About jared_f

jared_f

Have a problem with users connecting to a guest wifi on a managed device? Saw this on another form and thought it was a neat work around ~ push out the wifi SSID, disable auto-join, and put in a random & wrong password! Device won't join the wifi and user does not have the option to override it.

jared_f

Also, Meraki wouldn’t be collecting data from unmanned devices (the iPhone).

jared_f

Are you using authentication? That may be causing the problem. Also, make sure you have the Meraki certificates selected when enrolling devices. If not, they won’t ping the server resulting in errors.

jared_f

I have come to realize that Meraki is rarely wrong in its software inventory. Are you sure that the student didn’t delete it before seeing you? I would take that blacklist of apps and push out a blacklist “deleting” (really hiding) them in managed iPads. Also, maybe a policy with an email notification would be useful too.

jared_f

Are you enrolling your Apple TV into DEP or just using the manual enrollment payload?

jared_f

I 100% agree. Not only the Dashboard app, but the Meraki SM app.

jared_f

When iOS 11.3 was released a bug was identified that caused issues with updating/MDM connection to the iOS device. The administrator would push the iOS 11.3 update and it would throw it into a loop, similar to the error you are seeing. Did you push iOS 11.3 with Meraki? This is the only thing that has caused similar problems to what you are seeing. http://piunikaweb.com/2018/04/04/ios-11-3-breaks-apples-mdm-mobile-device-management-protocol/

jared_f

As @vassallon states, no it is not possible to enforce app configurations. It has been a while since I have used AC2 to "image" an iPad, but could you possibly configure an iPad and create it as the master backup and sync it to all the others? I believe you can use automated enrollment DEP in AC2 for Meraki. Not sure if this would work, but that is the only work around I could think of. ~Jared

jared_f

Did any of you push the software update command on iOS 11.3? It puts devices in a loop of software update commands, similar if not identical to what you are seeing.

jared_f

Thanks @CarolineS and Meraki team!

jared_f

Our users have to authenticate with their directory credentials to login. I don't do any other Windows Server administration, but we have them all in different groups broken down from All Employees, Department, and all of the branch offices. I believe AD is synced nightly on Meraki. Once the user assigns themselves the tablet, the appropriate configuration comes down. But, I do see this as an issue for lab or loaner machines.

jared_f

We have also ran into this, a real pain. The few macs we have (marketing uses them) are enrolled with a pkg I made that installs the MDM profile, Meraki Agent, and a local management account. None of them were hitting Meraki or installing any programs - ended up being this stupid click to approve. It even does it with profiles installed by root. Very stupid, clearly they are pushing DEP, while I am a fan of it for our mobile fleet it is a pain for computers because you have to trigger everything to install from your MDM provider.

jared_f

I agree with @PhilipDAth “sync” is a very strong word. No user information like position, etc. The only advantage is syncing AD groups.

jared_f

The device has not received its configuration from DEP. As soon as the device enrolls, it will show as pushed.

jared_f

@PhilipDAth Thanks for all your help. Does Meraki only sync the username of the user and the AD groups they are in? When I click on their AD profile in Meraki, it seems to only show their username. Thanks, Jared

jared_f

Why is Two Factor Authentication needed? If all devices are SM managed you just have to scope the Classroom profile to the students and teachers. Are you signed up for VPP and DEP? Apple School manager does most the work from my understanding. Not really in education IT so I can't really help. Maybe a K12 admin will chime in.

jared_f

@Jordanw Are you using Apple Classroom yet?

jared_f

Good luck. The only other thing I could think of it to get rid of Safari via a restriction and push a safe browser available in the App Store. For device filtering: I am really a fan of http://www.mobicip.com - they do cost a bit, but there is no appliance and you just push the proxy configuration profile.

jared_f

Also, are you using any filtering solution like OpenDNS or Light Speed on the network side?

jared_f

Unfortunately, this is not possible. What kind of traffic are you seeing? Maybe push out the web content filter payload?

jared_f

Thanks @PhilipDAth. I thought I was doing something wrong. Also, is it possible to restrict certain AD users from enrolling or is that not possible?

jared_f

I have AD setup on Server 2016 and have it communicating with Meraki. I only ever scope to AD groups and rarely am doing back end user/computer management - so the management aspect is still new to me. So, are users supposed to only pupate in Meraki once they enroll (authenticate either via DEP or m.meraki.com) and then whatever groups they are in come over or should I be able to que an AD sync and all users in AD and their groups come over. Thanks Jared

jared_f

Both of them do the same thing. Not sure why there are two text fields.

jared_f

@alexis_cazalaa That is correct. This is not Meraki's fault, but is an Apple limitation. I highly recommend enforcing bluetooth on during DEP enrollment (if you are using it). This ensures it will be locked on.

jared_f

@alexis_cazalaa I just tested it, even though it is turned off at control center, Apple Classrooms still works.

jared_f

Community Record

Badges