I have changed both to "true", rebooted and done some testing. It seems to be the same as before. I can still only choose applications in "Outgoing access to the Internet" policy, however that policy does not seem to apply for internal traffic.
In "Firewall" -> "Blade Control" I have tried enabling and editing the "Block other undesired applications". I used every version of Internet Explorer as a test. However when I do a HTTP request in IE on either host it simply just allows the traffic. It uses the "Any Any HTTP Allow" test rule which is currently first on the list in "Incoming, Internal and VPN traffic" policy.
In either case, a black list like "Block other undesired applications" was not the intended solution, we were looking for a white list functionality like it seems to be possible with "Outgoing access to the Internet" policy.
Am I missing something?