So I've recently been testing where the point of issue is for deployments. I've tested across 5 MacBook some are T2 and some are M1 devices.
Main issue during automated deployment I'm seeing is the phase where m_agent gets installed and whether or not it gets its permissions. Behaviour from this deploying is that m_agent is erratic and does not take commands from Meraki portal CLI which also means it will fail installs except for profiles which only require APNS to be working, those update fine.
I often test before deploying apps if a simple ls command works by sending it from Meraki. If I get a correct response, I know m_agent is currently working and the custom app/vpp app deployment should work correctly.
Some of the behaviour I've see with regards to m_agent is:
- Even though it gets its permissions from "Meraki Settings For X" it behaves roughly 80% of the time intermittently. Meaning that sometimes it doesn't respond to the ls command other times it does. This is done in testing in ideal environment where I'm keeping the device awake. It just behaves erratically regardless of the machine.
- Even if ls command works, quite literally 10 seconds later the command will not work anymore assuming m_agent is again not communicating correctly or working. Thereafter randomly it will work again. And this behaviour is present for the entire deployment process and for however long the device is using on Meraki.
You can see in the screenshot above that in the same breath where m_agent is working and communicating correctly and installing apps, it will just stop and the installs queued will fail. This behaviour is more frequent on M1 MacBooks in comparison to T2 MacBooks.
Important point to note is that we've also observed completely automated deployment of what we would consider good deployment. Where all the profiles deploy as it should as well as all the apps without error but this is the exception.
Even in ideal testing environments with a reliable network the m_agent will stop communicating and app installs will fail. Almost as if it times out. Comes back again 5 minutes later. This behaviour is present across all 200 of our devices.
Question then would be:
1. What PPPC permissions do we need to give m_agent present in Library/Application Support/Meraki/m_agent with the assumption that the PPPC profile is not doing what it should.
2. Even though "Meraki Settings for X" profile is deployed, would it be more reliable if we manually gave the privacy permissions to m__agent
So far we've put over 50 hours of time into just getting Meraki stable and to do the bare minimum. Our company size is increasing significantly and our reliance on this automation that Meraki offers grows with it.
We've not been able to use Meraki in a repeatable fashion since the start and as a result all our efforts have gone towards "making it work" and not improving efficiencies through automation.
As a result of all these issues in service and feature delivery we've decided to migrate over to JAMF Pro.
From our side quite literally all of our effort has been put into finding workarounds for things that are broken in Meraki. We've narrowed it down to the agent being the cause of most issues. Near 100% of the time normal commands that just require valid APNS works fine without issue but anything extra involving the m_agent immediately becomes hit or miss quite literally a 50/50. This tool is expensive in a large environment, but does not behave like an expensive tool.