Skip to main content

 

Cisco Meraki Documentation

Endpoint Management Enrollment

System Manager SM Sentry is offered out of the box with Meraki Access Points via the Meraki Cloud. For more information on all of the different splash page options see the Splash Page Overview.

Systems Manager

Systems Manager (SM) is Meraki's Enterprise Mobility Management (EMM) tool for iOS, Android, Windows, macOS, and Chrome. Systems Manager allows for devices to be remotely managed. A full description of the available feature sets is available in the Systems Manager datasheet

 

Enabling Endpoint Management Enrollment

When enabled on a given SSID for a Cisco Meraki wireless access point, Sentry facilitates the secure and rapid onboarding and deployment of SM to mobile devices. Sentry enrollment is supported on Android, iOS, macOS, and Windows devices and enables employee self-service for securing BYOD devices.

If the device is not enrolled in an existing SM network, the user is prompted with a click to accept message that will enroll the device into the SM network as well as provide any configuration profiles and required apps previously configured.

Endpoint management enrollment can be enabled on any MR network via the Splash page section of the Wireless > Configure > Access control page.

 

SSID Splash page option for Endpoint management enrollment

Onboarding via SM Sentry

When an iOS, Android, macOS, or Windows device connects to a wireless SSID with Endpoint management enrollment enabled, if it does not have an SM profile installed, it will be prompted to undergo the installation process when the user opens up a web browser. The user will be guided through a series of steps that will facilitate the profile installation, after which they will be given Internet access. 

 

 sentry 2.png

 

sentry 3.png

Devices which use a randomized mac address during association to SSIDs will be continuously prompted for enrollment unless the feature is disabled for Sentry Splash Enrollment SSIDs

Alerting on Removal of Systems Manager

Sentry will automatically detect the removal of the Systems Manager app or management profile and deny access of a mobile device to the network. In addition to this, IT can set up alerts so they are notified via e-mail if a device goes from being managed to unmanaged because the management profile has been removed.

mdm-alerts.png

Finally, unmanaged devices are highlighted in the client list and client details page so IT can quickly spot these.

Suggested Network Enrollment (iOS/iPadOS)

When an iOS/iPadOS device connects to a Meraki MR Access Point, the Meraki SM app can be used to automatically detect the SM networks within the same organization as the MR. This gives end user's a "Suggested networks" list of available SM networks, so end users do not need to scan a QR code or manually type in any network ID to enroll into Meraki Systems Manager.

 suggestednet.gif

Note: End users must grant Location Services permission for the Suggested Networks feature to function. Without this permission, no networks will be detected. This is required due to how iOS/iPadOS apps utilize their privacy permissions for network detections. 

Note: Suggest Networks can optionally be disabled at anytime on a per-network basis. To disable a single SM network from being detected, go to Systems Manager > Configure > General > Enrollment settings, and then disable the Network discovery option. 

 Screen Shot 2023-01-10 at 5.24.23 PM.png

  • Was this article helpful?