We are working on distributing the Zscaler app among our iOS users and running into some issues trying to figure out how strict enforcement works. I’ve looked through the 7/31 release notes here: https://help.zscaler.com/z-app/zscaler-app-1.0.1-ios-july-31-2017-release-notes and using the sample .mobileconfig file, deployed the vpn settings through our MDM with strictenforcement set to 1. Once deployed, I see the vpn establish on the phone, and opening the zscaler app for the first time, a message is presented saying internet access is blocked until you sign in, however it is not actually blocked. You can browse just like normal. I’m wondering if something has changed in iOS since these notes were released. I haven’t been able to find any more recent documentation…I’ve played around with globalproxy as well, but haven’t had satisfactory results there thus far.
TLDR: we want to block all web traffic on iPhones until users are signed into the Zapp… how do you guys accomplish this?