Home > Endpoint Management > Device Enrollment > Systems Manager Agent and MDM Profile Enrollment

Systems Manager Agent and MDM Profile Enrollment

Because Systems Manager supports so many different operating systems, there are a few primary enrollment methods to add management capability to your devices. This guide will cover the two primary aspects of management, agent installs and enrollment profiles, and the features associated with each of them.

 

For detailed instructions on how to enroll a particular device type, see this article.

What are the Meraki Agent and MDM Profiles?

The MDM enrollment profile provides most of the management functionality on devices, such as restrictions or live tools like sending notifications and remote reboot commands. These profiles exist as configurations on the device's operating system, using the vendor's native APIs, and are provisioned during the enrollment process. You can see examples of where the profile can be found on each device type in this article.

Although MDM profiles are used for most platforms, desktop versions of Windows and macOS support installing an agent as well. The Meraki agent installs like an application and runs as a service in the background of your enrolled Windows/Mac machine. The agent provides additional functionality, such as custom software deployment and remote desktop. The agent and profile are not mutually exclusive, you can enroll a device using either method or with both.
 

We typically recommend enrolling with both methods for full Systems Manager functionality.

Operating System Compatibility 

 

Agent

MDM Profile

macOS

iOS

Android

Windows 10

Windows 8*

Windows 7*

Windows Phone 10

Chrome OS**

* Windows 7 and 8 natively do not support MDM enrollment profiles, and can only be managed via the SM agent. Microsoft began implementing MDM support with Windows 10.

** Chrome OS technically does not run an agent or install a profile, and connects via Google's APIs for management. See here.

How to Enroll

Enrollment instructions can be found in the Meraki Dashboard under Systems manager > MDM > Add Devices. You can also find guides on how to enroll every operating system for a detailed breakdown. 

Auto-installing the macOS Agent

The macOS agent can be pushed down as an application to Mac devices that have gone through profile enrollment. This can help streamline the enrollment process of macOS devices, ensuring that both profile and agent are installed without needing to manually run the .pkg on devices. The agent can be added Systems manager > MDM > Apps > + Add new and scoped to all devices, or via tags. Once configured, devices enrolling through DEP can automatically install the agent if within the specified scope. 

Screen Shot 2018-03-20 at 1.33.18 PM.png

Agent vs Profile Features

The agent and profile each enable different sets of features on your devices. For full functionality on Windows 10 desktops and macOS devices, we recommend enrolling through both methods whenever possible.

The key differences: software installer and remote desktop require the agent to be installed, and installing MDM profiles (wireless, VPN settings, etc.) require the management profile. See a full comparison of features, including various MDM commands below.

  Windows Profile Windows Agent

macOS or iOS 

Unsupervised  Profile

macOS (DEP) or iOS 

Supervised Profile

macOS Agent

Push MDM profiles

 

 

Lock Device

   

 

Selective Wipe

   

 

Erase Device

 

 

Fetch process list

 

   

Command line

 

   

Network stats

 

   

Screenshot

 

   

Remote Desktop

 

   

Power Control

 

   

Install Software Binaries     ✅**       ✅**

Send Notification

   

 

Install OS updates

     

 ✅*

 

Activation Lock/Bypass

     

 

* Installing OS updates on iOS requires DEP supervision specifically, and will not work with Apple Configurator supervision.

** Filetypes are OS Specific: Windows may install .exe or .msi files, macOS may install .pkg or .app encapsulated inside a .dmg image.

Checking Enrollment Status on Dashboard

For Windows desktop and macOS devices, there are a few ways to check whether a device has the management profile installed, agent installed, or both.

Client Details

After selecting a client, scroll down to the 'Online status' section. A device with the agent installed with show 'Last online' here. A device with the management profile installed will show "Last check-in'. Devices enrolled through both methods will show both lines, as in the below image.

 

You can also tell how a device was enrolled based on the MDM commands available. With just the management profile installed, you'll see:

With both the profile and agent installed, you'll see:

Clients List

On the Systems manager > Clients page, click the '+' sign at the top right, and add the 'Managed?' column to the table. Devices that are enrolled with 'Managed? No' are enrolled through the agent, and do not have a management profile installed.

Checking for Management Profile on Devices 

iOS

For iOS, the enrollment profile is stored in Settings > General > Profiles & Device Management > Meraki Management.

In addition to the Meraki Management enrollment profile, you can also add the Meraki Systems Manager app to iOS, which allows some additional features to be enabled, including Backpack, GPS tracking, Push Notifications, and much more. 

macOS

For macOS, the enrollment profile is stored in System Preferences > Profiles > Meraki Management.

Android

For Android, the enrollment profile can be viewed in the Meraki Systems Manager app on the Configuration page.

Windows 10

For Windows 10, the enrollment profile is stored in Settings > Accounts > Work Access.

Windows Phone 10

For Windows Phone 10, the enrollment profile is stored in Settings > Accounts > Work Access.


Checking for the Agent on Devices

The agent is a process that will be running in the background on macOS and Windows 7, Windows 8, and Windows 10.

To confirm that the agent is running on macOS and view the Meraki agent's log file, run the following command in Terminal:

tail -f /var/log/m_agent.log

If you see logging information being generated for today's date, your Meraki agent is currently running!

To confirm that the agent is running on Windows 10, Windows 8, or Windows 7, view the Meraki agent's log file by opening m_agent_service in this directory:

C:\Windows\Temp\m_agent_service

If you see logging information generated for today's date, your Meraki agent is currently running! 

 

For extra Windows agent running confirmation you can also find the m_agent_service running with the Task Manager:

What about Chrome OS?  

Chromebooks are enrolled through the Google Admin Console with API access enabled. If you are interested in managing your Chrome OS devices, please view our documentation on enrolling Chrome OS into Meraki Systems Manager

Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 5428

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community