ios – The right way to use configuration profile to power DNS-over-HTTPS for each community besides the required SSIDs? – Ask Totally different

I need to have the ability to power DoH on all networks (Wifi, mobile information, and so forth) besides my residence and work wifi community SSIDs.

I used iMazing Profile Editor to craft this profile, however when I attempt to import it on to my iPhone 12 mini (iOS 16.1) it shows an error saying “The sector ‘OnDemandRules’ just isn’t legitimate.” I’ve learn by way of Apple’s Configuration Payload documentation and might’t see something flawed, so I am guessing there’s simply one thing I do not perceive.

<?xml model="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist model="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>DNSSettings</key>
            <dict>
                <key>DNSProtocol</key>
                <string>HTTPS</string>
                <key>ServerAddresses</key>
                <array>
                    <string>185.228.168.168</string>
                    <string>185.228.169.168</string>
                    <string>2a0d:2a00:0001:0000:0000:0000:0000:0000</string>
                    <string>2a0d:2a00:0002:0000:0000:0000:0000:0000</string>
                </array>
                <key>ServerURL</key>
                <string>https://doh.cleanbrowsing.org/doh/family-filter/</string>
            </dict>
            <key>OnDemandRules</key>
            <dict>
                <key>Motion</key>
                <string>Disconnect</string>
                <key>SSIDMatch</key>
                <array>
                    <string>eduroam</string>
                    <string>AEROHIVE</string>
                </array>
            </dict>
            <key>PayloadDisplayName</key>
            <string>DNS Settings #1</string>
            <key>PayloadIdentifier</key>
            <string>com.apple.dnsSettings.managed.50552866-1CD2-48AD-8117-EF6EF0CC0920</string>
            <key>PayloadType</key>
            <string>com.apple.dnsSettings.managed</string>
            <key>PayloadUUID</key>
            <string>12B12860-090C-4FE4-B1C4-F1BDC4741DF3</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>CleanBrowsing DoH</string>
    <key>PayloadIdentifier</key>
    <string>com.charlesrc019.CleanBrowsingDoH</string>
    <key>PayloadOrganization</key>
    <string>charlesrc019</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>FF112954-D8A9-4C71-8868-9CEC20238482</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

Be aware: If I edit the profile and take the ‘OnDemandRules’ part out, it does work, however that does not work for what I am attempting to do. I want it to have the ability to swap between forcing DoH and never relying on what wifi community it’s linked to. Additionally, I’m unable to search out an documentation saying that On Demand Guidelines solely work for VPN settings not DNS. iMazing Profile Editor included On Demand Guidelines of their DNS settings, so I am inclined to imagine that it ought to work.