Frequently Asked Questions
Some frequently asked questions about device management on an iPhone.
How can I prevent an App from getting deleted?
This process varies depending on your goals.
Using Kiosk mode, you can select the apps that the user should have access to. All other apps won't be visible or accessible, but they will still exist on the device.
You can install a filter app that configures your network settings and the user won't be able to delete or stop the app.
In the MDM policy under Restrictions > Applications
, you can restrict Deleting apps.
There's a method for preventing the deletion of apps distributed by MDM, but this requires you to upload an app configuration file. This process is fairly technical right now and I'm working on making it more accessible.
How do I block VPNs, Proxies, or other apps that configure DNS?
Update the MDM profile Restrictions
> Network and Roaming
> Allow users to configure VPN:no
.
Consider updating the MDM profile to include pre-configured Wi-Fi networks so that the user can only connect to approved Wi-Fi networks.
Using Kiosk mode, you can provide a limited iOS experience without access to all installed apps and capabilities.
Consider configuring the MDM profile Restrictions
> Applications
> Allow user to download unapproved apps:restrict
. This will limit the apps a user can install to a pre-curated list of apps that you've added to Device Mgmt
> App Repository
.
What are the most restrictive setups?
Kiosk multi-app mode with only the bare essentials enabled or using the single app mode with a parental control kiosk app.
Updating the MDM profile restrictions so that Wi-Fi is always forced on and is limited to the Wi-Fi networks you pre-configured in the MDM profile > Wi-Fi.
Disabling the personal hotspot in the MDM profile >Restrictions
> Network and Roaming
> Modify Personal Hotspot:No
.
Updating the MDM profile > Web Content Filter
and toggling on the Filter type: Allowlist
so that only the approved websites can be accessed (everything else is blocked).
Best approach to filtering and blocking content?
Configure the Web Content Filter with websites that should be blocked. Websites added to this blocklist will be blocked even if use iPhone is configured to use a Proxy or VPN. This layer is the hardest one to bypass.
Add a content-filtering app that configures an always-on VPN.
Limit apps that can be downloaded using either multi-app Kiosk mode or by manually maintaining your own app allow/blocklists using the MDM app repository and inventory.