@Paul_CELP How is your DEP enrollment setup in Systems Manager? Are the devices added to that enrollment. I haven't done a direct phone transfer, but if your DEP enrollment is properly setup and allocated to the correct devices it should force them at the end of the transfer to enroll. You need to make sure that you are making enrollment mandatory and the MDM profile non-removable.   While I have never directly done so... I have worked with iCloud backups... My recommendation to you is to get your folks in the habit of using iCloud backup and having it configured. Are phones are heavily restricted so they use little data and only the apps I push out so the 5gb isn't and issue for us. I know when I take a backup of phone "A" and restore it on phone "B" during setup phone "B" goes through DEP after that backup is restored. ... View more

Sadly no, I installed the Meraki agent on a PC already bound to the domain. Then in order to populate a user the device needs to be enrolled again.   I actually did find a use for JumpCloud. To connect to WiFi it is WPA2 Enterprise with AD and your IP gets issued via Windows DHCP. I can fully shutdown my domain and authentication fails over to JumpCloud and DHCP fails over to my Synology HA Cluster and the DNS is changed to 8.8.8.8 and 8.8.4.4 -- that was the only use I found for JumpCloud in the end. ... View more

Are the devices joined to Meraki using just the agent or also the MDM tie-in (if it is even in Windows 7 -- I know it is in Windows 10)? If so, I believe if you remove the MDM connection, run the agent uninstall script, then delete the device from Meraki (in that order), it removes it. ... View more

I would go with the newer ones. A site walk through is your best option and see is panoramic might work best to eliminate multiple cameras in certain areas. ... View more

I also have RD issues with Meraki. ARD is my best friend. Using the profile + kickstart command you can successfully enable in on Mojave. ... View more

Glad to hear. The certificates can be a real pain.  ... View more

Hello All! Try reaching out to your local Apple store. They have been a great point of contact and very helpful for me. ... View more

The Meraki agent is generally broken. I would say that is the culprit of this specific problem. ... View more

I have never run into this specific issue, but is there one central account you used when signing up for Apple Business Manager and/or DEP? I would use that email and password and try re-syncing. This might be a Meraki issue though. ... View more

Apple has yet to implement this into the MDM framework. This request would have to be pointed to them and then implemented by Meraki.     ... View more

Also experiencing a similar problem. It seems Meraki doesn't like having to DC's plugged in or it throws off the sync. I removed one DC and re-synced AD groups and it seemed to have solve the problem.  ... View more

@alexis_cazalaa In iOS, there was usually a delay as profiles were coming down. It makes sure all profiles, wifi, webclips, etc. are installed right after the device is enrolled and while the user is completing setup.   I think the target groups is just to simplify scoping. I have no real use for it, but I guess if your scoping restrictions based on a student being enrolled in a grade and all grades get the restrictions you could make a target group called "All_Students" and target AD security groups containing students in 2019, 2020, 2021, 2022, etc. ... View more

@PeterJames Noticed the same thing here. Our domain controllers were re-done and Exchange moved from 2010 so we re-enrolled everything with the agent so we can query for AD membership. ... View more

Also experience all the same issues as above. @BlakeRichardson - How is pricing of Jamf vs. Meraki? If we were to do Jamf for Macs, I think we would switch all iOS over too - it is much more powerful, and cloudhosted like Meraki ... View more

@misterharrison The rule is that the most restrictive profile will take precedence. Having separate profiles is not a problem. You can leave your Meraki profile in place. ... View more

@PeterJames As long as you do those two fixes above it should be pretty smooth rolling out the custom profile. The only thing is the software updates will be delayed 1 day. I will look into editing the actual profile code and seeing it that solves the bugs I am seeing.    I agree with the bluetooth problem (especially in K-12 for Apple Classroom). My recommendation is to enforce the bluetooth restriction on any new DEP devices. In addition, you could possibly send the bluetooth command to your entire fleet and then tie that to a timed configuration profile to take effect 5 minutes after the command is sent then edit the scope to make sure is stays static. It is all about timing!   Jared ... View more

All,   In addition, I cannot stress the importance of fixing those current bugs in any restrictions profile you make in Apple Configurator 2 (available in the Mac App Store for Free) by setting software updates to 1 day and checking it and checking the two contact settings. I also want to bring attention to a few issues that can be solved with configuration profiles (especially in K-12).   Issue 1 Sharing of WiFi codes via proximity has been an issue many K-12 admins have brought up on other forums. This can be fixed with an Apple Configurator Profile with the following restrictions - push out both: Proximity password request not allowed Password sharing not allowed   Issue 2 VPN creation to bypass network filtering. This restriction is available in Meraki. This stops user's from configuring manual VPNs in settings, but does not stop VPN apps from working. I use a policy tied to a configuration profile and email alert to take care of this. I am using wildcard matches to take care of this. I published a solution here to take care of this, also add *betternet* and *aloha* to take care of this. Here is my most updated list:   Issue 3 Installing third party "enterprise apps" to bypass app store restriction. Enforce the following - both available in Meraki: Installing configuration profiles not allowed Trusting enterprise apps not allowed Sometimes a policy can help you detect apps like TweakBox and VShare tied to a profile and email notification, but stopping them from being installed in the first place is helpful. There are new ones popping up everyday.   This one is more of a tip, not an issue:   Enforce & Lock Device Name I shared an overview of how I am doing this here. I also invite you to "Make a Wish" for automated naming by pulling AD information (see here for more information).     I hope the above post and maybe some info in here is helpful. Please don't hesitate to reach out to me at my email below with any questions about Meraki SM iOS or Mac related.   Jared Flitt jflitt@caregivershomecare.com             ... View more

Hi All,   Meraki does give you the ability to upload profiles. Here is a write up for everyone to follow:   Step 1: Create new profile. Give it a name, identifier (I usually name it the same as the name), and organization (Meraki Inc. will work for this also).    Step 2: Adjust Restrictions to Take Care of AC2 Bugs Apple Configurator 2 has two bugs to be aware of. Even if you do not check to enforce delayed software updates it will change to 30 days. To get around this, check the software update delay and change it to ONE (1) day. This is the only work around I have found and will save you dozens of Help Desk tickets when none of your devices will update!  In addition, AC2 has some restrictions defaulted to change for contacts that your organization may not to push to your devices. Please check the following below so they DO NOT push (another Apple bug).   Step 3: Add Restriction to Enforce Data and Time Step 4: Save Profile NOTE: Please save you profile with the name you want it to Appear with in the settings panel of Meraki.   Step 5: Upload to Meraki   Systems Manager > Settings > Add Profile Click "Upload custom Apple Profile" and choose it from your save location. Then scope.      ... View more