Private Relay

JKling
New Contributor III

How is JSS going to handle Private Relay.  We have concerns about it bypassing our Proxy and Firewall content filter.

Do I need to disable iPS 15 updates for now?

6 REPLIES 6

ljcacioppo
Contributor III

You can modify your network to block iCloud Private Relay 
https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay/

sshort
Valued Contributor

Yeah I'm puzzled that there's not a restrictions profile available in Apple's spec to prevent a user from enabling this in System Preferences like iCloud Drive and Photos.

 

With most employees working remotely due to COVID, we can't just block this on the office network and call it a day. A workaround I've tested in Monterey with success just edits the user's `hosts` file to prevent traffic from connecting.

https://github.com/ducksrfr/mac_admin/blob/master/scripts/block-private-relay.sh 

sshort
Valued Contributor

Just discovered the iMazing Profile Editor app includes a new 'allowPrivateRelay' key that you can use to block Private Relay from System Preferences.Screen Shot 2021-10-11 at 11.33.55.png

ScottyBeach
Contributor

@sshort , My iMazing Profile Editor 1.5.1 doesn't offer "Other" tab. New version available somewhere? Not at https://imazing.com/profile-editor/download. Is it a matter of choosing a different repository? Changing the "branch name" to something else?

Perhaps I just need to RTFM: https://imazing.com/guides/imazing-profile-editor-working-with-custom-preference-manifests

Is that where I should be studying?

Thanks,

- Scott

Screen Shot 2021-10-15 at 11.14.36 AM.png

sshort
Valued Contributor

@ScottyBeach My Manifest prefs look exactly like yours, and I am running version 1.5.1 The only thing I can think of is checking for repository updates from the iMazing Profile Editor menu.

 

Here's a link to my generic iCloud blocking profile, but I pasted just the Private Relay block below:

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDisplayName</key>
			<string>Restrictions</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.applicationaccess.C73A59D6-BF57-4154-ADDE-EC4458CA4CB1</string>
			<key>PayloadType</key>
			<string>com.apple.applicationaccess</string>
			<key>PayloadUUID</key>
			<string>5583DF93-775B-4076-BBC6-576701F45295</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>allowCloudPrivateRelay</key>
			<false/>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>Disable iCloud Private Relay</string>
	<key>PayloadIdentifier</key>
	<string>376E7ECE-921F-4CE3-AB22-FEDCDEB433D5</string>
	<key>PayloadOrganization</key>
	<string>yourorgname</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>A0501BB6-0C30-4A91-8C7D-1EE3E4C3AF1B</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

 

Thanks very much. That's a great head-start. I'll work with that.

Be well.

- Scott