Help

Relaxed Domains Cross-Site Tracking - No more manually toggling on/off!

red_beard
New Contributor III

Posted on ‎07-05-2024 07:05 AM

I'm looking to setup, add a domain (DRC WIDA testing) to a configuration profile with "Relaxed Domains" for our iPads. I don't see it anywhere I've looked in Jamf Pro configuration profiles, but Apple and WIDA have references to it. This would allow us finally to not have to manually toggle Cross-Site tracking to "on" on each iPad!!!!

I've setup a custom configuration as described but I'm hoping there is a non-custom method that I'm just missing.

 

This functionality is supported by a key in the Domains payload CrossSiteTrackingPreventionRelaxedDomains.

 

From WIDA / DRC Insight

Cross-Website Tracking and Device Supervision


Important: Sites using iPadOS 16.2 and higher no longer need to enable Cross-Website Tracking as
long as the device is supervised and the domains are relaxed following the instructions below. This can be
done using Automated Device Enrollment and MDM software or by using Apple Configurator.
Note:

  • Sites using iPadOS 16.1.2 and below must still enable Cross-Website Tracking.
  • Supervision must be enabled for all devices regardless of iPadOS version.

Supervising iPadOS Devices


Supervise a Device Using MDM Software and Relaxing Domains
If you are using MDM software, DRC INSIGHT checks the device serial number and directs you to your
designated MDM server, where you can view and edit your enrollment profile. Once the device is enrolled it
is automatically supervised.
For more information, work with your MDM provider and Apple.

1. In the Domains payload option within your MDM, locate the Cross-site tracking relaxed for domains
field.
• If you do not see this field, you will have to create a custom profile and upload it to your MDM.
2. Enter the following domains to be relaxed:
• <string>DRC-centraloffice.com</string>
• <string>http://drc-centraloffice.com:55222</string>
Note: 55222 is the default port value. Use the same port that you used during COS - SD installation
if you used a custom port.
• <string>DRCedirect.com</string>
• <string>WIDA-ams.us</string>
3. You no longer need to enable Cross-Website Tracking for testing. However, if you receive a content
retrieval error message when you begin a test and think the domains may not be relaxed, enable Cross-
Website tracking in the iPad settings and are able to begin a test then the domains have not been relaxed.

Labels:
0 Kudos
Reply
3 REPLIES 3

AJPinto
Honored Contributor III

Posted on ‎07-05-2024 07:35 AM

Looks like Apple gives an example of what the xml should look like. Have you tried making a .mobileconfig and uploading it to Jamf to deploy? Jamf does not have GUI elements for everything you can do with MDM. Just be aware to sign the .mobileconfig as Jamf is well known for breaking key pairs it does not understand when deploying if its not signed.

 

Cross-Site Tracking Prevention for relaxed domains example - Apple Support

0 Kudos
Reply

bfrench
Contributor III
In response to AJPinto

Posted on ‎07-08-2024 08:20 AM

For those of us who are not coders, do I only need to change the Apple example to include the following and save it as a .mobileconfig file to upload?

 

   <key>CrossSiteTrackingPreventionRelaxedDomains</key>

      <array>

        <string>DRC-centraloffice.com</string>

        <string>http://drc-centraloffice.com:55222</string>

        <string>DRCedirect.com</string>

        <string>WIDA-ams.us</string>

      </array>

0 Kudos
Reply

red_beard
New Contributor III

Posted on ‎07-15-2024 11:44 AM

I used iMazing's Profile editor to create one, even though it's very simple as it had the "Relaxed Domain" category that Jamf Pro is missing from its domain section.  iMazing Profile editor.png

Reply