The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About wperry1
wperry1

wperry1

Here to help

Member since Sep 26, 2017

‎03-29-2021
Kudos from
User Count
CarolineS
Community Manager CarolineS
1
Namgyu
Namgyu
1
Android_Admin
Android_Admin
1
BrechtSchamp
BrechtSchamp
1
View All
Kudos given to
User Count
dfurasek
dfurasek
1
Shany
Shany
1
BrechtSchamp
BrechtSchamp
1
PhilipDAth
Kind of a big deal PhilipDAth
4
VictorM
Meraki Alumni (Retired) VictorM
1
View All

Community Record

19
Posts
4
Kudos
0
Solutions

Badges

1st Birthday
First 5 Posts
Lift-Off
Points Contest - Jul 2019
Folding@home - May 2020 View All
Latest Contributions by wperry1
  • Topics wperry1 has Participated In
  • Latest Contributions by wperry1

Re: IPad's iOS 14 or later version cannot be updated

by wperry1 in Mobile Device Management
‎03-29-2021 12:06 PM
‎03-29-2021 12:06 PM
  I also have a ticket open with support on this, since Feb 10. They have confirmed it as a known issue. It wasn't a big deal until this weekend when Apply announced a vulnerability that is being exploited in the wild. Hopefully this issue will light a fire under the development team and they will get this fixed.   Kudos @Shany for the idea of resetting the delay to 1 day to work around the problem! ... View more

Re: Community Challenge: Folding@home

by wperry1 in Community Announcements
‎05-13-2020 01:59 PM
1 Kudo
‎05-13-2020 01:59 PM
1 Kudo
I'm in!   wperry1 ... View more

Android WiFi Profile in 'Work profile (BYOD)'

by wperry1 in Mobile Device Management
‎12-20-2019 09:39 AM
‎12-20-2019 09:39 AM
I have been fortunate enough to only need to support iPhones for a number of years but now find myself with a number of Android devices coming into my environment. I have managed to get the management, mail, and Anyconnect VPN configured but I seem to be stuck on WiFi.   We are using 802.1x authentication and have been authenticating iOS devices for a while without issue.   I can see the WiFi profile and certificate on the SM app configuration tab but it looks like it is trapped inside the work container. Am I missing something? Is there a configuration flag somewhere that will allow this device to connect to WiFi via the managed configuration?   Thank you, WP ... View more
Labels:
  • Labels:
  • Android

SAML/SSO Login Specify Landing Page (Feature Request?)

by wperry1 in Mobile Device Management
‎10-21-2019 10:59 AM
‎10-21-2019 10:59 AM
I recently configured SSO via SAML with our internal Idp and it is working but I would like to go a step further and specify the landing page for certain roles. In our use case, I have a read-only role for viewing reports and would like it to go straight to a specific reports page. (example: Oganization Summary Report   Is anyone aware of a value I could pass to specify the landing page for a given role after it is authenticated?   Thank you, WP   PS: I used the "Make a Wish" button but thought I'd check here to see if anyone already found a solution. ... View more
Labels:
  • Labels:
  • Monitoring

Re: System Manager API Device Scope By Tag

by wperry1 in Mobile Device Management
‎10-21-2019 10:48 AM
‎10-21-2019 10:48 AM
I'm a little embarrassed I didn't think of that. I tried a colon, semicolon, and space (%20). It didn't occur to me to use a comma.   Thanks for your help. ... View more

System Manager API Device Scope By Tag

by wperry1 in Mobile Device Management
‎10-16-2019 01:35 PM
‎10-16-2019 01:35 PM
Based on the documentation here, you can query devices by tag scopes but either it doesn't specify or I am misreading how to specify the scope.   The field description says   Specify a scope (one of all, none, withAny, withAll, withoutAny, or withoutAll) and a set of tags as comma separated values.   so it should be something like scope=withAny, but then what? Where do you list the tags to query?   Thank you in advance for any help on this. WP ... View more
Labels:
  • Labels:
  • API

Re: Quarantine Mobile Devices via API

by wperry1 in Mobile Device Management
‎07-26-2019 01:22 PM
‎07-26-2019 01:22 PM
Thanks @jm_peterson I thought about using tags, unfortunately we have some settings in a default profile that is applied to all devices. (Stupid move in hind site) For now, I will just move them all to a network with no profiles. I also opened a case with support. Maybe if they hear us asking for it they'll add a quarantine function to the API.   I got an update on my open case and they stated there is not currently any support for quarantine/selective wipe via the API. The support tech could not give me an ETA and did not state whether this was on the roadmap. He only suggested that I use the "Make a Wish" link to request the feature, which I have done. Hopefully this is a feature that they will enable soon. ... View more

Quarantine Mobile Devices via API

by wperry1 in Mobile Device Management
‎07-26-2019 08:54 AM
‎07-26-2019 08:54 AM
I use the Meraki API do do a handful of things in EM. Reporting, marking old devices, etc. I am looking to automatically quarantine devices when a user is terminated but I don't see a quarantine function anywhere in the API reference. The API does allow you to wipe a device or remove management from the device, but not quarantine. In either the wipe or remove scenario, we lose control of the device at that point. Quarantine allows us to remove email, disable VPN, etc but retain control of the device (Most are company owned) until it can be reassigned, or management can be manually removed in the case of BYO devices.   Right now I am working on moving devices to a new network with no profiles in order to remove managed data and access from them on termination. I would rather use quarantine as it is quicker and this is really what quarantining devices is intended for.    I welcome any input or ideas.     ... View more
Labels:
  • Labels:
  • API

Re: Archiving inactive Device entries in a BYOD environment

by wperry1 in Mobile Device Management
‎07-22-2019 02:05 PM
2 Kudos
‎07-22-2019 02:05 PM
2 Kudos
I use the attached script to identify and tag devices that haven't checked in for 30+ days via the API. You could add a step to export the data to a CSV or other data source.   ### SET THESE VARIABLES ### # Set the number of days old before the device is tagged. $cutOffDays = 30 # You will need to set your Organization ID Here. It is probably a 5-digit number $orgId = "" # You can find this by logging in to Meraki with your account. $tennantFQDN = "xxx.meraki.com" # You will need to get an API key from Meraki and put it here $apiKey = "" # Sets verbose output of REST requests $verbose = $true # Time (MS) to wait after each REST request (If you get errors about too many/too fast API requests, increase this number until you don't) $throttleMS = 100 ### ### # Setting some headers to be used with later requests $contentType = "application/json" $headers = @{ "X-Cisco-Meraki-API-KEY" = $apiKey } # Since Meraki is using Unix Timestamps, This will be used to conver them to DATETIME values later $start = Get-Date "1970-01-01T00:00:00Z" # Set the cutoff Date $cutOffDate = (Get-Date).AddDays(-1 * $cutOffDays) # Set the tag to be used for devices over the threshold $tag = "Over$cutOffDays`Days" # This is needed for SSL REST Requests to work properly [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function Get-SMNetworks{ # Build parameters to request the list of networks in your organization $params = @{ContentType = $contentType Headers = $headers Method = "Get" Uri = "https://$tennantFQDN/api/v0/organizations/$orgId/networks" Body = $null Verbose = $verbose } # Execute the REST request to return your organizations networks $networks = Invoke-RestMethod @params Start-Sleep -Milliseconds $throttleMS if($networks){ # If networks were found, filter the list to SME networks and return the result $networks = $networks | WHERE { $_.type -like "systems manager" } return $networks } } function Get-SMDevices{ param([string]$NetworkID, [string]$Fields) #Only proceed if a network ID was provided if($NetworkID){ $firstPass = $true $batchToken = $null # This request can only return 1000 results. Results are paged so you can retrieve all records through multiple results while($firstPass -or $response.batchToken -ne $null){ $firstPass = $false # Build the URI request and append either the requested fields or the batch token for page 2+ of results $uri = "https://$tennantFQDN/api/v0/networks/$NetworkID/sm/devices" if($batchToken){ $uri += "?batchToken=$batchToken" } elseif($fields){ $uri += "?fields=$fields" } # Execute the request $response = Invoke-RestMethod -ContentType $contentType -Headers $headers -Method Get -Uri $uri -Verbose Start-Sleep -Milliseconds $throttleMS # Update the Batch Token. Allows the next page of results to be retrieved $batchToken = $response.batchToken # Add the NetworkID to all devices returned (Used later as updates must be perfomred per network) $response.devices | Add-Member -MemberType NoteProperty -Name "NetworkID" -Value $NetworkID #Add the devices to the device collection $devices += $response.devices } return $devices } } # Load all your organization's SME Networks $networks = Get-SMNetworks # Load all devices from your SME networks $allDevices = $networks | % { Get-SMDevices -NetworkID $_.id -Fields "lastConnected" } # Get all devices that have and have not checked in in $cutOffDays days $addTag = $allDevices | SELECT id,serialNumber,tags,@{LABEL="LastConnect";Expression={$start.AddSeconds($_.lastConnected)}},NetworkID | WHERE { $_.LastConnect -lt $cutOffDate -and $_.tags -notcontains $tag } $remTag = $allDevices | SELECT id,serialNumber,tags,@{LABEL="LastConnect";Expression={$start.AddSeconds($_.lastConnected)}},NetworkID | WHERE { $_.LastConnect -ge $cutOffDate -and $_.tags -contains $tag } # These hashtables will be used to build the JSON requests and parameters for the REST Request $body = @{ "ids" = ""; "updateAction" = ""; "tags" = $tag } $params = @{ ContentType = $contentType; Headers = $headers; Method = "Put"; Uri = $null; Body = ""; Verbose = $verbose; } ### Tag Devices that have not checked in in $cutOffDays days ### foreach($network in $networks){ # This url will be used to send the tagging requests $netId = $network.id $params.uri = "https://$tennantFQDN/api/v0/networks/$netId/sm/devices/tags" # Get the devices for this network that need tags added $addTagNet = $addTag | WHERE NetworkID -eq $netId # Only execute the add tag operation if there are devices needing the tag if($addTagNet){ # Set the updateAction to add as wer are adding tags $body.updateAction = "add" # Add the device IDs to the body $body.ids = $addTagNet.id -join ", " # Convert the body to JSON $json = ConvertTo-Json $body # Add the json body to the request parameters $params.Body = $json # Execute the request to tag devices Invoke-RestMethod @params Start-Sleep -Milliseconds $throttleMS } # Get the devices for this network that need tags removed $remTagNet = $remTag | WHERE NetworkID -eq $netId # Only execute the add tag operation if there are devices needing the tag if($remTagNet){ pause # Set the updateAction to delete as wer are removing tags $body.updateAction = "delete" # Add the device IDs to the body $body.ids = $remTagNet.id -join ", " # Convert the body to JSON $json = ConvertTo-Json $body # Add the json body to the request parameters $params.Body = $json # Execute the request to tag devices Invoke-RestMethod @params Start-Sleep -Milliseconds $throttleMS } } ### ### ... View more

Re: iOS 13 iPad Detected as OSX - Profile Install Failed

by wperry1 in Mobile Device Management
‎07-01-2019 02:03 PM
‎07-01-2019 02:03 PM
@BlakeRichardson Thank you for your response.   Are you aware of an ETA for iOS 13 support? I only have one user for now but I would like to do some testing in my environment before iOS 13 goes public for everyone. ... View more

iOS 13 iPad Detected as OSX - Profile Install Failed

by wperry1 in Mobile Device Management
‎07-01-2019 11:05 AM
‎07-01-2019 11:05 AM
I ran across our first iOS 13 device today that one of our users just purchased. When I try to install the MDM profile, I get an error stating "Profile Installation Failed"/"Profile Failed to Install". On closer inspection, I found that it the url for the profile it is trying to install has OSX in place of IOS in the path so it appears it is being detected as an OSX device.   Normail iOS install URL:  https://ios.meraki.com/apple_mdm/ios?org=nnnnn iOS 13 iPad install URL: https://ios.meraki.com/apple_mdm/osx?org=nnnnn   Has anyone else run across this? I suspect this is something Meraki will need to fix in the device detection but am open to suggextions ... View more
Labels:
  • Labels:
  • Enrollment
  • iOS

Network Traffic Report Start and End Time Instead of Timespan

by wperry1 in Developers & APIs
‎12-17-2018 03:08 PM
1 Kudo
‎12-17-2018 03:08 PM
1 Kudo
I am attempting to log traffic and application data on our various networks and APs for importing into our corporate reporting tool but have found the limitation of only being able to request the last n seconds of data to be fairly limiting. It would be great if Cisco/Meraki would add the ability to supply a start and end time for data collection.   As of now, if my data collector misses a run, I just missed that block of data. I can select a larger block that includes the timeframe I am after but I can't get that window of time back.   Instead of this: api.meraki.com/api/v0/networks/NetworkID/traffic?timespan=nSeconds   Allow this: api.meraki.com/api/v0/networks/NetworkID/traffic?startingAfter=StartTime&endingBefore=EndTime    Thanks in advance for any advice! WP ... View more
Labels:
  • Labels:
  • Dashboard API

Re: Feature Request - Scheduled Sync

by wperry1 in Mobile Device Management
‎09-13-2018 04:16 PM
‎09-13-2018 04:16 PM
I know this is an old thread/request but this seems like a no-brainer. AD groups are useless if they aren't kept up to date. ... View more

Re: ActiveSync Access Control

by wperry1 in Mobile Device Management
‎10-10-2017 01:56 PM
‎10-10-2017 01:56 PM
@PatrickL wrote: Exchange email owner certs can be uploaded individually or in bulk through the Owners page: https://documentation.meraki.com/SM/Other_Topics/Owners#Managing_Owners I hadn't seen that you could do a bulk upload. This may be the answer I am looking for.  ... View more

Re: ActiveSync Access Control

by wperry1 in Mobile Device Management
‎10-10-2017 08:28 AM
‎10-10-2017 08:28 AM
I actually tried this, unsuccessfully. I signed the Meraki CA cert so internal systems will recognize the SCEP certs as valid. The problem is there is no way, that I'm aware of, to associate the SCEP cert with the user account so Exchange could use it for authentication.  ... View more

Re: ActiveSync Access Control

by wperry1 in Mobile Device Management
‎10-09-2017 12:00 PM
‎10-09-2017 12:00 PM
This is one solution I have looked into and, while I could automate the process of generating carts for the users, I would need to manually manage assigning the certificates to each owner/device. Is there any (semi)automated way of assigning certificates to users through Meraki? ... View more

Re: ActiveSync Access Control

by wperry1 in Mobile Device Management
‎10-09-2017 11:57 AM
‎10-09-2017 11:57 AM
Thank you for the response. Unfortunately, most of our users are in the field on mobile data so restricting WiFi access would not help. ... View more

Re: ActiveSync Access Control

by wperry1 in Mobile Device Management
‎10-05-2017 03:25 PM
‎10-05-2017 03:25 PM
That's exactly the issue.    We quarantine all new devices on Exchange and confirm they are compliant on Meraki before we authorize them, but some users have figured out that they can remove Meraki right after doing this. They then add back the ActiveSync connection manually. The device is already authorized in Exchange so they get their mail without the device being fully managed. Users are allowed more than one device, so I can, through a very manual process, reconcile the number of compliant devices a user has on Meraki against the number of devices they have on Exchange but there is no key field in the data from Meraki that can be used to explicitly identify the same device on both Meraki SM and in Exchange.     According to the Apple developer docs, there is an attribute, EASDeviceIdentifier, which is the DeviceId for Exchange and should be accessible via MDM. If Meraki SM passed this through via the web interface or API, it could be used to reconcile compliant devices against Exchange. It is documented on the page below. https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/3-MDM_Protocol/MDM_Protocol.html   Sorry if I got a bit verbose and I welcome any help on this. I really want to lock things down and reduce the management overhead on this.   ... View more

ActiveSync Access Control

by wperry1 in Mobile Device Management
‎09-26-2017 09:55 AM
‎09-26-2017 09:55 AM
How does everyone here control ActiveSync access to Exchange to ensure users are on Meraki and not manually entering their ActiveSync server settings? Right now we are controlling access by manually auditing compliant Meraki devices against Exchange ActiveSync devices but it's time consuming and not 100% accurate since there is no attribute that both Meraki and Exchange expose which can be used as a key field.   I have worked with a different MDM provider that had a proxy which sat between Exchange and the Internet and only allowed managed devices through but Meraki doesn't seem to have this.        ... View more
Kudos from
User Count
CarolineS
Community Manager CarolineS
1
Namgyu
Namgyu
1
Android_Admin
Android_Admin
1
BrechtSchamp
BrechtSchamp
1
View All
Kudos given to
User Count
dfurasek
dfurasek
1
Shany
Shany
1
BrechtSchamp
BrechtSchamp
1
PhilipDAth
Kind of a big deal PhilipDAth
4
VictorM
Meraki Alumni (Retired) VictorM
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Archiving inactive Device entries in a BYOD environment

Mobile Device Management
2 2943

Re: Community Challenge: Folding@home

Community Announcements
1 16147

Network Traffic Report Start and End Time Instead of Timespan

Developers & APIs
1 1577
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki