KACE - iOS Configuration Guide
The following contains procedures for deploying KACE for iOS.
You need to have the following in place before you can deploy:
Have iPad Devices already enrolled in your Kace Cloud MDM Dashboard.
Note
We support iOS 13.1 and higher.
Note
Devices need to be enrolled in Supervised Mode for the app to be installed without user interaction (silent installation).
Have Device Labels defined for student iPad devices.
iOS Blanket Policy created on Blocksi Admin Dashboard (https://bm.blocksi.net/#profiles).
To get your organization ID and name
Sign in to your Apple School Manager account with your Administrator credentials.
Click your account name in the lower left-hand corner and choose Preferences from the drop-down menu.
Go to Organization Information.
Your Organization ID is numeric and can be found in the Organization Information section.
Your Organization Name is the name of your admin account; for example, jane-doe@example.com. (The name appears above the Organization ID.)
Send this information to Blocksi and we will add your organization to the approved list of customers who can use our filtering app.
To configure volume purchasing
Log in to your company’s account at business.apple.com (Apple Business Manager) or school.apple.com (Apple School Manager).
Click your account name in the lower left-hand corner and choose Preferences from the drop-down menu.
Click Payments and Billing.
Click Download in the Content Tokens section next to the correct server location token under the Apps and Books tab. The token downloads to the Downloads folder on your computer.
Navigate to the Settings tab on the KACE Cloud portal.
Click Apple Settings > Volume Purchase Program.
Click Select VPP Token and upload the token you downloaded.
Click Sync.
To configure and add a custom vendor profile
To configure the Blocksi for iPad app, create a custom mobile profile for the DNS Proxy setting. To do this, you can use a 3rd party application, such as:
Apple Configurator 2 if you are using an Apple device, or
iMazing Profile Editor if you are using a Windows device
To create a PLIST configuration file
Before creating the custom mobile profile, create a Plist file-type document to upload in the DNS Proxy configuration.
Open a text file editor and type the following PLIST template configuration:
Note
Replace the admin@blocksi-super-admin.com value with the super admin email that you use with Blocksi. You can keep the 123PasswordExample value or replace it with your own.
Save the text file as Plist file-type (file extension: .plist) after you have modified the values.
To create a custom profile in Apple Configurator 2
If you do not have the app installed yet, you can download it from the following URL link: https://apps.apple.com/us/app/apple-configurator/id1037126344?mt=12 (Apple Configurator 2).
Install the app on your device after you have downloaded it.
Open the app after the installation is complete.
From the navigation menu, select File > New Profile. The following window opens.
Configure the General tab of the new profile:
Type a name for the profile In the Name field. For example, KACE Cloud MDM - DNS Proxy Profile for Blocksi for iPad.
Type a unique identifier for the profile In the Identifier field. For example, com.blocksiforios.kace.profile.
Select Always for the Security setting. When you have finished, it should look like this:
Configure the DNS Proxy setting.
Select the setting from the left menu and click the Configure button.
The following window opens.
Add com.blocksi.dnsproxy in the App Bundle ID field.
Add com.blocksi.dnsproxy.ext in the Provider Bundle ID field.
Click the Upload File... button in the Provider Configuration section and upload the Custom Configuration PLIST file you created in the Creating a PLIST Configuration File section earlier in this guide. When you have finished, the DNS Proxy configuration should look like this:
Save the profile by selecting File > Save in the top menu. Make sure that the profile is saved as file type .mobileconfig.
To create a custom profile in iMazing profile editor
If you do not have the app installed yet, you can download it from the following URL link: https://apps.microsoft.com/detail/9phs9qlcq5s4?hl=en-us&gl=US (Apple Configurator 2).
Opening the App
Install the app on your device after you have downloaded it.
Open the app after the installation is complete.
Select Tools > iMazing Profile Editor from the top menu. The following window opens.
Configuring the General Tab
Type a name for the profile In the Name field. For example, KACE Cloud MDM - DNS Proxy Profile for Blocksi for iPad.
Type a unique identifier for the profile In the Identifier field. For example, com.blocksiforios.kace.profile. When you have finished, it should look like this:
Scroll down and select the Prevent users from removing this profile checkbox.
Select iPhone/iPad/iPod Touch for Target Device Type from the drop-down list.
Configuring the DNS Proxy Setting
Select the setting from the left menu and click the + Add Configuration Payload button.
Select DNS Proxy that was added under the General setting.
Click Choose… under the Add Bundle ID section. A new window opens.
Type the app bundle ID, select it, and press Choose.App Bundle ID to type in com.blocksi.dnsproxy. When you have finished, the screen should look like this:
Click Choose… under the Provider Bundle ID section. A new window opens.
Type the Provider Bundle ID, select it, and press Choose.Provider Bundle ID to type in com.blocksi.dnsproxy.ext. When you have finished, the screen should look like this:
Setting Up the Provider Custom Configuration
Click the Choose… button and select the Custom Configuration PLIST file you created in the Creating a PLIST Configuration File section earlier in this guide. When you have finished, the DNS Proxy configuration should look like this:
Save the profile by selecting File > Save As... in the top menu.
Make sure that the profile is saved as file type .mobileconfig.
To upload the custom profile on KACE cloud
Sign in to your KACE Cloud portal.
Click Libraries in the top navigation bar.
Click Vendor Profiles from the Library selection.
Click + Add New and select Apple Profile from the drop-down menu on the Vendor Profiles screen.
The Upload Apple Profile pane appears on the right side of the page.
Select Browse... and upload the previously created DNS proxy configuration profile.
Click the Add button after the profile upload is complete.
To create a label
Sign in to your KACE Cloud portal.
Click Libraries in the top navigation bar.
Click Labels from the Library selection.
Click + Add New and select Smart Label (Devices) from the drop-down menu on the Labels screen.
A new screen appears.
Give the label a name in the Save As Smart Label section. For example: iOS Device Label.
Add some filters from the left menu under Devices to distinguish iOS devices you will push the filtering application to. We recommend adding at least the next filters:
OS Name: iOS
Enrollment Status: Enrolled
When you have finished, the Smart Label configuration should look like this:
Click Save to save the Smart Label configuration.
To create a policy
Navigate to Policies on KACE Cloud.
Update an existing policy or create a new policy. To create a new policy, click + Add New. A new screen appears.
Click the pencil icon to give the new policy a name.
To assign the smart label to the policy
Navigate to Applies to in the left menu.
Select the iOS Device Label you created in the previous chapter from the Label list and click Link to Policy in the right pane.
Click Activate and Push Changes and Confirm to save the changes.
To assign the Blocksi for iPad app to the policy
Navigate to Apps in the left menu.
Select the BlocksiForiPad application from the Apps list and click Link to Policy in the right pane.
Click Push Changes and Confirm to save the changes.
To assign the custom DNA proxy profile to the policy
Navigate to Vendor Profiles in the left menu.
Select the profile you uploaded previously and select Link to Policy in the right pane.
Click Push Changes and Confirm to save the changes.
The deployment configuration is now complete.All that is needed now is to verify if the configuration is correctly installed on the target enrolled devices.
To test the deployment of the configuration
Make sure that you have an iOS Blanket Policy created on your BM Admin dashboard. Instructions for the creation of the policy are located in our Help Section on the BM Admin Dashboard (bm.blocksi.net).
Make sure that the target device is enrolled in the KACE Cloud portal. Once the device is enrolled in the KACE Cloud portal, the MDM configuration profile takes care of the installation of the Policy and the Blocksi For iPad application.
Locate the Blocksi For iPad application on the iPad device and open it after both are installed. When you open it, you should see a green check mark and the message Everything is OK.This means that the DNS Proxy profile was successfully installed for the application.
Open a browser and verify that the filtering policy you created is working correctly.
Navigate to a site that is set to Allow on the filtering policy: the site should open.
Navigate to a site that is set to Block on the filtering policy. You should be presented with the Block page or a This Connection Is Not Private page.
To create the filtering policy, please see Configuring the iOS Filtering Policy on the BMEE Admin Dashboard