Governance

Application overview & blacklist

Installed applications overview + blacklist rules that can automatically trigger uninstall tasks.

What this feature delivers

Application governance gives you a single source of truth for what is installed across your estate. You can use this to standardize approved tooling, reduce shadow IT, and react faster when a vulnerable application shows up. Policies can be gentle (visibility and flagging) or strict (automated removal), depending on how you operate and what your risk tolerance is.

On this page
Subfeatures
All features

Software inventory

Get a consistent view of installed software across systems so you can answer basic questions quickly: “Where is this installed?”, “Which versions are running?”, and “Which hosts deviate from our standard?”. This is the foundation for governance, vulnerability response, and reducing operational drift.

  • Inventory per system with version and publisher context (where available).
  • Search and filter by application name, version, or host group.
  • Spot legacy tooling and reduce long-tail support costs.

Policies & blacklist

Policies help you translate “we don’t want this” into enforceable rules. Many teams start with a blacklist for clearly unwanted software (toolbars, remote tools without approval, legacy runtimes) and evolve into a more mature model with approved baselines per tenant or environment.

Tip

Keep policies explicit and scoped. Start with visibility and owner communication before turning on automatic removal at scale.

Controlled remediation

When your governance model is ready, you can move from “flag” to “fix”. Controlled remediation means you can trigger actions in a predictable way: remove an unapproved app, clean up a legacy version, or enforce a baseline across a group — while keeping safety and auditability front and center.

  • Optional automation: trigger uninstall tasks based on policy.
  • Guardrails like approvals, maintenance windows, or staged rollouts (“rings”).
  • Track execution outcomes and create an audit trail for compliance.

Standardization & compliance

Standardization reduces surprises. By converging on approved versions and toolsets, you reduce support complexity and align more easily with internal controls. This is especially useful in multi-tenant or multi-environment setups where exceptions must be intentional rather than accidental.

  • Reduce shadow IT and unsupported “one-off” tools.
  • Improve onboarding: new systems converge to your expected baseline faster.
  • Make audits easier by proving governance, not just stating it.

Vulnerability response

During a vulnerability wave, speed matters. A reliable software inventory helps you identify impacted systems fast and prioritize remediation. If you combine this with vulnerability data and alerting, you get a tight loop from detection to action.

What you can add next
  • Version rules: detect “below minimum safe version” across tenants.
  • Bulk actions: staged removal/upgrade workflows with progress tracking.
  • Reporting: exports for audit and incident documentation.
Reduce risk by keeping software visible and governable.