All, In addition, I cannot stress the importance of fixing those current bugs in any restrictions profile you make in Apple Configurator 2 (available in the Mac App Store for Free) by setting software updates to 1 day and checking it and checking the two contact settings. I also want to bring attention to a few issues that can be solved with configuration profiles (especially in K-12). Issue 1 Sharing of WiFi codes via proximity has been an issue many K-12 admins have brought up on other forums. This can be fixed with an Apple Configurator Profile with the following restrictions - push out both: Proximity password request not allowed Password sharing not allowed Issue 2 VPN creation to bypass network filtering. This restriction is available in Meraki. This stops user's from configuring manual VPNs in settings, but does not stop VPN apps from working. I use a policy tied to a configuration profile and email alert to take care of this. I am using wildcard matches to take care of this. I published a solution here to take care of this, also add *betternet* and *aloha* to take care of this. Here is my most updated list: Issue 3 Installing third party "enterprise apps" to bypass app store restriction. Enforce the following - both available in Meraki: Installing configuration profiles not allowed Trusting enterprise apps not allowed Sometimes a policy can help you detect apps like TweakBox and VShare tied to a profile and email notification, but stopping them from being installed in the first place is helpful. There are new ones popping up everyday. This one is more of a tip, not an issue: Enforce & Lock Device Name I shared an overview of how I am doing this here. I also invite you to "Make a Wish" for automated naming by pulling AD information (see here for more information). I hope the above post and maybe some info in here is helpful. Please don't hesitate to reach out to me at my email below with any questions about Meraki SM iOS or Mac related. Jared Flitt jflitt@caregivershomecare.com
... View more