User Profile

While working to use the iOS on an enterprise network, both the App Store and the Music app on iOS 15 do not connect to the Apple backend services if DoH access is unavailable. Restrictions were applied on a lab environment with a set of Cisco NGFW firewalls running FTD 7.0.1 and FTD 7.1. Restrictions on the DNS end, for restricting access to the iCloud Private Relay (as per "Allow for network audits" section) and to the DoH address (using the same methodology as above) were attempted, in a combination with the security appliance, to no avail. Tested on different devices running iOS 15.1, 15.1.1 and 15.2. Traffic inspection was not enabled on this lab. The test account is an active iCloud+ subscription. The security appliances were running with Snort3 IPS, however no IPS policies were present on any of the access control lists, nor configured on the appliances. While the DNS configuration at the iOS device states "DNS requests are being routed by iCloud Private Relay for this Wi-Fi network", ultimately there seems this option is not being respected. Although not thoroughly tested, it appears macOS 12.1 is also affected with at least the Music app, and a HomePod (15.1.1) is also unable to play songs with DoH restricted from the DNS view: Siri answers the request but doesn't play the requested songs.