Youtube for Schools

CJM
Comes here often

Youtube for Schools

Hello,

 

I'm wondering if anyone has found a solution to a problem we're experiencing. We have YouTube for Schools enabled on our network in strict mode (via our MX600). Our students use IPads managed by Meraki MDM. YouTube for Schools works great when students are logged into their school managed Google accounts. However, they can simply log out and log into a personal account to bypass all the restrictions. There's no policy in MDM that I can see that forces students to stay logged into their school managed Google Accounts. I know we can use a web proxy to force only approved domain accounts to function, but this seems excessive given we've got 2 solutions that should be able to handle this (the MX and MDM). Has anyone found a way to close this loophole for students?

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know the answer.

 

I believe this function works by intercepting the DNS queries for You Tube to be able to kick the function in.  The interception is done between the internal VLAN(s) and WAN interfaces.

 

Are you using internal or external DNS servers on these devices?

CJM
Comes here often

We use Cisco Umbrella for our DNS queries, but the interception happens on the Meraki MX side. Upon further investigation it looks like the Meraki "strict" YouTube setting is working on all levels. From our tests if a user is not signed into their Google accounts then the MX Strict setting is applied. If they're logged into their org account then it defers to the Google Admin settings. We're finding the MX strict and Google strict are slightly different. 

 

We're having issues with students and non-edu related content (not necessarily improper). At first we though they could bypass by logging into a commercial Google account. It appears that's not the case as so far it looks like the MX default strict applies. We're still testing some more.

PhilipDAth
Kind of a big deal
Kind of a big deal

I believe you also need the "hostname visibility" option turned on.

https://documentation.meraki.com/MR/Monitoring_and_Reporting/Hostname_Visibility 

CJM
Comes here often

Already set to detailed hostname vis.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels