1. School Manager
  2. Linewize Connect
  3. Deployment

Deploying or Upgrading to Linewize Connect Filter for iOS

Updated
Shauna Kinney
Have more questions? Submit a request

This article is for IT support.

Linewize Connect for iOS (Connect Filter) protects iOS devices managed by your school’s MDM. You can configure Connect to apply your School Manager filtering policies to users on and off campus, even when their iOS device is connected to a hotspot or an unfiltered internet connection.

From version 3.0.0 on, Connect for iOS is distributed as a Custom App, Linewize Connect Filter. You will need to use Apple Business Manager (ABM) or Apple School Manager (ASM) to get Connect before you can distribute the app to users via your Mobile Device Management (MDM) tool.

Before you start

If you are deploying Connect Filter for the first time at your school, contact Linewize Support for help.

Ensure your users’ iOS devices:

  • Are running iOS / iPadOS 14.5.1 (2020) or newer
  • Are supervised by your school’s MDM 
  • Are not running any other filtering software
  • Do not have a global proxy configured

1. Register with Apple and Linewize

You need to supply us with your Apple Organization ID and your Apple Organization Name.

  1. Sign into or enroll with:

Apple School Manager (ASM)
https://school.apple.com

Apple Business Manager (ABM)
https://business.apple.com

  1. Verify your MDM is linked to your Apple account.
  2. Copy your Apple Organization ID and your Apple Organization Name from your Apple School Manager or Apple Business Manager. 
  3. Open a new request with Linewize
  • Ask for the Linewize Connect Filter and Linewize Connect for iOS.
  • Paste your Apple Organization ID and your Apple Organization Name into your request (required).
  • Submit the request and check your email for your registration confirmation.

Tip

You can use your ASM or ABM with  Managed Apple IDs or federated authentication (Azure or Google IDs) to remove access to consumer features in iCloud+ (like Private Relay) and personal functionality (for example Apple TV and Apple Pay).

2. Deploy Linewize Connect Filter

You can get Connect Filter from Apple and deploy it using your MDM after you receive the email confirmation from Linewize.

  1. Sign in to https://school.apple.com or https://business.apple.com.
  2. If you have not already, enable Custom Apps in your Apple School Manager or Apple Business Manager.
  3. Select Custom Apps > Connect Filter in the left navigation panel.
  4. Select a location to assign the licenses.
  5. In Quantity, enter the number of licenses for your iOS devices.

  6. Select Get.
    The licenses will be available in your MDM within ten minutes. 
  7. Open your MDM and verify the Connect Filter licenses have synced. Here are the steps for some of commonly used MDMs:

Notes

If you do not see the Connect Filter in your MDM’s list of purchased apps, please contact your MDM vendor for help.

  1. Use your MDM to remove the consumer apps Google, Google Go, and YouTube from devices.

Info

Many consumer apps use UDP and QUIC protocols instead of TCP to improve performance, switch hosts dynamically, and keep data transfers small. These protocols cannot be filtered and blocking these protocols can stop functionality in operating systems and trusted apps.

  1. Distribute Linewize Connect Filter from your MDM’s catalog, library or app management function.

Note

Your MDM may require you to toggle your app list to show Custom Apps or to use a Volume Pricing Program page to deploy Connect for iOS licensed apps.

  1. Use your MDM to restart the iOS devices.

3. Verify the Installation

We recommend you spot check several of your iOS devices before distributing the devices to your users. If you find unexpected results, update the your MDM configuration and repeat the device management update.

  1. Restart a managed device and connect it to your school network or the internet.
  2. On the device, go to Settings > General.
  3. If the device is protected, you will see:

    “This [iOS or iPadOS device] is Supervised. [organization name] can monitor your internet traffic and locate this device.”

Important

If you do not see the supervised status please contact Linewize Support for help.

  1. Next go to Settings > General > Device Management > More Details. You will see the:

    • Mobile Device Management: Your MDM tool details
    • Certificate: Family Zone Root CA
    • DNS proxy settings: Family Zone DNS Proxy

  2. Open the Connect app on the device to verify the Username and your School Manager Device ID.

    If the device displays incorrect details or doesn’t display details, contact Linewize Support to troubleshoot your MDM options and device configuration.

Verify your school network connection

Optionally, you can check if an iOS device has errors while connected to your School Manager physical appliance by finding the device in the event log.

  1. In School Manager, go to Statistics > Realtime > Alerts and Events.
  2. Type “userdb” in the Search.
  3. Use the Find in your browser to search for the Usernames.

Verify device filtering

You can spot-check the devices to verify filtering is protecting your users.

  1. Connect the device to the internet.
  2. Open the Connect app and verify the user’s name is displayed.
  3. Open Safari. Go to an allowed website, like Google, and verify the site loads.
  4. Go to a known blocked website and confirm the Block Page loads.

FAQ

How do I restore a locked iOS device?

An iOS/iPadOS device may be unable to connect to the internet or your school network if the signing certificate for Linewize Connect is over a year old. Locking the device protects users until the device is running a current version of Connect with the current signing certificate. Connect and the signing certificate with Apple are updated several times a year to ensure the device will not lock if it syncs with your MDM infrequently.

If you have a locked device, you can restore and update it with the following troubleshooting steps:

If the device has not been connected to the internet and your MDM can manage it:

  1. Use your MDM to remove Connect.
  2. Restore the factory settings using one of the following methods:

    1. Restore the factory settings from your MDM options
    2. Manually restore the device to factory defaults from the iOS/iPadOS Settings.

  3. Use your MDM to install the current version of Connect.
  4. Restart the device.

If the device has connected to the internet and is locked and you can’t manage the device using your MDM or access the iOS/iPadOS Settings.

  1. Connect the device using a USB cable.
  2. Use the Apple Configurator to restore the factory settings.
  3. Use your MDM to install the current version of Connect.
  4. Restart the device.

Why should I remove apps like Google and YouTube?

To protect your users, the Chrome browser app and Apple apps (like Safari) allow educational filtering to protect the device. Many consumer apps (like Google, Google Go, and YouTube) do not provide educational filtering access to monitor content.

How do I know which versions of Connect for iOS my users have?

You can use School Manager’s Advanced Search Report to search for users who have a specific version of Linewize Connect.

  1. In School Manager, go to Reports > Advanced Search.
  2. Select the From Date field.
  3. Select Presets and then select Last 7 days.
  4. Select the Agent field.

    1. Change 'is' to 'contains'.
    2. In the any value field, field, enter one or more of these values:
      • ios-dns v1
      • ios-dns v2
      • ios-dns v3
  5. Load the report to see your results.

How do I add more Connect Filter licenses?

You can purchase Connect Filter licenses at any time in your Apple School Manager or Apple Business Manager. You can also move unused licenses to other parts of your organization

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.