I'm wondering if anyone has found a solution to a problem we're experiencing. We have YouTube for Schools enabled on our network in strict mode (via our MX600). Our students use IPads managed by Meraki MDM. YouTube for Schools works great when students are logged into their school managed Google accounts. However, they can simply log out and log into a personal account to bypass all the restrictions. There's no policy in MDM that I can see that forces students to stay logged into their school managed Google Accounts. I know we can use a web proxy to force only approved domain accounts to function, but this seems excessive given we've got 2 solutions that should be able to handle this (the MX and MDM). Has anyone found a way to close this loophole for students?
We use Cisco Umbrella for our DNS queries, but the interception happens on the Meraki MX side. Upon further investigation it looks like the Meraki "strict" YouTube setting is working on all levels. From our tests if a user is not signed into their Google accounts then the MX Strict setting is applied. If they're logged into their org account then it defers to the Google Admin settings. We're finding the MX strict and Google strict are slightly different.
We're having issues with students and non-edu related content (not necessarily improper). At first we though they could bypass by logging into a commercial Google account. It appears that's not the case as so far it looks like the MX default strict applies. We're still testing some more.