Meraki Systems Manager provides administrators the ability to mass enroll and supervise devices using Apple Configurator, a Mac OSX application. Apple Configurator 2 allows for mass configuration of iOS 9+ devices while physically connected to a Mac computer. A USB hub can be used to configure dozens of devices at once. Follow these links to download the application, and view more Apple Configurator documentation.
With Apple Configurator 2.0 or later, Apple has allowed the use of the Device Enrollment Program (DEP) for automatic enrollment into Meraki Systems Manager, which can be used to speed up the process into a no-touch experience for mass enrollment of devices. Alternatively, if your iOS devices are not in Apple's DEP, you can use the manual enrollment method by configuring your Systems Manager MDM Server in Apple Configurator via enrollment URL. This article will cover both Apple Configurator 2 MDM enrollment options in detail: DEP automatic enrollment method and manual enrollment URL method.
iOS devices that are using Apple's Device Enrollment Program (DEP) can be supervised and enrolled over-the-air anytime they are factory reset. DEP is the best way to permanently force your devices to be owned and managed by your organization, and it is important to assign your DEP settings properly before deployment.
During the enrollment process, it is possible to supervise iOS devices. Supervision allows for many additional restrictions, which you can find listed in the Meraki Dashboard under Systems Manager > MDM > Settings > Restrictions > iOS restrictions (supervised). Supervision provides many additional benefits within Systems Manager. If your iOS devices are not currently Supervised, they will be required to be factory reset to become Supervised. Therefore, it is recommended to Supervise devices (if desired) prior to performing any configuration or providing the device to users. Supervision steps are covered in detail in the guide below.
Apple Configurator 2.0 or greater
OS X 10.11.0 or greater
iOS device(s) powered up and physically connected to Mac
The Mac and iOS device(s) are not locked
Internet access with unblocked access to Apple and Meraki Systems Manager
Refer to Help > Firewall info for a list of ports and IP addresses
For Automatic enrollment: iOS devices must be in Apple’s DEP program
Access to the internet is critical to the enrollment process. If an iOS device is not able to contact Meraki Systems Manager when trying to enroll, it will be unable to complete the process and/or receive any additional profiles and apps.
Automatic Enrollment through Apple Configurator is the fastest way to enroll numerous iOS devices into Systems Manager in one process. This method only works on iOS devices that are in Apple’s Device Enrollment Program (DEP). Please be sure to add your Apple DEP account to Meraki Systems Manager before beginning these steps, so your devices are visible in Systems Manager > MDM > DEP. If you are not using Apple's DEP, please follow the steps for the "Apple Configurator 2 - Manual Enrollment" later in this guide.
Open your Meraki Dashboard and go to Systems Manager > MDM > DEP.
Checkmark the devices you want to assign DEP settings.
Click on Assign settings:
Configure your preferred DEP settings:
Allow pairing: allow devices to connect to computers via USB cable.
Supervise: allow device to become supervised by your organization.
Mandatory: force device to always enroll in your Systems Manager network upon inital setup (when first powered on, or factory reset).
Removable: If unchecked, the “Meraki Management” enrollment profile will not be visible for end users to remove on the iOS device in Settings > General > Device Management. Unchecking this prevents end users from un-enrolling themselves from Meraki management later.
Click Assign x device(s) -- x is the number of devices that will receive these DEP settings. Now you will see these devices change to have an orange “Assigned” status next to it. The device is currently waiting to be turned on for the first time, or to be factory reset so it can receive these DEP settings.
Now, you are ready to use Apple Configurator 2. Highlight the devices you want to automatically enroll in Apple Configurator 2 and click on Actions > Prepare…
Choose Configuration: Automatic Enrollment. Click Next.
Upload a wifi profile, so the iOS device(s) can connect to a SSID in range so iOS devices can automatically configure with Apple and Meraki.
If your Meraki Systems Manager enrollment requires Active Directory authentication, input your domain credentials here. If not, leave these fields blank and click Prepare.
Apple Configurator will now download the latest iOS version from Apple and install it on the connected devices. Be patient while the latest iOS version downloads and installs.
Your devices will now be at the "Hello" initial iOS setup screen. These devices now contain the wifi profile as well as the Meraki Management enrollment profile. These devices will skip the steps chosen in Step 4. Once these devices are at their homescreen, they can have apps and profiles installed through Meraki Systems Manager. All your devices can now be managed in Systems Manager > Configure > Clients.
Apple Configurator 2 automatic enrollment process complete -- devices are now managed and ready to give to end users!
Manual Enrollment is the method for Systems Manager enrollment on iOS devices that are not in Apple’s Device Enrollment Program (DEP). First we will cover how to setup your Meraki MDM server in Apple Configurator. Then, Apple Configurator will factory erase the devices to prepare them with supervision and Meraki Systems Manager enrollment.
Go to Apple Configurator 2 in the menu bar and choose Preferences...
Click on the Servers tab.
Click the “+” to add a new server.
Define your MDM Server:
Name: Any name you choose.
Hostname or URL: Enrollment URL copied from your Meraki Dashboard found in Systems Manager > MDM > Add Devices > iOS > Apple Configurator > Enrollment URL (AC2+)
If you see the following error regarding “unsupported URL” do not be alarmed. Click Next again.
Leave the Enrollment Profile and Trust Profile empty and click Next.
You have now successfully configured your Systems Manager MDM Server. Close this window and now you can complete the enrollment using this MDM Server.
Plug your iOS devices to this OS X machine. Highlight the device you would like to enroll and go to the menu bar and choose Actions > Prepare...
Choose Configuration: Manual. Click Next.
Choose your Meraki MDM Server (set up in Steps 1-7). Click Next.
Choose if you would like the devices Supervised by your organization. Choose if you would like to allow pairing with other computers. Click Next.