Skip to main content
Question

VPN Smart Group

  • October 17, 2017
  • 3 replies
  • 20 views
J
Forum|alt.badge.img+14

Since first adopting iPads and iPhones it has been a struggle from stopping users installing VPN's on their devices to attempt to get around corporate filters. To fix this we setup a smart group that looks for the apps and then loads up restrictions on the device to make it useless. I thought this would force the user to see IT to have the restrictions taken off, but today I found out that users were using a remote wipe from iCloud and then restoring the device, checking in to our server and pulling them from the smart group. Any suggestions on how to stop this, we have the restrictions to stop erase all content and settings on the device and lockout the iCloud account.

Jared

    3 replies

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • October 18, 2017

    @jared_f DEP? Then you can also stop VPN installation.

    G
    Forum|alt.badge.img+7
    • Graeme
    • Contributor
    • October 19, 2017

    A workaround could be get the server to send an email to the coordinator whenever a device is added to the smart group.

    Regards
    Graeme

    T
    Forum|alt.badge.img+10
    • thejenbot
    • Valued Contributor
    • October 19, 2017

    In our school I cast a net with a Smart Mobile Device Group and get an email notification when I catch a fish - AKA anyone that downloads a known VPN app. We also have a config profile installed on all devices that doesn't allow the installation of config profiles, which makes installing any VPN apps worthless as it can't actually set up the VPN. (We also restrict Pairing and Erase All Content and Settings, which might be something for you to consider).

    By just attempting to bypass our filter the student is caught, so as soon as I see the email I throw the device into Lost Mode and use the message "Your iPad has been disabled as you have violated the school's Acceptable Use Policy. Bring your device to the Tech Department immediately."

    Previously we would just call the student up, but they knew they were caught so they'd delete the app on the way in and then play dumb. Locking it down means it arrives to me intact and I can make sure nothing is off in settings; I then delete the offending app (and all other non-school issued apps) and restrict the App Store before sending the little hoser on their way. Works very well for us, though I'm nobody's favorite person by any means :)

      Terms & ConditionsCookie settingsAccessibility statement