shows the breakdown of Non-compliant devices by their reasons for non-compliance.

  • Assigned: shows the total number of devices the policy is assigned to. To view the device details of the policy in a report, click the number. A filtered view of the Application Compliance report opens.

Charts and device information are available for active policies only.

Requirements

(shown for Required Applications policies only)

If the policy applies to both Windows and Mac devices, a Requirements area for each platform is shown.

Shows the following information about the requirements set in the Required Applications policy:

  • Required version

    Possible values are:

    • <version> or higher: a minimum version or higher must be installed

    • <version> or less than: a maximum version or lower must be installed

    • Is between <version> and <version>: a version that falls within the specified range (which includes both the minimum and maximum values) must be installed

    • Is any: no version requirement

  • Authenticity

    Details of how the policy is validating application signatures

  • Anti-virus

    For anti-malware applications, indicates if the application must be active and up-to-date
Scope

Shows the policy groups that the application policy is assigned to

To close the policy overview dialog, click .

While you can create as many Required Applications policies and Application Resilience policies for an application as your organization requires, keep in mind the following:

  • Only one Required Applications policy for an application can be assigned to a policy group at a time.

  • Only one Application Resilience policy for an application can be assigned to a policy group at a time.

  • It is possible to assign both a Required Applications policy and an Application Resilience policy for the same application to a policy group (for example, if you have an Application Resilience supported application installed across both Windows and Mac devices). In this case, each policy will report as a separate line item in the Application Compliance report.

To create an application policy:

  1. Log in to the Secure Endpoint Console as a user with the Manage permission for Policies.

  2. On the navigation bar, click Policies > Application.

    The Application Policies area opens to show all existing policies associated with your Absolute account.

  3. Click Create Policy.
  4. Do one of the following:
  5. Click Save to create the policy without activating it or click Save and activate to create the policy and activate it at the same time.

To edit an application policy:

  1. Log in to the Secure Endpoint Console as a user with the Manage permission for Policies.
  2. Use one of the following options for opening the application policy in edit mode:
    1. On the navigation bar, click Policies > Application.
    2. [Optional] To hide all inactive policies, clear the Show inactive checkbox.
    3. For the policy you want to edit, hover over its row and click . The policy opens in a dialog.
    1. On the navigation bar, click Policies > Policy Groups.
    2. Click the policy group to open it.

    3. Do one of the following:

      • To edit a Required Applications policy, next to Required Applications, click Configure.
      • To edit an Application Resilience policy, next to Application Resilience, click Configure.
    4. For the policy you want to edit, hover over its row and click . The policy opens in a dialog.
    1. On the navigation bar, click Applications > Summary.
    2. Click the application that the application policy applies to.
    3. Under the page title, hover over the icon and then click the application policy that you want to edit. The policy opens in a dialog.

  3. Edit the policy settings, as required:

  4. Click Save.

To save time, you can create a copy of an existing policy, and then edit it to create a new policy.

To create a copy of an application policy:

  1. Log in to the Secure Endpoint Console as a user with the Manage permission for Policies.
  2. On the navigation bar, click Policies > Application.
  3. [Optional] To hide all inactive rules, clear the Show inactive checkbox.
  4. For the policy that you want to duplicate, hover over its row and click . A copy of the policy opens in a dialog.
  5. [Optional] Update the policy name.

  6. Edit the policy settings, as required:

  7. Click Save to create the policy without activating it or click Save and activate to create the policy and activate it at the same time.

When a policy is inactive, you can activate it. Inactive policies are indicated by a slider that is set to Off (gray).

To activate an application policy:

  1. Log in to the Secure Endpoint Console as a user with the Manage permission for Policies.
  2. On the navigation bar, click Policies > Application.
  3. Next to the policy that you want to activate, click its slider to set it to On (blue).

When an Application Resilience policy is activated, an App resilience policy activated event is logged to Event History.

If a policy is active, you can deactivate it. Active policies are indicated by a slider that is set to On (blue).

To deactivate an application policy:

  1. Log in to the Secure Endpoint Console as a user with the Manage permission for Policies.
  2. On the navigation bar, click Policies > Application.
  3. [Optional] To show only active policies, clear the Show inactive checkbox.
  4. Next to the policy that you want to deactivate, click its slider to set it to Off (gray).

When an Application Resilience policy is deactivated, an App resilience policy deactivated event is logged to Event History.

You can open a policy group and then assign or activate, unassign or deactivate, edit, or create an application policy.

To manage an application policy for a policy group:

  1. Log in to the Secure Endpoint Console as a user with the Manage permission for Policies.
  2. On the navigation bar, click Policies > Policy Groups.
  3. On the Policy Groups sidebar, click the policy group that you want to update. The policy group opens in the work area.

  4. Do one of the following:

    • To update a Required Applications policy, next to Required Applications, click Configure.

    • To update an Application Resilience policy, next to Application Resilience, click Configure.

      A dialog opens to the right of the work area and contains two sections: Assigned and Unassigned (for Required Applications policies) or Active and Inactive (for Application Resilience policies). You can collapse a section by clicking its icon.

  5. Do one or more of the following:
    • To search for an application policy, begin typing the application name in the Search field.

    • To assign an application policy to the policy group or activate the policy, under Unassigned or Inactive, click the policy's icon. The policy is moved to the Assigned or Active section.

    • To unassign an application policy from the policy group or deactivate the policy, under Assigned or Active, click the policy's icon. The policy is moved to the Unassigned or Inactive section.

      Note that if multiple policies exist for the same application, you can assign a different policy to the policy group by clicking the icon and selecting the desired policy from the drop-down list.

    • To edit an application policy, hover over the policy and click its icon.
    • To create an application policy, click Create Policy.

To delete an application policy:

  1. On the navigation bar, click Policies > Application.
  2. For the policy that you want to delete, hover over its row and click .

  3. In the confirmation dialog, click Delete.

If an active Application Resilience policy is deleted, an App resilience policy deactivated event is logged to Event History.