Help

Is it possible to prevent disabling and deleting a VPN?

Go to solution
switters
New Contributor II

Posted on ‎05-22-2025 09:37 AM

In the Restrictions section of Profiles, I see an option for "Allow creation of VPN configurations". I have disabled this as I don't want our users to be able to add VPNs. 

Is there also an option to disable deletion of VPN configurations? 

Likewise, is there any way to prevent a user from just toggling the VPN off. Or perhaps automatically re-enabling the VPN if they do turn it off?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
GadgetVirtuoso
New Contributor III

Posted on ‎05-22-2025 10:31 AM

If the VPN deployed via a device profile, unless they can also remove profiles or unenrolled the device.

Enforcing VPN usage is a little more complicated. 

  • If supported by your VPN solution, you could set it to always-on or on-demand. 
  • Setup network rules to prevent access unless VPN is on.
  • Per-app VPN solution like Cloudflare

It really depends on what you've got in your toolbox.

View solution in original post

Reply
7 REPLIES 7

Go to solution
GadgetVirtuoso
New Contributor III

Posted on ‎05-22-2025 10:31 AM

If the VPN deployed via a device profile, unless they can also remove profiles or unenrolled the device.

Enforcing VPN usage is a little more complicated. 

  • If supported by your VPN solution, you could set it to always-on or on-demand. 
  • Setup network rules to prevent access unless VPN is on.
  • Per-app VPN solution like Cloudflare

It really depends on what you've got in your toolbox.

Reply

Go to solution
switters
New Contributor II

Posted on ‎05-22-2025 12:09 PM

Thanks! I will check to see if the app in question has an "always-on" option for the VPN. 

How would I set up network rules to prevent access unless the VPN is on? 

0 Kudos
Reply

Go to solution
GadgetVirtuoso
New Contributor III
In response to switters

Posted on ‎05-22-2025 12:16 PM

It really depends on how you're connecting to VPN. Are you using the native VPN client or a 3rd party solution? Any other tools you're using?

0 Kudos
Reply

Go to solution
Lasse
Contributor II

Posted on ‎05-23-2025 04:45 AM

Remember if you use Jamf Safe Internet, that is already an always-on VPN config.

Reply

Go to solution
switters
New Contributor II

Posted on ‎05-23-2025 05:11 AM

I was considering using an app called Qustodio. It has some features that Jamf School does not, like setting schedule and time limits for apps. Qustodio's parental controls are enforced by VPN. Their documentation (and a support rep I spoke with) said that when the user toggles the VPN off, it automatically re-enables itself within a few seconds. I'm not sure how this works, though. Is that a capability inherent to the app itself?

They said if I want to prevent the user from deleting the entire profile, I'd need to install their MDM, which prevents deleting a VPN configuration. But as I will already have an MDM (Jamf) installed, I don't think I can do this. Instead, I could create a separate mobileconfig file that prevents deletion of VPN configurations and upload that to her phone, right? 

Tech Lockdown offers a mobileconfig file that does this. 

0 Kudos
Reply

Go to solution
GadgetVirtuoso
New Contributor III
In response to switters

Posted on ‎05-23-2025 07:48 AM

Yes, if their product is also an MDM (which is what you're describing), then they should be able to give you the configuration to do it with Jamf. Some of the config is going to vary a bit from their product, but the principles are the same.

Reply

Go to solution
switters
New Contributor II
In response to GadgetVirtuoso

Posted on ‎05-23-2025 01:34 PM

Ok, I will check with them. Thanks!

0 Kudos
Reply