Deploy app restriction profiles, managed browser blocklists, and per-app VPN policies across Jamf Pro, Intune, and Workspace ONE. Block 16,024+ AI tool apps on corporate and BYOD devices with automatic daily updates.
Mobile devices operate outside your perimeter. When an employee opens ChatGPT on their iPhone over cellular data, that traffic never touches your firewall, proxy, or DLP engine.
The threat extends far beyond obvious chatbot apps like ChatGPT, Claude, and Gemini.
MDM platforms provide device-level control regardless of network connection type.
Through configuration profiles, app restriction policies, managed browser controls, and per-app VPN tunnels, you block AI apps whether the device is on corporate Wi-Fi, home network, or cellular data. Our blocklist provides 16,024+ AI-tool domains and app bundle identifiers, classified into 18 categories and updated daily.
Apple's MDM framework provides two primary enforcement mechanisms for supervised iOS devices.
Prevent installation or launch of specific apps by bundle identifier. Delivered as XML configuration payloads pushed to enrolled devices.
Block access to AI-tool web domains through Safari and third-party managed browsers at the OS level.
Restriction profiles use the com.apple.applicationaccess payload type. On supervised devices, you define a blocklist of app bundle identifiers.
If a blocked app is already installed, it becomes hidden and non-launchable until the restriction is removed.
com.openai.chatgpt
com.anthropic.claude
com.google.Bard
com.microsoft.copilot
ai.perplexity.app.ios
The same payload supports a whitelist mode where only approved bundle IDs can be installed. Ideal for government agencies, defense contractors, and financial institutions where devices are locked to specific business applications.
In Jamf Pro, navigate to Devices > Configuration Profiles > New Profile > Restrictions.
<!-- iOS App Restriction Profile — Block AI Applications --> <!-- Deploy via Jamf Pro, ABM, or any MDM supporting Apple Configuration Profiles --> <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadType</key> <string>com.apple.applicationaccess</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.corp.ai-blocklist.restrictions</string> <key>PayloadUUID</key> <string>A1B2C3D4-E5F6-7890-ABCD-EF1234567890</string> <key>blockedAppBundleIDs</key> <array> <!-- AI Chatbots --> <string>com.openai.chatgpt</string> <string>com.anthropic.claude</string> <string>com.google.Bard</string> <string>com.microsoft.copilot</string> <string>ai.perplexity.app.ios</string> <string>com.quora.app.poe</string> <!-- AI Image Generators --> <string>com.midjourney.ios</string> <string>com.stability.diffusion</string> <string>com.lensa.app</string> <!-- AI Writing Tools --> <string>com.jasper.ios</string> <string>ai.copy.app</string> <string>com.grammarly.ios</string> <!-- AI Code Assistants --> <string>com.github.copilot</string> <string>com.replit.app</string> <!-- AI Voice/Audio --> <string>com.elevenlabs.app</string> <string>com.descript.app</string> </array> </dict> </array> <key>PayloadDisplayName</key> <string>AI Tools Blocklist — App Restrictions</string> <key>PayloadIdentifier</key> <string>com.corp.ai-blocklist</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>
New AI apps appear on the App Store daily, each with a unique bundle identifier. Manually tracking them is unsustainable at scale.
Our AI Tools Blocklist maintains a continuously updated database of AI app bundle identifiers for both iOS and Android, organized by 18 categories. Consume this data through our API and programmatically update your MDM profiles daily — newly discovered AI apps are blocked within 24 hours.
App restriction profiles require iOS supervised mode, set during enrollment through Apple Business Manager (ABM) or Apple School Manager (ASM).
User-initiated MDM enrollment is not supervised — those devices can only enforce managed app configurations and web content filters.
For non-supervised and BYOD devices, use the com.apple.webcontent-filter payload to block AI-tool domains at the browser level.
This filters Safari and any app using the system WebView — no supervision required.
Intune is the most widely deployed enterprise MDM, included with Microsoft 365 E3 and E5 licenses. It provides multiple enforcement mechanisms for blocking AI apps.
| Mechanism | Device Type | How It Works |
|---|---|---|
| App Protection Policies (MAM) | BYOD + Corporate | Block managed app access if AI apps detected |
| Device Compliance Policies | Enrolled devices | Flag devices with AI apps as non-compliant |
| Device Configuration Profiles | Enrolled devices | Push app restriction payloads with blocked bundle IDs |
| Conditional Access | All (via Entra ID) | Gate M365 access on device compliance status |
Configure a managed Google Play store controlling which apps are available. Apps not explicitly approved cannot be installed.
This allowlist approach automatically excludes every AI app — current and future — because they were never approved.
For iOS devices enrolled through Automated Device Enrollment, Intune pushes configuration profiles with blocked bundle identifiers.
Compliance policies detect AI apps and trigger Conditional Access to block Exchange, SharePoint, and Teams.
App protection policies (APP) provide control even on unenrolled BYOD devices. Through conditional launch settings, you block access to managed corporate apps if AI apps are detected.
# Microsoft Graph API — Create Intune App Protection Policy # Blocks access to managed apps if AI tools are detected on the device POST https://graph.microsoft.com/v1.0/deviceAppManagement/ managedAppPolicies { "@odata.type": "#microsoft.graph.iosManagedAppProtection", "displayName": "Block AI Tools — iOS APP", "description": "Prevents corporate data access when AI apps are installed", "periodOfflineBeforeAccessCheck": "PT12H", "allowedDataStorageLocations": ["oneDriveForBusiness", "sharePoint"], "dataBackupBlocked": true, "managedBrowserToOpenLinksRequired": true, "appActionIfUnableToAuthenticateUser": "block", "thirdPartyKeyboardsBlocked": true, "apps": [ {"mobileAppIdentifier": { "@odata.type": "#microsoft.graph.iosMobileAppIdentifier", "bundleId": "com.microsoft.Office.Outlook"}}, {"mobileAppIdentifier": { "@odata.type": "#microsoft.graph.iosMobileAppIdentifier", "bundleId": "com.microsoft.teams"}} ], "exemptedAppProtocols": [], "conditionaLaunchRules": [ { "settingName": "BlockedApps", "appBundleIds": [ "com.openai.chatgpt", "com.anthropic.claude", "com.google.Bard", "com.microsoft.copilot", "ai.perplexity.app.ios" ], "action": "block", "warningMessage": "AI applications must be removed to access corporate data." } ] }
Use androidManagedAppProtection with package names: com.openai.chatgpt, com.anthropic.claude, com.google.android.apps.bard, com.microsoft.copilot, ai.perplexity.app.android. Our API provides both iOS bundle IDs and Android package names in a single data source.
Flag devices running AI apps as non-compliant. Non-compliant devices are blocked from corporate resources through Conditional Access in Microsoft Entra ID.
Configure Microsoft Edge with a URL blocklist including all AI-tool domains. Users are blocked and redirected to a policy explanation page.
Pair compliance policies with Entra Conditional Access. Devices with AI apps lose access to Exchange, SharePoint, and Teams until apps are removed.
Workspace ONE (formerly AirWatch) uses a compliance engine that continuously monitors enrolled devices for policy violations. The engine runs on a configurable schedule — as frequent as every 15 minutes.
AI Tools — Blocked and set the type to Blocklist. Add app identifiers manually or import a CSV from our API export.
Smart Groups let you target AI blocking policies to specific user segments. Filter by organizational group, AD user group, device platform, ownership type, and more.
Target policies at specific Active Directory OUs. Each Smart Group can reference a different application group.
Differentiate policies by device ownership model.
Blocking AI native apps is only half the battle. Every AI tool also has a web interface. A user who finds ChatGPT blocked as an app will open Safari and navigate to chat.openai.com.
Managed browser configurations close this gap by extending your AI domain blocklist to the browser layer on managed devices.
Apple provides the com.apple.webcontent-filter payload with built-in filter and plugin modes.
Add AI-tool domains to the blacklisted URLs array. iOS blocks access in Safari and any app using WKWebView or system URL loading.
Chrome supports the URLBlocklist managed configuration with JSON URL patterns.
Microsoft Edge uses Intune app configuration. VMware Browser uses the Workspace ONE SDK for content filtering rules.
Deploy this JSON payload as a managed configuration through Intune, Workspace ONE, or any MDM supporting Android Enterprise. Our API exports domain lists compatible with Chrome's URL pattern syntax for automated daily updates.
// Chrome Managed Configuration — Android Enterprise // Deploy via Intune App Configuration or WS1 Managed Config { "URLBlocklist": [ // AI Chatbots & Assistants "chat.openai.com", "openai.com", "claude.ai", "anthropic.com", "gemini.google.com", "bard.google.com", "copilot.microsoft.com", "perplexity.ai", "poe.com", "you.com", // AI Image Generation "midjourney.com", "stability.ai", "dreamstudio.ai", "dall-e.com", "leonardo.ai", // AI Writing & Content "jasper.ai", "copy.ai", "writesonic.com", "rytr.me", // AI Code Assistants "github.com/features/copilot", "replit.com", "cursor.sh", "codeium.com", // AI Voice & Audio "elevenlabs.io", "descript.com", "murf.ai" ], "URLBlocklistExceptions": [ // Allowlisted internal AI tools "ai.internal.yourcompany.com" ], "BrowserSigninAllowed": true, "SafeBrowsingProtectionLevel": 2, "IncognitoModeAvailability": 1 }
IncognitoModeAvailability: 1 — Without this, users can open incognito tabs that bypass managed configurations entirely.
SafeBrowsingProtectionLevel: 2 — Adds an extra defense layer against AI-tool domains classified as potentially unsafe.
URL blocklists are delivered through the web content filter profile, not browser-specific managed configs.
This filters all web traffic on the device — Safari and any app using the system WebView. Domain entries must be exact matches or subdomains.
iOS content filtering operates at the OS level, catching traffic from any app — not just the browser.
Trade-off: no wildcard pattern support like Chrome's URLBlocklist key allows.
Per-app VPN routes traffic from specific apps through a VPN tunnel to your corporate network. Your existing firewalls, proxies, and DLP engines inspect and control it.
Full tunnel: Routes all traffic through corporate network. Complete visibility, higher bandwidth cost.
Split tunnel: Routes only AI-tool traffic. Our API provides the complete list of domains and IP ranges for split-tunnel configuration.
Start with monitor-only mode. Analyze firewall logs for connections to AI-tool domains before enforcing blocks.
Some AI tools may be embedded in business workflows and need managed exceptions rather than blanket blocks.
Your blocking strategy depends on the device ownership model. Each gives you different levels of control.
| Capability | Corporate-Owned | BYOD |
|---|---|---|
| Supervised / Device Owner mode | Yes | No |
| App installation blocking | Yes | No |
| Device-level app scanning | Yes | Requires consent |
| MAM / App protection policies | Yes | Yes |
| Conditional Access | Yes | Yes |
| Enterprise wipe | Full + Selective | Selective only |
The most effective approach uses both strategies simultaneously. Corporate devices get the full blocking stack; BYOD devices get MAM with conditional access.
Both device types consume the same AI Tools Blocklist data. Our API exports in multiple formats: iOS bundle IDs, Android package names, domain lists, and JSON feeds for programmatic MDM API integrations.
A proven hybrid approach used by large enterprises. Corporate resources open only in the managed browser (Edge, Chrome Enterprise, or VMware Browser), which has the AI-tool URL blocklist applied.
Users can still use personal browsers for personal browsing — including AI tools. But the MAM policy blocks cut-copy-paste between managed and unmanaged apps.
Result: AI tools are technically accessible on the device, but corporate data cannot flow into them. Data containment without device control.
New AI tools launch on the App Store and Google Play every week. Manually updating MDM restriction profiles is unsustainable at scale. Our API keeps your policies current automatically.
Fetch AI app bundle IDs, generate mobileconfig XML, and upload via the Jamf Pro API. Assign profiles to Smart Groups for targeted deployment.
Update Intune app protection and compliance policies. Our JSON output maps directly to Intune's policy schema — minimal transformation needed.
Push new app identifiers through the UEM API to update application groups. Triggers compliance re-evaluation across all enrolled devices.
Our API supports bulk data access with real-time webhook notifications. When a new AI app is discovered, a webhook fires with full metadata — name, bundle ID, package name, category, risk score, and domain associations.
Your platform can consume these webhooks and update its built-in AI app database without waiting for a daily batch job. Several MDM vendors already use this integration model to power native AI app blocking features.
Download the free sample to test with your MDM platform today. Or tell us your deployment details and we will send a ready-to-import app restriction list within 24 hours.
Tell us your MDM platform, device fleet size, and OS mix. We will deliver a formatted app restriction list within 24 hours.