Skip to main content

Admin Dashboard

KACE - iOS Configuration Guide

The following contains procedures for deploying KACE for iOS.

You need to have the following in place before you can deploy:

  • Have iPad Devices already enrolled in your Kace Cloud MDM Dashboard.

    Note

    We support iOS 13.1 and higher.

    Note

    Devices need to be enrolled in Supervised Mode for the app to be installed without user interaction (silent installation).

  • Have Device Labels defined for student iPad devices.

  • iOS Blanket Policy created on Blocksi Admin Dashboard (https://bm.blocksi.net/#profiles).

To get your organization ID and name

  1. Sign in to your Apple School Manager account with your Administrator credentials.

  2. Click your account name in the lower left-hand corner and choose Preferences from the drop-down menu.

  3. Locate your Organization ID and Company Name.

  4. Send this information to Blocksi and we will add your organization to the approved list of customers who can use our filtering app.

To configure volume purchasing

  1. Log in to your company’s account at business.apple.com (Apple Business Manager) or school.apple.com (Apple School Manager).

  2. Click your account name in the lower left-hand corner and choose Preferences from the drop-down menu.

  3. Click Payments and Billing.

  4. Click Download in the Content Tokens section next to the correct server location token under the Apps and Books tab. The token downloads to the Downloads folder on your computer.

  5. Navigate to the Settings tab on the KACE Cloud portal.

  6. Click Apple Settings > Volume Purchase Program.

    Apple Volume Purchase Program
  7. Click Select VPP Token and upload the token you downloaded.

  8. Click Sync.

To configure and add a custom vendor profile

To configure the Blocksi for iPad app, create a custom mobile profile for the DNS Proxy setting. To do this, you can use a 3rd party application, such as:

  • Apple Configurator 2 if you are using an Apple device, or

  • iMazing Profile Editor if you are using a Windows device

To create a PLIST configuration file

Before creating the custom mobile profile, create a Plist file-type document to upload in the DNS Proxy configuration.

  1. Open a text file editor and type the following PLIST template configuration:

    PLIST Template Configuration

    Note

    Replace the admin@blocksi-super-admin.com value with the super admin email that you use with Blocksi. You can keep the 123PasswordExample value or replace it with your own.

  2. Save the text file as Plist file-type (file extension: .plist) after you have modified the values.

To create a custom profile in Apple Configurator 2

If you do not have the app installed yet, you can download it from the following URL link: https://apps.apple.com/us/app/apple-configurator/id1037126344?mt=12 (Apple Configurator 2).

  1. Install the app on your device after you have downloaded it.

  2. Open the app after the installation is complete.

    Apple Config New Profile
  3. From the navigation menu, select File > New Profile. The following window opens.

    General Mandatory
  4. Configure the General tab of the new profile:

    • Type a name for the profile In the Name field. For example, KACE Cloud MDM - DNS Proxy Profile for Blocksi for iPad.

    • Type a unique identifier for the profile In the Identifier field. For example, com.blocksiforios.kace.profile.

    • Select Always for the Security setting. When you have finished, it should look like this:

      General Mandatory General
  5. Configure the DNS Proxy setting.

  6. Select the setting from the left menu and click the Configure button.

    General Mandatory Click Configuration

    The following window opens.

    General Mandatory Configuration
  7. Add com.blocksi.dnsproxy in the App Bundle ID field.

  8. Add com.blocksi.dnsproxy.ext in the Provider Bundle ID field.

  9. Click the Upload File... button in the Provider Configuration section and upload the Custom Configuration PLIST file you created in the Creating a PLIST Configuration File section earlier in this guide. When you have finished, the DNS Proxy configuration should look like this:

    DNS Proxy
  10. Save the profile by selecting File > Save in the top menu. Make sure that the profile is saved as file type .mobileconfig.

    DNS Proxy Save

To create a custom profile in iMazing profile editor

If you do not have the app installed yet, you can download it from the following URL link: https://apps.microsoft.com/detail/9phs9qlcq5s4?hl=en-us&gl=US (Apple Configurator 2).

Opening the App

  1. Install the app on your device after you have downloaded it.

  2. Open the app after the installation is complete.

    iMazing Profile Editor
  3. Select Tools > iMazing Profile Editor from the top menu. The following window opens.

    iMazing Profile Editor General

Configuring the General Tab

  1. Type a name for the profile In the Name field. For example, KACE Cloud MDM - DNS Proxy Profile for Blocksi for iPad.

  2. Type a unique identifier for the profile In the Identifier field. For example, com.blocksiforios.kace.profile. When you have finished, it should look like this:

    KACE Cloud MDM
  3. Scroll down and select the Prevent users from removing this profile checkbox.

    Prevent Users
  4. Select iPhone/iPad/iPod Touch for Target Device Type from the drop-down list.

    Target Device Type

Configuring the DNS Proxy Setting

  1. Select the setting from the left menu and click the + Add Configuration Payload button.

    DNS Proxy 1
  2. Select DNS Proxy that was added under the General setting.

    DNS Proxy 2
  3. Click Choose… under the Add Bundle ID section. A new window opens.

  4. Type the app bundle ID, select it, and press Choose.App Bundle ID to type in com.blocksi.dnsproxy. When you have finished, the screen should look like this:

    DNS Proxy 3
  5. Click Choose… under the Provider Bundle ID section. A new window opens.

  6. Type the Provider Bundle ID, select it, and press Choose.Provider Bundle ID to type in com.blocksi.dnsproxy.ext. When you have finished, the screen should look like this:

    DNS Proxy 4

Setting Up the Provider Custom Configuration

Provider Custom Configuration
  1. Click the Choose… button and select the Custom Configuration PLIST file you created in the Creating a PLIST Configuration File section earlier in this guide. When you have finished, the DNS Proxy configuration should look like this:

    DNS Proxy 5
  2. Save the profile by selecting File > Save As... in the top menu.

    DNS Proxy Save As
  3. Make sure that the profile is saved as file type .mobileconfig.

    DNS Proxy 6

To upload the custom profile on KACE cloud

  1. Sign in to your KACE Cloud portal.

  2. Click Libraries in the top navigation bar.

  3. Click Vendor Profiles from the Library selection.

    Libraries
  4. Click + Add New and select Apple Profile from the drop-down menu on the Vendor Profiles screen.

    Vendor Profiles Screen

    The Upload Apple Profile pane appears on the right side of the page.

    Upload Apple Profile
  5. Select Browse... and upload the previously created DNS proxy configuration profile.

  6. Click the Add button after the profile upload is complete.

    Apple Profile Complete

To create a label

  1. Sign in to your KACE Cloud portal.

  2. Click Libraries in the top navigation bar.

  3. Click Labels from the Library selection.

    Labels
  4. Click + Add New and select Smart Label (Devices) from the drop-down menu on the Labels screen.

    Smart Label

    A new screen appears.

  5. Give the label a name in the Save As Smart Label section. For example: iOS Device Label.

  6. Add some filters from the left menu under Devices to distinguish iOS devices you will push the filtering application to. We recommend adding at least the next filters:

    • OS Name: iOS

    • Enrollment Status: Enrolled

    When you have finished, the Smart Label configuration should look like this:

    Smart Label Configuration
  7. Click Save to save the Smart Label configuration.

To create a policy

  1. Navigate to Policies on KACE Cloud.

  2. Update an existing policy or create a new policy. To create a new policy, click + Add New. A new screen appears.

  3. Click the pencil icon to give the new policy a name.

    New Policy

To assign the smart label to the policy

  1. Navigate to Applies to in the left menu.

  2. Select the iOS Device Label you created in the previous chapter from the Label list and click Link to Policy in the right pane.

    Applies To
  3. Click Activate and Push Changes and Confirm to save the changes.

    Push Change
    Push Change 1

To assign the Blocksi for iPad app to the policy

  1. Navigate to Apps in the left menu.

  2. Select the BlocksiForiPad application from the Apps list and click Link to Policy in the right pane.

    Blocksi for iPad
  3. Click Push Changes and Confirm to save the changes.

    Push Change 2
    Push Change 3

To assign the custom DNA proxy profile to the policy

  1. Navigate to Vendor Profiles in the left menu.

  2. Select the profile you uploaded previously and select Link to Policy in the right pane.

    Vendor Profiles Screen 1
  3. Click Push Changes and Confirm to save the changes.

    Push Change 4
    Push Change 5

The deployment configuration is now complete.All that is needed now is to verify if the configuration is correctly installed on the target enrolled devices.

To test the deployment of the configuration

  1. Make sure that you have an iOS Blanket Policy created on your BM Admin dashboard. Instructions for the creation of the policy are located in our Help Section on the BM Admin Dashboard (bm.blocksi.net).

  2. Make sure that the target device is enrolled in the KACE Cloud portal. Once the device is enrolled in the KACE Cloud portal, the MDM configuration profile takes care of the installation of the Policy and the Blocksi For iPad application.

  3. Locate the Blocksi For iPad application on the iPad device and open it after both are installed. When you open it, you should see a green check mark and the message Everything is OK.This means that the DNS Proxy profile was successfully installed for the application.

  4. Open a browser and verify that the filtering policy you created is working correctly.

  5. Navigate to a site that is set to Allow on the filtering policy: the site should open.

  6. Navigate to a site that is set to Block on the filtering policy. You should be presented with the Block page or a This Connection Is Not Private page.

To create the filtering policy, please see Configuring the iOS Filtering Policy on the BMEE Admin DashboardConfiguring the iOS Filtering Policy on the BMEE Admin Dashboard