Do you have multiple Profiles with common Custom Rules and configurations among each of them?

Instead of having to make the same change to every single Profile, utilize Multiple Enforced Profiles to make modifications at scale.

It eliminates the need to duplicate or sync rules, allowing for straightforward DNS management.

Here’s how it works and how it can benefit you.

What Are Multiple Enforced Profiles?

Traditionally, each Endpoint (device) in a network is assigned a single Profile – a set of rules and configurations defining what’s blocked, redirected, or bypassed. While this works for many scenarios, what if you need more flexibility?

Control D’s Multiple Enforced Profiles allow you to enforce up to three Profiles (two for personal users, three for Organization accounts), letting you implement advanced rule-matching behaviors.

You can set a “Common Profile,” which includes all the rules you want to enforce on all your Endpoints, and then create additional Profiles for more specialized needs – think of it as merging multiple Profiles into one cohesive strategy that’s adapted to your use case.

How Do Multiple Enforced Profiles Work?

Here’s how it works:

  1. The rule engine checks the first Profile for a match (e.g., blocking or redirecting a query).
  2. If no match is found, it moves to the second Profile.
  3. If no match is found, it moves to the third Profile (if applicable).

In cases of conflicting rules – for instance, when Profile 1 says block and Profile 2 says redirect – the first Profile takes precedence. 

Note: Organization accounts can allow the second Profile to override in specific scenarios.

It’s important to mention the order in which rules are prioritized as this is important for correctly blocking, redirecting, and bypassing DNS queries:

  1. Custom Rules are checked first and take precedence.
  2. If no match is found, Service rules are checked.
  3. If no match is found, Filter rules are checked.
  4. If no match is found, Default Rules are checked.

This means that the rule engine will search through Custom Rules > Service rules > Filter rules > Default Rules for Profile 1, and repeat the process again for Profile 2 (and Profile 3 if applicable).

How Does It Work for Different Organizations?

Businesses

Businesses typically use this feature to set department-specific rules, which they can then further customize by setting additional rules for different employees. 

The added benefit for businesses is that you can also incorporate Global Profiles into the mix, making this a three-tiered configuration. Let’s break it down.

You can create an organization-wide Global Profile to handle malware, phishing, ad-blocking, etc., and then add Profiles tailored to specific departments and users. For example:

  • Endpoint A: Organization-wide Global Profile → Marketing team Profile → User-specific Profile.
  • Endpoint B: Organization-wide Global Profile → Product Development team Profile → User-specific Profile.

In this scenario, the marketing team’s Profile may grant access to social media platforms, while the product development team’s Profile does not. On the flip side, the product development team’s Profile may grant access to testing and development platforms, which are blocked for the marketing team. 

This ensures all departments can access the resources they need to fulfill their job roles without being exposed to harmful or distracting content.

The beauty of Multiple Enforced Profiles is that you can make them as simple or complex as you’d like. For instance, if you’re a small business with few employees/teams, you may not require such granular rules. Instead, you can forgo the third Profile entirely for easier management:

  • Endpoint A: Organization-wide Global Profile → User-specific Profile.
  • Endpoint B: Organization-wide Global Profile → User-specific Profile.
  • Endpoint C: Organization-wide Global Profile → Department-specific Profile.
  • Endpoint D: Organization-wide Global Profile → Department-specific Profile.
🧑‍💻
Learn more about how Control D can keep your business safe online within minutes. Book a no-obligation call with a product expert👇

Schools

Educational institutions often juggle diverse needs, such as protecting students of various age groups while offering flexible access for staff. 

With Multiple Enforced Profiles, schools can set a “School-wide Global Profile” to block harmful content and then layer on specific Profiles, which could look something like this:

  • Endpoint A: School-wide Global Profile → Teachers/Staff Profile.
  • Endpoint B: School-wide Global Profile → Students Aged 5-10 Profile.
  • Endpoint C: School-wide Global Profile → Students Aged 10-14 Profile.
  • Endpoint D: School-wide Global Profile → Students Aged 14-18 Profile.

This setup ensures teachers and staff have greater freedom and access, whereas student Endpoints have stricter content rules depending on their age and specific use case.

👉 Learn how Control D keeps your school CIPA-compliant

Managed Service Providers (MSPs):

MSPs serve multiple clients, all with unique needs. Multiple Enforced Profiles allow you to apply a baseline security profile across all clients and Endpoints while layering client-specific rules for tailored experiences. Here’s an example of how it could look:

  • Endpoint A: Client-wide Global Profile → Client 1 Profile → User-specific Profile.
  • Endpoint B: Client-wide Global Profile → Client 2 Profile → User-specific Profile.
  • Endpoint C: Client-wide Global Profile → Client 3 Profile → Department-specific Profile.
  • Endpoint D: Client-wide Global Profile → Client 4 Profile → Department-specific Profile.

How Can Individual Users Benefit?

Control D’s Multiple Enforced Profiles isn’t just for organizations; it’s also a game-changer for personal users. While personal accounts can enforce up to two Profiles (instead of three for organizations), this feature still offers significant benefits.

Like organizations, you can adopt a “Common Profile” to cover common rules like blocking ads, trackers, and malware. Then, add a secondary Profile tailored to your specific needs, such as:

  • Endpoint A: Common Profile → Family Profile (with stricter content Filters for children).
  • Endpoint B: Common Profile → Work Profile (limiting distractions).

Limitations and Considerations

While Multiple Enforced Profiles provide unmatched flexibility, there are a few limitations to note:

  • Endpoints enforcing multiple Profiles cannot use scheduling features.
  • Rule conflicts are resolved based on Profile order (unless overridden in Organization accounts).

These limitations are minor compared to the granular customization capabilities offered by this feature.

Why Choose Control D’s Multiple Enforced Profiles?

Control D’s Multiple Enforced Profiles empower businesses, schools, MSPs, and even personal users to:

  • Streamline Management: Eliminate rule duplication and hassle. Adjustments to DNS settings only need to be made once.
  • Enhance Security & Consistency: Maintain robust filtering across various Endpoints and users.
  • Tailor Access: Provide customized configurations for specific departments or use cases.
🧑‍💻
Schedule a product strategy call to learn how Control D can help your business stay protected and secure👇