Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

block installing/uninstalling apps?

DollaBill
New here
‎Nov 16 2017 12:19 PM
‎Nov 16 2017 12:19 PM

block installing/uninstalling apps?

We're trialing their EMM solution for our iPads. Is there a way to make it so the users cannot install/uninstall any apps?

Want it so that only we control deploying and removing apps.

0 Kudos
Subscribe
4 Replies 4
RyanB
Meraki Employee
Meraki Employee
‎Nov 16 2017 12:38 PM
‎Nov 16 2017 12:38 PM

For iPads you'd need to have the device "supervised", and you'd then be able to restrict the user from using the AppStore.

To have supervisor control over the iPad, you'd either need that device in your Apple DEP (Device Enrollment Program) account and linked with your Meraki MDM. Or you'd need to use Apple Configurator to push a supervised profile to it manually.

Once supervised, you'll have much more granular control over the device. Even doing things like hiding/showing apps, locking into specific apps, prevent password changes/resets, preventing wiping the device, etc. 

https://documentation.meraki.com/SM/Profiles_and_Settings/iOS_Supervision

 

DEP: https://documentation.meraki.com/SM/Device_Enrollment/Using_Apple's_Device_Enrollment_Program_(DEP)_...

Apple Configurator: https://documentation.meraki.com/SM/Device_Enrollment/Enrolling_and_Supervising_iOS_Devices_using_Ap...

 

 

Subscribe
In response to RyanB
DollaBill
New here
‎Nov 16 2017 2:12 PM
‎Nov 16 2017 2:12 PM

So we were looking to enroll into Apple's DEP - To do so, we have to provide our resellers DEP ID so they can transfer the devices to you. What exactly gets transferred? We purchase through our Verizon Rep. Will anything change with that?

0 Kudos
Subscribe
In response to DollaBill
RyanB
Meraki Employee
Meraki Employee
‎Nov 16 2017 2:45 PM
‎Nov 16 2017 2:45 PM

Nothing technically gets transferred to Meraki.

When you make a purchase and the reseller notes the DEP ID, it is Apple whom associates that device with your organization. 

Apple maintains the DEP side of the house, and it is their servers who know iPad S/N:1234 belongs to XYZ Corp.

 

When you link your Meraki EMM account with Apple's DEP, Apple then knows when the iPad is being turned on and registered, that it belongs to XYZ Corp based on it's serial number and forces the device to have the associated Meraki profile installed. 

 

The big benefit to DEP, is that if someone was able to wipe one of your iPads, they'd never technically be able to unassociate it with your DEP, and it would always end up being force enrolled back to your company.

 

https://images.apple.com/business/docs/DEP_Guide.pdf 

Subscribe
jared_f
Kind of a big deal
‎Nov 20 2017 3:16 PM
‎Nov 20 2017 3:16 PM

You can block and whitelist apps with that respective restrictions profile. If you want only managed apps (apps you will be able to remove from Dashboard) on the device, you will need to add those and scope them to either auto-install or have the user install in the Meraki MDM Self Service Portal. On devices that call for restrictions regarding content, I prefer not to go the route of disabling the app store. I instead scope out a whitelist profile and have a policy notify me of membership change if a user installs a "blacklisted app". I basically have a restrictions profile setup that is tripped and installed by that policy and the device becomes unusable until the user (a) removes the app and waits until and apps refresh takes place for restrictions to be taken off or (b) sees me, and I take the restrictions off by temporarily excluding them from profiles, deleting the app and re-installing the correct configs. 

 

Seems to be working in my environment. Unfortunately, I can't limit all apps, but people using a VPN to get around corp filters is an issue. 

 

Jared

 
Find this helpful? Click the kudos button. Thanks!
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.