Export supervision identity from Meraki MDM for use with Configurator 2

Solved
ZachOfIW
Here to help

Export supervision identity from Meraki MDM for use with Configurator 2

Does anybody know if it's possible to export the supervision identity from Meraki MDM so that I can perform certain actions via Configurator 2 that require Supervision? I need to add the device name to the lockscreen for a bunch of iOS 11 devices, a feature which Meraki's MDM seems to lack. I can do this in Configurator 2, but unless I can set up both Meraki and Configurator with the same supervision identity then my devices will only be able to be supervised by either Meraki or Configurator, not both.

 

Thanks!

1 Accepted Solution
ZachOfIW
Here to help

Hey Shaun,

As far as I can tell there's no great answer here; you either use Configurator to manage supervised settings or you use Meraki to manage supervised settings (which are fewer and less capable than Configurator's, but are remotely delivered and thus more easily updated/pushed).

Cheers,

-Zach

View solution in original post

13 Replies 13
jared_f
Kind of a big deal

@ZachOfIW From my understanding Meraki does not hold the supervision identity for a device. Are your devices DEP enrolled and supervision occurs OTA (over the air) during setup? The only other thing I could think of is the devices were setup and enrolled with Apple Configurator 2, you would have to retrieve the supervision identity from the computer. I would have to check our DEP portal and see if you can retrieve the supervision identity - currently out of office and don't have access to our DEP credentials.

 

Meraki is only providing settings to the device, supervision occurs one of two ways: Apple Configurator 2 or DEP.

 


Jared

Find this helpful? Click the kudos button. Thanks!
ZachOfIW
Here to help

Hi Jared,

 

Supervision is occurring OTA via DEP. I am receiving these DEP enrolled devices and hoping to use both Meraki and Configurator to perform supervision-level configuration of the devices. I need to show the device names on the lockscreens, which requires supervision and is not (that I've seen) available via Meraki so I'm turning back to Configurator for that one configuration (all other settings and configuration for the devices is handled through Meraki and is applying pretty much the moment the devices are first powered on).

 

What's baffling me at this point is Configurator keeps spitting out this error message:

 

Configurator could not perform the requested action because "devicename" is not supervised by an existing organization.

 

But when I go to Configurator's Preferences > Organizations I have an organization that I added using my DEP Apple login... it correctly populated with the org name, email, and address as shown in my DEP account.

 

As far as I can tell that should allow my Configurator to utilize the same supervision identity as provided via my DEP, right? When I click Show Supervision Identity it shows a self-signed root certificate "Apple Configurator 2: MY ORGANIZATION DEP NAME" and while that looks like it should work I have no way of verifying what supervision identity is actually on the device do I?

 

-Z

jared_f
Kind of a big deal

I will have to take a look and get back to you @ZachOfIW. We have been begging Meraki to bring in variable support for months. Have you taken a look and the lockscreen configuration payload in Apple Configrator? We like it because we can show which user owns the device and which department it belongs to. Currently, I am manually scoping the payload out.

Find this helpful? Click the kudos button. Thanks!
ZachOfIW
Here to help

Hi Jared,

 

I ended up just making a wallpaper background in Photoshop for each of the 14 devices (feasible since I only had 14 to do) that had the device name on it. I added the respective wallpaper to each device individually/manually and after all 14 devices were wallpapered I disabled modifying wallpaper in the Meraki configuration profile to prevent users from changing them.

The lockscreen configuration payload would've technically worked, but the text it makes is so small and I know my users are usually collecting their devices in a rush during their wild mornings so I wanted something as easily visible as possible.

 

Thanks for the advice. Hopefully Meraki wisens up and adds variable support.

Cheers,

-Zach

jared_f
Kind of a big deal

@ZachOfIW I have had to do the same thing. While it is not ideal, it is the only way to get things accomplished with Meraki lagging in implementation. Please be aware that sometimes after a device is restarted the wallpaper will not be centered and has to be reset. I have been using a time tag to set our wallpapers daily at 12:00 AM. The profile pops on for about thirty minutes and then removes itself - resetting the wallpaper to its correct orientation.

 
Find this helpful? Click the kudos button. Thanks!
ZachOfIW
Here to help

@jared_f Curious... have you tried the Reduce Motion setting under Settings > General > Accessibility? I do this on all our devices so that it doesn't scale or crop the wallpapers. Plus, I find the flourishes it removes to be largely unnecessary anyhow...

jared_f
Kind of a big deal

Unfourtently, no. With these devices being delivered to the user and enrollment being OTA with DEP we do not have the opportunity to touch each device. I am limited to configuration profiles at this point.

 
Find this helpful? Click the kudos button. Thanks!
ZachOfIW
Here to help

jared_f
Kind of a big deal

Yep, DEP has been great for us, but the issue is that Meraki sometimes takes up to a minute to sync down the profiles that are scoped to the device. Another issue is that we make the Meraki MDM app mandatory so it installs on all devices upon enrollment, but it takes 5+ minutes depending on the number of devices being enrolled to sync down. I wish they had a web clip version I could temporarily scope out and let users set up their devices faster.

 
Find this helpful? Click the kudos button. Thanks!
misterharrison
Getting noticed

Just want to thank Jared for his time tag Wallpaper Refresh idea.

 

Those messed up Wallpapers have been bugging me!

 

Any other cool ways of using time tags?

itsupportBH
Just browsing

Did you ever get this issue solved? I've attempted to download the Certificate from the Meraki client and use that as an organisation identity but that didn't seem to work.

I was told DEP would make enrolling and managing iPads easier, jhee!

ZachOfIW
Here to help

Hey Shaun,

As far as I can tell there's no great answer here; you either use Configurator to manage supervised settings or you use Meraki to manage supervised settings (which are fewer and less capable than Configurator's, but are remotely delivered and thus more easily updated/pushed).

Cheers,

-Zach

jared_f
Kind of a big deal

I tested attempting to add our organization from DEP in my Apple Configurator and I ran into the same error. I believe Meraki will have to open the supervision identity to us in order to use it. Not ideal, but luckily I can push most things via Meraki.

 
Find this helpful? Click the kudos button. Thanks!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels