About jared_f

jared_f

When is SM going to be updated to be compatible with payloads for iOS 12. In addition, allowing configuration profiles to be installed before the user gets to the home screen? Any information about the future of SM would be helpful!

jared_f · ‎10-21-2018

Is the user the owner of the device? Try adding the owner option with the plus button.

jared_f · ‎10-21-2018

You guys are not the only one seeing this problem. Things are just becoming ridiculous with Meraki. We don't have plenty of Mac devices, but a decent amount of iOS. Jamf is sounding better and better each day for out use case even though it comes with a hefty price tag. I understand bugs; but the amount of them is ridiculous and support's response is either a sham work around or to submit a wish. Why bother updating the SM UI when other features are needed and the community shows interests in them? For example, the automated naming of iOS devices based on a users directory username has been a feature that has received top kudos from the community. We are responsible for rolling out a mobile clock-in/out app for employees by 1/1/19. This is going to require enrolling each users phone and pushing the application out. Reliability of this is mandatory. Ok... rant over!

jared_f · ‎09-27-2018

I haven't come across that specific error, but the things that usually pop out to me are APN certificates or a network problem (something is blocking Meraki/Apple from syncing down the profile). Seeing that anything prior to 10.13.4 is enrolling, I am pretty sure you can rule those out. The only other option I could think of is to manually retrieve the profile from dashboard instead of running manual enrollment from m.meraki.com. Another option would to be a force install of the profile via the command line.

jared_f · ‎09-27-2018

I would look into USB tethering. I believe it was released in iOS 11 last year.

jared_f · ‎09-26-2018

Anytime a new user is signing in with his/her AD credentials they were being prompted for an administrator username/password to bypass secure token. Here in an excerpt from the attached article explaining what causes the problem: "Ahh SecureToken; the gift that keeps on giving! macOS 10.13.4 introduced this new, undocumented dialog that would appear on first login under the following conditions: If the filesystem is APFS Whether or not FileVault is enabled If the Mac is bound to a directory service (e.g. Active Directory or LDAP) If there is a local administrator account present that has logged in at least once (e.g. the one created during the Setup Assistant). If the account currently logging in will be a directory based mobile account (i.e. it hasn’t been created yet and is logging in for the first time)" Luckily the author of this article has us covered with a custom profile that you can install on the computer level with Meraki to fix this. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <dict> <key>com.apple.MCX</key> <dict> <key>Forced</key> <array> <dict> <key>mcx_preference_settings</key> <dict> <key>cachedaccounts.askForSecureTokenAuthBypass</key> <true/> </dict> </dict> </array> </dict> </dict> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Custom</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>FF71CE36-0F95-42CB-81C6-67F1288AA037</string> <key>PayloadOrganization</key> <string>Your Organisation</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>FF71CE36-0F95-42CB-81C6-67F1288AA037</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>System - SecureToken Dialog Bypass</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>139BEF61-F90E-4BBB-9A3E-EAF3FE090B91</string> <key>PayloadOrganization</key> <string>Your Organisation</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>139BEF61-F90E-4BBB-9A3E-EAF3FE090B91</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist> Thanks to the author Neil Martin. Here is the link to the article: https://soundmacguy.wordpress.com/2018/06/02/bypassing-the-securetoken-dialog-for-mobile-accounts/

jared_f · ‎09-26-2018

@vassallon Are students assigned the device with their AD username and password or do they log in with their Apple School Manager address? I don't have access to ASM so I can't really play around with it. It seems like you sync ASM with your SIS and then ASM with Meraki. Then the education configuration takes care of the rest when you check the box to configure with ASM. Is there anyway to map student AD username (i.e. student ID) and match it with their ASM so an administrator doesn't have to re-assign the devices on already deployed iPads to get the education configuration properly scoped.

jared_f · ‎09-26-2018

Thanks for sharing!

jared_f · ‎09-26-2018

I am not positive of this so please correct me if wrong. Couldn't you uncheck and push "Allow modifying account settings (iOS 7+)" profile? The nice thing is that you could login with the Apple ID during setup (DEP) or even with manual enrollment (m.meraki.com) and then the option would be restricted. Seems way better than going to each device and trying to keep track of restriction passcodes.

jared_f · ‎09-21-2018

Block Apple update servers on your network if you don’t want people updating. Then setup a policy to alert you if anybody circumvents and updates.

jared_f · ‎09-21-2018

jared_f · ‎09-21-2018

This is already a feature in the restrictions profile. The day limit is an Apple limitation, not Meraki.

jared_f · ‎09-20-2018

Could you use tinyurl or create a record in your domain to forward it?

jared_f · ‎09-20-2018

That is not possible (even with a blacklist iOS will ignore it and still show it). You can restrict a lot of what is showing in settings with restriction profiles. Jared

jared_f · ‎09-20-2018

@Toine SM is Systems Manager - the MDM you have your Macs enrolled in. @BlakeRichardson, when you say package up? Do you mean scope as a profile? I would do this over sending it out in a .pkg with a script as it is unreliable in my opinion and there is no easy way to remove it. I would upload it in the Settings section (profiles).

jared_f · ‎09-20-2018

I know the bluetooth restriction locks the toggle off if it is set to off when the configuration profile is pushed. But it doesn't allow other devices to be paired? Very stupid on Apple's part. Would it be possible to use the Meraki API to send the bluetooth on command to all devices every "x" minutes? I would set it to two minutes and eventually people would just get tired of turning it off.

jared_f · ‎09-20-2018

Would the Energy Saver profile in Profile Manager work? Set both values to false and upload it to SM.

jared_f · ‎09-12-2018

Any word on this feature? It is still a top requested feature almost a year later. Are we still expected to do this via the API?

jared_f · ‎09-11-2018

Are you using shared devices? I am pretty sure that Webclips don't work with those. I would try what @BlakeRichardson.

jared_f · ‎09-07-2018

This happens when the APN certificate expires or something was corrupted. Is the device enrolled in DEP? If not, it it simple to just remove the profile and Meraki MDM app and re-enroll via m.meraki.com. Support will probably inform you to re-enroll the device. If it is enrolled in DEP it is tricky: -Take a backup of device A (the iPad that hasn't communicated) -Restore the backup of device A on another device "device B" enrolled in DEP -After restoring, make a buckup of device B -Restore backup of Device B on Device A Simply taking a backup and restoring that backup on the same iPad is not possible (DEP enrollment will not come down!). While wacky, this is the only patch that works.

jared_f · ‎09-07-2018

Pushing app credentials is not possible.

jared_f · ‎09-07-2018

You need to purchase the free VPP codes for the Meraki MDM app to get silent install. No Apple ID required.

jared_f · ‎09-02-2018

Apple Configurator 2 worked best for me, then I just uploaded and distributed. Make sure you include the certificate and Wi-Fi in the same profile so they get installed at the same time.

jared_f · ‎08-30-2018

This is a known issue, which I believe Apple intended to be a fail safe. Procedure: Backup of device A Restore it to Device B Backup Device B Restore it to Device A Obviously, you have to properly enroll the devices into Apple Business (DEP), sync with Meraki and assign the DEP enrollment settings before the device activates.

jared_f · ‎08-29-2018

@T1 Are you replying to me or the above user? I have DEP setup how I want it. We are leveraging VPP to do device based app assignment (everything is scoped via AD groups). Not a big deal (what my question was alluding to), but when you open the Meraki MDM app after freshly enrolling a device it prompts the users about location services. We can careless to have it on as the devices are tied to an Apple ID via Apple Business.

jared_f

Community Record

Badges