Skip to main content

Admin Dashboard

JAMF School - macOS Configuration Guide

The following contains procedures for configuring JAMF School for macOS.

Prerequisites

You must have the following in place before you can deploy:

  • BlocksiForOSX.pkg application: The app package file is downloaded together with these instructions.

  • Custom script: The script is downloaded with these instructions. Filename is: pass_values_script.sh.

  • Custom DNS Proxy .mobileconfig profile. The profile is downloaded together with these instructions. Filename is: JAMF School MDM - DNS Proxy custom profile.mobileconfig.

  • LDAP users and OUs need to be synced with Blocksi.

    • This is done with the Blocksi AD Synchronization app.

    • The app needs to be installed and configured on your LDAP server.

    • You can download the instructions and the app from the Downloads window on the Blocksi Admin dashboard. The download section is located under Profile > Downloads.

  • Filtering policy created on BM Admin Dashboard and assigned to LDAP OU. Once the LDAP OUs and Users are synced with Blocksi, you need to create some filtering policies and assign them to LDAP OUs.

  • On JAMF School MDM

    • Have macOS devices already enrolled to your JAMF School Dashboard.

    • Have Device Groups defined for student macOS devices.

Adding Blocksi for the OSX Application

To add Blocksi for the OSX application

  1. On JAMF School MDM, navigate to Apps > Inventory in the left menu.

  2. Click + Add App and select Add In-House macOS package from the drop-down list.

    Add App

  3. Upload the BlocksiForOSX.pkg application.

  4. Modify the App name and Version.

  5. Click Show advanced options in the Options section.

  6. Set Priority of installation to High.

  7. Click the + symbol under the This app will be distributed to the following device groups section to deploy the application to target devices.

  8. Make sure Automatic Installation is set for the group.

  9. Click Save. When you have finished, you should see the following screen:

    Auto Install
Creating a Profile

To create a profile

  1. On JAMF School MDM, navigate to Profiles > Overview in the left menu.

  2. Click + Create Profile to create a new profile. The Create Profile window opens.

    Create Profile

  3. Select macOS under Platform.

  4. Select Device Enrollment for Enrollment type and click Next. The following screen appears.

    Device Enrollment

  5. Choose a Profile name. For example: Blocksi macOS Device profile.

  6. Add a description, if needed.

  7. Leave the Use time filter checkbox cleared under Time filter.

  8. Click Finish.

Configuring the System Extensions

To configure the system extensions

  1. Click System Extensions under macOS payload on the Profile Setting Configuration page.

  2. Click Configure.

  3. Clear the Allow users to approve system extensions checkbox.

  4. Type FNVRG3YPHU in the Team Identifier field.

  5. Select all the following: Driver Extension, Network Extension, and Endpoint Security Extension under Allowed System Extension Types in the Allowed System Extensions section.

  6. Click + Add and type com.blocksi.filteringosx.proxyext.

  7. Click Save. When you have finished, you should see the following screen:

    System Extensions Screen 1
Configuring the Scope

To configure the scope

  1. Click Scope under General Settings on the Profile Setting Configuration page.

  2. Click the + button to add the Device Groups that need this profile installed.

    Scope

  3. Make sure Automatic Installation is set for the group.

  4. Click Save. When you have finished, you should see the following screen:

    Scope 1
Creating a Profile for DNS Proxy

To configure a profile for DNS proxy

This profile is needed to install the Blocksi for OSX application in the background without user interaction.

  1. Navigate to Profiles > Overview in the left menu on JAMF School MDM.

  2. Click + Create Profile to create a new profile. The Create Profile window opens.

    Create Profile 1

  3. Select Upload custom profile under Platform.

  4. Upload the JAMF School MDM - DNS Proxy custom profile.mobileconfig profile that was provided with these instructions.

  5. Click Next.

  6. Give the profile a name, for example: macOS Device Profile - DNS Proxy.

  7. Add a description, if needed.

  8. Leave the Use time filter checkbox cleared under Time filter.

  9. Click Finish.

Configuring the DNS Proxy Profile

To configure the DNS proxy profile

  1. Assign the profile to device groups by clicking + under the This profile will be distributed to the following device groups text.

  2. Select the target groups from the drop-down list.

  3. Make sure Automatic Installation is set for the group.

  4. Click Save. When you have finished, you should see the following screen:

    macOS Device Profile
Creating a Script

To create a script

  1. Navigate to Scripts in the left menu on JAMF School MDM.

    Scripts

  2. Click + Create new script in the upper right-hand corner of the page to create a new script. You should now see the following screen:

    Scripts 1

  3. Type the following information:

    • Name: blocksi_pass_values_script

    • Type: Bash

    • Description: Script to pass values to Blocksi for OSX application

    • When to run: Just once

  4. Copy the text below in the Content area.

    Content Area

    Note

    Replace admin@blocksi-super-admin.com with your school super-admin email.

    Note

    Replace XXX.XXX.XXX:XX with your local network DNS address. For example, 10.11.11.11:53.

  5. Click the + button under the Content area to assign the script to a device group.

    Content Area Script

  6. Select all applicable device groups from the list.

  7. Make sure Automatic Installation is set for the group.

  8. Click Save to save the script configuration.

Troubleshooting

To test the configuration

  1. If you haven’t already, configure AD connection to your LDAP server on the test Mac device so that you can login on the device with an LDAP user account.

  2. Assign a filtering policy to a synced LDAP User OU on Blocksi Admin Dashboard (bm.blocksi.net).

  3. Log in to a managed device with an administrator account to check the app, script, and profile deployment. Upon login, a filter icon appears in the upper right-hand corner of the screen.

  4. Open System Settings and go to Network > Filters.

    Network Filters

  5. Make sure that the Blocksi Filter status is Enabled and a green dot 🟢 is visible.

  6. Navigate to Privacy & Security > Profiles in System Settings. Some of the profiles are installed by default upon the device enrollment to JAMF School MDM. Make sure that you see the following profiles installed for the Blocksi for OSX deployment:

    • Blocksi macOS Device Profile

    • JAMF School MDM - DNS Proxy profile for Blocksi

      Managed Devices

To verify filtering

  1. Login to the Mac device with an LDAP user.

  2. Open a browser to see if filtering is applied correctly.

  3. Navigate to some sites that you either blocked with the Web filter or Exception List.

  4. You should be displayed with one of the following screens on blocked sites:

    Access Denied Screen
    Connection Not Private

  5. Go to the Blocksi Admin dashboard and navigate to Web Analytics > Insights and go to Logs.

  6. Verify that the user browsing done on the Mac Device is showing in the logs.