I believe it is GA now.  ... View more

I just learnt something new. ... View more

>AGREED! MILES 4EVA (I am not really cool enough to say "4EVA".... is that even the right way? Or is it "4-eva"? something else?   67 ... View more

I like the level of detail in the release notes. ... View more

You can often block an app by creating Layer 3 firewall rules that block all access to the DNS domains it uses.   I asked Gemini: What DNS domains does zalo web, zalo app and viber app use? I want to block them on a firewall. Here is the answer: https://share.google/aimode/drsf0hGROflLdqMT5   Note the "Firewall Blocking Tips" section at the bottom.  Except I would just block all IP traffic. ... View more

I don't know if it is documented anywhere, but I explain how to apply per group policies here. https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-SAML-Group-Policy-assignment/m-p/245513/highlight/true#M54881   ... View more

I only saw these options when I selected "Open".  I did not see them when I selected any other option. ... View more

Well done team.  I see there are three blank spots for more people in the future ... ... View more

> it seems like the above two methods only work between identical devices.   You are correct. ... View more

No.  Once the WAN port is marked as down, no user traffic will go over it. ... View more

Also note that typically, you can only authenticate "member" users in your Entra ID.   You can authenticate Secure Client users directly against Entra ID (Access Manager is not required). https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SAML_Configuration   ... View more

I tend to use fisheye cameras in the middle of the area to be monitored when it is too expensive or too difficult to use multiple directional cameras.   Sometimes I use fisheye cameras to show overall movement in an area and combine them with directional cameras pointing at the entrance/exits (you use these cameras to capture high-quality images of people's faces).   ... View more

Keep it in the family.  🙂   Cisco Umbrella could do it. ... View more

https://documentation.meraki.com/Wireless/Design_and_Configure/Configuration_Guides/Encryption_and_Authentication/Microsoft_Entra_ID_Integration_with_Splash_page ... View more

The next thing I would try is to do a packet capture of port 53 and then start it up, and see if it touches any other DNS entries.   Also, watch out for it using hard-coded DNS servers.  I think it can use 1.1.1.1 and 8.8.8.8 if the normal DNS resolver does not work.  Access for clients to external DNS servers might need to be blocked. ... View more

If I set the authentication mode to "open" I see GPACL options.     ... View more

There is a guide for those who have lost the ability to login. https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Troubleshooting_and_Support/Support/Ways_to_Contact_Meraki_Support#Open_a_Case_Using_Webform   ... View more

I have done exactly this, but permanently.   The primary site had plenty of 10Gbe switch ports, so I used those. The DR site didn't, so I used a Gigabit port on the switch. ... View more

+1 to supporting passkeys and FIDO2 hardware keys. ... View more

I have not tested it, but I bet if you block all access to their DNS domains, you might have a shot. *.net.anydesk.com *.anydesk.com   With anyluck, this will prevent the agents from being able to "login". ... View more

There are lots of free courses in the learning hub. https://community.meraki.com/t5/Learning-Hub/ct-p/learninghub   ... View more

This is my best guess.  I am not hopefull that it will work.   I think you would need to edit the external user in Entra and change them from being a "guest" to a "member".  This will cause Entra to treat them like a standard "internal" user.   Next, I think you will need to use EAP-TLS. The password for an external user is only stored in the "home" authentication environment, so you would not have access to it for the authentication.  However, a certificate issued from your environment that includes their username would be trusted.     Going sideways, have you considered using the Splash Access student enrollment system?  It is purpose-built for this exact problem. https://www.splashaccess.com/portfolio/education/   ... View more

@DarrenOC , it's more like a Hotel now. ... View more

We did good.  🙂 ... View more

This is great! ... View more