Skip to main content

 

Cisco Meraki Documentation

Systems Manager Licensing

Cisco Meraki Systems Manager (SM) offers a full, Enterprise Mobility Management (EMM) solution, which includes Mobile Device Management (MDM), Mobile Application Management (MAM), Mobile Content Management (MCM), and Mobile Identity (MI), and intergrations with other parts of the Cisco stack for managed devices.

24/7 phone support for SM networks is included with Systems Manager licensing.

This article outlines how SM licensing works, how older (legacy) SM networks work, and how to upgrade older networks to the current licensing model.

For FAQs about retired Legacy and Free 100 licensing types see here

For information regarding app licensing, please reference our Android or Apple (VPP) documentation, respectively. 

SM Licensing

All new SM accounts are full-featured and require either a trial or license for use. The SM licensing operates on the same co-termination model as other Cisco Meraki products, so it is subject to the same best practices and limitations. Please refer to our documentation for more info on our licensing model.

When SM licensing is claimed to an organization for the first time, an EMM network must be created to begin configurations. Please reference the Systems Manager Quick Start guide for next steps.

To obtain a quote and/or purchase licensing, please contact a Meraki representative for more info.

Exceeding SM Licenses

If the number of enrolled devices is equal to the licensed limit, no additional devices can be enrolled in the network until additional licensing is added or an existing device is unenrolled (which requires uninstalling the SM agent from the device and removing it from the Dashboard).

If you have no available SM licenses or your account is out of licensing compliance, you may see a login prompt when attempting to enroll an additional client device. It will not be possible to sign in through this prompt, as the device can only be enrolled once licensing is available and in compliance.

smlicensesmax.png

Trial Licensing

Use a Trial to test Systems Manager before purchase of a license. There are two different SM trial types:

  • Meraki-generated trial licenses
  • Customer-initiated trial licenses

The former behaves like any other Meraki trial license in that they are generated by your Meraki sales representative and can be removed early from your License info page (contact Meraki Support) or extended (contact your Meraki sales rep). These trial licenses can be identified by their order number which will begin with '4E'.

The latter is a 30-day trial automatically applied when creating a new Dashboard organization, or by upgrading a Legacy network, as shown below, and cannot be ended early or extended. To continue with SM beyond these 30 days, contact your Meraki sales rep to receive a Meraki-generated SM trial license or purchase Enterprise licensing. These trial licenses are labeled as 'SM-TRIAL'.

trial.png

Upon expiration, customer-initiated trial licenses will display the below warning message. This warning will be displayed until the trial is automatically removed from the License info page 30 days after its expiration. Accounts will remain in compliance during these 30 days as long as devices do not remain enrolled after the trial has been removed.

License Error.png

If a dashboard organization using Legacy Systems Manager applies a trial for Enterprise Systems Manager, once the trial expires, the dashboard will revert back to Legacy. 

If an Enterprise SM license is applied to a dashboard, it will automatically upgrade the organization's SM edition, losing the Legacy SM licensing status. This is an irreversable process and the organization cannot reverted back to Legacy SM.

SM Without Licensing (retired)

SM without licensing (Free 100 and Legacy) are retired and no longer supported after February 2024. To continue using Systems Manager please use SM with licensing or use a Trial license. FAQ available here

SM without licensing included Systems Manager Legacy and the SM Free 100 program. Systems Manager Legacy networks have not received any new features since 3/12/2015, while Free 100 networks have a limit on the number of devices that can be enrolled. These two network types are not eligible for phone support, with the following additional notes:

  • Unlicensed SM users who own Cisco Meraki hardware equipment are eligible for complimentary email support.
  • Unlicensed SM users with no other Cisco Meraki equipment are not eligible for complimentary email support, however, our documentation and SM forum are available for troubleshooting help.

For Systems Manager Legacy and SM Free 100, licenses can be purchased on a per-device basis. Applying an Enterprise SM license will override Legacy and Free 100 status, not add on top of it. For example, to manage 150 devices in SM, a license for 150+ devices would need to be applied to the account.

If a non-SM license key is added as “Renewal”, this will not override the Legacy or Free 100 SM. When the license key is added it will take you to the Licensing Preview page where you can see the affect of the license key application.

Note: Sign-ups for the Meraki SM free 100 program have been discontinued and replaced with instant free trials as of the end of January 2017. For more information, view the blog post here or contact your Meraki sales rep. 
Potential customers can manage 100 devices in order to try Meraki Systems Manager (the “SM Free 100”) at no cost. To be eligible for the SM Free 100, participants must: 

  • Provide valid information on the signup form, including your company email address
  • Be directly employed by your company

SM Free 100 is only for internal use by your company. It is not for resale, distribution or service bureau use. 
Limit one SM Free 100 per organization and per individual.

Your use of Systems Manager is governed by our End Customer Agreement. By accepting the SM Free 100 you represent that you are authorized by your employer to accept the SM Free 100 and that you will disclose receipt of the SM Free 100 to your employer as and if required. Notwithstanding the End Customer Agreement, Cisco Meraki may terminate the Free 100 program at any time, including managing up to 100 devices at no cost – but if we do that, we’ll give you plenty of notice. The recipient is responsible for taxes and duties if any. Please contact your Cisco Meraki rep if you have any questions.

Legacy SM Accounts (retired)

SM without licensing (Free 100 and Legacy) are retired and no longer supported after February 2024. To continue using Systems Manager please use SM with licensing or use a Trial license. FAQ available here

Prior to 3/12/2015, Systems Manager was available as a free version in addition to licensed SM. These Legacy SM networks can be used to manage any number of devices without licensing, but with a limited feature-set and no support. Licensed SM has always offered 24/7 support and the complete SM feature set. 

Your Dashboard will indicate if you are using the Legacy SM version in Organization > License info:

 Screen Shot 2017-07-21 at 4.25.07 PM.png

A Legacy account on a Systems Manager Trial will revert to Legacy after the trial expires. Upgrading from Legacy to Enterprise, however, is a non-reversible process. 

Upgrading from Legacy SM

Legacy SM users have the option to seamlessly upgrade their account to the new SM model - no re-enrollment is required. 

Upgrade from Legacy SM with a cloud license unlocks the full feature-set (including features gated behind licensing) along with 24/7 phone and email support. Features missing from Legacy include (but not limited to) the following:

All Platforms

  • Do-not-Disturb Mode and Scheduled Updates

    • Disable app installs and setting changes through SM during business-critical hours

    • Automatically install and update profiles only specific time windows

  • Software installer

    • Upload files up to 3GBs to the Meraki cloud and distribute them to all your devices

      • for Enterprise iOS, macOS and Windows packages

    • Add custom scripts and expressions to software pushed to your devices

      • e.g. after installation run a script that consumes a license for Microsoft Office

  • Security policies

    • Audit all devices and enforce policies for:
      • Denied apps

      • Mandatory running apps

      • Minimum OS versions

      • Cellular data monthly usage

        • Security policies to specify single or multiple data limit thresholds

        • Use policies to take action on devices going over their data limit

        • Restrict changes to data roaming, personal hotspot, and data usage for apps 

  • Self-Service Portal

    • Grant end users access to perform basic management MDM and app management tasks on their devices enrolled in Systems Manager

  • Dynamic device provisioning

    • Enable or revoke access to the network, email, or apps/data based on device identity (e.g. security posture, geolocation, app deny list, AD login, etc.)

    • Scope apps and profiles based on device owner, Apple Classroom, or AD group tags

  • Enrollment and user authentication

    • Directory integration beyond AD - authenticate through Google, Azure, Oauth

    • Multi-user authentication - dynamically change device software and settings based on user

  • Client certificate based email authentication

    • Import and deploy Exchange or Office365 user certificates to limit corporate email access to managed devices 

  • Systems Manager Sentry

    • Network Policy integration: inform network decisions based on device posture (e.g. VLAN off or block network access on devices violating security policies)

  • Systems Manager API
    • Access and export Systems Manager device information fields
    • Automatically trigger tagging and configuration updates
    • Programmatically remove and wipe devices (e.g. offboarding)
  • Cisco Identity Services Engine (ISE) integration

    • Network policy management on Cisco Meraki and Cisco on premise hardware

  • Limited access roles

    • Create granular, custom roles using tags

      • e.g. Teachers only see their classroom iPads and only during specific times

      • e.g. Asset management team only sees company assets and not BYOD

  • Tags management page

    • Manage device tags, policy tags, user tags holistically from a single page

  • Revamped device onboarding flow

    • Simplified UI catered to your device type and OS version

  • Teacher's Assistant

    • Teacher portal using limited access roles

      • e.g. Teachers only see their classroom iPads and only during specific times

    • Lock devices into single app mode

    • Configurable time schedules

    • Show and tell - push an iOS device to an Apple TV - AirPlay

    • Push files to students using Backpack​​​​

  • Systems Manager Overview
    • Quickly view a summary of all devices, their recent activity, and latest syncs. 

Apple

  • Cisco Security Connector

    • Systems Manager enables a new level of visibility and security for iOS 11 devices

    • Provision, enable, and configure Cisco Clarity and Umbrella on your devices 

    •  

  • Software installer

    • Upload files up to 3GBs to the Meraki cloud and distribute them to all your devices

      • For macOS software, custom enterprise iOS apps

      • Add custom scripts and expressions to software pushed to your devices

  • Install iOS and macOS system updates

  • Mac App Store integration and VPP device assignment

  • VPP Location-Based Token support

  • Cisco Fast Lane

    • Prioritize Enterprise iOS traffic over WiFi when using Cisco Aironets or Meraki MR access points

  • iOS cellular data and roaming control 

  • iOS 11.3/macOS 10.13.4 functionality

    • Keep Store apps up to date automatically

    • Delay and hide OS updates for up to 90 days

    • Schedule OS updates to a specific version

  • iOS 10.3 functionality

    • Lost mode sound alerts

    • WiFi/SSID allowing, additional restrictions

  • Per-App and Always-on VPN

    • AnyConnect certificate-based VPN
    • IKEv2 certificate-based VPN
    • Per-app VPN: automatically launch VPN connection for specific apps or domains
  • Managed app configuration

    • Pre- configure app settings on managed devices

  • Apple School Manager integration

    • Configure Classroom app across devices

    • Import and tag based on ASM classrooms and subjects

  • macOS Filevault encryption and key escrow

  • macOS System Preferences control 

    • Additional configuration control for the Dock, Setup Assistant, Airprint, etc.

  • iOS Lock Screen asset tag

    • Customize unique lock screen text per device for easy identification

  • iOS 9.3 functionality

    • Home Screen Layout

    • Safari autofill domains 

    • Lost Mode

    • Notification settings

    • Education Classroom app

    • Show/hide apps: app denying and allowing

    • Added restrictions (e.g. allowing changes to notifications, allowing Apple Music)

  • iOS 9 functionality

    • Install available OS updates

    • Keep device name up-to-date

    • VPP device assignment - no longer need Apple IDs

    • Manage unmanaged apps

    • Lock the app store, but keep installing apps from Systems Manager

    • Added restrictions (e.g. Lock wallpaper and device name)

    • Managed Domains

  • macOS Agent auto-install

    • Auto-install macOS Agent once SM profile is installed

Android

  • Android for Work (Android Enterprise)

    • Support for institution-owned device owner mode and BYOD work profile modes

      • Encrypted, native mobile data work profile container

      • Multi-app kiosk mode for COSU (Corporate-Owned Single Use) deployments

    • Silent app installs, managed Play Store, allow list allowed apps

    • Integration with your organization's Google Domain

  • Kiosk mode

    • Lock devices into a pre-approved set of allowed applications

  • Managed app configuration

    • Pre-configure app settings on managed devices
    • Lookup supported configuration settings on Android devices

  • Containerized email configuration

  • Additional restrictions

    • Block ADB, factory reset, app installation, SMS, hotspot, etc

  • Samsung Knox integration

    • Kiosk mode

    • ActiveSync email support

    • Application allows lists and deny lists, device permissions

Windows

  • Software installer

    • Upload files up to 3GBs to the Meraki cloud and distribute them to all your devices

      • for .msi and .exe Windows packages

    • Add custom scripts and expressions to software pushed to your devices

      • e.g. after installation run a script that consumes a license for Microsoft Office

  • Extended device support

    • Windows Mobile 10

    • Windows 10 MDM Profiles

      • Wireless SSID configuration

      • Certificate provisioning

      • Passcode enforcement

  • Security policies

    • Remediate vulnerable devices (e.g. unpatched machines susceptible to WannaCry)

    • Detect if security software is running, enforce minimum OS versions

    • Use Sentry Policies to inform actions at the network level

  • Remote wipe on Windows 10

  • Certificate management

    • Sign the SCEP certificate used for your mobile deployment

    • Automatically create and distribute unique certificates for Wi-Fi settings

Chrome OS

Google added extensive Chrome OS MDM support for Chrome Enterprise customers, without the need for the Google Admin Console.

  • Chrome Updates
    • Control updates on Chrome devices
    • Set target Chrome version
  • Kiosk Mode
    • Lock devices into a pre-approved set of allowed applications
  • WiFi
    • Configure manual WiFi payloads for seamless WiFi connection
    • Integration with Meraki Access Points with Sentry WiFi
  • VPN
    • Pre-configure VPN settings for devices
  • Managed App Settings
    • Pre-configure app settings
  • Security Options
    • Enable/Disable incognito mode
    • Safe Browsing
    • Computer Idle settings
  • Content Settings
    • Control pop-ups by deny or allow lists URLs
    • URL blocking
  • Bookmarks Management
    • Add bookmarks

To upgrade from Legacy SM please contact Cisco Meraki, so we can connect you with your dedicated representative.