Jamf Protect Documentation

Configuring your Content Filtering Policy

Save PDF

Save selected topic Save selected topic and subtopics Save all topics

Share to email Copy topic URL

Expand All

Jamf Protect Documentation
About Jamf Protect
macOS Security Portal
Jamf Security Cloud Portal
Copyright and Trademarks

Table of Contents

Configuring your Content Filtering Policy

Save PDF

Save selected topic Save selected topic and subtopics Save all topics

Share to email Copy topic URL

Expand All

Last UpdatedMay 22, 2025
5 minute read

Jamf Protect
Technical Documentation

In Jamf Security Cloud, go to Polices > Internet > Content filtering policy.
Select the organization unit (OU) level at which you wish to apply the policy rules.

Note:
If you only have one OU, Jamf recommends configuring your policy at root level, so that existing policy rules are inherited from root level to any additional leaf levels you may want to add in the future.
Choose one or more rule sets for your policy.
The options are:
- Block high risk
- Optimal data usage
- Block high bandwidth
Each selection applies different settings to your policy rules below, which you can change as required.
Select Allow or Block to set the policy action for each rule category or sub-category, or select Inherit to apply the root-level policy.

Note:
Any subsequent changes that differ from the root-level policy will automatically remove inheritance.
(Optional) Select one or more policy schedules from the Schedule column to apply the rule only during specified days and times.
(Optional) Set specific rules for domestic, roaming, and Wi-Fi connections, or click Inherit.
Click Save and apply.

The changes to the policy rules are applied to devices within the scope of the selected OU level.

After these rules are configured, you can set search rules, custom rules, or settings for agentless devices using the other tabs on this window. You can also check which policy rule a specific domain name is covered by.

Configuring Search Rules

Search rules are used to filter out explicit or mature content from Google and YouTube search results on user devices. Explicit content includes violence, gore, and sexual content. Mature content includes additional adult content such as drug and alcohol use, profane language, and demeaning behavior. These rules are enforced by Jamf and you cannot override them.

Note:

Jamf recommends that you block all search engines except Google. If other search engines are permitted, they will display content previews that may contain inappropriate content. To block them, select block Search engines in the Default rules tab. Then configure a custom rule to allow Google domains that you want people to be able to access, such as google.com and other domains common in your region (google.cz, google.fr, and so on).

As Search engines is a broad category some other related services and apps may be blocked. If you discover such blocks in your reports, you can add a rule to allow this traffic in the Custom rules tab.

In Jamf Security Cloud, go to to Policies > Internet > Content filtering policy.
Select the organization unit (OU) level at which you wish to apply the policy rules.
Note:
If you only have one OU, Jamf recommends configuring your policy at root level, so that existing policy rules are inherited from root level to any additional leaf levels you may want to add in the future.
Select the Search rules tab.
Select Inherit to inherit rules from the root level, or Override to change the search rules at the leaf or group level.
Select which search rules you want to apply.
Click Save and apply.
Note: It may take up to five minutes for new search rules settings to roll out to your devices.

The policy rules are applied to devices within the scope of the selected Organization Unit level.

Adding Custom Rules

You can apply custom rules to allow traffic for specific sites and apps that are otherwise blocked by existing rules.

Custom rules override content rules. For example, if you use a content rule to block all sites in the "Video and photo" category, and a custom rule that allows http://www.pbskids.org, videos on pbskids.org will not be blocked. Similarly, if the content rule is set to allow the "Video and photo" category, but a custom rule blocks http://www.pbskids.org, all sites in the "Video and photo category" will be allowed, except pbskids.org.

In Jamf Security Cloud, go to Policies > Internet > Content filtering policy.
Select the Custom rules tab.
Under Add custom rules, specify the sites and apps for which you want to create a custom rule.
You can either enter the list manually, or upload a CSV file. Valid formats include:
- Domain names (for example, jamf.com): A rule based on a domain name will include all subdomains of that domain. For example, a rule that allows the domain jamf.com will also allow learn.jamf.com and company.jamf.com
- Second-level domains with an asterisk wildcard (for example, jamf.*): A rule based on a second-level domain with an asterisk wildcard will include all possible top-level domains and subdomains. For example, a rule that blocks jamf.* will block jamf.com, jamf.org, learn.jamf.com, company.jamf.co.uk, and so on.
- Top-level domains (for example, com or org): A rule based on a top-level domain (TLD) will include all domains ending in that TLD. For example, a rule that blocks com will block any domain that ends in .com. You can also limit access to web content from certain countries or regions by blocking domains that contain specific country code TLDs.
- IPv4 addresses
Note:
You can also select to allow or block IPv4 addresses only for iOS and iPadOS devices that are enrolled via proxy. In order to allow local network traffic, filtering does not block the following ranges:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
fc00::/7
fe80::/10
Click Allow or Block, depending on how you want to apply the custom policy to this list.
Click Add Custom rules.
Under Custom Rules, you can further configure each policy rule.
1. Select the platforms and traffic interfaces, then click Allow or Block, as required.
2. (Optional) Select one or more policy schedules from the Schedule column to apply the rule only during specified days and times.
3. (Optional) Select Inherit all to inherit all the rules in the category from the level above.
Click Save and apply.

The policy rules are applied to devices within the scope of the selected Organization Unit level.