2

"ProhibitDisablement" flag in Apple Configuration Profile breaks the profile loading process

Hi there.

New customer, trying to run NextDNS on a child's iPhone and trying to use the 'Apple Configuration Profile' path to do it, because of the useful looking 'ProhibitDisablement' option that is in there.

Unfortunately, if I turn on that flag, then each time I try to load the profile I get a failure (as per the screen shot below), saying :

---

Profile Error

The field "ProhibitDisablement" contains an invalid value

---

This is on the very latest IOS 15 release.

Is there a way to fix this? I'd love to 'prohibit disablement' as the use of the NextDNS app to engage the system is super easy for my kids to disable again (just change the DNS setting back to Automatic). 

7 replies

null
    • rpsm
    • 2 yrs ago
    • Reported - view

    Any solution to this?

    • NextDNs
    • 2 yrs ago
    • Reported - view

    Please see the warning written in red that comes with this option: It does only work with supervised devices.

      • Gargtwo
      • 2 yrs ago
      • Reported - view

      NextDNS  

      If I buy a NextDNS school account, will I be able to use the prohibitdisablement function?
    • Simon_Hackett
    • 2 yrs ago
    • Reported - view

    I'm perfectly happy to make the device a 'supervised' device.

    How does one make a device a 'supervised' device?

    • William_Armstrong
    • 1 yr ago
    • Reported - view

    I know that this is an old post, but just in case anyone stumbles onto it...

    Apple has typically used "Supervision" to mean "Corporate owned and managed", requiring things like Apple Business Manager, a MDM management platform, etc.

    However, you CAN now supervise individual devices at home, although it still takes a certain level of IT knowledge.  Using the Apple Configurator tool, you can manually set the "Supervision" flag on a device.

    Best writeup I've found is here: https://learn.jamf.com/en-US/bundle/jamf-now-documentation/page/Supervising_Mobile_Devices_with_Apple_Configurator_2-5_or_Later.html.

    One critical note:  This process WILL wipe the device to "factory" settings, and you CANNOT restore a backup without undoing the work you just did.  Ideally, you'd do this on a brand new device.

    I can also highly recommend Jamf Now to manage kids' devices IF you're somewhat IT-savy.  You can manage 3 devices for free, and it does things like allowing you to deploy the NextDNS profile remotely.  

      • John.20
      • 1 yr ago
      • Reported - view

      @William Armstrong

      @NextDNS

      From what I can see, supervised MDM requires you to be a company (Apple enforces verification to enroll in Apple Business Manager). 
       

      Without this, no ProhibitDisablement flag. 
       

      Is there any other option to prevent a user from disabling/deleting a profile or switching off NextDNS ?

Login to reply

Content aside

  • 2 Likes
  • 1 yr agoLast active
  • 7Replies
  • 668Views
  • 7 Following