[AGDNS-3762] Update mdm-config.md - add 3 new parameters#405
Merged
[AGDNS-3762] Update mdm-config.md - add 3 new parameters#405
Conversation
Adding description for 3 new MAC parameters: eula_accepted, stats_enabled, installation_type (single_touch)
![windsurf-bot[bot]](https://avatars.githubusercontent.com/in/1066231?s=60&v=4){kind=small}
|
Preview was deployed to: https://pull-request-405.kb-dns.pages.dev/ |
aadmitrevskiy
requested changes
Mar 12, 2026
| | **DNS Protocol** (`dns_protocol`) | Choice | No | **Android:** doh, dot, doq. **iOS:** doh_native, dot_native, doh_vpn, dot_vpn, doq_vpn, doh_dnsproxy, dot_dnsproxy, doq_dnsproxy (Note: doh_dnsproxy, dot_dnsproxy and doq_dnsproxy work only in MDM with mobileconfig). | Determines which encrypted DNS protocol is used (Note: DoQ not compatible with Native mode on iOS). | App enters managed mode; specified protocol applied by default; selection in settings locked. | App switches to the new protocol; reconnects automatically if DNS protection is active. When switching the operating mode (Native ↔ VPN), the app will not reconnect automatically, the user must manually reconnect. With the DNS proxy enabled, the app reconnects automatically. | User can select manually in settings unless the choice is defined through MDM. | | ||
| | **App lock** (`lock_type`) | Choice | No | **iOS:** block. | Locks the AdGuard DNS app, which prevents device user from accessing the app. | App enters managed mode; app locks if the value is set to `block`. | Locks the app if value is changed to `block`; unlocks the app if value is changed to something else, or if the parameter is deleted. | App is not locked, user can access the app and its settings. | | ||
| | **App lock** (`lock_type`) | Choice | No | block | Locks the AdGuard DNS app, which prevents device user from accessing the app. | App enters managed mode; app locks if the value is set to `block`. | Locks the app if value is changed to `block`; unlocks the app if value is changed to something else, or if the parameter is deleted. | App is not locked, user can access the app and its settings. | | ||
| | **Install type** (`installation_type`) | Choice | No | single_touch | Defines the installation flow for the app. When set to `single_touch`, the app automatically performs device setup and connection without user interaction, skipping the onboarding flow entirely — user only needs to launch the app. | App enters managed mode; if `single_touch` is specified along with a valid `setup_id`, the app immediately enters the automated install flow; a loading screen is displayed while the app performs setup and connection; on success, EULA is automatically accepted, onboarding is marked as passed, and the user is taken to the main screen; otherwise, the app falls back the onboarding screen or to the lock screen (if `lock_type` is set). | No effect after initial installation is complete. | Standard manual onboarding flow is used. | |
There was a problem hiding this comment.
and connection
это справедливо только для dnsproxy в iOS и Always-on в андроиде. В остальных случаях (iOS Native, iOS VPN и не-always-on в Android) требуются действия пользователя, чтобы запустить защиту
| | **DNS Protocol** (`dns_protocol`) | Choice | No | **Android:** doh, dot, doq. **iOS:** doh_native, dot_native, doh_vpn, dot_vpn, doq_vpn, doh_dnsproxy, dot_dnsproxy, doq_dnsproxy (Note: doh_dnsproxy, dot_dnsproxy and doq_dnsproxy work only in MDM with mobileconfig). | Determines which encrypted DNS protocol is used (Note: DoQ not compatible with Native mode on iOS). | App enters managed mode; specified protocol applied by default; selection in settings locked. | App switches to the new protocol; reconnects automatically if DNS protection is active. When switching the operating mode (Native ↔ VPN), the app will not reconnect automatically, the user must manually reconnect. With the DNS proxy enabled, the app reconnects automatically. | User can select manually in settings unless the choice is defined through MDM. | | ||
| | **App lock** (`lock_type`) | Choice | No | **iOS:** block. | Locks the AdGuard DNS app, which prevents device user from accessing the app. | App enters managed mode; app locks if the value is set to `block`. | Locks the app if value is changed to `block`; unlocks the app if value is changed to something else, or if the parameter is deleted. | App is not locked, user can access the app and its settings. | | ||
| | **App lock** (`lock_type`) | Choice | No | block | Locks the AdGuard DNS app, which prevents device user from accessing the app. | App enters managed mode; app locks if the value is set to `block`. | Locks the app if value is changed to `block`; unlocks the app if value is changed to something else, or if the parameter is deleted. | App is not locked, user can access the app and its settings. | | ||
| | **Install type** (`installation_type`) | Choice | No | single_touch | Defines the installation flow for the app. When set to `single_touch`, the app automatically performs device setup and connection without user interaction, skipping the onboarding flow entirely — user only needs to launch the app. | App enters managed mode; if `single_touch` is specified along with a valid `setup_id`, the app immediately enters the automated install flow; a loading screen is displayed while the app performs setup and connection; on success, EULA is automatically accepted, onboarding is marked as passed, and the user is taken to the main screen; otherwise, the app falls back the onboarding screen or to the lock screen (if `lock_type` is set). | No effect after initial installation is complete. | Standard manual onboarding flow is used. | |
There was a problem hiding this comment.
Кроме setup_id нужен ещё device_name, заданный или на сервере или через MAC
| | **App lock** (`lock_type`) | Choice | No | block | Locks the AdGuard DNS app, which prevents device user from accessing the app. | App enters managed mode; app locks if the value is set to `block`. | Locks the app if value is changed to `block`; unlocks the app if value is changed to something else, or if the parameter is deleted. | App is not locked, user can access the app and its settings. | | ||
| | **Install type** (`installation_type`) | Choice | No | single_touch | Defines the installation flow for the app. When set to `single_touch`, the app automatically performs device setup and connection without user interaction, skipping the onboarding flow entirely — user only needs to launch the app. | App enters managed mode; if `single_touch` is specified along with a valid `setup_id`, the app immediately enters the automated install flow; a loading screen is displayed while the app performs setup and connection; on success, EULA is automatically accepted, onboarding is marked as passed, and the user is taken to the main screen; otherwise, the app falls back the onboarding screen or to the lock screen (if `lock_type` is set). | No effect after initial installation is complete. | Standard manual onboarding flow is used. | | ||
| | **EULA accepted** (`eula_accepted`) | Boolean | No | true, false. | Automatically accepts End User License Agreement on behalf of the user, skipping EULA consent screen during the app's onboarding. | App enters managed mode; if `true`, the EULA is marked as accepted and the EULA screen is skipped during onboarding and user proceeds directly to the setup screen; this setting is applied once on each app start. | Nothing happens. | The user must accept the EULA manually during onboarding. | | ||
| | **Stats enabled** (`stats_enabled`) | Boolean | No | true, false. | Controls whether crash reporting and app usage statistics are enabled, allowing administrators to remotely manage the telemetry preference. | App enters managed mode; if specified, the crash reporting preference is set to the provided value, overwriting any previous user choice; only applied when `installation_type` is set **or** `eula_accepted` is `true`; the setting is applied once on each app start. | Enables the setting when value is changed to `false`; disables the setting when value is changed to `false`. | User's existing preference is preserved; user can change the setting manually. | |
There was a problem hiding this comment.
Enables the setting when value is changed to
false
Наверное, to true
|
Preview was deployed to: https://pull-request-405.kb-dns.pages.dev/ |
aadmitrevskiy
requested changes
Mar 12, 2026
| | **DNS Protocol** (`dns_protocol`) | Choice | No | **Android:** doh, dot, doq. **iOS:** doh_native, dot_native, doh_vpn, dot_vpn, doq_vpn, doh_dnsproxy, dot_dnsproxy, doq_dnsproxy (Note: doh_dnsproxy, dot_dnsproxy and doq_dnsproxy work only in MDM with mobileconfig). | Determines which encrypted DNS protocol is used (Note: DoQ not compatible with Native mode on iOS). | App enters managed mode; specified protocol applied by default; selection in settings locked. | App switches to the new protocol; reconnects automatically if DNS protection is active. When switching the operating mode (Native ↔ VPN), the app will not reconnect automatically, the user must manually reconnect. With the DNS proxy enabled, the app reconnects automatically. | User can select manually in settings unless the choice is defined through MDM. | | ||
| | **App lock** (`lock_type`) | Choice | No | **iOS:** block. | Locks the AdGuard DNS app, which prevents device user from accessing the app. | App enters managed mode; app locks if the value is set to `block`. | Locks the app if value is changed to `block`; unlocks the app if value is changed to something else, or if the parameter is deleted. | App is not locked, user can access the app and its settings. | | ||
| | **App lock** (`lock_type`) | Choice | No | block | Locks the AdGuard DNS app, which prevents device user from accessing the app. | App enters managed mode; app locks if the value is set to `block`. | Locks the app if value is changed to `block`; unlocks the app if value is changed to something else, or if the parameter is deleted. | App is not locked, user can access the app and its settings. | | ||
| | **Install type** (`installation_type`) | Choice | No | single_touch | Defines the installation flow for the app. When set to `single_touch`, the app automatically performs device setup and connection without user interaction, skipping the onboarding flow entirely — user only needs to launch the app. Works only in tandem with [**always on** configuration](#configuring-devices-to-always-use-adguard-dns). | App enters managed mode; if `single_touch` is specified along with a valid `setup_id` (in case of device setup ID) or with a valid `setup_id` and `device_name` (in case of server setup ID), the app immediately enters the automated install flow; a loading screen is displayed while the app performs setup and connection; on success, EULA is automatically accepted, onboarding is marked as passed, and the user is taken to the main screen; otherwise, the app falls back the onboarding screen or to the lock screen (if `lock_type` is set). | No effect after initial installation is complete. | Standard manual onboarding flow is used. | |
There was a problem hiding this comment.
Works only in tandem with always on configuration
Не, это не является ограничением. У тебя в прошлой версии было описано: "скипается онбординг, включается защита". Я лишь подчеркнул, что включение защиты регулируется в другом месте
|
Preview was deployed to: https://pull-request-405.kb-dns.pages.dev/ |
aadmitrevskiy
approved these changes
Mar 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adding description for 3 new MAC parameters: eula_accepted, stats_enabled, installation_type (single_touch)