Configuring LanSchool Air for Mac Privacy Approvals with MDM
For student devices running macOS Mojave (10.14)
and later, Apple introduced new privacy protection systems to ensure that all installed software works as it should. These new systems can be challenging to configure correctly. As it would be impractical to visit each computer to make these approvals, Apple has expanded its Mobile Device Management (MDM) system to allow remote configuration of many of these approvals.
Most MDM systems allow importing
.mobileconfig template files in order to deploy policies to devices. For the best experience, download this pre-configured privacy policy template provided by LanSchool and deploy it to your devices:
LanSchoolAirStudentPolicy.mobileconfig.
Alternatively, follow the instructions below to manually create a policy.
The LanSchool Air for Mac client requires four approvals, shown in the table below, to allow all functionality.
The Screen Recording Approval cannot be automated. It must be enabled manually on the student device.
Privacy Policy |
Description |
Accessibility |
Allows LanSchool Air to fully lock the computer during Blank Screen . Without this approval, students may exit Blank Screen using certain key combinations. |
Automation |
Allows LanSchool Air to automate the Safari browser during Limit Web so that students are kept on websites the teacher allows. |
Full Disk Access |
A llows LanSchool Air to examine the Safari browser history files to correctly determine where a student is browsing in the Safari browser during Limit Web . |
Screen Recording |
Only required for macOS Catalina (10.15) and later. The screen recording approval is required to allow LanSchool Student to share the student's screen with the teacher.
This approval cannot be configured using an MDM server and must be enabled manually on each student device.
|
It is recommended that the MDM configuration be installed on student computers before the the LanSchool Air Client for Mac is installed. This ensures that no prompts appear that a student sitting at a computer can deny and prevents other issues from occurring.
The following instructions use SimpleMDM (
https://simplemdm.com/ ) as an example MDM provider. Your MDM provider interface may look a little different but likely has similar features and requests the same information.
-
Navigate your MDM provider interface to a location where you can create profiles and choose to create a profile to configure privacy preferences:
-
Provide the following information (order and description may vary):
As shown above:
- The bundle ID for LanSchool Air is "com.lenovo.lsair.Client", whose code requirement is "anchor trusted" . Static code validation is not necessary.
- Set Accessibility to Allow
- Set Post event to Allow
- Set Access all files to Allow
- All other values should be Not Set
- For Apple Event Targets, you must add Safari with the bundle identifier "com.apple.Safari" and code requirement identifier "com.apple.Safari" and anchor Apple, with Access set to Allow.
When you have created the profile, use your MDM provider to send the profile to all student computers. You are done!
Related Articles
Deploying LanSchool Air Using Jamf Pro
Overview The LanSchool Air for MacOS agent supports a few different deployment methods. See Mass Deploying LanSchool Air for Mac Student for more detailed instructions. Please note that our support team can only provide limited assistance with ...Installing LanSchool Air for Mac Student
Overview This article explains how to install the Mac client on an individual student device. For instructions on deploying the Mac client to a large number of student devices, see Mass Deploying LanSchool Air for Mac Student . Generate Link to ...Mass Deploying LanSchool Air for Mac Student
This article explains how to mass deploy the LanSchool Air Mac client on multiple devices at once. For instructions on installing the LanSchool Air Mac client on individual devices, see Installing LanSchool Air for Mac Student. When to Mass Deploy If ...LanSchool Air Setup Guide
Who Should Use this Guide? LanSchool Air site administrators responsible for installing LanSchool Air on student devices, configuring admin settings, and inviting instructors. What Does This Guide Cover? This guide provides instructions for: ...Deploying LanSchool Air Using Intune
Overview The LanSchool Air for Windows agent supports a number of different deployment methods and tools using a basic EXE or an advanced MSI installer. See Mass Deploying LanSchool Air for Windows for more detailed instructions. Please note that our ...
Popular Articles
Viewing Student Client Status
Overview If a student device is appearing as offline, check the status of LanSchool Air client installed on the student's device to make sure it's provisioned and connected. To see the current status of the student client, open the LanSchool Air chat ...Using Web Limiting
Overview To block troublesome or distracting websites or limit students to a select few websites pertinent to the class, use the Web Limiting feature in LanSchool Air. There is currently no limit on the number of URLs that can be added to the block ...Mass Deploying LanSchool Air for Chromebook Student
This guide walks site administrators through the process of deploying the LanSchool Air app to students using Chromebooks and getting LanSchool Air ready for instructors to use. For information on installing the LanSchool Air app to Windows or Mac ...Controlling Student Browser Tabs
Overview Controlling browser tabs is currently supported for students using Chromebooks. Students on Windows or macOS devices will only display the most recently viewed website. In List View and Student Details, you have added controls over tabs on a ...Using Blank Screen
Overview LanSchool Air's customizable Blank Screen feature enables you to push a Blank Screen to your students' computers. When you enable Blank Screen, students are not able to view or listen to anything on their device until the Blank Screen is ...
Recent Articles
Deploying LanSchool Air Using Jamf Pro
Overview The LanSchool Air for MacOS agent supports a few different deployment methods. See Mass Deploying LanSchool Air for Mac Student for more detailed instructions. Please note that our support team can only provide limited assistance with ...Disabling Fast User Switching
Overview LanSchool Air does not support Windows Fast User Switching feature. The student client will not function properly when the computer is switched to a second user account. It is recommended to disable Fast User Switching in order for the ...Configuring Idle Timeout
Overview By default, instructors will be automatically logged out of LanSchool Air after they have been idle for 2 hours. Site Admin users can configure the idle timeout settings to increase the amount of time instructors can remain idle before being ...Downloading User and Device Lists
Overview Site Admins can download CSV files containing a list of registered users and devices installed with LanSchool Air. This allows Site Admins the ability to review and manage which devices are consuming licenses and which users are using ...Managing LanSchool Air Licenses
Overview The LanSchool Air client is installed per device for Windows and Mac OS devices. As devices are repurposed or replaced, it is important to fully recover (free up) the LanSchool Air license. Recovering the LanSchool Air license takes 2 steps: ...