Help

Options for VPN on iOS

Go to solution
lehmanp00
Contributor III

Posted on ‎02-05-2014 12:03 PM

The last I remember we can setup a VPN in profiles or install a VPN app/client on the iPads. However, there is no way to:

  1. force the user to only use the VPN app
  2. prevent the user from deleting the profiles

Am I wrong on this?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
cbrewer
Valued Contributor II

Posted on ‎02-06-2014 07:14 AM

At this point, the MDM profile and all associated profiles are easily removed. Configurator is the only way to lock a profile to a device.

View solution in original post

0 Kudos
Reply
5 REPLIES 5

Go to solution
cbrewer
Valued Contributor II

Posted on ‎02-05-2014 01:19 PM

  1. You can sorta force VPN usage by using supervision (configurator) and adding a global proxy address config profile. Then use a pac file to detect what network the device is on and deny traffic (or provide a nice message) if the user is not connected to the vpn.

  2. Profiles applied with supervision (configurator) cannot be removed short of wiping the device.

0 Kudos
Reply

Go to solution
bentoms
Release Candidate Programs Tester

Posted on ‎02-05-2014 02:54 PM

Depending on the use case, you could also;

  1. Use a global HTTP proxy, with Firewall rules allowing access into your network
  2. Setup per app VPN, requiring the VPN to be needed to be used by those apps.

Both of which do depend on what you're trying to achieve.

0 Kudos
Reply

Go to solution
lehmanp00
Contributor III

Posted on ‎02-06-2014 05:08 AM

Ok, this helps. However a profile would have to be applied with Configurator and NOT Casper for it to be protected? Or once a device is Supervised ALL profiles are protected?

0 Kudos
Reply

Go to solution
cbrewer
Valued Contributor II

Posted on ‎02-06-2014 07:14 AM

At this point, the MDM profile and all associated profiles are easily removed. Configurator is the only way to lock a profile to a device.

0 Kudos
Reply

Go to solution
lehmanp00
Contributor III

Posted on ‎02-06-2014 10:32 AM

For some more information just in case others have questions:

(I haven't looked at Configurator in years which is why I had these questions!)

  1. Profiles created with Configurator can be 'locked' to prevent deletion. But you have to do it in the profile's General section. Just making a device Supervised isn't enough.

  2. I no longer see the ability to create an enrollment profile in Configurator, therefore, MDM Profiles cannot be locked from deletion.

  3. If you connect a Supervised device to another iTunes account, the MDM profiles get removed. Not sure why. But the device will not be allowed to interact with the iTunes app unless you wipe the device. That is how it is supposed to work.

0 Kudos
Reply