What's a good list of apps to deny via Jamf?

We're attempting to get an ISO-27001 certification this year and one of the controls is "*Company* has an allow-all, deny-by-exception rule in place for unauthorized software applications and implements procedures to deny execution."

Our small company culture isn't one that does a lot of "thou shall not" kind of controls, but we should have *something* in our deny-list that we control via Jamf.

What's a reasonable, non-controversial list of applications that no reasonable work computer should have on it?

applications apps certification company culture controls culture cybersecurity good isn iso jamf kind list lot procedures software software applications unauthorized