Jamf Protect Documentation

App Blocking for iOS and iPadOS Using Jamf Security Cloud

Save PDF

Expand All

App Blocking for iOS and iPadOS Using Jamf Security Cloud

Save PDF

Expand All

Last UpdatedJul 17, 2025
3 minute read

From the App blocking page, you can block all traffic from specific apps. For example, if you add TikTok's bundle ID (com.zhiliaoapp.musically) to your block list, all traffic from TikTok will be blocked. Users can still download the app to their device, but the app will not have network access.

App blocking is only compatible with supervised iOS or iPadOS devices that have on-device content filtering enabled. Your App blocklist applies to all devices in your fleet that meet these requirements.

App blocking uses bundle IDs to block app traffic. An app's bundle ID is its unique identifier within the Apple ecosystem. Search the internet for a bundle ID finder to identify the bundle IDs used by apps in your environment.

To use app blocking, navigate to Policies > Security > App blocking in the portal. Enter one or more bundle IDs, separated by a comma, and click Add app blocks. The bundle IDs will be added to your App blocklist.

Note: Blocked app traffic is reported with hostnames, not bundle IDs, and there may be many hostnames associated with a single app. For example, if you block Youtube's bundle ID (com.google.ios.youtube), reported transactions could include googlevideo.com, youtubei.googleapis.com, ytimg.com, and so on.

Safelisting Apps Using Jamf Security Cloud

To prevent trusted apps from being blocked by Jamf Security Cloud, you can create a safelist of apps in your configuration profile. This involves manually editing the configuration profile downloaded from an activation profile, and then redistributing it to target devices via MDM.

Requirements

Supervised iOS, iPadOS, or visionOS devices
An activation profile with on-device content filtering enabled, deployed via configuration profile with Jamf Trust. For more information about creating an activation profile, see Creating an Activation Profile using Jamf Security Cloud. For more information about deploying Jamf Trust to your devices, see Jamf Trust Managed Distribution Guides for Apple and Android Devices.

Locate the bundle ID for each app.
Jamf Security Cloud uses bundle IDs to safelist app traffic. An app's bundle ID is its unique identifier within the Apple ecosystem. Search the internet for a bundle ID finder to identify the bundle IDs used by apps in your environment.
Download the configuration profile for the target devices:
1. In the Jamf Security Cloud portal, go to Devices > Activation profiles.
2. Click the name of the activation profile assigned to the target devices.
3. From the Deployment tab, expand the Configuration profiles tab, and click Download configuration profile.

Open the downloaded configuration profile and locate the section for the on-device content filter settings. It will look like this:

 <dict> <key>PayloadType</key> <string>com.apple.webcontent-filter</string> <key>PayloadUUID</key> <string>37E6FAA2-EE7F-11ED-A05B-0242AC120003</string> <key>PayloadIdentifier</key> <string>com.jamf.trust.profile.jit.7a32xwpv.supervised_ios.odcf</string> <key>PayloadDisplayName</key> <string>Content Filter</string> <key>PayloadVersion</key> <integer>1</integer> <key>UserDefinedName</key> <string>Jamf trust</string> <key>FilterType</key> <string>Plugin</string> <key>Organization</key> <string>Org name</string> <key>PluginBundleID</key> <string>com.jamf.trust</string> <key>VendorConfig</key> <dict> <key>ProfileId</key> <string>com.jamf.trust.bootstrap</string> <key>externalId</key> <string>{{external id}}</string> <key>domainExceptions</key> <array> <string>*.jamf.com</string> <string>*.jamfcloud.com</string> <string>*.jamfnebula.com</string> </array> <key>email</key> <string>{{user email address}}</string> <key>firstName</key> <string>{{user first name}}</string> <key>lastName</key> <string>{{user last name}}</string> <key>supervised</key> <true/> </dict> </dict>

Between the domainExceptions and email keys, add a new appExceptions key.

Create a string for each app you want to add to your safelist, containing the app bundle ID.

Example:

<key>appExceptions</key> <array> <string>com.bundle.id</string> <string>com.bundle2.id</string> </array>

Save your changes.
Redistribute the configuration profile to the target devices using your MDM. For more information about distributing configuration profiles, see Jamf Trust Managed Distribution Guides for Apple and Android Devices.

The apps that correspond to the listed bundle IDs are safelisted and will not be blocked on any device using this configuration profile.

Jamf Protect Documentation

App Blocking for iOS and iPadOS Using Jamf Security Cloud

Contents

App Blocking for iOS and iPadOS Using Jamf Security Cloud

On This Topic

For an enhanced experience and access to additional features, log in to the Jamf Learning Hub with your Jamf ID.