A way to block App installation/update or OS updates, eg. blacklist certain applications (i.e. allow-all, deny-by-exception rule). This feature is important for the ISO 27001 audit.