Skip to main content

Admin Dashboard

Windows Intune Deployment

The following procedures guide you through Windows Intune deployment.

If you want to deploy both Blocksi Classroom and WebFilter, you can download the following file from the Downloads window of the Admin Dashboard:

Blocksi Enterprise – The filename appears as BlocksiEnterprise.msi.

If you want to deploy each file individually, you can download each from the Downloads window of the Admin Dashboard:

  • Blocksi Classroom – The filename appears as BlocksiClassroom.msi. This is the classroom management application that allows a student's device to be seen in class on the Blocksi Teacher Dashboard. It can be used independently of the other MSIs.

  • Web Filter – The file name appears as BlocksiWebfilter_X.X.X.X.msi . Performs the web filtering on the device. It can be used independently of the other MSIs.

On the Settings menu, under Domains, please include all domain names, sub-domains, and aliases that your district has in use.

This procedure describes the steps required to create Windows Defender Firewall Rules for the Blocksi Classroom application using Microsoft Endpoint Manager.

To create the rules

  1. Navigate to https://endpoint.microsoft.com and sign-in to Microsoft Endpoint Manager.

  2. Select Endpoint Security from the left-hand navigation pane.

  3. Select Firewall from the Endpoint Security left-hand navigation pane.

  4. Click + Create Policy at the top of the page.

  5. Select Windows 10 and later under Platform in the Create a profile blade that appears on the right hand side.

  6. Select Microsoft Defender firewall rules under Profile.

  7. Click the Create button.

From the Create Profile Wizard

On the Basics tab:

  1. Give your new profile a name. For example, Blocksi Allow Policy.

  2. Add a description of your choice.

  3. Click Next.

On the Configuration Settings tab:

  1. Select the downward facing caret next to Firewall Rules 0 items.

    Create Profile for Defender Firewall Rules
  2. Click + Add. The Windows Firewall Rules blade appears to the right.

  3. Type a name for your policy under Name; for example, Allow Blocksi application.

  4. Select Out for Direction and Allowed for Action.

  5. Select all that apply (at least Public and Private) for Network types.

  6. Type C:\Program Files (x86)\Blocksi 2.4\blocksi2.4.exe for File Path.

  7. Select Any for Protocol and Wireless and LAN (this covers both WiFi and wired networks) for Interface types.

  8. Select Yes for Any local address and Yes for Any remote address.

  9. Click the Save button.

  10. Click + Add to add another rule for the inbound traffic.

  11. Type a name for the new inbound policy; for example, Allow port 9432 inbound to Blocksi.

  12. Select In for Direction and Allowed for Action.

  13. Select all that apply (at least Public and Private) for Network types.

  14. Type C:\Program Files (x86)\Blocksi 2.4\blocksi2.4.exe for File Path.

  15. Select TCP for Protocol.

  16. Select Add and then type 9432 in the field under Local port ranges. You do not need to configure remote port ranges.

  17. Select Wireless and LAN (this covers both WiFi and wired networks) for Interface types.

  18. Select Yes for Any local address and Yes for Any remote address.

  19. Click the Save button.

On the Configuration Settings tab:

Click Next.

On the Scopes tab:

Click Next.

On the Assignments tab:

  1. Assign either Policy to All users or choose the default Selected Groups. To select a group, click Add and select a group to include; for example, Students.

  2. Click Next.

On the Review + Create tab:

Check the settings and click the Create button.

The policy now applies to the assigned users and devices to be applied.

To download the applications

  1. Sign in to blocksi.net with your Administrator account.

    Admin Action Bar User Icon - Downloads Option
  2. Click the User icon on the Action Bar and select Downloads. The Downloads window opens. The window defaults to the Windows tab.

    Downloads Window
  3. Download the following applications on the Windows tab:

    • Blocksi Classroom: The filename appears as BlocksiClassroom.msi.

    • Web Filter: The filename appears as BlocksiWebfilter_X.X.X.X.msi.

      OR

    • Blocksi Enterprise: The filename appears as BlocksiEnterprise.msi.

Intune supports the installation of .msi and .intunewin application packages on Windows 10 Pro and higher.Take the following steps to add the Blocksi app MSI to Intune and then assign it to a group of users so that it is installed on their computers upon login.See Microsoft's official instructions on this topic here: https://docs.microsoft.com/en-us/mem/intune/apps/apps-windows-10-app-deploy.

The following instructions are specific to the Blocksi applications.

Sign in to the Microsoft Intune Admin Center at intune.microsoft.com to continue the configuration process.

This next section covers the assignment of the Blocksi Enterprise, Blocksi Classroom, and Blocksi Webfilter.

To assign Blocksi Enterprise, Blocksi Classroom, and Blocksi Webfilter

  1. Go to Apps > All Apps and click the Add icon at the top of the screen.

    All Apps Window
  2. Select Line of Business App for the App type and click Select. The App Information window appears.

    App Information Window
  3. Click Select app package file.

    Add App Window
  4. Click Select the App package file, browse to the folder where you have the Blocksi App installers, and select the installer (.msi) file.

  5. Click OK. You should see a screen like the following.

    App Package File Window
  6. Fill in some details about the install package.The Name and description are pre-filled. Add a publisher name (e.g., Blocksi).All other fields are optional and can be skipped.

  7. Click Next. The configuration should look like this:

    Add App Window Completed
  8. Click the Assignments tab to add assignments for the app.

  9. Add a Group for the users in the Required section that you want this app to be installed for (e.g., All Users, Students, etc.).

  10. Click Next.

  11. Review the app settings on the Review + create tab.

    Review Create Tab
  12. Click Create to confirm the configuration.Please wait for the file to finish uploading before continuing further.

  13. Repeat the above steps for the other .msi application.

This section contains instructions for setting up Intune to install the Blocksi app.

To deploy the app

  1. Sign in to the Microsoft Intune Admin Center at intune.microsoft.com.

  2. Go to Apps > Windows and click the + Add button.

  3. Select Windows app (Win32) in the App type drop-down list. When you have finished, the screen should look like this:

    Select App Type Window
  4. Click Select.

  1. Click the Select app package file button.

  2. Add the setup.intunewin file that you downloaded from the BM Admin dashboard.When you have finished, the screen should look like this:

    App Information Tab
  3. Click OK.

  4. Configure the app as follows.

    Name

    Name of the file

    Description

    Any

    Publisher

    Blocksi

    Other details do not need to be configured and can be left as default. When you have finished, the screen should look like this:

    App Information Tab Complete
  5. Click Next.

  1. Configure the app as follows, depending on the app you are installing:

    Install command

    Blocksi Classroom - msiexec /i "BlocksiClassroom.msi" /qn

    Blocksi Enterprise - msiexec /i "BlocksiEnterprise.msi" /qn

    Uninstall command

    Blocksi Classroom - msiexec /x "{3C957E7F-B142-4815-9AC1-484FD15F36A9}" /qn

    Blocksi Enterprise - msiexec /x "{9487E0E2-95E9-4B9C-802E-BB6CFD03D28E}" /qn

    Other details do not need to be configured and can be left as default. When you have finished, the screen should look like this:

    Program Tab Complete
  2. Click Next.

  1. Configure the app as follows:

    Operating system architecture

    32-bit and 64-bit

    Minimum operating system

    Windows 10 1607

    Other details do not need to be configured and can be left as default. When you have finished, the screen should look like this:

    Requirements Tab Complete
  2. Click Next.

  1. Configure the app as follows, depending on the app you are installing::

    • Rules format: Manually configure detection rules.

    • Click + Add and add the following rule:

    Rule type

    Manually configure detection rules

    Rule type

    MSI

    MSI product code

    Blocksi Classroom.exe - {3C957E7F-B142-4815-9AC1-484FD15F36A9}

    Blocksi Enterprise - {9487E0E2-95E9-4B9C-802E-BB6CFD03D28E}

    When you have finished, the screen should look like this:

    Detection Rules Tab Complete
  2. Click OK. The configuration should look like this:

    Detection Rules Window
  3. Click Next.

You can skip the Dependencies Tab configuration.

Click Next.

You can skip the Supersedence Tab configuration.

Click Next.

  1. Configure the app assignment to devices and users in your organization. The assignment details can be left as default.

  2. Click Next.

  3. Click Review + save to finish the app configuration and assignment. The app is installed on the target devices the next time the user's log in.

Next, you'll need to ensure that new computers have Google Chrome installed on them.

  1. Go to https://chromeenterprise.google/download/.

  2. Click the Download Chrome button.

    Download Chrome Window
  3. Configure the download as in the below picture and click Accept and download.

    Download Chrome for Windows
  4. Extract the downloaded ZIP file and find the GoogleChromeStandalone.MSI file located in the Installers folder.

  5. Repeat the same steps for adding a Line-of-Business app to Intune (refer to the Configuring the MSI App Deployments section of this article), except this time use the GoogleChromeStandalone.MSI as the app package file.

Intune does not have Chrome Management capability by default, so you have to add a custom CSP to Microsoft Intune for managing Chrome.Google provides the instructions for doing that here: https://support.google.com/chrome/a/answer/9102677?hl=en.

The key steps to perform are as follows

  1. Ensure that the Chrome Enterprise Download includes the ADMX templates.You need to ingest the Chrome AMDX file into Intune.

  2. Sign in to the Microsoft Intune Admin Center at intune.microsoft.com.

  3. Go to Devices > Configuration.

    Devices Configuration Window
  4. Click + Create > New Policy at the top of the page. A new pane opens on the right side of your screen.

  5. Select the following settings:

    Platform

    Windows 10 and later

    Profile Type

    Template

    Template Name

    Custom

  6. Click Create at the bottom of the pane.

    Create Profile Window
  7. Insert the following on the next screen:

    Name

    Windows 10 - Chrome configuration (or use any other descriptive name)

    Description

    Enter a description (optional)

  8. Click Next at the bottom of the page. The Configuration Settings Menu opens, in which to add the OMA-URI settings.

  9. Click Add to add specific policies you need to configure. A new pane opens on the right side of the screen.

    Add Row Window
  10. Enter the following text in the text fields. When you enter the String as Data type, the Value text field opens below.

    Name

    Chrome ADMX Ingestion

    Description

    Enter a description (optional)

    OMA-URI

    ./Device/Vendor/MFST/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx

    Data type

    String (select from drop-down list)

  11. On your computer, go to GoogleChromeEnterpriseBundle\Configuration\admx\chrome.admx and copy the text from chrome.admx.0.

    Tip

    This is in the GoogleChromeEnterpriseBundle.zip file that you downloaded following the Setting Up Intune to Install the Blocksi MSI Applications section of this article.

  12. In the Value field, paste the chrome.admx content.

  13. Click Save to save the Custom OMA-URI settings.

  14. Click Create to create the new profile.

Next you need to set up two Chrome policies with Intune. One to force install the Blocksi Chrome Extension and another to allow Apps to run in the background.

  1. Sign in to the Microsoft Intune Admin Center at intune.microsoft.com.

  2. Go to Devices > Configuration.

  3. Click the Windows 10 – Chrome configuration profile you created in the previous section.

  4. Select Properties > Configuration settings > Edit to open the Custom OMA-URI settings.

  5. Click Add to add a new row.

  6. Enter the following text into the required fields:

    Name

    Chrome ADMX - ExtensionInstallForceList

    Description

    Extension Force Install List

    OMA-URI

    ./Device/Vendor/MFST/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallForce list

    Data type

    String (select from drop-down list)

    Value

    <enabled><data id='ExtensionInstallForcelistDesc' value='1&amp;amp;#xF000;fcclfaoepaibnkmpcnknicjhpnbbbnom'/

    The configured setting should look like in the following screenshot:

    Add Row Window OMA

    Remember to click Save, Review and Save, and then Save; otherwise, your new policy does not get saved!

  7. Repeat the same process for adding a policy to allow apps to run in background mode. Use these values for the fields instead.

    Name

    Chrome ADMX - BackgroundModeEnabled

    Description

    Background mode enabled

    OMA-URI

    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/Background/ModeEnabled

    Data type

    String (select from drop-down list)

    Value

    <enabled/>

    The configured setting should look like in the following screenshot:

    Add Row Window OMA 2

    Remember to click Save, Review and Save, and then Save.

The Blocksi application needs a modification to the Windows Defender Firewall rules to function properly. You can do this by employing the following steps.

  1. Sign in to the Microsoft Intune Admin Center at intune.microsoft.com.

  2. Go to Devices > Configuration and click + Create > New Policy. A new pane opens on the right side of the screen.

  3. Select the following configuration.

    Platform

    Windows 10 and laterWindows 10 and later

    Profile type

    Template

    Template name

    Endpoint protection

  4. Click Create. You are taken to the Basics screen.

  5. Enter the following:

    Name

    Windows Defender Firewall Policies

    Description

    Allows specific policies for Windows Defender Firewall

  6. Expand the Windows Firewall setting on the Configuration setting screen.

  7. Scroll down to the Firewall Rules section and click Add.

    Firewall Rules Window
  8. Configure the new rule as follows:

    Name

    Blocksi Firewall Rule

    Description

    (optional)

    Direction

    Inbound

    Action

    Allow

    Network type

    Select all applicable options

    Application settings:

    Applications

    File path

    File path

    C:\Program Files(x86)\BlocksiClassroom\BlocksiClassroom.exe

    IP address settings:

    Leave the default value

    Port and protocol settings:

    Protocol

    TCP

    Local ports

    Specified ports

    Ports

    9432

    Remote ports

    All ports

    Advanced configuration:

    Interface type

    Select all applicable options (e.g., Wireless, LAN) if you are using them

    Leave all other settings as defaults. The rule configuration should look like the following images:

    Edit Rule Window
    Edit Rule Window 2
  9. Click Save to add the rule and click Next. You are taken to the Assignments screen.

  10. Assign this policy to selected groups like Students or All Users and click Next.

  11. Leave the defaults for Applicability Rules and click Next.

  12. Review your settings and then click Create.

    Endpoint Protection Window

    You should then see your new Windows Defender Firewall policies listed on the Configuration Policies screen along with your Chrome policies that you created earlier.

When new versions of Blocksi applications are released, you must update the configured apps and re-upload the new.msi app package.

  1. Sign in to the Microsoft Intune Admin Center at intune.microsoft.com.

  2. Select Apps > All apps.

  3. Find and select your app from the list of apps.

  4. Select Properties under Manage from the left app pane.

    Blocksi Classroom Properties Window
  5. Select Edit next to App information.

  6. Click the file listed next to Select file to update. The App package file pane appears.

    Edit App Window
  7. Click the folder icon and browse to the location of your updated app file.

  8. Click Open. The app information is updated with the package information.

  9. Verify that the App version reflects the updated app package.

  10. Click the Review + Save button to update the app.

At this point you should have everything you need to deploy and run Blocksi in your organization.Here are some troubleshooting tips in case things don't appear to be working.

  • Always wait at least 15 minutes for a new policy or script to push down to a computer.If you are unsure you can also log out and log back in again.

  • If the MSI is not installing you can check if Intune pushed it down to the computer.Intune pushed MSIs are stored in this location: C:\Windows\System32\config\systemprofile\AppData\Local\mdm.

  • To check if the Blocksi applications are installed on the computer, go to C:\ProgramFiles (x86)\ and verify if you see the following folders and inside of the corresponding.exe applications:

    • Blocksi Classroom - BlocksiClassrooom.exe

    • Blocksi Webfilter - bsflt.exe

    • Blocksi Enterprise – BlocksiEnterprise.exe

  • You can check if Chrome policies were installed correctly by browsing to chrome://policy.