Skip to main content
Cisco Meraki Documentation

Supervised Devices in Meraki Systems Manager

Overview

Cisco Meraki allows iOS and Android devices enrolled in Systems Manager MDM to be supervised and managed. This enables users to explore additional features such as the ability to bulk push firmware updates or delay iOS updates remotely from the dashboard itself or prevent devices from removing their management profile. This document showcases some of the features that come as part of device supervision and commands that can be sent to supervised devices.
 

Device supervision in Systems Manager requires a Systems Manager license for each device. Unfortunately, legacy Systems Manager users do not have the ability to have a supervised device in their network.

How to Supervise Devices

There are two ways to supervise an Apple device: Device Enrollment Program (DEP) or Apple Configurator. Apple's DEP program is the only way to make iOS and macOS profiles mandatory and non-removable new from box or after a factory reset. It is highly advised for any organization-owned devices to be enrolled that qualify. There are other ways to discouraging removal of a Meraki management profile for devices that can not be enrolled in Apple's DEP program.

Android devices are supervised using Device Owner mode and this done during initial setup of the device. This prevents end users from removing the management profile from the device. Device owner mode can be used to limit the end users' ability to factory reset the device and use Android Debug Bridge (ADB).

How to Enroll Supervised Devices

The process to enroll a supervised device is the same as unsupervised device. The instructions can be found in dashboard under Systems Manager > Manage > Add Devices or following our guide on how to enroll every operating system.

Some Supervised Feature Restrictions for iOS

Feature

Description

Supervision Required

Allow use of Camera

Show or hide the native camera app

Allow or prevent use of the camera in all application

Not a checkbox.png
Allow screen capture Allow or prevent screenshots of the device's display Not a checkbox.png
Allow device assistant (Siri) Allow or prevent use of Siri Not a checkbox.png
Allow Siri while locked Allow or prevent Siri when device is locked Not a checkbox.png
Allow Voice dialing

Show or hide the native phone app

Allow or prevent the use of the phone dialer

Not a checkbox.png
Allow FaceTime calls Allow or prevent FaceTime video calls Not a checkbox.png
Allow automatic sync when roaming Allow or prevent device sync of managed data when device is roaming Not a checkbox.png
Allow Passbook notifications while locked Show or hide Passbook notifications on the lock screen Not a checkbox.png
Allow in-app purchases Allow or prevent buying extra content or subscriptions within an app Not a checkbox.png
Force user to enter iTunes Store password for all purchases Require user to enter their iTunes store password to make purchases Not a checkbox.png
Allow multiplayer gaming Allow or prevent gaming with multiple external users Not a checkbox.png
Allow adding Game Center Friends Allow or prevent Game Center and integration in apps Not a checkbox.png
Show Control Center in lock screen Show or hide Control Center while device is locked Not a checkbox.png
Show Notification center in lock screen Show or hide Notification Center while device is locked Not a checkbox.png
Show Today view in lock screen Show or hide Today View within Notification Center while device is locked Not a checkbox.png
Do not containerize work data and contacts from unmanaged apps Allow or prevent data from being shared or stored in corporate (managed) apps in personal (unmanaged) apps Not a checkbox.png
Do not containerize personal data and contacts from managed apps Allow or prevent data stored in personal (unmanaged) apps to be shared with corporate (managed) apps Not a checkbox.png
Allow Handoff Allow or prevent apps from using Handoff capabilities Not a checkbox.png
Require passcode on outgoing AirPlay pairing requests Require a passcode to broker an outbound Airplay request Not a checkbox.png
Require passcode on incoming AirPlay pairing requests Require a passcode when an Airplay request is received Not a checkbox.png
Force paired Apple Watch to use Wrist Detection Require paired Apple Watches to use wrist detection to automatically unlock or lock Not a checkbox.png
Disallow sharing of managed documents with AirDrop

Allow or prevent data from being shared or stored in corporate (managed) apps to AirDrop destinations

Not a checkbox.png
Delay OS software updates Delay updates to iOS for up to 90 days Checkbox.png
Allow UI configuration profile installation Allow or prevent a UI prompt to install configuration profiles or certificates Checkbox.png
Allow modifying account settings 

Allow or prevent the ability to add or remove accounts

e.g. mail account, iCloud settings, iMessage settings, etc.

Checkbox.png
Allow AirDrop Allow or prevent AirDrop from being available Checkbox.png
Allow changes to cellular data usage for apps Show or hide the toggle to allow apps to use cellular data Checkbox.png
Allow user-generated content in Siri

Allow or prevent Siri from showing content from sources that allow user-generated content

e.g. Wikipedia

Checkbox.png
Allow modifying Find My Friends settings Allow or prevent changes to settings for the Find My Friends app Checkbox.png
Allow host pairing Allow or prevent a device from pairing with Macs that do not have the Supervision certificate installed Checkbox.png
Enable Siri profanity filter Allow or prevent profanity in Siri Checkbox.png
Allow configuring restrictions Allow or prevent the end user from creating their own restrictions Checkbox.png
Allow Erase All Content and Settings Allow or prevent the end user from being able to wipe a device Checkbox.png
Allow Internet results in Spotlight  Allow or prevent Spotlight search from showing internet search results Checkbox.png
Allow keyboard auto-correction Allow or prevent word correction suggestions Checkbox.png
Allow keyboard spell-check Show or hide warnings (red underline) underneath potentially mistyped words Checkbox.png
Allow definition lookup  Allow or prevent the ability to search for a word's definition by double-clicking a word Checkbox.png
Allow predictive keyboard  Allow or prevent the use of a predictive keyboard Checkbox.png
Allow keyboard shortcuts  Allow or prevent users to create and use keyboard shortcuts Checkbox.png
Allow pairing with Apple Watch  Allow or prevent an iPhone to pair with Apple Watch Checkbox.png
Allow modification of passcode settings  Allow or prevent users to change passcode on the device Checkbox.png
Allow modification of device name  Allow or prevent users to change the device's name Checkbox.png
Keep device name up-to-date with Dashboard Sync the devices name to dashboard Checkbox.png
Allow modification of wallpaper  Allow or prevent changes to the device's wallpaper by the user Checkbox.png
Set Lock & Home screen wallpaper Configure the lock screen and home screen wallpaper images Checkbox.png
Set lock screen payload Set asset tag information and footnote to be displayed on the login window and lock screen Checkbox.png
Allow changes to Notifications settings Allow or prevent end users to change notification preferences Checkbox.png
Allow remote screen observation by the Classroom app Allow or prevent a Teacher iPad to view Student iPad screen in the Classroom App Checkbox.png
Allow modification of diagnostic submission and app analytics settings Allow or prevent users from changing diagnostic log submission and app analytics settings Checkbox.png
Allow modification of Bluetooth settings Allow or prevent users from changing Bluetooth settings Checkbox.png
Allow dictation input Allow or prevent users from using voice to text Checkbox.png
Enforce SSID Whitelisting Restrict the device to only connect to WiFi networks specified by MDM policy Checkbox.png
Allow creation of VPN configurations Allow or prevent users to create new VPN configuration Checkbox.png
Enable USB Restricted Mode Allow or prevent a device to connect to USB accessories without entering a passcode Checkbox.png
Enable Web Content Filter Configure which HTTP or HTTPS websites via a permitted and block list Checkbox.png
Enable Global HTTP Proxy Configure proxy settings for all HTTP/S network traffic Checkbox.png
Set managed email domains The device will warn the user by coloring the email address text red if a user sends an email to an email domain not listed in a managed domains profile Checkbox.png
Set managed safari web domains Documents viewed on or downloaded from managed web domains can only be opened by a managed app. Checkbox.png
Set home screen layout Specific placement of app icons on the home screens Checkbox.png
Set Per App VPN Create a VPN connector and create policies for when, how, and which applications or web pages would use this VPN connection Checkbox.png
Allow managed apps to write contacts to unmanaged contacts accounts Allow or prevent contacts generated in managed apps to be created in unmanaged contacts accounts Checkbox.png
Allow unmanaged apps to read from managed contacts accounts Allow or prevent contacts stored in managed contacts to be read by unmanaged apps Checkbox.png
Allow server-side Siri logging Allows or prevent Siri from logging to its server Checkbox.png
Turn the Date & Time 'Set Automatically' feature to ON and disallow user disabling

Allow or prevent the user from changing the date and time settings

Set the date and time on the device automatically

Checkbox.png
Allow users to used saved passwords in Safari and AutoFill Passwords feature Allow or prevent users from using saved passwords or the AutoFill password feature in Safari Checkbox.png
Allow user's device to request passwords from nearby devices Allow or prevent a device from requesting passwords from other devices Checkbox.png
Allow users to share their passwords with the Airdrop Passwords feature Allow or prevent a device from sharing passwords through AirDrop Checkbox.png
Allow users to add or remove a cellular plan to the eSIM of a device Allow or prevent changes to the eSIM cellular plan Checkbox.png
Allow users to modify the personal hotspot setting Allow or prevent the user from making changes to the hotspot settings Checkbox.png

Commands Requiring Device Supervision

Here is a breakdown of commands that require supervision before pushing to the device from the dashboard.

 

Command

Description

Supervision required

Restart Send a command to reboot the device Not a checkbox.png
Shutdown Send a command to turn off the device Not a checkbox.png
Unenroll device Remove the management profile from a device Not a checkbox.png
Clear Passcode

Remove the current passcode from the device

If a passcode restriction profile is applied, user will be prompted to create a new passcode

Not a checkbox.png
Lock device Locks the device with a passcode or locks the screen if there is no passcode set Not a checkbox.png
Selective wipe Remove all of the profiles, restrictions, configuration options, and apps from the device Not a checkbox.png
Erase device Send the command to initiate a full device wipe and factory reset Not a checkbox.png
Force OS Update Send the command to download and update latest version of iOS immediately Checkbox.png
Preserve Data Plan (Erase Device) The device will maintain the current utilization of its data plan after being wiped Checkbox.png
Skip Proximity Setup (Erase Device) Instruct the device to skip using proximity auto-configuration after being wiped Checkbox.png
Enable Activation Lock Turn on the Find My iPhone activation lock tied to a user's signed in Apple ID Checkbox.png
Clear Activation Lock Disable activation lock on the device Checkbox.png
Clear Restrictions Passcode Remove passcode protecting device restrictions in settings Checkbox.png
Enable Bluetooth Turn on the Bluetooth radio Checkbox.png
Enable Lost Mode Turn on Lost Mode Checkbox.png
  • Was this article helpful?