From Legacy to Licensed, Profile Installation on Windows 10

Duke_Nukem
Getting noticed

From Legacy to Licensed, Profile Installation on Windows 10

Greetings,

 

We're contemplating making the move from Legacy SM to Licensed SM.  Some of the Sentry improvements look interesting/useful.  Any regrets from others out there that have made the move?

 

Also, we have about 800 devices in SM currently.  A mix of Windows 10, Windows Servers, iPhones, and iPads.  All of our Windows 10 devices have the Agent installed.  Is there an automated way to get the SM Profile installed on them?  Doing it manually on each machine would take forever.  And sending an enrollment link email to the masses will get mixed results. Group Policy? PowerShell?

 

Thanks.

6 REPLIES 6
kYutobi
Kind of a big deal

You should be able to do a silent install via GPO.

Enthusiast

Of the SM Profile? Not the Agent. We already push the Agent via GPO.

The docs below look like it is a manual process only. I thought there was a method with Intune, but I can't find that.

 

https://documentation.meraki.com/SM/Device_Enrollment/Systems_Manager_Agent_and_MDM_Profile_Enrollme...

 

https://documentation.meraki.com/SM/Profiles_and_Settings/Configuration_Profiles

(Doc has some missing links @CameronMoody)

There is an Intune process using GP, but that can't be used for this.

https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatica...

 

There has to be a way to automate this.  

Been doing some testing and am running into various walls.

1.  It looks like you have to be a Local Admin on the machine to do the enrollment of the Profile for Domain-joined PCs.  

2.  This command at least calls the enrollment process, but it doesn't enter the Network ID.  It still prompts for that. Tried all the other parameters for that command too.  No dice.  AND you still need to be a local admin.  

ms-device-enrollment:?mode=mdm&username=email@domain.com&servername=n123.meraki.com&tenantidentifier=123-456-7890

 

If only the Agent had the functionality to install the Windows Profile.

Even in licensed SM, this is still a huge blocker for us, we have 800+ devices enrolled in licensed SM via the agent that are out in the wild and I want nothing more than to add the profile for added functionality.  Not only does adding profile after a device has the agent create duplicate entries in SM (Support can manually merge these but it's an added step), but there is no way to automate profile enrollment at this time.  Iirc, even if we were to send enrollment links and ask users to enroll, they would need to be local admins to complete the enrollment :(.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels