Jamf Nation Community

Shyamsundar · Friday

Has anyone tried to disable iCloud Private Relay? I'm using the Plist below, but it only hides the iCloud Private Relay option in the iCloud settings and doesn't actually disable it. I still found it to be ON.

Has anyone else experienced this or found another way to disable iCloud Private Relay?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>allowCloudPrivateRelay</key>
    <false/>
  </dict>
</plist>

AJPinto · Friday

We dont allow AppleID's so I dont have 1st hand experience with it. However, have you tried blocking or filtering the ports/hosts Private Relay uses?

https://support.apple.com/en-us/101555

mask.icloud.com	443	UDP	iOS, iPadOS, macOS, and visionOS	iCloud Private Relay	—
mask-h2.icloud.com	443	TCP	iOS, iPadOS, macOS, and visionOS	iCloud Private Relay	—
mask-api.icloud.com	443	TCP	iOS, iPadOS, macOS, and visionOS	iCloud Private Relay	Yes

sdagley · Friday

@Shyamsundar That is not uncommon with Apple's MDM restrictions for iCloud related features - they simply disable changing the setting in the System Settings UI but if the feature is on it isn't forced to be off.

howie_isaacks · Friday

I believe users have to turn this off themselves. I had to setup disabling access to logging in with an Apple ID a couple of years ago. I had to have the users turn off Find my Mac themselves. I couldn't turn it off using a policy or profile. I was only able to setup a policy to nag them until they turned it off.

AY · yesterday

You can create a configuration profile and disable particular services like that - Restrictions -> Functionality tab -> iCloud private relay

I would recommend scoping to test on a spare device.

Jamf Nation Community

Disable iCloud Private Relay