Device Encryption

SOLVED
Mel
New here

Device Encryption

I do not have the application yet, but looking into it. Does this allow you to encrypt the hard drive? Some AV apps have this option , but do not support apple devices. (iMacs, Macbook, etc...) If so does this allow the user to set the pw and give admin access to reset it if they forget the password? Since this is cloud based does it work from anywhere without configuring anything in the firewall?

 

 

1 ACCEPTED SOLUTION
jared_f
Kind of a big deal

@Mel Meraki is great for security because you can track compliance of devices. You can enforce passcode policies and lock down the hard drive with configuration profiles.

 

You can clear iOS device passwords, but you cannot on Mac. But you can push down a pkg that creates a local admin account on the computer and that would always allow you to reset any users password if necessary (assuming you have the device on hand). 

Find this helpful? Click the kudos button. Thanks!

View solution in original post

10 REPLIES 10
jared_f
Kind of a big deal

@Mel Meraki is great for security because you can track compliance of devices. You can enforce passcode policies and lock down the hard drive with configuration profiles.

 

You can clear iOS device passwords, but you cannot on Mac. But you can push down a pkg that creates a local admin account on the computer and that would always allow you to reset any users password if necessary (assuming you have the device on hand). 

Find this helpful? Click the kudos button. Thanks!

@jared_f thank you. Do you know if they are trying to figure out how to encrypt the mac hard drive? So far I have not been able to find any solution to remotely encrypt mac hardware. 

jared_f
Kind of a big deal

Check this out @Mel:

 

https://documentation.meraki.com/SM/Profiles_and_Settings/Using_File_Vault_2

Find this helpful? Click the kudos button. Thanks!

@jared_f

 

Does this allow meraki to enforce the use of filevault? 

jared_f
Kind of a big deal

Yes, once you push this out and your user enrolls they will be forced to use FileVault.

 

The only way they could get out of it is removing the MDM profile, but that is a whole other discussion.

 

Find this helpful? Click the kudos button. Thanks!

@jared_f

 

I think we type faster than we receive each others responses...Thanks this helps alot. Do you think meraki will ever create or develop a home/consumer use products? I like their access points and some other features, but they are pricey for home use by device and license. 

jared_f
Kind of a big deal

@Mel Unfortunately, no I do not think they will offer a home suite. We ran into the same issue - it would have cost us hundreds just in device licensing for Meraki hardware. While I would love to have it, that is obsessive for my home network. I installed a Netgear System last year, but we were not happy with it, I ended up switching to Ubiquiti and just finished the install of all our new hardware and access points yesterday.

Find this helpful? Click the kudos button. Thanks!
PhilipDAth
Kind of a big deal
Kind of a big deal

@PhilipDAth

 

I wish we could just change their OS. 

 

@jared_f

 

Can meraki take over FIleVault to force the encryption rather than producing their own management?

jared_f
Kind of a big deal

@Mel So, once everything is setup your user will install the Meraki MDM Profile (I also recommend the agent be deployed and the admin PKG when this is all being done). Once the user installs the profile, you can scope out the FileVault configuration profile. This will encrypt the hard drive. The "key" will be stored under your Meraki server and the user will have to do nothing on their end once the profile is deployed.

 

 

Find this helpful? Click the kudos button. Thanks!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels