Help

Private Relay

JKling
New Contributor III

Posted on ‎09-20-2021 11:18 AM

How is JSS going to handle Private Relay.  We have concerns about it bypassing our Proxy and Firewall content filter.

Do I need to disable iPS 15 updates for now?

Reply
6 REPLIES 6

ljcacioppo
Contributor III

Posted on ‎09-20-2021 11:58 AM

You can modify your network to block iCloud Private Relay 
https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay/

Reply

sshort
Valued Contributor

Posted on ‎10-08-2021 12:21 PM

Yeah I'm puzzled that there's not a restrictions profile available in Apple's spec to prevent a user from enabling this in System Preferences like iCloud Drive and Photos.

 

With most employees working remotely due to COVID, we can't just block this on the office network and call it a day. A workaround I've tested in Monterey with success just edits the user's `hosts` file to prevent traffic from connecting.

https://github.com/ducksrfr/mac_admin/blob/master/scripts/block-private-relay.sh 

0 Kudos
Reply

sshort
Valued Contributor

Posted on ‎10-11-2021 09:34 AM

Just discovered the iMazing Profile Editor app includes a new 'allowPrivateRelay' key that you can use to block Private Relay from System Preferences.Screen Shot 2021-10-11 at 11.33.55.png

0 Kudos
Reply

ScottyBeach
Contributor

Posted on ‎10-15-2021 08:26 AM

@sshort , My iMazing Profile Editor 1.5.1 doesn't offer "Other" tab. New version available somewhere? Not at https://imazing.com/profile-editor/download. Is it a matter of choosing a different repository? Changing the "branch name" to something else?

Perhaps I just need to RTFM: https://imazing.com/guides/imazing-profile-editor-working-with-custom-preference-manifests

Is that where I should be studying?

Thanks,

- Scott

Screen Shot 2021-10-15 at 11.14.36 AM.png

0 Kudos
Reply

sshort
Valued Contributor
In response to ScottyBeach

Posted on ‎10-15-2021 09:00 AM

@ScottyBeach My Manifest prefs look exactly like yours, and I am running version 1.5.1 The only thing I can think of is checking for repository updates from the iMazing Profile Editor menu.

 

Here's a link to my generic iCloud blocking profile, but I pasted just the Private Relay block below:

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDisplayName</key>
			<string>Restrictions</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.applicationaccess.C73A59D6-BF57-4154-ADDE-EC4458CA4CB1</string>
			<key>PayloadType</key>
			<string>com.apple.applicationaccess</string>
			<key>PayloadUUID</key>
			<string>5583DF93-775B-4076-BBC6-576701F45295</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>allowCloudPrivateRelay</key>
			<false/>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>Disable iCloud Private Relay</string>
	<key>PayloadIdentifier</key>
	<string>376E7ECE-921F-4CE3-AB22-FEDCDEB433D5</string>
	<key>PayloadOrganization</key>
	<string>yourorgname</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>A0501BB6-0C30-4A91-8C7D-1EE3E4C3AF1B</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

 

0 Kudos
Reply

ScottyBeach
Contributor
In response to sshort

Posted on ‎10-15-2021 12:48 PM

Thanks very much. That's a great head-start. I'll work with that.

Be well.

- Scott

0 Kudos
Reply