We are migrating to Cloudflare's ZeroTrust service that includes DNS level filtering via DNS-over-Https
For our Windows endpoints we are deploying the WARP client to act as the dns proxy for those. But for iOS/macOS devices, we wanted to use the OS level DNS-over-Https option.
We have a test mobileconfig file that works fine, but when we deploy it via system manager the dns settings work only on wifi networks we onboarded. It seems to ignore the cellular networks and ad-hoc joined wifi networks.
This isn't a problem when we have users import the mobileconfig on their own. Only when we try to deploy it via the MDM.
Is this some bug that is in System Manager? or does any other suggestions for deploying/managing the setting?
Firstly, is there any reason that you're not using the Encrypted DNS profile capability in SM?
You can, if it fits your use case, ignore the Connect If Needed functionality: An array of rules defining the DNS settings. If on-demand rules are not present, the system always applies the default DNS settings