So I've recently been testing where the point of issue is for deployments. I've tested across 5 MacBook some are T2 and some are M1 devices.
Main issue during automated deployment I'm seeing is the phase where m_agent gets installed and whether or not it gets its permissions. Behaviour from this deploying is that m_agent is erratic and does not take commands from Meraki portal CLI which also means it will fail installs except for profiles which only require APNS to be working, those update fine.
I often test before deploying apps if a simple ls command works by sending it from Meraki. If I get a correct response, I know m_agent is currently working and the custom app/vpp app deployment should work correctly.
Some of the behaviour I've see with regards to m_agent is:
- Even though it gets its permissions from "Meraki Settings For X" it behaves roughly 80% of the time intermittently. Meaning that sometimes it doesn't respond to the ls command other times it does. This is done in testing in ideal environment where I'm keeping the device awake. It just behaves erratically regardless of the machine.
- Even if ls command works, quite literally 10 seconds later the command will not work anymore assuming m_agent is again not communicating correctly or working. Thereafter randomly it will work again. And this behaviour is present for the entire deployment process and for however long the device is using on Meraki.
You can see in the screenshot above that in the same breath where m_agent is working and communicating correctly and installing apps, it will just stop and the installs queued will fail. This behaviour is more frequent on M1 MacBooks in comparison to T2 MacBooks.
Important point to note is that we've also observed completely automated deployment of what we would consider good deployment. Where all the profiles deploy as it should as well as all the apps without error but this is the exception.
Even in ideal testing environments with a reliable network the m_agent will stop communicating and app installs will fail. Almost as if it times out. Comes back again 5 minutes later. This behaviour is present across all 200 of our devices.
Question then would be:
1. What PPPC permissions do we need to give m_agent present in Library/Application Support/Meraki/m_agent with the assumption that the PPPC profile is not doing what it should.
2. Even though "Meraki Settings for X" profile is deployed, would it be more reliable if we manually gave the privacy permissions to m__agent