> ## Documentation Index
> Fetch the complete documentation index at: https://docs.idemeum.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart - Allowlisting

> Set up application control on Windows and macOS.

## What is allowlisting?

Instead of blocking everything that is bad in your environment, you explicitly allow what applications need to run on user workstations. In simple terms, you only allow applications that you trust, and block everything else, including malware and ransomware. When idemeum agent is installed, it intercepts every process execution event and applies `Default deny` policy - if application is not explicitly trusted, it is not allowed.

<Card title="Application allowlisting overview" icon="page" horizontal href="/allowlisting-overview">
  Full documentation section for allowlisting
</Card>

## Get started with allowlisting

In this guide we will install the agent and quickly try the application control enforcement.

<Steps>
  <Step title="Sign up for idemeum tenant">
    Sign up for free idemeum IT or MSP tenant on our website → [idemeum.com](https://idemeum.com)
  </Step>

  <Step title="(MSP) - Create child tenant">
    If you are an MSP, please create a child tenant / organization. 

    * Login to your MSP admin portal
    * Navigate to `Tenants` → click `Add tenant` and choose manually
    * Provide subdomain and display names and save the configuration

          <img src="https://mintcdn.com/idemeum/NHk_znfdxs-hO07k/images/CleanShot-2026-05-27-at-10.40.29@2x.png?fit=max&auto=format&n=NHk_znfdxs-hO07k&q=85&s=f67c477bb503262d86f18103b092280c" alt="Clean Shot 2026 05 27 At 10 40 29@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-10.40.29@2x.png" />
  </Step>

  <Step title="Enable allowlisting for your tenant">
    * Navigate to your idemeum tenant admin portal
    * Click `Control settings` → `Allowlisting`
    * Make sure allowlisting is enabled for your tenant

          <img src="https://mintcdn.com/idemeum/UeGU0x3OFaq_2ck0/images/CleanShot-2026-05-27-at-12.38.31@2x.png?fit=max&auto=format&n=UeGU0x3OFaq_2ck0&q=85&s=ea5e48523eb7c6934e0d139934a056ad" alt="Clean Shot 2026 05 27 At 12 38 31@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-12.38.31@2x.png" />
  </Step>

  <Step title="Configure baseline rules">
    We will now create baseline rules for most used applications on your workstation.

    * Access `Activity` → `Rules`
    * Click `Add rule` → `Catalog`
    * Check the rules that you need. 
    * We recommend allowing everything that is signed by Microsoft, Apple, and Google. 

          <img src="https://mintcdn.com/idemeum/UeGU0x3OFaq_2ck0/images/CleanShot-2026-05-27-at-12.41.28@2x.png?fit=max&auto=format&n=UeGU0x3OFaq_2ck0&q=85&s=971e3c62e72c0f7a4f6354d5f5dadc87" alt="Clean Shot 2026 05 27 At 12 41 28@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-12.41.28@2x.png" />
  </Step>

  <Step title="Grab installation command to deploy agents">
    <Warning>
      macOS agent deployment requires privacy and security permissions so it is recommended to deploy the agent with an MDM profile. 
    </Warning>

    Click on the `Install agent` → choose `Control agent` and copy the installation command for Windows or macOS. 

    <img src="https://mintcdn.com/idemeum/NHk_znfdxs-hO07k/images/CleanShot-2026-05-27-at-10.46.44@2x.png?fit=max&auto=format&n=NHk_znfdxs-hO07k&q=85&s=375b42ec485b444929631c2a2567620c" alt="Clean Shot 2026 05 27 At 10 46 44@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-10.46.44@2x.png" />
  </Step>

  <Step title="Turn application control mode to rules">
    Once the agent is installed it will appear in the `Devices` table and the default mode for application control will be turned off. Click on `...` and turn the application control mode to `Rules`.

    <img src="https://mintcdn.com/idemeum/nQywgqubfn4A6GcZ/images/CleanShot-2026-05-27-at-12.13.41@2x.png?fit=max&auto=format&n=nQywgqubfn4A6GcZ&q=85&s=804916d82c159f3c186efba2ac24239d" alt="Clean Shot 2026 05 27 At 12 13 41@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-12.13.41@2x.png" />
  </Step>

  <Step title="Test application launch">
    * Launch any application that is not covered by any rules - application will be blocked
    * Launch any application what is covered by rules - it will be allowed

          <img src="https://mintcdn.com/idemeum/UeGU0x3OFaq_2ck0/images/CleanShot-2026-05-27-at-12.43.26@2x.png?fit=max&auto=format&n=UeGU0x3OFaq_2ck0&q=85&s=5d24bf1cebf117d964411fac45b61567" alt="Clean Shot 2026 05 27 At 12 43 26@2x" width="2676" height="1980" data-path="images/CleanShot-2026-05-27-at-12.43.26@2x.png" />
  </Step>
</Steps>

<Tip>
  Allowlisting has many more features that we can cover in this guide. Please consult our [documentation](/allowlisting-overview) to learn about all features EPM has to offer.
</Tip>