Managing the AdGuard DNS mobile app via MDM
The AdGuard DNS mobile app supports enterprise management through MDM (Mobile Device Management) systems using the Managed App Configuration (MAC) standard.
This allows IT administrators to configure and implement AdGuard DNS settings across multiple devices centrally through EMM consoles, such as Google Workspace, Microsoft Intune, and other solutions compatible with AppConfig.org.
Supported EMM solutions
The app is compatible with any EMM systems that support the AppConfig.org standard:
- Google Workspace (Android Enterprise)
- Microsoft Intune
- VMware Workspace ONE
- Jamf Pro (for iOS)
- MobileIron
- BlackBerry UEM
- Other AppConfig-compatible solutions
Supported parameters
Managed App Configuration Parameters
| Parameter | Type | Required | Valid values | What the parameter does | On initial installation | When value changes | If not specified |
|---|---|---|---|---|---|---|---|
Setup ID (setup_id) | String | No | AdGuard DNS setup identifier | Identifies the device for connecting to the AdGuard DNS server. | App enters managed mode; field is locked; user cannot change it; “Reset connection” option unavailable. | Connection and settings are fully reset; user must reconnect; DNS protection stops. | User can enter manually or use a QR code. |
Device name (device_name) | String | No | Any device name | Sets the device’s display name in the AdGuard DNS control panel. It must have a maximum length of 64 characters. | App enters managed mode; name used automatically if not set via Setup ID; field is locked. | Nothing happens. | User can enter manually; app may suggest name via Setup ID. |
DNS Protocol (dns_protocol) | Choice | No | Android: doh, dot, doq. iOS: doh_native, dot_native, doh_vpn, dot_vpn, doq_vpn. | Determines which encrypted DNS protocol is used (Note: DoQ not compatible with Native mode on iOS). | App enters managed mode; specified protocol applied by default; selection in settings locked. | App switches to the new protocol; reconnects automatically if DNS protection is active. When switching the operating mode (Native ↔ VPN), the app will not reconnect automatically, the user must manually reconnect. | User can select manually in settings. |
Managed mode
The app automatically enters managed mode when the MDM system provides at least one configuration parameter. In this mode, MDM settings always take priority over user preferences: any parameter configured through MDM cannot be changed by the user, while parameters not defined by MDM remain editable.
When the MDM configuration is updated, all changes are applied automatically. If the MDM system removes all configuration parameters at once, the app exits managed mode, previously locked settings become available again, and the user can freely modify all parameters.
Configuration updates
The app automatically receives notifications about configuration changes, and any updates delivered by the EMM system are applied immediately upon arrival. Depending on the EMM provider, there may be a delay before the configuration reaches the device. No app restart is required for the changes to take effect.