Would you be able to confirm whether the webclip was pushed using the "fullscreen" flag?   Our testing seems to show that the "fullscreen" flag causes the push to behave as a PWA. Without the flag, it behaves as a standard bookmark.   The current assumption is that DMA compliant iOS versions will simply treat them as bookmarks, ignoring the full screen flag, and opening in the browser. ... View more

It is possible that an issue prevented your dashboard organization to link to your Meraki customer account (which would allow the customer number to populate). The case creation UI is within the "get help" section.   I would recommend calling the support number The support team should be able to find your organization and validate your identity if you provide a license key that is active on your dashboard organization.   ... View more

If you have ASM, then the first thing we need to do is get your devices to populate within Apple School Manager (ASM).   Depending on the vendor used, bulk iPad / iPhone / iPod Touch purchases will show up in your ASM account by default. These vendors are suggested by Apple, so they should all support automatically adding devices to your ASM account. The vendor should have more information on how to link the serials into your ASM account.   It is possible to add devices to your ASM account manually, but it is a tedious process. You will need a Mac with "Apple Configurator" installed, then you can follow our guide on manually adding devices to ASM/ABM*. Note, there is a 30 day grace period where all management will be lost if the device is reset within the grace period.   *Note, these terms are all similar, they all refer to the Apple device management solution and portal: ASM (Apple School Manager), ABM (Apple Business Manager) and DEP (Device Enrollment Program).   If you haven't already, make sure you add your required ASM tokens to dashboard (DEP, VPP).   ... View more

@3dHutch wrote: I am interested in getting Meraki Version number in the export but I don't see a field for this. When you say Meraki version number, do you mean the current installed version for the Meraki SM app?   You could export from the "SM -> Apps -> SM" page to get this data. Or, you could use an API call. ... View more

It looks like you're trying to block the app using "Show or hide apps" from the restrictions payload. This setting adds a config within the profile called "blacklistedAppBundleIDs" but it is only supported on iOS, and not MacOS (documentation).   MacOS has Migration Assistant protected by SIP (system integrity protection), so it cannot be removed via "Systems Manager -> Software" or by any script.   Although SM can detect installed and running programs (via security policies, or fetch process list live tool), it does not have the ability to automatically kill those processes if they are running.   I would recommend that you submit a "make a wish" for the ability to prevent applications from being run, I don't see any simple way to prevent users from launching Migration assistant. ... View more

A few years ago I had assisted a Meraki customer to script profile installations using the agent. Recently, we revisited this, so I'll share my findings with anyone else who may be in a situation where they do have the agent installed but do not have the profile installed.   Before MacOS Big Sur, the "Profiles -I" command could be used to install profiles, but Apple has deprecated this. I can only speculate, but I would assume this falls in line with many changes that Apple has been making lately focusing on user privacy and user knowledge of the permissions that their admins have. This means that if the device does not receive the profile through a DEP enrollment, the only method of installing a profile is via user action.    DEP would be the ideal scenario, but anyone reading this probably knows that ideal scenarios are rare for admins.   Although we can't silently install this anymore, we can utilize the agent to push a script that will prompt the user to install. As a proof of concept we did the following, this will download the profile and present the user with the following screen:                                 Baseline: Machines DO have the agent installed, but DO NOT have the profile   Step 1: Have Meraki support alter your network so that your enrollment profiles do not expire. Without doing so, profiles expire 5 minutes after they’re downloaded, and they will fail to install after 5 minutes. Step 2: Download a non-expiring profile from m.meraki.com Step 3: Wrote a simple script. This was very simple in my case, it was just a proof of concept. The script simply loads the profile into MacOS, and then opens the UI to the exact location where the user can click “install”. You can get fancy here and include an image if you want: #!/bin/bash sudo open photo.jpeg # open a picture file sudo open meraki_sm_mdm.mobileconfig # load enrollment profile to system preferences sudo open -b com.apple.systempreferences /System/Library/PreferencePanes/profiles.prefPane meraki_sm_mdm.mobileconfig # open system preferences profiles, which presents the user with the install option   Steps 4+ follow the process from this document: https://documentation.meraki.com/SM/Apps_and_Software/Deploying_Scripts_in_Systems_Manager_using_Software_Installer    Step 4: Bundled my script and the non-expireing .mobileconfig profile into a .pkg installer file (this doesn’t install anything, its just how we run scripts via the agent) Step 5: Wrapped my .pkg into a DMG Step 6: Uploaded the DMG to Dashboard as an “app” Step 7: Scoped the app, making sure auto install was not selected Step 8: Manually pushed install command   The script can be as elaborate as you want. For example, you could likely use the "Profiles -list" command to check if the profile is installed, and only prompt the user if it isn't installed.   Feel free to reply to my post if there are questions about this.   ... View more

In the cases that I've seen, this error relates to an education payload within the profile.   As things stand now, the Meraki SM team is unable to find any errors in the profiles we are sending to the end devices. We've tried to reproduce the issue in house, but so far this has not been reproducible.   Meraki has recently opened a case with Apple to better understand what could be causing these issues.   If you have an open case regarding this issue, the support engineer should be able to provide updates on the issue as the case develops with apple. Please feel free to link your assigned engineer to this community page.   -Dalton ... View more

This error most often comes up when the SM licensing is exhausted.   If you have available licenses I'd recommend getting in touch with support.     ... View more

For reference, this is the issue.   iOS devices on some iOS 14 builds will randomly reply with an ARP message sourced from the expected MAC address, however the ARP payload will contain a different source MAC address. The MX will detect this potential conflict (in this example, MAC ending in ad:e0) and send an email alert.   This issue seems to be reported regardless of whether MAC randomization AKA "private address" is enabled on the iOS device.   [edit]: Once we have updated the devices to iOS14 beta 3, we have not observed this behavior at all.  [edit 2]: Photo edited to clarify ... View more

Apple mentioned that iOS 14.2 beta 3 should have resolved this issue. We've been testing this build in the lab where we have no longer observed this behavior. ... View more

Please be aware that the ability to disable MAC randomization via MDM profile may also be subject to an Apple side bug.   If the option to disable MAC randomization is selected, the user still has the ability to re-enable it within the UI. Meraki has also sent feedback for this issue as well.   This behavior is observable via profiles created directly within Apple Configurator which suggests that this may only be resolved through a future iOS update. ... View more

Devices being paired does not guarantee BLE beacon advertisements, which are what Meraki APs are listening for. Bluetooth Low Energy (BLE) https://documentation.meraki.com/MR/Bluetooth/Bluetooth_Low_Energy_(BLE) ... View more

Cisco Meraki AP devices only report BLE clients.   There are a few apps which can report BLE clients exclusively, which should give an indication of which devices will be seen by a Meraki AP.   Mac OS utility "Bluetooth Explorer" will also do the trick. This tool requires Apple Developer account (free).   If interested, search for, and download the DMG "Additional tools for Xcode [current version is 9.3]" from the following URL:  https://developer.apple.com/download/more/   This DMG contains a folder called "Hardware" which contains the application "Bluetooth Explorer" Within this application, select "Devices "->"Low Energy devices "->"Start Scanning"   If the device does not list, then it will not be detected by a Meraki AP      Bluetooth Low Energy (BLE) https://documentation.meraki.com/MR/Bluetooth/Bluetooth_Low_Energy_(BLE)     ... View more