I use the Meraki API do do a handful of things in EM. Reporting, marking old devices, etc.
I am looking to automatically quarantine devices when a user is terminated but I don't see a quarantine function anywhere in the API reference. The API does allow you to wipe a device or remove management from the device, but not quarantine. In either the wipe or remove scenario, we lose control of the device at that point. Quarantine allows us to remove email, disable VPN, etc but retain control of the device (Most are company owned) until it can be reassigned, or management can be manually removed in the case of BYO devices.
Right now I am working on moving devices to a new network with no profiles in order to remove managed data and access from them on termination. I would rather use quarantine as it is quicker and this is really what quarantining devices is intended for.
@wperry1 I ran into the same issue. The two options I came up were 1. What you are doing by moving the device(s) to a new network. 2. Tie access to x,y,z to tags and then as apart of your termination script loop through the tags and delete all of them. Below is an example of that I used in python. This way all the access was removed but the device was still managed. You can play with the hostname variable too so that they show up something like `Termed-useraccount`.
Thanks @jm_peterson I thought about using tags, unfortunately we have some settings in a default profile that is applied to all devices. (Stupid move in hind site) For now, I will just move them all to a network with no profiles. I also opened a case with support. Maybe if they hear us asking for it they'll add a quarantine function to the API.
I got an update on my open case and they stated there is not currently any support for quarantine/selective wipe via the API. The support tech could not give me an ETA and did not state whether this was on the roadmap. He only suggested that I use the "Make a Wish" link to request the feature, which I have done. Hopefully this is a feature that they will enable soon.