Enabling and assigning per-app VPN settings
You can set up per-app VPN for
iOS
, iPadOS
, Samsung Knox
, and Windows
devices to specify which apps on devices must use a VPN for their data in transit. Per-app VPN helps decrease the load on your organization’s VPN by enabling only certain work traffic to use the VPN (for example, accessing application servers or web pages behind the firewall). In on-premises environments, this feature also supports user privacy and increases connection speed for personal apps by not sending the personal traffic through the VPN.Devices | App settings |
|---|---|
iOS and iPadOS | Apps are associated with a VPN profile when you assign the app or app group to a user, user group, or device group. |
Samsung Knox devices with Android Enterprise and Samsung Knox Workspace activations | Apps are added to the "Apps allowed to use the VPN connection" setting in the VPN profile. |
Windows 10 | Apps are added to the "App trigger list" setting in the VPN profile. |
Only one VPN profile can be assigned to an app or app group.
BlackBerry UEM
uses the following rules to determine which per-app VPN settings to assign to an app on iOS
and iPadOS
devices:
Per-app VPN settings | Precedence |
|---|---|
If associated with an app directly | Takes precedence over per-app VPN settings associated indirectly by an app group. |
If associated with a user directly | Take precedence over per-app VPN settings associated indirectly by a user group. |
If assigned to a required app | Takes precedence over per-app VPN settings assigned to an optional instance of the same app. |
If associated with the user group name that appears earlier in the alphabetical list | Takes precedence if the following conditions are met:
Cisco WebEx Meetings as an optional app to the user groups Development and Marketing. When a user is in both groups, the per-app VPN settings for the Development group is applied to the WebEx Meetings app for that user. |
If a per-app VPN profile is assigned to a device group, it takes precedence over the per-app VPN profile that is assigned to the user account for any devices that belong to the device group.