Community Record
41
Posts
44
Kudos
5
Solutions
Badges
a month ago
Yes. We can manage the device otherwise, it's just the command line functionality that fails. I'm wondering if it is related to enhanced security at the OS level. One new access issue (and this is good) is that the enhanced security in macOS now prompts users to allow m_agent to access the screen when a screenshot is requested via SM. The Systems_Manager_Agent_Release_Notes do say that in 4.2.2 there is an installation bug fix.... perhaps it now includes an allowance for screenshot and script running that was missing before?
... View more
a month ago
Similar. Curiously, my prompt reads, "Note, this is intended for short commands and will time out after 30 seconds"
... View more
a month ago
I've been noticing this with some of our devices, as well (macOS running 15.3 or later) with agent 4.2.0
... View more
Feb 14 2025
12:02 PM
3 Kudos
If you DFU reset the device and don't restore from any icloud backup, it should no longer have any enrollment profile (since ASM doesn't have the device linked to your MDM any more). See https://support.apple.com/guide/security/boot-process-for-iphone-and-ipad-devices-secb3000f149/web for more information.
... View more
Feb 14 2025
8:54 AM
3 Kudos
You can find all the payload options in Apple's documentation https://support.apple.com/guide/deployment/review-mdm-payloads-dep5370d089/web Note that they also now have a full training for Apple Device deployment at https://it-training.apple.com/tutorials/apt-deployment
... View more
Oct 24 2024
5:11 AM
2 Kudos
I've wondered the same thing. In my head the answer is "not often enough" but what I'd really love to see is a schedule... perhaps even a modifiable schedule... per app.
... View more
Aug 28 2024
5:41 AM
In my experience then either the signing certificate on the profile was replaced, in which case you'll have to either restore the updated correct certificate in Meraki or wipe the machine and re-enroll with the new different certificate, or the agent has just gone so far out of date that it cannot update itself. There is an uninstaller for the agent available under the Systems Manager > Add Devices that can uninstall the agent before you attempt to install the most up-to-date agent. Note that you will need to restart the device between uninstalling and installing, again. Finally, it is worth checking and confirming that your network is working correctly for other devices.
... View more
Jun 4 2024
8:22 AM
Thank you for this detailed post. Any ideas how to create a Lost Mode Manager role that would only allow device lookup and Lost Mode enable/disable process?
... View more
May 30 2024
7:48 AM
Mine works, redirecting to https://n11.meraki.com/Waynflete-Manage/n/PvCWIcl/manage/support/help
... View more
Apr 22 2024
8:11 AM
2 Kudos
We are purchasing solar panels to outfit one of our tallest buildings, and will be adding to new buildings as we move through phases of construction.
... View more
Mar 3 2024
7:52 PM
Thanks for the detailed writeup. I wonder why you don't use User Tags for some of these, e.g. team. I find this helpful for people (like students) who may change devices, as the tags travel with them instead of the device.
... View more
Feb 14 2024
7:41 AM
8 Kudos
I was just glancing at last year's contest and came upon the first comment thread there, and it linked to a topic I'd been wanting to find for a long time:https://community.meraki.com/t5/Community-Announcements/CONTEST-CLOSED-%EF%B8%8F-Happy-Valentine-s-Day-%EF%B8%8F/bc-p/184725/highlight/true#M8013. Thanks @KRobert
... View more
Jan 12 2024
9:51 AM
4 Kudos
Thanks! I never expected it, but will enjoy keeping warm.
... View more
Jan 9 2024
4:30 PM
2 Kudos
I second this: one aspect of the Systems Manager I would love to have is dynamic group functionality (ie custom auto-tags). I’d love to implement this functionality via the API, if possible.
... View more
Jan 9 2024
8:58 AM
1 Kudo
If you haven't already, you'll need to wipe and reset these devices.
... View more
Oct 3 2023
11:25 AM
No. There is only one option for access level for the organization as a whole (None / Read-Only / Full) and s secondary option on a per-network basis (None / Full / Read-Only / Monitor-Only).
... View more
Sep 29 2023
5:06 PM
I don’t believe Meraki has a IDP tool for Google accounts on macOS, but there maybe some 3rd party tools that you can hook into Systems Manager. You’ll probably need to configure Google authentication for Apple IDs, as well, to tie it all together.
... View more
Sep 12 2023
11:42 AM
3 Kudos
Unfortunately, Meraki SM doesn't have smart groups in the way that JAMF does. I believe you may be able to script this outside the Systems Manager using their API, though.
... View more
May 10 2023
7:31 AM
5 Kudos
I believe this is not an issue with device management or supervision, but managed Apple IDs are documented to have certain limitations. See https://support.apple.com/guide/apple-business-manager/use-managed-apple-ids-axm78b477c81/web for more information. I believe the issue has to do with managed Apple IDs not using 2FA in the same way as personal Apple IDs. In otherwords, the user doesn't hold all the security keys with managed Apple IDs.
... View more
May 2 2023
5:45 AM
I had a cached cert. On refreshing my Meraki dashboard it pulled down the updated cert with dates into 2024.
... View more
Apr 24 2023
6:50 AM
2 Kudos
We've removed carts of computers that were continually charging and now just hand out individual devices when needed (manually, via the library) so only a few devices need to be kept charged at a time.
... View more
Jan 18 2023
5:27 AM
Another way to look at is that the device itself does not know what tags it has... only the MDM does. The MDM thus decides when to send commands to the device. It doesn't matter how a device is scoped to receive a profile (user tag / device tag / etc.) as long as that device continues to be in the scope of the profile. If you removed the device tag first, and then added the user tag to the scope of the profile (and pressed "Save" in between) then you would be taking one step to remove the profile and then another to add it back on.
... View more
Jan 18 2023
5:22 AM
If the device list doesn't change, then the devices will not be sent a command to add/remove the profile. In other words, you should be just fine.
... View more
Dec 9 2022
9:36 AM
1 Kudo
There's your answer, then. Managed Apple IDs are allowed to browse the App/iTunes/Books store, but not purchase (paid, or free). See [Managed Apple IDs for Apple Devices](https://support.apple.com/guide/deployment/managed-apple-ids-depcaa668a58/1/web/1.0) for more information.
... View more
Dec 9 2022
9:20 AM
Just curious, but what kind of Apple ID is the user signed in (to the App Store) with? Personal Managed None
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 2090 | Sep 12 2023 11:42 AM | |
| 2273 | May 10 2023 7:31 AM | |
| 1947 | Jan 18 2023 5:22 AM | |
| 6320 | Dec 9 2022 9:36 AM | |
| 2239 | Sep 26 2022 8:47 PM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 8 | 4920 | |
| 5 | 2273 | |
| 4 | 8622 | |
| 3 | 750 | |
| 3 | 966 |
