{"id":75962,"date":"2023-05-17T11:59:45","date_gmt":"2023-05-17T15:59:45","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=75962"},"modified":"2023-06-05T13:11:03","modified_gmt":"2023-06-05T17:11:03","slug":"create-a-mac-or-ios-encrypted-dns-policy","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy","title":{"rendered":"Create a Mac or iOS Encrypted DNS Policy"},"content":{"rendered":"\n<p>Many Apple devices support using an encrypted transport protocol to communicate with a Domain Name System (DNS). JumpCloud supports using DNS over HTTPS and DNS over Transport Layer Security (TLS) services. DNS encrypts traffic and hides DNS queries from view.<\/p>\n\n\n\n<p>JumpCloud provides four policies to control encrypted DNS settings for macOS and iOS devices. You\u2019ll configure DNS servers to control the queries that can use DNS on the device by supplying Supplemental Match Domains, Server Addresses, and Server URLs or names.<\/p>\n\n\n\n<p>These four policies let you use DNS to encrypt DNS traffic:<\/p>\n\n\n\n<ul>\n<li><strong>Encrypted DNS over HTTPS<\/strong>:\n<ul>\n<li>For macOS devices running macOS Big Sur and later.<\/li>\n\n\n\n<li>For supervised iPhones and iPads &nbsp;running iOS 14 and later. To learn more about supervised devices, see&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/understand-supervised-devices-and-policies\" target=\"_blank\" rel=\"noreferrer noopener\">Understanding Supervised Devices and Supervised Policies.<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Encrypted DNS over TLS<\/strong>:\n<ul>\n<li>For macOS devices running macOS Big Sur and later.<\/li>\n\n\n\n<li>For supervised iPhones and iPads running iOS 14 and later.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Create a macOS or iOS Encrypted DNS over HTTPS policy<\/h2>\n\n\n\n<ol>\n<li>Log in to the Admin Portal:&nbsp;<a target=\"_blank\" href=\"https:\/\/console.jumpcloud.com\/login\" rel=\"noreferrer noopener\">https:\/\/console.jumpcloud.com\/login<\/a>&nbsp;.<\/li>\n\n\n\n<li>Go to&nbsp;<strong>DEVICE MANAGEMENT<\/strong>&nbsp;&gt;&nbsp;<strong>Policy Management<\/strong>.<\/li>\n\n\n\n<li>In the&nbsp;<strong>All<\/strong>&nbsp;tab, click (<strong>+<\/strong>).<\/li>\n\n\n\n<li>On the&nbsp;<strong>New Policy<\/strong>&nbsp;panel, select the&nbsp;<strong>Mac<\/strong>&nbsp;or&nbsp;<strong>iOS<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>From the list, select&nbsp;<strong>Encrypted DNS over HTTPS<\/strong>, then click&nbsp;<strong>configure<\/strong>.<\/li>\n\n\n\n<li>Under&nbsp;<strong>Settings Server Addresses<\/strong>, click&nbsp;<strong>Add Server Addresses<\/strong>.<\/li>\n\n\n\n<li>If your DNS servers have an IPv4 or IPv6 address, enter the address here. To add additional addresses, click&nbsp;<strong>Add Server Addresses<\/strong>. For example,&nbsp;45.90.28.193.<\/li>\n\n\n\n<li>For&nbsp;<strong>Server URL<\/strong>, enter the server\u2019s URI template.&nbsp;For example,&nbsp;<code>https:\/\/dns.example.net\/dns-query{?dns}<\/code>.<\/li>\n\n\n\n<li>For&nbsp;<strong>Supplemental Match Domains<\/strong>, click&nbsp;<strong>Add Supplemental Match Domains<\/strong>.<\/li>\n\n\n\n<li>Enter a list of domain strings used to determine which DNS queries can use the DNS server.&nbsp;For example,&nbsp;<code>dns.example.net<\/code>.&nbsp;If you don\u2019t provide this, all domains will use the DNS server. A single wildcard&nbsp;<strong>*&nbsp;<\/strong>prefix is supported, but not required.&nbsp;<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"650\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png\" alt=\"\" class=\"wp-image-85772\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-300x190.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-768x487.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1536x975.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-2048x1300.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ol start=\"11\">\n<li>(Optional)<strong>&nbsp;<\/strong>Select the&nbsp;<strong>Device Groups<\/strong>&nbsp;tab. Select one or more device groups where you&#8217;ll apply this policy.&nbsp;For device groups with multiple OS member types, the policy is applied only to the supported OS.<\/li>\n\n\n\n<li>(Optional) Select the Devices tab. Select one or more devices where you&#8217;ll apply this policy.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Save<\/strong>. If prompted, click&nbsp;<strong>Save<\/strong>&nbsp;again.&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Create a macOS or iOS Encrypted DNS over TLS policy\u00a0<\/h2>\n\n\n\n<ol>\n<li>Log in to the Admin Portal:&nbsp;<a target=\"_blank\" href=\"https:\/\/console.jumpcloud.com\/login\" rel=\"noreferrer noopener\">https:\/\/console.jumpcloud.com\/login<\/a>&nbsp;.<\/li>\n\n\n\n<li>Go to&nbsp;<strong>DEVICE MANAGEMENT<\/strong>&nbsp;&gt;&nbsp;<strong>Policy Management<\/strong>.<\/li>\n\n\n\n<li>In the&nbsp;<strong>All<\/strong>&nbsp;tab, click (<strong>+<\/strong>).<\/li>\n\n\n\n<li>On the&nbsp;<strong>New Policy<\/strong>&nbsp;panel, select the&nbsp;<strong>Mac<\/strong>&nbsp;or&nbsp;<strong>iOS<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>From the list, select&nbsp;<strong>Encrypted DNS over TLS<\/strong>&nbsp;from the list, then click&nbsp;<strong>configure<\/strong>.<\/li>\n\n\n\n<li>For&nbsp;<strong>Server Addresses<\/strong>, click&nbsp;<strong>Add Server Addresses<\/strong>.<\/li>\n\n\n\n<li>If your DNS servers have an IPv4 or IPv6 address, enter all the addresses here.&nbsp;To add additional addresses, click&nbsp;<strong>Add Server Addresses<\/strong>. For example,&nbsp;45.90.28.193.&nbsp;<\/li>\n\n\n\n<li>For&nbsp;<strong>Server Name<\/strong>, enter the server\u2019s hostname of a DNS over TLS server.&nbsp;If there are multiple existing server names, click in the field to see those names.&nbsp;The hostname is used to validate the server certificate.&nbsp;<\/li>\n\n\n\n<li>For&nbsp;<strong>Supplemental Match Domains<\/strong>, click&nbsp;<strong>Add Supplemental Match Domains<\/strong>.<\/li>\n\n\n\n<li>Enter a list of domain strings used to determine which DNS queries can use the DNS server.&nbsp;For example,&nbsp;<code>dns.example.net<\/code>.&nbsp;If you don\u2019t provide this, all domains will use the DNS server. A single wildcard&nbsp;<strong>*&nbsp;<\/strong>prefix is supported, but not required.<\/li>\n\n\n\n<li>(Optional) Select the&nbsp;<strong>Device Groups<\/strong>&nbsp;tab. Select one or more device groups where you&#8217;ll apply this policy.&nbsp;For device groups with multiple OS member types, the policy is applied only to the supported OS.<\/li>\n\n\n\n<li>(Optional) Select the&nbsp;<strong>Devices<\/strong>&nbsp;tab. Select one or more devices where you&#8217;ll apply this policy.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Save<\/strong>. If prompted, click&nbsp;<strong>Save<\/strong>&nbsp;again.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Many Apple devices support using an encrypted transport protocol to communicate with a Domain Name System (DNS). JumpCloud supports using [&hellip;]<\/p>\n","protected":false},"author":202,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2925,2852,2862,3082],"support_tag":[],"coauthors":[2836],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Create a Mac or iOS Encrypted DNS Policy - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn to create a Mac or iOS Encrypted DNS Policy to encrypt traffic and hide DNS queries from view.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Create a Mac or iOS Encrypted DNS Policy\" \/>\n<meta property=\"og:description\" content=\"Learn to create a Mac or iOS Encrypted DNS Policy to encrypt traffic and hide DNS queries from view.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-05T17:11:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"denasteward\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy\",\"url\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy\",\"name\":\"Create a Mac or iOS Encrypted DNS Policy - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png\",\"datePublished\":\"2023-05-17T15:59:45+00:00\",\"dateModified\":\"2023-06-05T17:11:03+00:00\",\"description\":\"Learn to create a Mac or iOS Encrypted DNS Policy to encrypt traffic and hide DNS queries from view.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Create a Mac or iOS Encrypted DNS Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Create a Mac or iOS Encrypted DNS Policy - JumpCloud","description":"Learn to create a Mac or iOS Encrypted DNS Policy to encrypt traffic and hide DNS queries from view.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy","og_locale":"en_US","og_type":"article","og_title":"Create a Mac or iOS Encrypted DNS Policy","og_description":"Learn to create a Mac or iOS Encrypted DNS Policy to encrypt traffic and hide DNS queries from view.","og_url":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy","og_site_name":"JumpCloud","article_modified_time":"2023-06-05T17:11:03+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes","Written by":"denasteward"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy","url":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy","name":"Create a Mac or iOS Encrypted DNS Policy - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png","datePublished":"2023-05-17T15:59:45+00:00","dateModified":"2023-06-05T17:11:03+00:00","description":"Learn to create a Mac or iOS Encrypted DNS Policy to encrypt traffic and hide DNS queries from view.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage","url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png","contentUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Create a Mac or iOS Encrypted DNS Policy"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75962"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/202"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75962\/revisions"}],"predecessor-version":[{"id":85787,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75962\/revisions\/85787"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=75962"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=75962"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=75962"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=75962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}