The Tech Lockdown dashboard includes a Device Setup wizard, which walks you through the recommended bypass prevention steps.
This help document will summarize what the Device Setup wizard walks you through.
First, we recommend ensuring that your dashboard has the proper settings enabled to prevent bypass. Please see this section for more information.
Enable Supervised Mode
Supervised mode can be enabled on most iPhone devices, and unlocks powerful capabilities that go beyond what's possible with parental controls or an app-locker app.
As a part of our device setup wizard on the dashboard, we'll recommend specific Device Configuration Profiles that significantly reduce the chance that filtering could be disabled. Here are the ones we highly recommend:
- Prevent App Uninstall: Prevents deleting the Cloudflare One App.
- Restrict New VPNs: Removes the ability to add new VPNs manually or through an app.
- Enforce Cloudflare VPN: Installs a version of the VPN onto your iPhone that can't be deleted.
- Built-in Adult Content Filter: Adds a backup layer of filtering to your iPhone by activated Apple's built-in adult content filter. Also disables private browsing.
- Disable iCloud Relay: This can cause some compatibility issues with the VPN.
If you can't enable supervised mode, you can achieve some success with Screen Time instead. Check out our guide to parental controls on iPhone for more information.
View the full list of Device Configuration Profiles here.
If you need help with getting started with device supervision, please see this article.
Protect the Cloudflare One VPN
This is a summary of what the bypass prevention wizard recommends for enforcing the VPN connection.
We recommend enabling Supervised mode to get access to the Supervised Config Manager, which allows you to reliably enforce restrictions to protect the Cloudflare One app. Find more information about enabling device supervision by accessing the premium guides on the dashboard under Guides > iPhone Supervision.
Prevent App Uninstall
This prevents the Cloudflare One App from being removed.
- If the iPhone is supervised, enable the Prevent Deleting Apps option in the Supervised Config Manager.
- If the iPhone is not supervised, you can enable the Prevent Deleting Apps option in Screen Time. Note: this also prevents apps from updating, so we recommend the supervised approach instead.
Prevent Overriding VPN Settings
If the iPhone is supervised, configure the following using the Supervised Config Manager:
- Select the option to protect the Cloudflare VPN
- Select the option to restrict adding new VPNs
If the iPhone is not supervised, you could try the following:
- Configure Screen Time to disable the App Store so that conflicting VPN apps cannot be installed
- Lock the settings app
Disable Conflicting iPhone Features
Use the Supervised Config Manager to do the following:
- Enable the Built-in Adult Content filter for the Safari browser
- Disable Cloud Private Relay
If you can't supervise the iPhone:
- Enable the Built-in Adult Content Filter with iPhone Parental Controls
Prevent the App from Being Opened and Modified
If you'd like to prevent the Cloudflare One App from being opened and customized, you can use the Shortcuts app to lock the Cloudflare One App.
- Create a personal automation using the Shortcuts app
- Select App as the trigger and choose the Cloudflare One app
- Select Go to Home Screen as the Action
- Set the automation to run immediately
Follow the exact steps in our Apple Shortcuts & Automations Guide for iOS .
Automatically re-enable the VPN if disconnected
In some cases, the Cloudflare VPN might get disconnected. Using Apple Shortcuts, you can make an Automation to ensure the VPN is always on and enabled.
You can create automations for the following triggers:
- When a browser app is opened
- When the settings app is closed
- When any Wi-Fi network is connected to
This is the action you should create for each of these automations:
- The action should be to Set VPN and you'll choose the Cloudflare VPN
- Set the automation to run immediately.
Note that you'll need to connect your iPhone using the Cloudflare One VPN app first before creating this automation.
Follow the exact steps in our Apple Shortcuts & Automations Guide for iOS .
Restrict Apps
We highly recommend restricting the apps that can be added to an iPhone.
A) Standard
- We recommend enabling Supervised mode for more effective app restrictions.
If you can't enable supervised mode:
- Disable the App Store entirely. Note: This also prevents apps from updating. This is one reason why we recommend supervised mode.
- Use iPhone Parental Controls (also known as Screen Time) to restrict the Cloudflare One app from being uninstalled or new apps that could conflict with the filtered VPN connection from being installed. You can also use Screen Time to enable Apple's built-in content filtering on Safari.
B) Supervised
Use the Supervised App Manager in your Tech Lockdown dashboard:
- Option A (most common): Create an App Blocklist and specify apps like TikTok to block natively (prevent from being downloaded or opened).
- Option B (most restrictive): Create an App Allowlist to block all apps from being downloaded or opened (other than the ones you whitelist here). You should whitelist the App Store so that you can update current apps. You won't be able to download or open apps that aren't whitelisted even if the App Store can be accessed.