So, at first glance I love the idea of the Access App Launch feature, but we need a way to hide apps and I’m not seeing anything from here (Mobile, so maybe I’m missing it?)
Here’s one example of an app that exists, but shouldn’t be listed):
For context, this exists so that any app hosted behind access can still request certificates (primarily from Let’s Encrypt), but not only is the app not relevant to users, it doesn’t even work because a wildcard sub domain is not a valid URL.
The permissions on this one don’t allow any users, it is only a bypass rule for all IPs. This is just an example though, I have a couple other apps that just open a hole for an API call, but because they’re technically reachable for a user (e.g. from our office IP address) they’re listed when the link is actually not something a user can directly interact with. Exchange AutoDiscovery is another example of something that will hit many of my clients.