The iPhone is connecting to the MR20 WAP which is on the same network of security devices MX64. As I remember that the OUTBOUND policy on the FW setting is default allowing ALL services and destinations IP.
I will login and check the FW setting on MX64 next Monday. Also will try to enrol another iPhone or iPad to figure out the issue is caused by Meraki SM or by the mobile iOS devices.
By the way, I also tried to download the Meraki SM app from Apple store, and scan the QR code to enrol, but the same problem can not install the Profile. Some pictures for your reference.