Relay MDM payload settings for Apple devices
You can configure Relay settings for users of an iPhone, iPad, Shared iPad, Mac, or Apple Vision Pro enrolled in a mobile device management (MDM) solution. Use the Relay payload to support secure and transparent tunneling of traffic. They’re a modern alternative to VPN when accessing internal resources.
The Relay payload supports the following. For more information, see Payload information.
Supported payload identifier: com.apple.relay.managed
Supported operating systems and channels: iOS 17, iPadOS 17, Shared iPad device, macOS 14 device, macOS 14 user, visionOS 1.1.
Supported enrollment methods: Device Enrollment, Automated Device Enrollment.
Duplicates allowed: True—more than one Relay payload can be delivered to a user or device.
You can use the settings in the table below with the Relay payload.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Relays | An array of dictionaries that describes one or more relay servers that can be chained together. | Yes | |||||||||
RelayUUID | A globally-unique identifier for this relay configuration. This UUID is used to route Managed Apps through the servers contained in Relays. | No | |||||||||
Match domains | A list of domain strings used to determine which connection should be routed through the servers contained in Relays. Any connection that matches the domain exactly or that’s a subdomain of the listed domain uses the relay servers, unless they match an excluded domain. If no domains are listed, traffic to all domains, except those matching an excluded domain, is routed to the relay servers. | No | |||||||||
Excluded domains | A list of domain strings that shouldn’t be routed through the servers contained in Relays. Any connection that matches the domain exactly or that is a subdomain of the listed domain don’t use the relay server. | No | |||||||||
Note: Each MDM vendor implements these settings differently. To learn how Relay settings are applied to your devices and users, consult your MDM vendor’s documentation.