NetHound logoNetHound

Level 6

Supervise iPhones and force all traffic through your VPN

This is the most advanced phone setup in the recommendations. It is operationally heavier, but it gives far tighter control over how the phone reaches the internet and how easily those controls can be removed.

Why this is the advanced option

Level 6 is not just a collection of iPhone settings. It is a managed-device workflow. You supervise the device, force traffic through a VPN path you control, and reduce the user’s ability to disable the protections later. That gives you much better control, but also adds a real maintenance burden.

Before you begin

  • Expect a wipe-and-rebuild process.
  • Expect to maintain profiles and VPN behavior over time.
  • Expect to revalidate after iOS updates and network changes.
  • Expect this level to be more work than Levels 4 and 5.

Implementation steps

  1. Confirm the project is worth the operational complexity and that you are willing to maintain a supervised-device process.
  2. Prepare a Mac with Apple Configurator and confirm the iPhone can be wiped and re-enrolled.
  3. Back up anything important from the iPhone first, because supervision requires erasing the device.
  4. Build the VPN destination and home-network termination point before you start device enrollment, so the forced path is ready.
  5. Use Apple Configurator to place the iPhone into supervised mode and install the management or configuration profile stack.
  6. Create and deploy an always-on VPN profile so the phone routes traffic through the controlled home-network path.
  7. Apply restrictions that prevent changing VPN settings, adding unmanaged profiles, or enabling hotspot where your chosen profile design supports those controls.
  8. Test on home Wi-Fi and again away from home Wi-Fi so you confirm the phone still uses the intended path in both situations.
  9. Run NetHound after enrollment, after iOS updates, and after VPN or router changes to make sure the path still behaves as expected.