In response to growing regulatory requirements worldwide, Microsoft has published detailed technical guidance for Intune administrators on blocking and removing specific applications from managed endpoints.
The guide focuses on compliance with international frameworks such as Australia’s Protective Security Policy Framework (PSPF), Italy’s cybersecurity mandates, and South Korea’s data governance laws, using the DeepSeek – AI Assistant app as a primary example.
While tailored for this application, the methodologies apply universally to other restricted software.
.png
)
Platform-Specific Implementation Strategies
iOS/iPadOS Device Management
For corporate-owned supervised devices, administrators can deploy a Settings Catalog profile under Devices > iOS/iPadOS > Configuration profiles to block the DeepSeek app.
By adding the Bundle ID com.deepseek.chat to the Blocked App Bundle IDs field under the Restrictions category, the app becomes hidden and non-launchable.
To remove existing installations, Intune’s Apps > iOS/iPadOS apps interface allows admins to force uninstallations by assigning the app to target groups under the Uninstall assignment filter.
Device status is trackable via Device install status metrics. For personal/BYOD iOS devices, options are limited due to Apple’s restrictions.
Administrators can enforce compliance policies tied to Microsoft Entra Conditional Access, marking devices with DeepSeek as non-compliant and blocking access to corporate resources.
The policy configuration under Devices > iOS/iPadOS > Compliance policies uses the Restricted apps setting with the same Bundle ID to trigger compliance checks.
Android Enterprise Device Controls
On corporate-owned fully managed Android devices, admins can restrict app installations to pre-approved software via Allow access to all apps in Google Play Store set to Block.
To uninstall DeepSeek, the app is added as a Managed Google Play app in Intune, assigned an Uninstall action, and pushed to devices.
Subsequent sync cycles remove the app and block reinstallation attempts, with users receiving a “deleted by your admin” notification.
For personally owned devices with work profiles, the same uninstallation process applies to the work container. However, apps in the personal profile remain unmanaged, reflecting Android’s inherent design limitations.
Windows Endpoint Protections
Windows devices enrolled in Microsoft Defender for Endpoint can block DeepSeek’s web interface and Progressive Web App (PWA) capabilities.
Administrators first enable Custom Network Indicators in the Defender admin center (Settings > Endpoints > Advanced features), then create an indicator for https://deepseek.com with the Block execution action. This blocks access in Microsoft Edge within 48 hours.
To extend protections to third-party browsers, a Settings Catalog policy under Devices > Windows > Configuration enables Network Protection in Block mode, leveraging Defender’s engine to intercept requests across all applications.
macOS Network Enforcement
For macOS devices, the Custom Network Indicator configured for Windows automatically blocks DeepSeek if Network Protection is activated.
Admins deploy this via a macOS Settings Catalog profile in Intune, setting the Microsoft Defender Network Protection enforcement level to Block.
Users attempting access receive a standardized admin-blocked page across Safari, Chrome, and other browsers.
Compliance and Operational Impact
These measures ensure adherence to national cybersecurity directives while minimizing workflow disruption.
For regulated industries, combining app-blocking policies, conditional access rules, and network-layer controls creates a multi-tiered defense against unauthorized software.
Microsoft emphasizes pairing these technical steps with employee training to address shadow IT risks.
The guide builds on existing Intune documentation, such as Support Tip: Removing and Preventing App Use on Mobile Devices, refining workflows for global enterprise environments.
As regulatory scrutiny intensifies, such frameworks will likely become standard in endpoint management portfolios.
Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response and Threat Hunting – Register Here
