Endpoint Management Enrollment
System Manager SM Sentry is offered out of the box with Meraki Access Points via the Meraki Cloud. For more information on all of the different splash page options see the Splash Page Overview.
Systems Manager
Systems Manager (SM) is Meraki's Enterprise Mobility Management (EMM) tool for iOS, Android, Windows, macOS, and Chrome. Systems Manager allows for devices to be remotely managed. A full description of the available feature sets is available in the Systems Manager datasheet.
Enabling Endpoint Management Enrollment
When enabled on a given SSID for a Cisco Meraki wireless access point, Sentry facilitates the secure and rapid onboarding and deployment of SM to mobile devices. Sentry enrollment is supported on Android, iOS, macOS, and Windows devices and enables employee self-service for securing BYOD devices.
If the device is not enrolled in an existing SM network, the user is prompted with a click to accept message that will enroll the device into the SM network as well as provide any configuration profiles and required apps previously configured.
Endpoint management enrollment can be enabled on any MR network via the Splash page section of the Wireless > Configure > Access control page.
Onboarding via SM Sentry
When an iOS, Android, macOS, or Windows device connects to a wireless SSID with Endpoint management enrollment enabled, if it does not have an SM profile installed, it will be prompted to undergo the installation process when the user opens up a web browser. The user will be guided through a series of steps that will facilitate the profile installation, after which they will be given Internet access.
Devices which use a randomized mac address during association to SSIDs will be continuously prompted for enrollment unless the feature is disabled for Sentry Splash Enrollment SSIDs
Alerting on Removal of Systems Manager
Sentry will automatically detect the removal of the Systems Manager app or management profile and deny access of a mobile device to the network. In addition to this, IT can set up alerts so they are notified via e-mail if a device goes from being managed to unmanaged because the management profile has been removed.
Finally, unmanaged devices are highlighted in the client list and client details page so IT can quickly spot these.
Suggested Network Enrollment (iOS/iPadOS)
When an iOS/iPadOS device connects to a Meraki MR Access Point, the Meraki SM app can be used to automatically detect the SM networks within the same organization as the MR. This gives end user's a "Suggested networks" list of available SM networks, so end users do not need to scan a QR code or manually type in any network ID to enroll into Meraki Systems Manager.
Note: End users must grant Location Services permission for the Suggested Networks feature to function. Without this permission, no networks will be detected. This is required due to how iOS/iPadOS apps utilize their privacy permissions for network detections.
Note: Suggest Networks can optionally be disabled at anytime on a per-network basis. To disable a single SM network from being detected, go to Systems Manager > Configure > General > Enrollment settings, and then disable the Network discovery option.
