So the solution is to spend another half a million dollars?!  I am looking to block personal mobile devices from getting on wifi, not MDM enterprise managed devices.  None of these personal devices would be managed whatsoever with MDM software but needs to be blocked off specific wifi networks.

Because we deployed Forescout and it has its shortcoming is cannot fingerprint mobile devices properly either.

Have you considered WPA2-Enterprise with 802.1X and only deploy the certificate to your managed devices ?

We already have a SSID using RADIUS servers with 802.1X auth using internal CA issued certificates, for all windows machines.  I will be turning off PEAP authentication off that network then personal devices with no enterprise issued certs can get on that network.  However, I have 1 PSK based network that I cannot readily change the preshared key on, that is why I'm looking for this feature to work.   My question is that if Meraki is detecting some clients properly under the "device type,os" field, then why isn't the feature at least working for those identified devices?  I get the whole user agent string thing through DHCP request and I've been down this path with meraki support.  I usually get a fall-off-the-cliff answer with support but noting this problem to them at the Cisco corporate office in Chicago only gets me pulled into a small room so I don't embarrass them in front of a large crowd red faced.  If this feature does not work at all, then by all means it should be taken off the dashboard completely.

I opened a Meraki support ticket and they played it as a firmware update as always, using v30.6 .  But this really doesn't fix the problem either after I upgraded ap firmware for some 40 wireless networks.  They did note that this feature does not work for 802.1x authenticated wireless network, and I accept that.  He did state that this should work for a PSK wireless network but it is not, no matter what firmware version the AP's are sitting on.

Once again, I have a PSK network that I cannot get rid of and readily change password on as many IoT devices are connecting to it.  We just need to block personal mobile apple and android devices not MDM managed.

HI

Did anyone manage to have this feature working? or Does Meraki plan to remove it from the dashboard, since a non working feature is misleading..

It still does not work properly for us, even with most apple devices properly identified by meraki via dhcp user agent string.

It didn't work at all for us.. as if the settings are not there.. I totally never expected that from Meraki

Anyone figure this out? I am also experiencing this issue and getting the run around from meraki support.  Or is it still a broken "feature"

This feature is still not working on AP firmware v30.7, a ton of months after I posted this originally.

Apple devices are sending accurate information down to the IOS version.  We verified this by talking to users in person and comparing their device types to meraki dashboard.  So why can't Meraki at least make that work?  It's virtually completely non-working since many months ago, it used to work "just a little bit" and now not at all.  

I literally manually block these by hand on a daily basis.

Let's not go down the path of talking about using 802.1.x auth and getting away from PSK SSID to prevent personal devices from getting onto a wireless network, we already talked about this above.  We have several reasons why we cannot change the password readily for our legacy PSK based SSID, that's why I went down this path hoping this feature would work.

Meraki should come out clean on why this doesn't work and kill this feature already.  I've opened at least 3 tickets on this over the years and it has gone nowhere.