Disable iCloud Private Relay

Shyamsundar
Contributor

Has anyone tried to disable iCloud Private Relay? I'm using the Plist below, but it only hides the iCloud Private Relay option in the iCloud settings and doesn't actually disable it. I still found it to be ON.

Has anyone else experienced this or found another way to disable iCloud Private Relay?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>allowCloudPrivateRelay</key>
    <false/>
  </dict>
</plist>

 

4 REPLIES 4

AJPinto
Honored Contributor III

We dont allow AppleID's so I dont have 1st hand experience with it. However, have you tried blocking or filtering the ports/hosts Private Relay uses?

https://support.apple.com/en-us/101555

mask.icloud.com

443

UDP

iOS, iPadOS, macOS, and visionOS

iCloud Private Relay

mask-h2.icloud.com

443

TCP

iOS, iPadOS, macOS, and visionOS

iCloud Private Relay

mask-api.icloud.com

443

TCP

iOS, iPadOS, macOS, and visionOS

iCloud Private Relay

Yes

sdagley
Esteemed Contributor II

@Shyamsundar That is not uncommon with Apple's MDM restrictions for iCloud related features - they simply disable changing the setting in the System Settings UI but if the feature is on it isn't forced to be off.

howie_isaacks
Valued Contributor II

I believe users have to turn this off themselves. I had to setup disabling access to logging in with an Apple ID a couple of years ago. I had to have the users turn off Find my Mac themselves. I couldn't turn it off using a policy or profile. I was only able to setup a policy to nag them until they turned it off.

AY
New Contributor II

You can create a configuration profile and disable particular services like that - Restrictions -> Functionality tab -> iCloud private relay

I would recommend scoping to test on a spare device.