You can use Jamf Pro to create a mobile device configuration profile that restricts end user access to certain iOS, iPadOS, and tvOS apps.
Requirements
Supervised mobile devices
Supervised Apple TV devices
In Jamf Pro, click Devices in the sidebar.
Click Configuration Profiles in the sidebar.
Click New .
In the General payload, enter a name for the profile and configure other settings on the pane as needed.
Under the Restrictions payload, click Apps.
To allow usage of the App Store on managed iOS, iPadOS, and tvOS devices and control which apps are allowed, do the following:
Note:
You may want to restrict the App Store app from tvOS devices entirely to prevent end users from installing apps.
Select iOS,tvOS, and Supervised in the filter.
Choose "Some apps not allowed" or "Only some apps allowed" from the App Usage pop-up menu.
Enter the name of the first app you want to restrict in the App Name field.
Click Add to add additional apps as needed.
Repeat steps c through d as needed.
(iOS only) To restrict users from manually installing apps that are signed with an Apple Enterprise Developer certificate, do the following:
Under the Restrictions payload, click Functionality.
Select iOS in the filter.
Restrict the Trusting new enterprise app authors setting.
(Optional) (iOS only) To restrict users from accessing the App Store and only allow users to install or update apps from MDM, do the following:
Under the Restrictions payload, click Apps.
Select iOS in the filter.
Restrict the Installing apps using Apple Configurator and iTunes setting.
Click the Scope tab, and then configure the target devices or device groups.
Note:
If deploying restrictions for tvOS, depending on your organization's approach to setting up smart groups, you may want to create a separate profile for the tvOS app restrictions.
Click Save .
The profile is distributed to the devices in the scope. If a device has two or more configuration profiles with restrictions, it will accept the most restrictive settings.