+3In the Restrictions section of Profiles, I see an option for "Allow creation of VPN configurations". I have disabled this as I don't want our users to be able to add VPNs.
Is there also an option to disable deletion of VPN configurations?
Likewise, is there any way to prevent a user from just toggling the VPN off. Or perhaps automatically re-enabling the VPN if they do turn it off?
Best answer by GadgetVirtuoso
If the VPN deployed via a device profile, unless they can also remove profiles or unenrolled the device.
Enforcing VPN usage is a little more complicated.
It really depends on what you've got in your toolbox.
+6If the VPN deployed via a device profile, unless they can also remove profiles or unenrolled the device.
Enforcing VPN usage is a little more complicated.
It really depends on what you've got in your toolbox.
+3Thanks! I will check to see if the app in question has an "always-on" option for the VPN.
How would I set up network rules to prevent access unless the VPN is on?
+6Thanks! I will check to see if the app in question has an "always-on" option for the VPN.
How would I set up network rules to prevent access unless the VPN is on?
It really depends on how you're connecting to VPN. Are you using the native VPN client or a 3rd party solution? Any other tools you're using?
+3I was considering using an app called Qustodio. It has some features that Jamf School does not, like setting schedule and time limits for apps. Qustodio's parental controls are enforced by VPN. Their documentation (and a support rep I spoke with) said that when the user toggles the VPN off, it automatically re-enables itself within a few seconds. I'm not sure how this works, though. Is that a capability inherent to the app itself?
They said if I want to prevent the user from deleting the entire profile, I'd need to install their MDM, which prevents deleting a VPN configuration. But as I will already have an MDM (Jamf) installed, I don't think I can do this. Instead, I could create a separate mobileconfig file that prevents deletion of VPN configurations and upload that to her phone, right?
Tech Lockdown offers a mobileconfig file that does this.
+6I was considering using an app called Qustodio. It has some features that Jamf School does not, like setting schedule and time limits for apps. Qustodio's parental controls are enforced by VPN. Their documentation (and a support rep I spoke with) said that when the user toggles the VPN off, it automatically re-enables itself within a few seconds. I'm not sure how this works, though. Is that a capability inherent to the app itself?
They said if I want to prevent the user from deleting the entire profile, I'd need to install their MDM, which prevents deleting a VPN configuration. But as I will already have an MDM (Jamf) installed, I don't think I can do this. Instead, I could create a separate mobileconfig file that prevents deletion of VPN configurations and upload that to her phone, right?
Tech Lockdown offers a mobileconfig file that does this.
Yes, if their product is also an MDM (which is what you're describing), then they should be able to give you the configuration to do it with Jamf. Some of the config is going to vary a bit from their product, but the principles are the same.
+3Yes, if their product is also an MDM (which is what you're describing), then they should be able to give you the configuration to do it with Jamf. Some of the config is going to vary a bit from their product, but the principles are the same.
Ok, I will check with them. Thanks!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
