Is it possible to scope a tag to devices on a specific os version? Such as 10.13.x get “Tag A” and 10.14.x get “Tag B” from Systems Manager?
Oh i really hope someone knows how to make this work because this would be awesome
@jm_peterson The closest I can think of to accomplish this is through security policies based on minimum OS version.
This would apply policy tag to each device.
@vassallon It was definitely a good idea. But it appears the security policy cant scope worth a damn and returns this.
What about if you add in these options for Mobile Security?
@vassallonUnfortunately that didnt work. I was looking for a way to automate this for Mojave so custom pppc/tcc/kernel extensions could be applied as users update. Since there is no solution I threw one together.
Disclaimer, python is not my strong suit so there is probably a more efficient way to do this but this is working for me.
You just need to replace YOURSMNETWORKID with your network_id, yourreallylongapikey with your api key, and the tag name with whatever you want the tag to be.
Hopefully this is of use to someone. ¯\_(ツ)_/¯
import requests import json meraki_url = 'https://api.meraki.com/api/v0/networks/YOURSMNETWORKID/sm/devices' aki_key = 'yourreallylongapikey' search_models = ['OS X 10.14', 'OS X 10.14.1', 'OS X 10.14.2', 'OS X 10.14.3', 'OS X 10.14.4', 'OS X 10.14.5'] meraki_payload = "" meraki_headers = { 'X-Cisco-Meraki-API-Key': aki_key, 'cache-control': "no-cache" } def tag_the_machines (serial_input): url = 'https://api.meraki.com/api/v0/networks/YOURSMNETWORKID/sm/devices/tags' args = { "updateAction": "add", "tags": "Mojave", "serials": serial_input } payload = "" headers = { 'X-Cisco-Meraki-API-Key': aki_key, 'Content-Type': "application/json", 'cache-control': "no-cache", } try: r = requests.request("PUT", url, data=payload, headers=headers, params=args) r.raise_for_status() print ("Tagged" + '' + serial_input) except requests.exceptions.HTTPError as err: print (err) def check_key(dict, key): if dict.has_key(key): global batch batch = dict[key] else: print ("Batch not key present") def get_all_machines (): url = meraki_url payload = meraki_payload headers = meraki_headers r = requests.request("GET", url, data=payload, headers=headers) global all_machines all_machines = r.json() check_key (all_machines, 'batchToken') create_mojave_dict() def send_batch_request (): url = meraki_url payload = meraki_payload querystring = { "batchToken": batch, } headers = meraki_headers r = requests.request("GET", url, data=payload, headers=headers, params=querystring) global all_batch_machines all_batch_machines = r.json () create_mojave_batch_dict() def create_mojave_dict (): serial_number = [] os_name = [] for m in all_machines["devices"]: serial_number.append(m["serialNumber"]) os_name.append(m["osName"]) machine_dict = dict(zip(serial_number, os_name)) global mojave_machines mojave_machines = [] for s in search_models: for k, v in machine_dict.items(): if v == s: mojave_machines.append(k) for m in mojave_machines: tag_the_machines(m) def create_mojave_batch_dict (): serial_number = [] os_name = [] for m in all_batch_machines["devices"]: serial_number.append(m["serialNumber"]) os_name.append(m["osName"]) machine_dict = dict(zip(serial_number, os_name)) global mojave_batch_machines mojave_batch_machines = [] for s in search_models: for k, v in machine_dict.items(): if v == s: mojave_batch_machines.append(k) for b in mojave_batch_machines: tag_the_machines(b) if __name__ == '__main__': get_all_machines() send_batch_request()
@jm_peterson The overview section of systems manager will show a break down of OS versions, you could manually click on each version and apply a tag that way. You would have to constantly keep it up to date though.