How to Deploy a Proxy Pac file with Intune


Super-Quick post on a creative way to deploy a PAC file to iOS devices enrolled in Intune.

IMPORTANT: PROXYPACURL configuration only works on supervised iOS devices (As per the Apple Configuration Profile reference), so if your devices are not supervised stop reading here).

Step 1 – Create PAC File

  1. Create (or obtain an existing)  Pac file. For testing you can create one like this in notepad and save it with a .pac extension
// Send all traffic to example.example.com to 127.0.0.2
function FindProxyForURL(url, host) {
if (host =="example.example.com") return "PROXY 127.0.0.2:8080";
else return "DIRECT"; }

Step 2 – Deploy to externally reachable location (Azure Blob)


1. Create New Storage Account

2. Choose relocation and redundancy options

3. Create a container

4. Choose Public Access Level Container (Anonymous read access for containers and blobs)

5. Select the container you created

6. Upload the .Pac file you created earlier

7. Select the uploaded file and copy the URL.

8. Be sure to test you can download the .pac file by copying that URL into a browser.

Step 3 – Create iOS configuration profile.

  1. On a Mac, use apple configurator to add the URL. (Create a new profile, go to Global HTTP Proxy , choose Auto and populate the Proxy PAC URL field with the URL from above.
2.  Save the profile as a .mobileconfig file. (If you don't have a mac to do this, just edit the XML below and edit the ***add your URL here*** bit)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadDescription</key>
            <string>Global HTTP Proxy</string>
            <key>PayloadDisplayName</key>
            <string>Global HTTP Proxy</string>
            <key>PayloadIdentifier</key>
            <string>com.apple.proxy.http.global.831C4B26-60D4-4439-9782-8592CF4D72E0</string>
            <key>PayloadType</key>
            <string>com.apple.proxy.http.global</string>
            <key>PayloadUUID</key>
            <string>831C4B26-60D4-4439-9782-8592CF4D72E0</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>ProxyCaptiveLoginAllowed</key>
            <false/>
            <key>ProxyPACFallbackAllowed</key>
            <false/>
            <key>ProxyPACURL</key>
            <string>***add your URL here***</string>
            <key>ProxyType</key>
            <string>Auto</string>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>Untitled</string>
    <key>PayloadIdentifier</key>
    <string>MACBOOK-AIR.C09CB472-D91F-465A-958A-36DD4D0C5748</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>8556FACD-146D-4DD7-97CE-F4F23F465992</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

Step 4 – Deploy with Intune
1. Go to the Intune Portal (Portal.azure.com), Select Configuration Profiles, create a new Configuration Profile, Select iOS, custom, give the profile any name and select the .mobileconfig file that you exported from configurator (or created using the snippet above).

2. After the profile is created, assign it to a deployment group of your choice

Test it Out on the Device:

On the next MDM Sync, your supervised iOS devices should have the configuration profile including the proxy settings.


 

 

Comments (0)

Skip to main content