The application allow list includes the sanctioned applications you provision and administer for business, infrastructure, and user work purposes and tolerated applications you choose to allow for personal use. Before you create your internet gateway security policy, create an inventory of the applications you want to allow.