Hi, We have a profile to set the VPN configuration of the device. It is a DEP device with per app vpn setting: https://developer.apple.com/documentation/devicemanagement/applayervpn We set the following fields: "Safari Domains","Calendar Domains","Contacts Domains","Mail Domains" We also add a couple of apps to the profile to restrict VPN usage. The domains we use are internal domains, so the DNS of the system is set within "VPN" connection. When we access the sites via Safari VPN works fine and we can access them, when we try Mail apps or try adding account via Settings then it fails. We tried both "packet-tunnel" and "app-proxy" in the AppLayerVPN.VPN settings but it still did not work. (https://developer.apple.com/documentation/devicemanagement/applayervpn/vpn) When we set the VPN on the whole device then the mail app and accounts can be fetched, so we do not think that it is VPN server related. What are we missing here? Any help or advice is appreciated. Thanks Our example profile: xml dict keyIKEv2/key dict keyAuthenticationMethod/key stringCertificate/string keyChildSecurityAssociationParameters/key dict keyDiffieHellmanGroup/key integer14/integer keyEncryptionAlgorithm/key string3DES/string keyIntegrityAlgorithm/key stringSHA1-96/string keyLifeTimeInMinutes/key integer1440/integer /dict keyDeadPeerDetectionRate/key stringMedium/string keyDisableMOBIKE/key integer0/integer keyDisableRedirect/key integer0/integer keyEnableCertificateRevocationCheck/key integer0/integer keyEnablePFS/key integer1/integer keyIKESecurityAssociationParameters/key dict keyDiffieHellmanGroup/key integer14/integer keyEncryptionAlgorithm/key string3DES/string keyIntegrityAlgorithm/key stringSHA1-96/string keyLifeTimeInMinutes/key integer1440/integer /dict keyOnDemandEnabled/key integer1/integer keyLocalIdentifier/key stringuser@example.com/string keyPayloadCertificateUUID/key string5c0c7855-a8d9-4c86-8a21-efec8335105a/string keyRemoteAddress/key stringvpn.example.com/string keyRemoteIdentifier/key stringvpn.example.com/string keyUseConfigurationAttributeInternalIPSubnet/key integer0/integer /dict keyIPv4/key dict keyOverridePrimary/key integer1/integer /dict keyVPNUUID/key string4dfdca51-aea1-461b-9a76-d24e8a2f9c07/string keyOnDemandMatchAppEnabled/key true/ keySafariDomains/key array stringinternal.lan/string /array keyCalendarDomains/key array stringinternal.lan/string stringoutlook.internal.lan/string /array keyContactsDomains/key array stringinternal.lan/string stringoutlook.internal.lan/string /array keyMailDomains/key array stringinternal.lan/string stringoutlook.internal.lan/string /array keyPayloadDescription/key stringConfigures VPN settings/string keyPayloadDisplayName/key stringVPN/string keyPayloadIdentifier/key stringcom.apple.vpn.managed.applayer.ebec689e-6c37-4344-a590-09fe4a22f436/string keyPayloadType/key stringcom.apple.vpn.managed.applayer/string keyPayloadUUID/key stringebec689e-6c37-4344-a590-09fe4a22f436/string keyPayloadVersion/key integer1/integer keyProxies/key dict keyHTTPEnable/key integer0/integer keyHTTPSEnable/key integer0/integer /dict keyUserDefinedName/key stringMDM VPN/string keyVPNType/key stringIKEv2/string keyVPN/key dict keyProviderType/key stringpacket-tunnel/string /dict /dict The whole plist send - https://developer.apple.com/forums/content/attachment/7054bc0a-aaab-45f1-b0fa-00c83d5f2f6d