Per-application network content filtering

Therefore, the following is claimed: 1. A system, comprising: a computing device comprising a processor and a memory; a management application comprising a first set of machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least: determine an identity of a client device; authenticate the client device with a device management service, in response to the determination that the client device is not managed, generate a user interface on the client device to facilitate an enrollment process to authenticate the client device with the device management service; receive, based at least in part on the identity of the client device, an authentication token from the device management service; receive a request from an application to initiate a network connection; determine an identity of the application on the client device; establish the network connection based at least in part on the identity of the client device and the application; and route network traffic associated with the application through the network connection. 2. The system of claim 1 , wherein the request is a first request, the application is a first application, the network connection is a first network connection, and the machine-readable instructions are further configured to cause the computing device to at least: receive a second request from a second application to initiate a second network connection; determine an identity of the second application on the client device; establish the second network connection based at least in part on the identity of the client device and the second application; and route network traffic associated with the second application through the second network connection. 3. The system of claim 1 , wherein the network traffic associated with the application is directed to a managed network tunnel based at least in part on the identity of the application and a network routing rule from the device management service. 4. The system of claim 3 , wherein the managed network tunnel is encrypted. 5. The system of claim 1 , wherein the network traffic associated with the application is directed through a VPN connection. 6. The system of claim 5 , wherein the VPN connection is encrypted using at least one of a version of the transport layer security (TLS) protocol or a version of the internet protocol security (IPSec) protocol. 7. The system of claim 1 , wherein the management application is configured to at least: receive one or more application routing rules from the device management service; and filter the network traffic based at least in part on the identity of the application and the one or more application routing rules. 8. A method comprising: determining an identity of a client device; authenticating the client device with a device management service, in response to the determining that the client device is not managed, generating a user interface on the client device to facilitate an enrollment process to authenticate the client device with the device management service; receiving, based at least in part on the identity of the client device, an authentication token from the device management service; receiving a request from an application to initiate a network connection; determining an identity of the application on the client device; establishing a network connection based at least in part on the identity of the client device and the application; and routing network traffic associated with the application through the network connection. 9. The method of claim 8 , wherein the request is a first request, the application is a first application, the network connection is a first network connection, and the method further comprises: receiving a second request from a second application to initiate a second network connection; determining an identity of the second application on the client device; establishing the second network connection based at least in part on the identity of the client device and the second application; and routing network traffic associated with the second application through the second network connection. 10. The method of claim 8 , further comprising directing the network traffic associated with the application to a managed network tunnel based at least in part on the identity of the application and a network routing rule from the device management service. 11. The method of claim 10 , wherein the managed network tunnel is encrypted. 12. The method of claim 8 , further comprising directing the network traffic associated with the application through a VPN connection. 13. The method of claim 12 , wherein the VPN connection is encrypted using at least one of a version of the transport layer security (TLS) protocol or a version of the internet protocol security (IPSec) protocol. 14. The method of claim 8 , further comprising: receiving one or more application routing rules from the device management service; and filtering the network traffic based at least in part on the identity of the application and the one or more application routing rules. 15. A non-transitory, computer-readable medium comprising machine-readable instructions that, when executed by a processor, cause a computing device to at least: determine an identity of a client device; authenticate the client device with a device management service, in response to the determination that the client device is not managed, generate a user interface on the client device to facilitate an enrollment process to authenticate the client device with the device management service; receive, based at least in part on the identity of the client device, an authentication token from the device management service; receive a request from an application to initiate a network connection; determine an identity of the application on the client device; establish a network connection based at least in part on the identity of the client device and the application; and route network traffic associated with the application through the network connection. 16. The non-transitory, computer-readable medium of claim 15 , wherein the request is a first request, the application is a first application, the network connection is a first network connection, and the machine-readable instructions are further configured to cause the computing device to at least: receive a second request from a second application to initiate a second network connection; determine an identity of the second application on the client device; establish the second network connection based at least in part on the identity of the client device and the second application; and route network traffic associated with the second application through the second network connection. 17. The non-transitory, computer-readable medium of claim 15 , wherein the network traffic associated with the application is directed to a managed network tunnel based at least in part on the identity of the application and a network routing rule from the device management service. 18. The non-transitory, computer-readable medium of claim 17 , wherein the managed network tunnel is encrypted. 19. The non-transitory, computer-readable medium of claim 15 , wherein the network traffic associated with the application is directed through a VPN connection. 20. The non-transitory, computer-readable medium of claim 15 , wherein the machine-readable instructions further cause the computing device to at least: receive one o