Hi @MerakiTexan Just noticed this unanswered post from a couple weeks ago.  Correct that this setting is not templatized and is not (at least not yet) accessible via the Dashboard API.  Every use case is different but generally speaking most customers choose to NOT auto-contain rogues, but instead send alerts when rogues are detected and investigate if/when needed.  Auto-containment can be problematic and very disruptive depending on the use case.  Rogues can be on the LAN without being related to actual active attacks.  Think of things like wireless printers that are typically on the wired LAN but also broadcast a "hey I'm a printer" SSID by default.  While that can certainly pose a possible risk and attack surface into your infrastructure, it's not an active attacker plugging in a rogue AP to your network, and it may be better to get alerted versus run active containment against those devices.  The rogue SSIDs typically need to be classified manually anyway on the AirMarshal page.  More info here: https://documentation.meraki.com/MR/Monitoring_and_Reporting/Air_Marshal   ... View more