Skip to main content
Cisco Meraki Documentation

Mac Enrollment

  1. Last updated
  2. Save as PDF

Before you enroll macOS devices, make sure you have an Apple Push Certificate set up in your Dashboard organization.

Access Rights

By default, Systems Manager will grant administrators the maximum amount of control available when applied to your Apple devices upon enrollment. However, in certain bring-your-own-device (BYOD) environments where the device is personally owned, device owners may not want administrators having this level of control over their personal devices.

 

Systems Manager can be customized to meet the needs of different deployment models by changing the permissions of what can be retrieved from or sent to the device. It is important to note that Access Rights must be set before devices are enrolled; changes made after enrollment will only take effect if a device is re-enrolled.

 

Access rights limitations can be found in Configure > General. See the article here for more info

On-device Enrollment

If you have a Dashboard account set up with an EMM network, you can find instructions under Systems Manager > Manage > Add devices, or follow along the steps below.

Note that are two methods for Mac enrollment: Agent or Profile. Either one can be used for enrollment, but since each enables a different subset of features, both should be utilized when possible to access all available MDM features.

Agent Installation

The agent now supports automatic and remote installation through the Apps page, which does not require manually executing the .pkg on the end device. See this article for more information.

  • Navigate to Systems Manager > Manage > Add devices > macOS

  • Click the Download button. An agent, "MerakiPCCAgent.pkg" will download. Note that this installer will enroll devices into the Systems Manager network it was downloaded from.
Version 1.0 - 3.0.3
  • After the download is complete, double-click MerakiPCCAgent.pkg.
  • When the installer begins, click Continue.
  • Read the Software License and click Continue.
  • Click Agree to accept if prompted.
  • Click Install to perform a standard installation.
  • Once the installation has finished, your Mac device will show up under Monitor > Clients in Dashboard as soon as it has an Internet connection.
Version 3.1.0+
  • After the download is complete, double-click SMAgent-x.x.x.pkg.
  • When the installer begins, click Continue.
    46DEEDF7-245C-4A1C-8403-C5CABEEF6A59.png
  • Read the Software License and click Continue.
    C44DEC25-4C3F-4C23-ADF9-F968C5E633F5.png
  • Click Agree to accept if prompted.
  • Click Install to perform a standard installation.
    9B332CD3-AC75-4524-9B3C-EE7888B20DF4.png
  • Enter the user's device password when prompted. Click Install Software.
    DCDBF82E-A72D-441E-825D-AA008DF1EBD1.png
  • Enter the Network ID or Network Enrollment String of the target Systems Manager network the device should enroll to.  Click Enroll
    B7F94120-F247-41E7-9718-48966E7E5775.png
  • Confirm the name of the Systems Manager network and click Continue
    AF1FD327-5897-4819-97F0-880F5F017396.png
  • After the installation has completed, click Close. Choose to move the installer to the Trash or keep it in its current location.
  • Once the installation has finished, your Mac device will show up under Monitor > Clients in Dashboard as soon as it has an Internet connection.
Command Line Options

The agent can be installed via command line to support use cases where scripting for mass deployment and/or custom installations are required (but remember, if the macOS device is enrolled with the enrollment profile first the agent can be installed from the SM > Apps page).  To install the agent via command line run the following commands. 

Version 1.0 - 3.0.3

sudo installer -pkg <Path to agent installer .pkg> -target /

    Example: installer -pkg ./MerakiPCCAgent.pkg -target / 

Version 3.1.0 - 3.1.4

sudo launchctl unsetenv enrollment_code && sudo launchctl unsetenv organization_id && sudo launchctl setenv enrollment_code <network enrollment code or enrollment string> && sudo installer -pkg <path/to/package.pkg> -target / && sudo launchctl unsetenv enrollment_code && sudo launchctl unsetenv organization_id 

    Example using enrollment code:
sudo launchctl unsetenv enrollment_code && sudo launchctl unsetenv organization_id && sudo launchctl setenv enrollment_code 123-45-6789 && sudo installer -pkg ./MerakiPCCAgent.pkg -target / && sudo launchctl unsetenv enrollment_code && sudo launchctl unsetenv organization_id
   
    Example using enrollment string:
sudo launchctl unsetenv enrollment_code && sudo launchctl unsetenv organization_id && sudo launchctl setenv enrollment_code smnetworkenrollmentstring && sudo installer -pkg ./MerakiPCCAgent.pkg -target / && sudo launchctl unsetenv enrollment_code && sudo launchctl unsetenv organization_id 

Version 3.5 +

Command line installation of the macOS agent is no longer supported. The SM agent must be deployed via manual UI installation or pushed via Systems Manager > apps after the management profile has been installed.

Profile Installation

  • Navigate to Systems Manager > Manage > Add devices > macOS

  • From the device, open enroll.meraki.com

  • Enter your network ID, where XXX-XXX-XXXX is the network-specific ID.
  • Press Register.
    • If using SM Enrollment Authentication then follow the prompts accordingly. For more information view the Enrollment Authentication article here.
  • In the profile that appears, press Install, then Install again to confirm.

Apple Automated Device Enrollment (ADE)   

Through integration between Systems Manager and Apple, you can automatically have devices enroll into Systems Manager and install the management profile both over the air and out of the box. For more information about configuring and using Apple ADE, please view the following page.

Additional Enrollment Methods

Endpoint Management Enrollment SSID

You can also use SM Sentry to force iOS, Android, Windows, and Mac devices to enroll in Systems Manager for an efficient mass deployment or BYOD. When enabled on a given SSID for a Cisco Meraki wireless access point, Sentry facilitates the secure and rapid onboarding and deployment of SM to mobile devices. For more information on Endpoint management enrollment, please visit the following page.

Other Options 

You can also send device enrollment information to your users via email, by navigating to MDM > Add devices > macOS. This method also allows you to pre-configure a tag to be applied upon registration.

Considerations for Apple Silicon Macs

Non Intel-based macOS devices, such as the M1 chip macOS devices, require some additional considerations while deploying via MDM: 

Rosetta 2 is NOT required for SM Agent versions 3.5.2+. See SM Agent Release Notes for more information.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
    Stage
    Final
  2. Tags
    1. enrollment
    2. SM
    3. systems manager