I'm attempting to figure out if there is a way to force certain apps to WiFi only and not use cellular data. We are experiencing over the top cellular data usage on some of our devices. I would rather restrict them instead of removing the apps and punishing everyone for not following company protocols. Any help is greatly appreciated! Thanks.
Solved! Go to Solution.
Are you talking about the case of blocking the apps if there is only cellular available, so they can only work over WiFi?
I agree with @alemabrahao , this would be an MDM function, if available.
Some phones have the concept of a "data saver" function. So you might be able to configure this per phone, by getting the user's phone and configuring it, but you won't be able to automate this without an MDM.
Going sideways - you could consider using something like Cisco Umbrella, and installing that onto all your mobile devices. Then you can see which apps are chewing the data, and out right block non-company apps. The block would be on cellular and WiFi.
This would be a lot of work - but you might be able to do this with AnyConnect. Configure AnyConnect on mobile in full tunnel mode. Use trusted network detection to turn the VPN off when on company WiFi, and back on otherwise.
Create firewall rules on your MX blocking traffic from the AnyConnect subnet to the apps the users are not allowed to use when not on company WiFi.
So, I see that you have iOS tagged, which makes this relatively straightforward. You'll need the Network Usage Rules setting
This should work perfectly for your use case.
I've been testing various device and this works PERFECTLY. If the device isn't connected to WiFi the apps in question will not work. Just what I needed. Thankyou. Now though, I have a follow-up question if I may.
Take Netflix for example. If I create a security policy and enable Application (System Manager\Policies\Security Policies\ All Devices\Application) and list Netflix.com will this prevent Netflix .com from loading from in Safari or Chrome, will this work?
A security policy doesn't prevent something, it only allows you to show devi cos which are compliant / non compliant against this policy.
What you need is a Restrictions profile. Under Show / Hide Apps, you can add your app(s) here
So by setting the policy as I stated above, it should then show me if someone is going to certain websites? Is this correct. I setup the network usage as you suggested and it's working perfectly. I'm just trying to cover my bases and curb the abuse we're seeing. Thank you once again.