Summary 

Currently, mobile app policies only control whether Jira/Confluence mobile apps can bypass existing IP allowlists ("Allow access from any IP address"). They do not provide a direct way to block mobile app access to particular sites/products. Hence, 

• If a Jira/Confluence site does not have IP allowlisting enabled, or

• If the user's IP address is on the allowlist for that site,

users can still log in via the mobile apps even when "Allow access from any IP address" is unchecked in the mobile app policy. In effect, the mobile policy cannot be used as a simple "block mobile access to this site" control.

Suggested Solution

Introduce the ability for organization admins to explicitly block access to specific Jira/Confluence sites via Atlassian mobile apps, independent of IP allowlisting configuration.

For example:

• A setting at the org or site level such as:"Disable mobile app access for this site" (for Jira / Confluence individually), or

Enhancements to mobile app policies so that admins can:

• Select specific sites/products to block on mobile, regardless of IP rules, or

• Define a "Deny mobile access" rule that applies per product or per site.