Under Systems Manager > General (under the “Configure” heading) > Access Rights (you have to scroll down a bit to see it) you can restrict some of the SM capabilities. I believe these are per network rules, maybe create another SM network (aka “site”) for BYOD devices and apply these restrictions?

---

@Miyo360 wrote:

Hi,

I have been using Meraki MDM for a while at our workplace. All is good. We are expanding the use of it to personal devices (BYOD). It has been noticed that the MDM Management Profile requests the following rights on iOS...

 

1. Erase all data and settings
2. Lock device and remove passcode
3. List configuration profiles
4. Add/remove configuration profiles
5. List provisioning profiles
6. Add/remove provisioning profiles
7. List device information
8. List network information
9. List installed applications
10. List restriction information
11. List security information
12. Apply settings
13. Install and remove applications and data

Some of these rights seem excessive, particularly 1, 2, 9 & 13.  Understandably, users with personal devices are hesitant to allow the profile. 

 

Is it possible to edit this list? Or change what rights the management profile requires? Is there a bare minimum list of rights required for the management to operate correctly?

 

The profile is only installing iOS mail settings. We are not using the agent app.

 

Thanks in advance.

 

---