Configuring Per App VPN for iOS system apps

These settings apply to supervised devices and devices operating in basic control mode.

The Per App VPN functionality lets a device establish a VPN connection when supported system apps or third-party apps are launched. This functionality is available for IKEv2 and IPSec connections.

The following system apps support Per App VPN connections:

For the Per App VPN functionality to work correctly, the iOS MDM Server version must not be earlier than 15.4.0.2019.

To enable the Per App VPN functionality for supported system apps:

  1. Perform the initial setup of the VPN connection.
  2. On the Advanced tab, in the Per App VPN section, select the Enable Per App VPN check box.
  3. Set up Per App VPN for supported system apps in the corresponding settings of the policy.

Mail

To specify the Per App VPN configuration for the Mail app:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select iOS and go to the Device configuration section.
  4. On the Email card, click Settings.

    The Email window opens.

  5. Enable the settings using the Email toggle switch.
  6. Add a new email account or edit an existing account.
  7. On the Advanced tab, in the Per App VPN section, select the Enable Per App VPN check box.
  8. Select a configuration from the Per App VPN configuration drop-down list.
  9. Click Save.
  10. Click OK.
  11. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, Per App VPN is configured for the Mail app.

Calendar

To specify the Per App VPN configuration for the Calendar app:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select iOS and go to the Device configuration section.
  4. On the Calendar card, click Settings.

    The Calendar window opens.

  5. Enable the settings using the Calendar toggle switch.
  6. Add a new calendar account or edit an existing account.
  7. In the Per App VPN section, select the Enable Per App VPN check box.
  8. Select a configuration from the Per App VPN configuration drop-down list.
  9. Click Add.
  10. Click OK.
  11. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, Per App VPN is configured for the Calendar app.

Calendar subscriptions

A list of subscriptions to calendars of other CalDAV users, iCal calendars, and other published calendars.

To specify the Per App VPN configuration for calendar subscriptions:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select iOS and go to the Device configuration section.
  4. On the Calendar subscriptions card, click Settings.

    The Calendar subscriptions window opens.

  5. Enable the settings using the Calendar subscriptions toggle switch.
  6. Add a new calendar subscription or edit an existing subscription.
  7. In the Per App VPN section, select the Enable Per App VPN check box.
  8. Select a configuration from the Per App VPN configuration drop-down list.
  9. Click Add.
  10. Click OK.
  11. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, Per App VPN is configured for calendar subscriptions.

Contacts

To specify the Per App VPN configuration for the Contacts app:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select iOS and go to the Device configuration section.
  4. On the Contacts card, click Settings.

    The Contacts window opens.

  5. Enable the settings using the Contacts toggle switch.
  6. Add a new contacts account or edit an existing account.
  7. In the Per App VPN section, select the Enable Per App VPN check box.
  8. Select a configuration from the Per App VPN configuration drop-down list.
  9. Click Add.
  10. Click OK.
  11. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, Per App VPN is configured for the Contacts app.

Safari

To specify the Per App VPN configuration for Safari:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select iOS and go to the Device configuration section.
  4. On the Per App VPN for Safari card, click Settings.

    The Per App VPN for Safari window opens.

  5. Enable the settings using the Per App VPN for Safari toggle switch.
  6. Click Add.

    The Add a website domain window opens.

  7. Select a configuration from the Per App VPN configuration drop-down list.
  8. In the Domain name field, specify the website domain that will trigger the VPN connection in Safari. The domain must be in the www.example.com format.
  9. Click Add.

    The new domain appears in the Safari website domains list.

    You can modify or delete Safari website domains in the list using the Edit and Delete buttons at the top of the list.

  10. Click OK.
  11. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, Per App VPN is configured for Safari website domains.

LDAP

An LDAP account provides access to corporate data and contacts in the standard iOS apps: Contacts, Messages, and Mail.

To specify the Per App VPN configuration for an LDAP account:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select iOS and go to the Device configuration section.
  4. On the LDAP card, click Settings.

    The LDAP window opens.

  5. Enable the settings using the LDAP toggle switch.
  6. Add a new LDAP account or edit an existing account.
  7. In the Per App VPN section, select the Enable Per App VPN check box.
  8. Select a configuration from the Per App VPN configuration drop-down list.
  9. Click Add.
  10. Click OK.
  11. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, Per App VPN is configured for the LDAP account.

Exchange ActiveSync

An Exchange ActiveSync account lets you synchronize corporate email, calendar, contacts, notes, and tasks from the Microsoft Exchange server.

To specify the Per App VPN configuration for an Exchange ActiveSync account:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select iOS and go to the Device configuration section.
  4. On the Exchange ActiveSync card, click Settings.

    The Exchange ActiveSync window opens.

  5. Enable the settings using the Exchange ActiveSync toggle switch.
  6. Add a new Exchange ActiveSync account or edit an existing account.
  7. On the Additional tab, in the Per App VPN section, select the Enable Per App VPN check box.
  8. Select a configuration from the Per App VPN configuration drop-down list.
  9. Click Add.
  10. Click OK.
  11. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, Per App VPN is configured for the Exchange ActiveSync account.

See also:

Configuring Per App VPN for third-party iOS apps

Configuring VPN on iOS MDM devices
Page top