I've noticed I'm unable to send commands to devices or get device location updates on Android devices after they boot but before they've been unlocked. Our devices all have passwords on them (required) - until they are unlocked after booting, they seem to not communicate with the MDM servers. Is that what others have experienced / is that intentional - or should I be able to issue commands (e.g. reset passcode/wipe passcode, wipe device) and get GPS location as long as the device is turned on even if it hasn't been unlocked since booting? I had this issue before with a different MDM and they were able to update their system to have the devices at least check-in with the servers when initially rebooted - so it should be possible. My devices are set up as zero-touch enrollment fully managed devices.
... View more
Thanks for passing that info along. Seems par-for-the-course with Meraki, though - making weird excuses on why something isn't possible, while other competing software and systems seem to manage just fine (e.g. ManageEngine MDM has the ability to enforce and manage Android OS updates). Not to mention the actual documentation from Android on how to create a policy for Organization Owned and Work Profile devices on system updates for EMMs - Manage system updates | Android Developers. Having the ability to manage the update profiles would at least give compliance assurance to device owners. Per Android's dev documentation for EMMs: Update policies A device owner can control when updates are installed by setting a local system update policy for a device. The system update policy can be one of three types: Automatic Installs system updates as soon as they become available (without user interaction). Setting this policy type immediately installs any pending updates that might be postponed or waiting for a maintenance window. Windowed Installs system updates during a daily maintenance window (without user interaction). Set the start and end of the daily maintenance window, as minutes of the day, when creating a new windowed policy. Postponed Postpones the installation of system updates for 30 days. After the 30-day period has ended, the system prompts the device user to install the update.
... View more