Setting Up Per-App Networking for Mobile Devices

Per-App Networking allows you to secure network traffic on mobile devices by configuring VPN, DNS proxies, and web content filters at the app-level for mobile devices.

Per-App Networking is configurable for all managed devices and enrollment types (Automated Device Enrollment, Device Enrollment, and User Enrollment).

Keep the following limitations in mind:

  • You can have multiple DNS Proxies, but you cannot mix system-wide and Per-App DNS proxies.

  • You can have up to seven Per-App Content Filters and one system-wide filter.

  • Apps must be managed on mobile devices.

  • To configure DNS proxies and web content filters, you need mobile devices with iOS 16 or later.

  1. In Jamf Pro, click Devices at the top of the sidebar.
  2. Click Configuration Profiles in the sidebar.
  3. Click New .
  4. Configure any of the following payloads to configure network traffic settings.
    • VPN

    • DNS proxy

    • Content Filter

  5. For each payload you configure, select the Enable per-app networking checkbox.

    This allows you to select the configuration from the app's distribution settings in Jamf Pro.

  6. Configure any other payloads, including the General payload.
  7. Click Save .
  8. Click Mobile Device Apps in the sidebar.
  9. Select or add the app you want to configure Per-App Networking for.
  10. Click Edit .
  11. On the General pane, use the Per-App Networking settings to choose available network traffic configurations for the app.

    Each Per-App Networking setting only displays if a mobile device configuration profile with a VPN, DNS proxy, or Content Filter payload exists in Jamf Pro and the Enable per-app networking checkbox is selected in the payload.

  12. Click Save .
Per-App Networking is enabled for the app and distributed to devices in the scope of the app.

To configure Per-App Networking for additional apps, select or add the apps in Jamf Pro and choose available Per-App Networking settings.