I have now tried all the settings below 'Security appliance only' and none of them works. I tried to blacklist a single website with no luck. However, all setting work when I manually choose to set the device policy for the client to the same group policy My conclusion is - at least in my setup with WPA2 enterprise and RADIUS - that AD groups mapped to Meraki groups only gives the client part of the group policy (layer 3, layer 7 and traffic shaping rules) and that the last part of the policy (security appliance only) is controlled by device policy that has to be set manually.
... View more
