Meraki MDM iOS app - asks the user to allow location tracking?

SOLVED
Boyan1
Getting noticed

Meraki MDM iOS app - asks the user to allow location tracking?

Hi guys,

 

I have Meraki MDM setup pretty well, VPP auto install all apps etc, all iOS devices, of course are supervised via Apple's DEP so the management profile is locked and can not be removed by the end user. The only problematic area is that after Meraki MDM app is auto-install to the iOS device it still asks the user to ALLOW location tracking? The user has the option to SKIP and I need a way around that.

 

Can you assist with some opinions here? If the user is allowed to skip location tracking.. well that defeats the whole purpose of Meraki MDM app being installed in the first place? Same applies to the push notifications, both issue shown below:

 

IMG_0001 2.PNGIMG_0002.PNG

1 ACCEPTED SOLUTION

@Boyan1 This is normal behaviour, even with DEP supervised devices Apple still leave the decision of location tracking up to the end user. I have rolled out hundreds of iPads with 90% of them being supervised and I have always manually had to enable location tracking. 

 

 

View solution in original post

9 REPLIES 9
PhilipDAth
Kind of a big deal
Kind of a big deal

Are you sure that device is DEP enrolled?

 

That is what happens when the device is not in supervised mode.

@PhilipDAth Yep totally, it's serial number is captured by DEP and upon activation following a full erase the Apple activation servers re-direct the process to Meraki and then all MDM pieces are installed with no possibility to skip. Same for the security profiles - can not remove, I could have just said yes it is DEP enrolled but wanted to expand upon the "evidence" 🙂

@Boyan1 This is normal behaviour, even with DEP supervised devices Apple still leave the decision of location tracking up to the end user. I have rolled out hundreds of iPads with 90% of them being supervised and I have always manually had to enable location tracking. 

 

 

@BlakeRichardson Thanks Blake, I suspected the answer will lead to another "Apple thing" but didn't want to suggest it - phycology you know which leads to suggestive "wrong answers". Thank you. If I may respectfully ask - ok so if we do enable it by hand, which is fine, oh well life, then any time an end user decides to wipe the iPad we, as the MDM managers are exposed to the possibly of loosing location tracking? Or forget device wipe - they can simply go to settings and disable location for the Meraki MDM app?

 

In actuality, has that happened to you and what's the scale? I am asking as we only have less than 100 iPads so you're clearly a better use case given the scale of your deployment in terms of numbers? Thank you

@Boyan1  I've never had a user disable the setting once its enabled. To stop using resetting the device to factory defaults you can use this option in system managers settings.

 

Screen Shot 2020-07-16 at 11.50.37 AM.png

 

Depending on your use case you have two options.

 

First: When disabling Factory Reset for the user, you (or the user) will have to reset the iPad through iTunes in case of a software problem.

 

Second: You can always force location tracking to "ON" on DEP devices with "Lost Mode" and track the location. But remember, after activating and deactivating "Lost Mode" user will be notified.

 

Location tracking is not only an Apple thing, it's also a GDPR thing in the EU. Users must always be notified about location tracking. If your company policy informs the users before handing the devices out you are safe to force the user to enable location tracking. This could be achieved by some compliance policies.

@BlakeRichardson 

 

As I school district I have asked for Apple to give us the ability to force location services on through a profile setting as they are our devices. I'm still waiting and don't expect we will ever get this option though we should. 

 

I'm still waiting on the profile setting to force Bluetooth to always on, they gave us one for WiFi which was nice but we still need this one. I don't need a setting to restrict Bluetooth setting changes as that breaks the ability for students to pair devices.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)

@vassallon Hi can you clarify - when you say "Apple would do it for you" are you referring about editing the DEP settings profile which can be assigned to devices? That's something we can do ourselves? Maybe I got confused...

vassallon
Kind of a big deal

@Boyan1,

 

What I have asked for is a setting we can manage via MDM just like they gave us for forcing WiFi always on. 

 

vassallon_0-1595353383974.png

 

We can skip if location services appear during setup but I want a setting like this for both Bluetooth and Location Services to where we can check a box and know that both are always on.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels