Meraki

PaulF · ‎Aug 9 2024

This is a limitation of the Android Enterprise API: There's no ability for us to prevent users turning location on or off.

PaulF · ‎Aug 9 2024

Both of these are suitable solutions to not using conditional access. Duo Trusted Endpoints is the easiest to roll out

PaulF · ‎Aug 9 2024

You can hide the settings application (Use the Android System Apps payload) but that doesn't stop the user from using shortcuts to turn off location A limitation of android, sadly

PaulF · ‎Jul 25 2024

import meraki API_KEY = '<YOURAPIKEY>' client = meraki.DashboardAPI(API_KEY) networks = client.organizations.getOrganizationNetworks(organizationId="<YOURORG>") clientNum = 0 for network in networks: try: clients = client.networks.getNetworkClients(networkId=network['id']) print(len(clients)) clientNum = clientNum + len(clients) except meraki.APIError as e: result = 'fail' print("Total Clients", str(clientNum)) There's no ORG wide API call presently for network clients, so you'll have to cycle through each network Replace <YOURAPIKEY> and <YOURORG>

PaulF · ‎Jul 15 2024

The easiest way would be to use Meraki WiFi and Systems Manager and spend 15 seconds, yes, SECONDS deploying certs to all of your devices, utilising the built in PKI and RADIUS in Meraki Dashboard But, as you're not doing that, so.... 1. Create a new Setting (Systems Manager > Settings > Add profile) 2. Give is a name 3. Add a certificate payload: You'll have to reach out to ClearPaass to work out what type, either dynamic or static 4. Add a wifi payload to the same setting, and configure the various 802.1x options under Security > WPA2 Enterprise > Protocols / Authentication / Trust 5. Under Authentication > Identity Certificate, choose the SCEP / Cert payload you created earlier

PaulF · ‎Jul 15 2024

So long as you haven't blocked the ability to modify account settings, the user can very easily click the icon top right of Google Play, click the down arrow next to the AFW account, and then add another account giving them access to all of google play

PaulF · ‎Jul 1 2024

This is only true if you are using Apple's ADE. To ensure, if the powers that be decide not to buy a license, that you edit the MDM server: This will ensure that it doesn't try to enroll again after a wipe

PaulF · ‎Jun 25 2024

You're going to need to either deploy a script to install the contents of your DMG, or follow the section titled, Building your package : DMG / PKG (silent installer) https://community.meraki.com/t5/Mobile-Device-Management/HOWTO-Package-files-scripts-and-apps-together-for-macOS/m-p/187857

PaulF · ‎Jun 20 2024

I've reached out to product management for you. Can't offer anything more at the moment, but watch this space

PaulF · ‎Jun 19 2024

Zabbix supports API usage: https://www.zabbix.com/integrations/meraki If there's something that Zabbix doesn't support, this should be relatively easy to integrate, as the Meraki API is REST based https://developer.cisco.com/meraki/api-v1/get-network-events/ would be a good place to start Also, it would be helpful to understand what you means by "logs"

PaulF · ‎Jun 14 2024

Everything you ever wished to know: https://documentation.meraki.com/SM

PaulF · ‎Jun 5 2024

Firstly, https://www.youtube.com/watch?v=-d37z6qCGLQ And when you get to the Consumer URL part, you can use : The vision one instead of the normal one

PaulF · ‎Jun 5 2024

Firstly, for those that don't know, we maintain a YouTube channel, called MerakiMinute that covers various features of Meraki in short, easily digestible videos In the video below, we cover how to configure SAML authentication with the Meraki Dashboard, using OKTA as the IDP https://youtu.be/-d37z6qCGLQ Of course, other IDPs are available, which are covered here: https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_Single_Sign-on_for_Dashboard And for diagnosing login problems, you can use the link below: https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/SAML_Login_History_Events

PaulF · ‎Jun 5 2024

Will feed this back

PaulF · ‎Jun 5 2024

Systems Manager doesn't have that level of granularity just yet, but I will feed this back to the team. I had a look at the API (in case you wanted to consider building a portal just for this), but whilst we have an API for Lock we don't have one for Lost

PaulF · ‎Jun 4 2024

Firstly, apologies if you've not seen this. It was launched a while ago, and I've only just stumbled upon it https://youtu.be/HIJrktiaQ_o Essentially, Limited Access Roles give you the ability to segment a Systems Manager network, so that admin A can only see devices that are tagged with a particular role. So, for example, the administrator of a hospital in Milan can only see devices in their dashboard that are tagged with Hospital-IT-Milan, for example. Now, there's severa things you need to do 1. Create the role(s) 2. Create the admin(s) 3. Tag the devices This ALSO works with SAML too: Now, obviously, if you've a LOT of admins, roles, devices to tag / create, all of this can be done with the Meraki API https://developer.cisco.com/meraki/api-v1/create-organization-sm-admins-role/ https://developer.cisco.com/meraki/api-v1/create-organization-admin/ https://developer.cisco.com/meraki/api-v1/modify-network-sm-devices-tags/ and, if using SAML https://developer.cisco.com/meraki/api-v1/create-organization-saml-role/ Full details here: https://documentation.meraki.com/SM/Other_Topics/Limited_Access_Roles and, for nostalgia: https://meraki.cisco.com/blog/2015/06/limited-access-roles-for-systems-manager/

PaulF · ‎Jun 3 2024

Can you create a case for this? I feel that everyone would benefit from this, but, obviously, validation by engineering needs to take place

PaulF · ‎May 24 2024

You may be getting errors when using the portal. It's because Google are mandating that you accept the new terms and conditions: https://www.androidenterprise.community/t5/service-announcements/fix-available-toserror-responses-accessing-zero-touch-customer/ta-p/4041

PaulF · ‎May 14 2024

https://ss64.com/mac/installer.html is also your friend

PaulF · ‎May 14 2024

Whilst this is true, if you're building your own packages, you may be able to accept prompts on the user's behalf. This is a post install script I created a few years ago to install CaptureOne #!/bin/bash dmgPath="/tmp/CaptureOne12.Mac.12.1.4.dmg" mountPath="/Volumes/Capture One 12" /usr/bin/expect<<EOF spawn /usr/bin/hdiutil attach "$dmgPath" -nobrowse -quiet expect ":" send -- "G" expect "" send -- "\n" expect "Agree Y/N?" send -- Y\n" expect EOF EOF if [[ -e "$mountPath" ]] then cp -r "$mountPath"/"Capture One 12.app" /Applications/"Capture One 12.app" fi umount "$mountPath" rm -rf "$dmgPath" exit 0 You'll note that you can accept various prompts I'd reach out to Tanium and ask for help here, but if you can get the prompting working you may be on the home straight

PaulF · ‎May 14 2024

Have you seen: https://community.meraki.com/t5/Mobile-Device-Management/HOWTO-Package-files-scripts-and-apps-together-for-macOS/m-p/187857 The important thing is to ensure that you know the bundle ID for the macOS software, else SM will try to install repeatedly, because it will never know that it installed correctly (by design) For Windows: https://community.meraki.com/t5/Mobile-Device-Management/HOWTO-Package-files-for-deployment-to-windows-computers/m-p/117459

PaulF · ‎May 13 2024

https://community.meraki.com/t5/Feature-Announcements/bg-p/new-features and https://www.youtube.com/merakiminute (where I'll do a video in the feature when it comes out)

PaulF · ‎May 13 2024

This is not supported right now, but I completely understand the use case. Reach out to your Meraki Rep if this is an important feature for you and ask them to create a feature request

PaulF · ‎May 13 2024

Have you tested with the Email Domain name (Systems Manager > General > End User authentication settings) to manipulate the domain (ie: getting the username from AD and then adding acme.com to the end)?

PaulF · ‎May 13 2024

Whilst this should be in the MV forum, I can answer There's two things that need to be adopted by the MV Vision app to support fully automated deployment 1. managed app config 2. Silent auth Both are being worked on currently, but auth is proving to be much more difficult (as cert auth is not something that has traditionally been supported by Meraki Dashboard). So, watch this space, and we'll have something soon.

About PaulF

PaulF

Community Record

Badges