But - if someone has already created a VPN Configuration on the device, does this actually disable it?
For example, the "Allow modifying Passcode" payloads - if the passcode is set, it doesn't remove the passcode and then not allow you to set one up in future - it grays that out in Settings. So if a student put a passcode on a shared device, say, and someone wanted to remove it in settings, you wouldn't be able to unless you exclude that device from the profile.
So by the wording of the payload here, I would assume you wouldn't be able to manually add a new configuration; but if one already exists, does this wipe it out?
We've previously gotten around the fact that this wasn't possible by a config profile restricting the creation of configuration profiles, which VPNs use; so students could download the app, but they couldn't actually install the profile on the device that would create the VPN. Sometimes VPN would be visible in settings, but it wouldn't actually work.
I'm curious to know if anyone has used this and what actually happens on a device with a configured VPN.
I tested out the restriction, and it did not work for us. I confirmed the restriction was in place on the device, then went to the App Store, and downloaded Snap VPN. Opened the app, and ran through its setup without a problem. Going into Settings > VPN shows the Snap VPN configuration added and connected.