The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About Green_Ghost
Green_Ghost

Green_Ghost

Meraki Employee

Member since Jan 15, 2018

‎09-07-2022
Kudos from
User Count
vassallon
vassallon
1
Revilo
Revilo
1
PhilipDAth
Kind of a big deal PhilipDAth
1
CarolineS
Community Manager CarolineS
1
SimonA1
SimonA1
1
View All
Kudos given to
User Count
GiacomoS
Meraki Employee GiacomoS
1
MattMorg
Meraki Employee MattMorg
1
BlakeRichardson
Kind of a big deal BlakeRichardson
1
Revilo
Revilo
1
binarydaze
binarydaze
1
View All

Community Record

11
Posts
18
Kudos
0
Solutions

Badges

1st Birthday
First 5 Posts
First 10 Kudos
Lift-Off View All
Latest Contributions by Green_Ghost
  • Topics Green_Ghost has Participated In
  • Latest Contributions by Green_Ghost

Re: Profile not locking down iPad

by Meraki Employee Green_Ghost in Mobile Device Management
‎05-21-2021 08:47 AM
1 Kudo
‎05-21-2021 08:47 AM
1 Kudo
If you have ASM, then the first thing we need to do is get your devices to populate within Apple School Manager (ASM).   Depending on the vendor used, bulk iPad / iPhone / iPod Touch purchases will show up in your ASM account by default. These vendors are suggested by Apple, so they should all support automatically adding devices to your ASM account. The vendor should have more information on how to link the serials into your ASM account.   It is possible to add devices to your ASM account manually, but it is a tedious process. You will need a Mac with "Apple Configurator" installed, then you can follow our guide on manually adding devices to ASM/ABM*. Note, there is a 30 day grace period where all management will be lost if the device is reset within the grace period.   *Note, these terms are all similar, they all refer to the Apple device management solution and portal: ASM (Apple School Manager), ABM (Apple Business Manager) and DEP (Device Enrollment Program).   If you haven't already, make sure you add your required ASM tokens to dashboard (DEP, VPP).   ... View more

Re: Exporting to CSV from Meraki Dashboard - add Meraki Version

by Meraki Employee Green_Ghost in Mobile Device Management
‎05-18-2021 08:48 AM
1 Kudo
‎05-18-2021 08:48 AM
1 Kudo
@3dHutch wrote: I am interested in getting Meraki Version number in the export but I don't see a field for this. When you say Meraki version number, do you mean the current installed version for the Meraki SM app?   You could export from the "SM -> Apps -> SM" page to get this data. Or, you could use an API call. ... View more

Re: Block access to MacOS Migration Assistant

by Meraki Employee Green_Ghost in Mobile Device Management
‎05-14-2021 02:58 PM
1 Kudo
‎05-14-2021 02:58 PM
1 Kudo
It looks like you're trying to block the app using " Show or hide apps"  from the restrictions payload. This setting adds a config within the profile called " blacklisted App Bundle IDs" but it  is only supported on iOS, and not MacOS (documentation).   MacOS has Migration Assistant protected by SIP (system integrity protection), so it cannot be removed via "Systems Manager -> Software" or by any script.   Although SM can detect installed and running programs (via security policies, or fetch process list live tool), it does not have the ability to automatically kill those processes if they are running.   I would recommend that you submit a "make a wish" for the ability to prevent applications from being run, I don't see any simple way to prevent users from launching Migration assistant. ... View more

Re: Installing SM enrollment profile on Non-DEP macs

by Meraki Employee Green_Ghost in Mobile Device Management
‎05-14-2021 10:30 AM
1 Kudo
‎05-14-2021 10:30 AM
1 Kudo
A few years ago I had assisted a Meraki customer to script profile installations using the agent. Recently, we revisited this, so I'll share my findings with anyone else who may be in a situation where they do have the agent installed but do not have the profile installed.   Before MacOS Big Sur, the "Profiles -I" command could be used to install profiles, but Apple has deprecated this. I can only speculate, but I would assume this falls in line with many changes that Apple has been making lately focusing on user privacy and user knowledge of the permissions that their admins have. This means that if the device does not receive the profile through a DEP enrollment, the only method of installing a profile is via user action.    DEP would be the ideal scenario, but anyone reading this probably knows that ideal scenarios are rare for admins.   Although we can't silently install this anymore, we can utilize the agent to push a script that will prompt the user to install. As a proof of concept we did the following, this will download the profile and present the user with the following screen:                                 Baseline: Machines DO have the agent installed, but DO NOT have the profile   Step 1: Have Meraki support alter your network so that your enrollment profiles do not expire.  Without doing so, profiles expire 5 minutes after they’re downloaded, and they will fail to install after 5 minutes. Step 2: Download a non-expiring profile from m.meraki.com Step 3: Wrote a simple script. This was very simple in my case, it was just a proof of concept. The script simply loads the profile into MacOS, and then opens the UI to the exact location where the user can click “install”. You can get fancy here and include an image if you want: #!/bin/bash sudo open photo.jpeg # open a picture file sudo open meraki_sm_mdm.mobileconfig # load enrollment profile to system preferences sudo open -b com.apple.systempreferences /System/Library/PreferencePanes/profiles.prefPane meraki_sm_mdm.mobileconfig # open system preferences profiles, which presents the user with the install option   Steps 4+ follow the process from this document: https://documentation.meraki.com/SM/Apps_and_Software/Deploying_Scripts_in_Systems_Manager_using_Software_Installer    Step 4: Bundled my script and the non-expireing .mobileconfig profile into a .pkg installer file (this doesn’t install anything, its just how we run scripts via the agent) Step 5: Wrapped my .pkg into a DMG Step 6: Uploaded the DMG to Dashboard as an “app” Step 7: Scoped the app, making sure auto install was not selected Step 8: Manually pushed install command   The script can be as elaborate as you want. For example, you could likely use the "Profiles -list" command to check if the profile is installed, and only prompt the user if it isn't installed.   Feel free to reply to my post if there are questions about this.   ... View more

Re: Profile Error: The required field "UserIdentifier" is missing.

by Meraki Employee Green_Ghost in Mobile Device Management
‎12-10-2020 02:52 PM
1 Kudo
‎12-10-2020 02:52 PM
1 Kudo
In the cases that I've seen, this error relates to an education payload within the profile.   As things stand now, the Meraki SM team is unable to find any errors in the profiles we are sending to the end devices. We've tried to reproduce the issue in house, but so far this has not been reproducible.   Meraki has recently opened a case with Apple to better understand what could be causing these issues.   If you have an open case regarding this issue, the support engineer should be able to provide updates on the issue as the case develops with apple. Please feel free to link your assigned engineer to this community page.   -Dalton ... View more

Re: Getting error when enrolling Windows device(0x80180001)

by Meraki Employee Green_Ghost in Mobile Device Management
‎12-10-2020 02:20 PM
‎12-10-2020 02:20 PM
This error most often comes up when the SM licensing is exhausted.   If you have available licenses I'd recommend getting in touch with support.     ... View more

Re: iOS IP Conflicts

by Meraki Employee Green_Ghost in Wireless LAN
‎10-21-2020 09:03 AM
6 Kudos
‎10-21-2020 09:03 AM
6 Kudos
For reference, this is the issue.   iOS devices on some iOS 14 builds will randomly reply with an ARP message sourced from the expected MAC address, however the ARP payload will contain a different source MAC address. The MX will detect this potential conflict (in this example, MAC ending in ad:e0) and send an email alert.   This issue seems to be reported regardless of whether MAC randomization AKA "private address" is enabled on the iOS device.   [edit]: Once we have updated the devices to iOS14 beta 3, we have not observed this behavior at all.  [edit 2]: Photo edited to clarify ... View more

Re: iOS IP Conflicts

by Meraki Employee Green_Ghost in Wireless LAN
‎10-21-2020 08:50 AM
4 Kudos
‎10-21-2020 08:50 AM
4 Kudos
Apple mentioned that iOS 14.2 beta 3 should have resolved this issue. We've been testing this build in the lab where we have no longer observed this behavior. ... View more

Re: iOS IP Conflicts

by Meraki Employee Green_Ghost in Wireless LAN
‎10-14-2020 01:26 PM
1 Kudo
‎10-14-2020 01:26 PM
1 Kudo
Please be aware that the ability to disable MAC randomization via MDM profile may also be subject to an Apple side bug.   If the option to disable MAC randomization is selected, the user still has the ability to re-enable it within the UI. Meraki has also sent feedback for this issue as well.   This behavior is observable via profiles created directly within Apple Configurator which suggests that this may only be resolved through a future iOS update. ... View more

Re: Iphones and Androids Bluetooth not showing on BLE scanning/clients

by Meraki Employee Green_Ghost in Wireless LAN
‎06-26-2018 07:17 AM
1 Kudo
‎06-26-2018 07:17 AM
1 Kudo
Devices being paired does not guarantee BLE beacon advertisements, which are what Meraki APs are listening for. Bluetooth Low Energy (BLE) https://documentation.meraki.com/MR/Bluetooth/Bluetooth_Low_Energy_(BLE) ... View more

Re: Iphones and Androids Bluetooth not showing on BLE scanning/clients

by Meraki Employee Green_Ghost in Wireless LAN
‎06-26-2018 07:00 AM
1 Kudo
‎06-26-2018 07:00 AM
1 Kudo
Cisco Meraki AP devices only report BLE clients.   There are a few apps which can report BLE clients exclusively, which should give an indication of which devices will be seen by a Meraki AP.   Mac OS utility "Bluetooth Explorer" will also do the trick. This tool requires Apple Developer account (free).   If interested, search for, and download the DMG "Additional tools for Xcode [current version is 9.3]" from the following URL:  https://developer.apple.com/download/more/   This DMG contains a folder called "Hardware" which contains the application "Bluetooth Explorer" Within this application, select "Devices "->"Low Energy devices "->"Start Scanning"   If the device does not list, then it will not be detected by a Meraki AP      Bluetooth Low Energy (BLE) https://documentation.meraki.com/MR/Bluetooth/Bluetooth_Low_Energy_(BLE)     ... View more
Kudos from
User Count
vassallon
vassallon
1
Revilo
Revilo
1
PhilipDAth
Kind of a big deal PhilipDAth
1
CarolineS
Community Manager CarolineS
1
SimonA1
SimonA1
1
View All
Kudos given to
User Count
GiacomoS
Meraki Employee GiacomoS
1
MattMorg
Meraki Employee MattMorg
1
BlakeRichardson
Kind of a big deal BlakeRichardson
1
Revilo
Revilo
1
binarydaze
binarydaze
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: iOS IP Conflicts

Wireless LAN
6 18722

Re: iOS IP Conflicts

Wireless LAN
4 18734

Re: Profile not locking down iPad

Mobile Device Management
1 1384

Re: Exporting to CSV from Meraki Dashboard - add Meraki Version

Mobile Device Management
1 939

Re: Block access to MacOS Migration Assistant

Mobile Device Management
1 1259
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki