Some clients may misidentify themselves when specifying the User-Agent string field of an HTTP GET request. Device type policy enforcement is done on a best-effort basis, dependent upon the information that the client provides. When needing to enforce security-focused policies based on device type, please leverage solutions such as Meraki Systems Manager, or Cisco ISE.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.
Please, if this post was useful, leave your kudos and mark it as solved.