@swillette702 As other have said, you cannot lock certain apps with a password, but you could use the whitelist/blacklist profile and scope it on the user level and device level.   Are you deploying the Meraki MDM app? If so (and you have it enabled), users can login with their credentials (if they are configured in Meraki or using a directory connection) and be assigned different profiles depending on their position/department/etc.   I would create a standard blacklist profile for that iPad that hides all the apps you don't want the customer to see and scope that to the "customer owner". Anytime the "customer owner" is logged into the iPad, that blacklist will sync down. If an employee logs into the Meraki MDM app, then they see the employee set of apps (the blacklist would remove).   This is the only work-around I could think of. I don't have a test iPad on hands, but I am sure there is a better way to automate this with a series of policies and profiles so when no user is assigned to the iPad it gets the customer blacklist profile (hiding things you don't want the customer to touch) and when a employee logs in with his/her credentials then they get to see everything. Once I get my hands on a tester, I will give it a go and report back.   Jared     ... View more

@BlakeRichardson I tried making an iCloud backup on a non-dep device, added the device to DEP and went through setup. After restoring from the iCloud backup during settings, DEP does not come down.      ... View more

In summary (that thread was long):   Device A needs to be put in DEP? Make a backup of Device A and restore it on Device B then make a backup of Device B and restore it on Device A   The following will NOT work:  Backing up Device A, erasing Device A, restoring Device A  DEP enrollment will not come down. ... View more

Totally forgot lol! I will be sure to submit in the next contest! ... View more

Is everything ok on the certificate side (with Apple)? What happens if you send a mass check-in command? ... View more

I support this 100%. In addition, allowing us to add tags to that specific enrollment profile and allowing device names to be populated based on variables like $username, etc. ... View more

I really want Meraki to allow the user invite to happen via the Meraki MDM Self Service app. Then, the user can just go in an accept the invitation. ... View more

@DCBUK Unfortunately, there is no other option besides renewing the certificate and re-enrolling. Once the certificate expires, devices must be re-enrolled. ... View more

I think taking a backup via Apple Configurator 2 and restoring the device would work.    In addition, do you have an Airport Express or AP laying around? I would clone the network name and password and try to join the iPad to that. Then the restriction should come off. ... View more

As @PhilipDAth mentioned, it is not possible to have a personal device enroll if the user logs into your domain email.    I would be cautious opening up enrollment to personal devices as Meraki does collect logs and inventory on any enrolled device and often users don't understand that. Also, this would chew up a lot of your licensing. What is your cause wanting to have users enroll their personal devices?  ... View more

Thanks @nextgenconcepts. I was not signing in with an administrator account, just one that had access to DEP and VPP.    After upgrading, I ran into a token issue with Meraki and DEP would not sync over. Re-uploading the token seemed to resolve the issue. I am not seeing the issue with full/partial syncs though so that may have been resolved.   Jared ... View more

Off topic: but, where is the upgrade option to upgrade to Apple Buisness? I looked to do it when I saw the press release, but I couldn’t find how I move over. Do I reach out to my account manager at Apple?   Thanks, Jared ... View more

@TimL If none of the above is working, log in to deploy.apple.com and go to VPP and re-download the token. Then under Organization > MDM > (Click your VPP Account) > Re-upload token to Update. Then try are force sync via the VPP panel in Meraki. ... View more

Congrats latest MOTM's! ... View more

Apple School Manager is defiantly the root to go here. Meraki has never had a student information system (SIS) importer so syncing with ASM is the best route.   ... View more

I have never seen this before. Maybe the device broke MDM connection or the MDM profile "mysteriously" got removed.  ... View more

Are you assigning the iPad to a user in Meraki or using any AD credentials (have them authenticate at enrollment)? While it might be a pain, if you aren't using something like AD I would take the time to enter each students information as a "owner" in Meraki. Then I would tag each user with his/her graduation date (It looks like @vassallon does so) and class membership ~ you can use the same class tags with different users and they would be grouped. I prefer to do everything at the user level because when a user breaks the device, they roll through setup themselves and once they authenticate all user specific content comes down. I have attached a screenshot of this approach. If you aren't using something like AD I would definetly look into Apple School Manager as it syncs with your SIS. Once you sync SIS with Meraki it would take care of what I basically did manually below.   I make any apps that everyone can have available in Meraki MDM and allow users to install from there (use the iOS device tag). Then I get specific based on department (in your case: classes) membership and if someone request an app.   There is a few ways to approach only allowing school approved apps on an iPad. You could disable the App Store, but I prefer to push out a whitelist of the apps I am deploying in Dashboard and allow users to preform app updates in the App Store.      I hope this helps, I have never ben a fan of over-tagging devices. I prefer the user and policy approach...  this is what I have found works best in my opinion, but others here are also very knowledgeable and especially those in K-12 would probably help you better. ... View more

The reason naming via DEP would be better is you would not have to wait until device are enrolled to trigger a name change. Also, you can lock the name right after it changes using a few policies.  ... View more