Setting and Locking Device Name

jared_f
Kind of a big deal

Setting and Locking Device Name

Hi All,

 

In my SM dashboard I re-name devices to the users "first, last" name. The issue I was running into was the name was being reset and it was causing issues with computer syncs with iTunes. To remedy this, I started locking the name from being changed right after I set it. Here is how I am doing it (currently only new devices going through DEP).

 

Create the following policy that checks to see if the Meraki app is installed:

- Systems Manager > Policies (under "Configure" heading) > "Add New" > Add Name (I called it Meraki_App) > Check "Mandatory App" (under "All Devices" heading) > type in the SM app identifier (I just used the wildcard: *Meraki* > Click "Save Changes"

 

Create Two Separate Settings [configuration profiles]:

- CONFIGURATION #1: Check the restriction "Keep device name up-to-date with Dashboard (iOS 9+)" and scope it statically to the devices.

- CONFIGURATION #2: Uncheck (disallow) the restriction "Allow modification of device name (iOS 9+)". This is going to be scoped a little differently than the first one. I used the "with ALL of the following tags" option and scoped it to my iPad group. In ADDITION to that, scope it to the policy that was created to check and see if the user installed the Meraki MDM App, in my case "Meraki_App - compliant devices".

 

Summary

What basically happens is the device will roll through DEP and the name will be set by the MDM server (this is why we created the first profile). Then, once the Meraki MDM app syncs down, the device becomes compliant with the lock policy and that name gets locked.

 

Addressing the concern about if the user deletes the Meraki MDM app. To my knowledge, policy compliance is checked when the device checks in to the server. During this time, the dashboard would re-install the MDM app (I have it set to auto-install). My testing shows that the user would have only about 10 - 20 seconds when that name lock restriction pulls off to re-name the iPad to something other than what you name it.

 

Can this be used with already enrolled/supervised devices?

Yes. As long as that name is synced from dashboard then you can lock it. I am currently running this on new DEP devices right now and going to roll it our next week on already enrolled devices.

 

I invite you to test this and share feedback! Please let me know if you have any questions.

 

Jared

 

Find this helpful? Click the kudos button. Thanks!
16 Replies 16
jared_f
Kind of a big deal

I feel this is implied, but I just want to note it if anyone did not know. If you are doing this on DEP devices you need to name them before setup takes place.

 

For already enrolled/supervised devices, you should have no problem enforcing this if you already named them. If you are going to start naming them to something (i.e. User Last, First or Serial #) then you have to give that time to cycle to each device before applying this.

 

 

Find this helpful? Click the kudos button. Thanks!
MilesMeraki
Head in the Cloud

Thanks for this Information @jared_f! More Kudo's coming your way 🙂

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
jared_f
Kind of a big deal

Thanks @MilesMeraki! I am just hoping naming automation is in the works!

Find this helpful? Click the kudos button. Thanks!
Diane
Getting noticed

I don't understand why (after all these years) Meraki hasn't implemented the ability to auto-name the device with the user name from authenticated enrollment.  The current "name" and "system name" fields are useless to me because I'm not inclined to manually set the name for nearly 8k iPads. The devices in scope for each app doesn't include the owner field, only the name fields so you can see my issue especially since "devices in scope" also doesn't let you search on the auto-tag field which are the AD groups I use for app assignment.  And yes, I've entered it in the wish list multiple times. I'm sure the genie that reads the wishes is sick of me. 

jared_f
Kind of a big deal

Exactly @Diane. I am so tired of submitting wishes and tickets - it is just a waiting game, similar to the DEP agent install.

 

Jared

Find this helpful? Click the kudos button. Thanks!
jared_f
Kind of a big deal

But, it was well worth the wait. 

Find this helpful? Click the kudos button. Thanks!
Diane
Getting noticed

Considering the other major MDMs have been auto naming based on a field for the last 6 years I'd say this should be a simple thing to add. Instead, time is apparently being spent on building a new overview page. I'd prefer they get the existing pages working properly before starting a new project (but they didn't ask me.)  I have a list of things that aren't working right or don't have continuity with the other dash functions but when I ask about it I'm told to enter it as a feature request. For example: We have the App Store removed for our students and I add the apps the teachers want them to have to the App Management page for them to choose from. They're assigned to the appropriate grade levels based on their Active Directory groups. We're up to 600 apps in that feature. On the individual app pages the Devices In Scope are not searchable by the AD group. In every other console such as clients, the AD group is a searchable item. 

 

I'd also like to see the page numbers, forward, and back option at the top of the screen as well as the bottom because when you're working with thousands of devices you have to scroll to the bottom to change the page, scroll to the top to select all then do the function such as add or whatever, scroll to the bottom and repeat. Seriously... how hard would it be to put page numbers at the top and bottom?  I asked for that a couple of years ago. Radio silence.  I could go on but it feels like wasted effort. 

 

<Rant Mode Off>

Melissa
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hi @Diane! Can you help me understand what you're looking to do here?

 

It sounds like you want to scope apps to your existing AD groups. 

 

AD groups would appear in the "User Tags" when scoping apps like this screen shot of an app page below - I'm not sure why you would need owners or names fields when scoping apps if the goal is to use AD groups. Can you help me understand the issue?

 

 

Screen Shot 2018-02-16 at 9.07.43 AM.png

Diane
Getting noticed

I didn't make that very clear. I'm sorry.  I already scope to AD groups. I want to be able to search the devices in scope by the AD group for various things that come up.  Since devices in scope doesn't include the owner name (from authenticated enrollment) the only way to find a particular iPad in that window is to get the serial number from the Clients console then paste it into the DIS search field. Aside from that I sometimes need to find a subset of student iPads and can't search based on an auto-tag.  I hope that makes sense. It's hard to articulate in text. The other consoles will search on auto-tags.

 

Screen Shot 2018-02-16 at 11.26.30 AM.png

 

 

 

 

Diane
Getting noticed

I didn't mean to hijack this thread.  My apologies to @jared_f!

Melissa
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Thank you @Diane!! That makes sense. 

 

I think the Tags Management page will definitely help you -can you email support@meraki.com and ask for them to enable it on your dashboard? (They should be able to enable this for any paid SM account)

 

The Tags Management page will let you see all devices, apps, and profiles in scope for any given tag - including auto tags (like device tags or security profile tags) and user/owner tags (like AD groups or ASM groups!)

 

Here are some screenshots of that below:

Screen Shot 2018-02-16 at 10.21.46 AM.pngScreen Shot 2018-02-16 at 10.20.36 AM.png

Diane
Getting noticed

I had tag management when it was in beta then it disappeared. Not sure why considering what we pay for Meraki Enterprise and the size of our deployment.  That doesn't help me anyway. I need to find a subset of iPads with a particular app assignment so I need it in the app devices in scope window so I can update, remove, or whatever.  When I just needed to find all devices by tag I do that from the Clients console. The point being that there's auto-tag search functionality in all the other console windows except that one. Seems like a simple fix since the code is already written. I consider it a bug in Apps2, not a feature request.

Melissa
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Got it - this makes sense. You'd like to be able to search devices by tag within an individual app. 

 

 

I can look into this!

 

That's definitely a feature request 🙂 I'll double down on it for you with the team. I can see how it would help your workflow! 

 

 

Diane
Getting noticed

That would be amazing. Thank you!!

 

alexis_cazalaa
Building a reputation

Capture.PNG

 

This is what you want. Had to submit multiple tickets and send multiple emails to get that pretty basic feature.

 

i'm sure "Melissa" can have this enabled for you...

Diane
Getting noticed

That's in the client list. I know I can search it there.  That option is NOT available in the apps devices in scope.  

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels