TikTok Block
- Katelyn Russell
- Daniel Vega
Background and Purpose
EPM is a new service launching for campus and is currently onboarding customers. The purpose of this document is to provide guidance on change management processes.
In all cases, EPM will be following ITIL change management processes in Service Now.
EPM Enhancement Requests Form
ITSO's can suggest changes to MECM, PatchMyPC, Jamf or Jamf application management by completing the EPM Change Request Form. Every change request will be vetted and validated by the EPM team. If your change is approved, it will follow the ITS change management process. Some requested changes will be reviewed with the EPM Committee before implementation.
Change Scope
IN SCOPE
The scope of the ITS Change Management Process is to manage all changes to IT service assets that may impact production Service Offerings. Listed below are example changes that are in scope for the ITS Change Management Process:
- Software – Installation, patching, upgrade, or removal of software products, including operating systems, access methods, commercial off-the-shelf (COTS) packages, internally developed packages, and utilities.
- Configuration Changes – Any additions, deletions, or modifications to the centralized environments, including permissions and configuration settings, Extension Attribute (EA) changes in Jamf.
OUT OF SCOPE
Examples of activities that are outside the scope of the ITS Change Management Process include:
- Changes to development, test, or pre-production environments, including environments for
- Contingency, continuity, or disaster recovery
Many other types of reports are available https://aus-sccm.austin.utexas.edu/reports/browse/ConfigMgr_AUS
In support of the Texas Governor's order, the Endpoint Management team (EPM) has developed to the following solutions for globally blocking access to TikTok on devices enrolled in EPM platforms.
Summary of action
EPM is blocking access to TikTok on all devices enrolled in EPM. We'll be blocking and removing the application on iOS devices. If already installed on Windows devices, the app will need to be removed by the user or ITSO technical staff. This block will prohibit the application from communicating but doesn't remove the application. There is no application for macOS.
Estimated timelines
Windows and iOS:
Testing with TRECS and eligible academic ITSOs from 12/19/22 to 12/22/22. Successful testing criteria: 100% of devices enrolled block access to TikTok across all browsers. No other network activity is impacted.
In production globally on 1/02/23.
macOS:
Testing with TRECS and eligible academic ITSOs from 12/20/22 to 12/22/22. Successful testing criteria: 100% of devices enrolled block access to TikTok across all browsers. No other network activity is impacted.
In production globally as of 01/02/23.
Windows
Requirements:
ITSOs must be onboarded to MECM and MDE and have removed any 3rd party antivirus (ex: Amp, Norton, etc)
Steps:
Configuration Manager Introduction and Onboarding
Microsoft Defender for Endpoint (MDE) Introduction and Onboarding
Support notes:
Systems should be running a supported release version to be compatible with Network Protection in order for the block to be successfully applied.
Windows 10 any supported release version
Windows 11 any supported release version
End-user experience:
Some may see a SmartScreen notice such as the one below, many will see the various TikTok related domains returning an error that it's not available.
The Microsoft store download itself is not blocked, so a user would be able to install the app however they will not be able to launch it.
Since the apps requires Edge, they will see the SmartScreen notification even if their default browser is set to something else:
The Windows Security message will appear for anyone attempts to open TikTok or a TikTok cookie is active in the background. If the notification is showing up persistently, cookies will need to be cleared from the browser going back to before TikTok was accessed.
Apple
iOS:
Requirements:
iPad, or iOS device Supervised* and enrolled in central Jamf instance
Steps:
Configuration profile will be scoped globally. No additional steps are needed from ITSOs to take advantage of the TikTok block provided by EPM
Support notes:
*iOS devices are supervised when enrolled via Automated device enrollment. This can be accomplished using Apple School Manager or Apple Configurator 2. On device you will see "This device is supervised and managed by University of Texas as Austin" in the top most area of the settings app.
End-user experience:
TikTok app will be removed from the iOS device if installed. If an end user tries to navigate to a TikTok URL they will see "You cannot browse this page at "tiktok.com" because it is restricted"
MacOS:
Requirements:
macOS computer is enrolled into the central Jamf Instance
Steps:
After the Jamf policy has been installed, the web browser will need to be quit for changes to take effect. If the browser is left running during installation, the URL redirect will not be enforced until it is next opened
macOS Policy will be scoped globally. No additional steps are needed from ITSOs to take advantage of the TikTok block provided by EPM
Support notes:
Policy is set to run at next check in of machine. (0-15 minute check in)
End-user experience:
On macOS we are routing all TikTok URLs to a dead IP address. End users will see a failed to load webpage unique to the browser they are using. (ex: Safari can't open the page because the address isn't valid) No app exists for TikTok on macOS.
EPM is available to IT Support Organizations (ITSOs) with any endpoint management questions. If you have a question about a specific endpoint client, please reach out to your local endpoint client support organization.
- ConfigMgr - Glossary of Terms
- ConfigMgr - Reports
- ConfigMgr - Collecting ISORA Data
- EPM Dashboards - Jamf and MECM
- EPM Enhancement Requests
- Jamf - Collecting ISORA Data from Jamf
- Jamf - Glossary of Terms
- Jamf Training Resources
- MCM Training Resources
- New to Endpoint Administration: Quick Guide
- Sample Page
- Teams: Endpoint Platform Community
- TikTok Block
Welcome to the University Wiki Service! Please use your IID (yourEID@eid.utexas.edu) when prompted for your email address during login or click here to enter your EID. If you are experiencing any issues loading content on pages, please try these steps to clear your browser cache.