Connect an iOS Device to your Content Policy

Tech Lockdown Team

|

Updated July 26, 2024

We highly recommend using the Installation wizard we provide in your Tech Lockdown account dashboard. It will walk you through the installation process. You can use this tutorial for additional reference.

There are a few ways to connect your iPhone to your Content Policy and you can combine both methods together:

1. Configuring iPhone DNS settings
   
2. Installing an App that enables a VPN

Which path should you choose?

There are multiple ways to connect your iOS device to your content policy. The path you choose depends on whether or not you have set up supervised mode and the level of customization and restrictiveness you want to achieve. 

Note that supervised mode  can also enforce Apple's built-in content filtering, which works alongside a Content Policy as a great additional blocking layer. Supervised devices have more options for preventing bypass of a blocking system. 

Standard iPhone - DNS Config

If you install the config file mentioned later on, your iPhone's DNS settings will point to your content policy. This approach doesn't require the use of an app, so bypass prevention is improved through obscurity. 

If you want to go further with preventing bypass of the DNS Config, you should look at these guides that pair well with the DNS config approach:

1. Restrict access to iPhone Settings
2. Limit the App Store
3. Disable Safari

Supervised iPhone - DNS Config

If your iPhone is using supervised mode , you have more effective methods for enforcing the DNS config file. First, you can install the DNS Config file with "prevent removal" checked (the Tech Lockdown connect wizard will walk you through this). This means that you may not need to restrict access to iPhone settings. 

Here are some common guides the pair well with the supervised DNS Config approach:

1. Prevent turning off Wifi on an iPhone
2. Prevent Adding VPN Configurations

The supervised DNS approach works reliably and allows you to use the iPhone normally without having to limit the app store and access to the settings. 

Standard iPhone - App

The Cloudflare One app configures a VPN on the iPhone that connects it to your unique content policy. Using the app provides you with more customization in your Content Policy: you can scope rules based on the login email used for the app.

From a bypass prevention standpoint, the main focus is on enforcing the VPN, which is covered comprehensively in this guide:

1. Enforce a VPN on iPhone . We recommend utilizing the re-enable VPN automation mentioned in this guide even if your iPhone is supervised.

Supervised iPhone - App

If the iPhone is supervised, you still might follow the VPN enforcement techniques mentioned previously. You gain access to a few more methods with device supervision. 

Additionally, you might consider the following guides:

1. Block apps on a Supervised iPhone

DNS Config

Using our .mobileconfig generator for iPhone, you can add a file to your iOS device that automatically configures your network settings.

Option A). Generate and Download a Config using your iPhone

You can complete the following steps all from your iPhone.

Option B). Use your computer to generate a QR code and scan it with your iPhone

You can complete these steps using your computer and iPhone. 

You should get a message that says "profile downloaded"

If you don't see this, search settings for VPN & Device Management and go directly to that section.

App

The Cloudflare One app can be used to configure an always-on VPN that keeps your device connected to your DNS Content Policy.

If you are viewing this page on a desktop computer, scan the below QR code with your iPhone's camera to bring up the Cloudflare One download page in the App Store.

Login to Cloudflare Zero Trust

That’s it! You’re all set!

Bypass Prevention

After you've successfully connected your iOS device to your DNS Content Policy, the next step is to prevent this connection from being interrupted.

If you've installed the Cloudflare One Agent on your iOS device, the app establishes its connection to your Content Policy with the help of a VPN. This VPN is created and enforced automatically by the app. However, we strongly recommend taking a look at several techniques that can ensure that this app can't be uninstalled.

You can choose to also install the DNS configuration profile on your iOS device. This changes the DNS settings of your device and can work in addition to the Cloudflare One Agent. 

We go over many more detailed steps that you can take in our bypass prevention guide for iOS.

Network Settings

You can customize the network settings on your iPhone to point to your Content Policy. You can use this in combination with both the app and DNS configuration profile. We recommend connecting with multiple approaches so that if the app fails to connect, it will fall through to the device’s network settings.

Associate an IP address

It's important not to skip this step. Even if you don't plan to connect your home's Wi-Fi to your DNS Content Policy, you must associate an IPv4 address to get the unique connection information for your account.

If you've not connected a router to your Content Policy yet, you will need to create a network first.

Get Connection Information

Your account will have unique addresses that can be used to point the network settings on your device directly to your content policy.

You can find this information under Content Policy > Connect Devices > Config.

Configure Network Settings

To change DNS/Network settings on your device:

1. Go to Settings > Wi-Fi.
2. Tap the information ‘i’ icon next to the Wi-Fi name you are connected to.
3. Scroll down until you see the section called Configure DNS.
4. Change the configuration from Automatic to Manual.

From here, enter the connection information on the Tech Lockdown dashboard.

Next Up

Install on MacOS

Install on Windows

View Activity Logs

If you've installed Cloudflare on the devices you use, you can now view and customize the activity log.