Monterey - Disable iCloud Private Relay

Information

Enterprise networks may be required to audit all network traffic by policy, therefore, iCloud Private Relay _MUST_ be disabled.

Network administrators can also prevent the use of this feature by blocking DNS resolution of mask.icloud.com and mask-h2.icloud.com.

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.applicationaccess:
allowCloudPrivateRelay:
False

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-20, 800-53|AC-20(1), 800-53|CM-7, 800-53|CM-7(1), 800-53|SC-7(10), CCE|CCE-90894-7

Plugin: Unix

Control ID: 2061d586732b979c186ada8d25b3ae97a83c79ee56dc738b1c3e4bacda405261