Meraki Community

Yeah, Meraki support will not be able to help you in any way unless you have admin access to the org which the AP is claimed. If you have access to the old Employees email, do a password reset and then login with these credentials and un-claim the AP.

Im guessing based on wording from the OP that the previous employee did this without permission and its going to be tricky to get this resolved.

Good luck to you. 

@MerakiDave just out of interest say the AP was originally claimed on the OP's Org and the employee unclaimed it and moved it to his own org can the OP make a case that he legally purchased the AP and has possession of it therefore it be moved back to Org or does this still require lawyers?

ps. It would be cheaper to buy the latest access point than talk to a lawyer trying to recover the old one.

@BlakeRichardson I thankfully haven't come across that specific case so cannot say for sure.  And I'll say the answer is not just a technical one, but also a matter of company process & procedure, employment agreements, etc.

So let's suppose an unhappy and unscrupulous employee, who had full org admin rights, right before they quit or walked out the door, did that.  They purposely remove and unclaimed equipment from their soon-to-be former company's dashboard org and claimed it into their own personal dashboard org for example, pretty much for the purposes of messing up operations or preventing the IT staff from accessing and controlling the equipment.

My first thought is that any company would obviously have legally binding employment agreements in place protecting them from sabotage like that, and would certainly press charges, which I suppose (I'm not an attorney) would amount to theft of service or denial of service since they may not have actually taken the physical equipment from the premises, but deliberately caused some level of outage, likely violating all kinds of rules/laws.

In addition, any reasonably well-established HR department is going to have formal policies and procedures in place regarding firings, exit interviews, etc that would further protect them, including revoking an employees admin rights and API keys ahead of time, disabling door badge reader access, etc.

And on the back end, Meraki can track every serial number of every piece of equipment ever sold along with its status and what Org it belongs to (or did belong to) and even what order number it was attached to, right down to billing and shipping addresses and customer ID including things like MCN (Meraki Customer Number) and a business tax ID.  As well as go back in time and look at every license ever applied to an Org.  Remember in addition to the event log, you've got Organization > Login Attempts and Organization > Change Log, so there's no way (not via Dashboard login or even via API) that anyone can deny having made such a change.  There would be an obvious and incriminating audit trail in plain sight.  

So I'm not saying an authorized dashboard admin couldn't cause a disruption, they could.  But they couldn't cover it up and would potentially be in a lot of legal trouble.  And if they physically stole an AP or removed other Meraki equipment from the premises, there'd be no way to have it come back up online somewhere else and remain undetected for very long, the second it came back online and talked to the cloud, there's a fresh record and audit trail.

So that's just my take on it, and it's unofficial as I'm a Systems Engineer in the field, and not on Meraki's Support or Legal teams.

@BlakeRichardson I thankfully haven't come across that specific case so cannot say for sure.  And I'll say the answer is not just a technical one, but also a matter of company process & procedure, employment agreements, etc.

So let's suppose an unhappy and unscrupulous employee, who had full org admin rights, right before they quit or walked out the door, did that.  They purposely remove and unclaimed equipment from their soon-to-be former company's dashboard org and claimed it into their own personal dashboard org for example, pretty much for the purposes of messing up operations or preventing the IT staff from accessing and controlling the equipment.

My first thought is that any company would obviously have legally binding employment agreements in place protecting them from sabotage like that, and would certainly press charges, which I suppose (I'm not an attorney) would amount to theft of service or denial of service since they may not have actually taken the physical equipment from the premises, but deliberately caused some level of outage, likely violating all kinds of rules/laws.

In addition, any reasonably well-established HR department is going to have formal policies and procedures in place regarding firings, exit interviews, etc that would further protect them, including revoking an employees admin rights and API keys ahead of time, disabling door badge reader access, etc.

And on the back end, Meraki can track every serial number of every piece of equipment ever sold along with its status and what Org it belongs to (or did belong to) and even what order number it was attached to, right down to billing and shipping addresses and customer ID including things like MCN (Meraki Customer Number) and a business tax ID.  As well as go back in time and look at every license ever applied to an Org.  Remember in addition to the event log, you've got Organization > Login Attempts and Organization > Change Log, so there's no way (not via Dashboard login or even via API) that anyone can deny having made such a change.  There would be an obvious and incriminating audit trail in plain sight.  

So I'm not saying an authorized dashboard admin couldn't cause a disruption, they could.  But they couldn't cover it up and would potentially be in a lot of legal trouble.  And if they physically stole an AP or removed other Meraki equipment from the premises, there'd be no way to have it come back up online somewhere else and remain undetected for very long, the second it came back online and talked to the cloud, there's a fresh record and audit trail.

So that's just my take on it, and it's unofficial as I'm a Systems Engineer in the field, and not on Meraki's Support or Legal teams.

In my country an employee doing that would actually be committing a crime ("Malicious Damage").  You would ring the police, and the person would probably be arrested shortly after.

I suspect if you then gave Cisco Meraki support a copy of the arrest warrant, and they can obviously see the nature of the change from the audit logs, they would have sufficient grounds to put things back how they were.

In fact in my country we have a "Section 252" of the crimes act that makes it illegal to access any computer system without authorisation - which would cover all former employees.  Up to a 2 year jail term for that.  And if you actually cause damage the term can start going up with other charges.

http://www.legislation.govt.nz/act/public/2003/0039/latest/whole.html#DLM200273