Prevent Removal of meraki app on supervised IOS device?

soomeGUy
Here to help

Prevent Removal of meraki app on supervised IOS device?

I want users to be able to remove the apps they install themselves but not the meraki MDM app on ios 11 tablets.  They are supervised.  Is this possible?  

 

Also, is it still not possible to force location on so users who take the ipads home with them cant just disable locations services to not trigger geofencing?

 

 

8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal

I'm surprised uses can remove the Meraki app when supervised.  Are you sure?

 

I don't think there is much control with regard to location services.  Android seems to work nicer in this space.


@PhilipDAth wrote:

I'm surprised uses can remove the Meraki app when supervised.  Are you sure?

 

I don't think there is much control with regard to location services.  Android seems to work nicer in this space.


Yeah it lets you unless you have app removal restricted but then they cant remove any apps.  If this is not correct someone please let me know, as i could have a configuration issue then.

PhilipDAth
Kind of a big deal
Kind of a big deal

If you ask the device for its location - or for it to check in, does it tell you its location then?


@PhilipDAth wrote:
If you ask the device for its location - or for it to check in, does it tell you its location then?

in my testing no, you must manually enable location in the ipad settings under privacy.  its so silly, if its a DEP and supervised device the company should be able to force location always on.  its pointless to allow the end user to just turn it off when they want to steal it or take it outside the geofence zone.

@soomeGUy


I completely agree with you!

Our customers could have a one-click setup process without this in the way.

Thank you,
Peter James


@PeterJames wrote:

@soomeGUy


I completely agree with you!

Our customers could have a one-click setup process without this in the way.

Thank you,
Peter James


I think the issue is on Apples side though not Meraki I was hoping this would be addressed in IOS11 but I guess not.

Melissa
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hi @soomeGUy! I'm late to this thread, but I think the steps below will help.

 

Unchecking the restriction "Allow App Removal " under Restrictions> ios restrictions (supervised) will lock all apps on the device - which doesn't sound like what you want. Instead, I might make all managed apps set to auto-install, so even if a user deletes them, they will be reinstalled by SM. Using VPP device assignment will also set this up to install silently (the user can't block or deny this). 

 

Here's more on that - https://documentation.meraki.com/SM/Apps_and_Software/Using_Apple%E2%80%99s_Volume_Purchase_Program_...

 

Screen Shot 2018-02-06 at 3.54.42 PM.png

 

With regard to your question about geofencing and location services - at this time Apple does not provide the ability to force location services, except through Lost Mode. In your case, I might actually use IP override to gather location info for your devices, and set a geofencing policy that is active when devices are off/outside of your network. That would work even if location services have been disabled by the user. 

 

Another option would be to use time-based tags, instead of location based tags. Do you want the device to operate different when your users are offsite - or do you simply want to know when they are offsite?

 

https://documentation.meraki.com/SM/Monitoring_and_Reporting/How_Systems_Manager_Approximates_the_Lo...

jared_f
Kind of a big deal

As @Melissa showed, setting the Meraki MDM app to auto-install will re-install it silently of the user deleted it.

Find this helpful? Click the kudos button. Thanks!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels