Skip to main content
Cisco Meraki

Windows Enrollment

  1. Last updated
  2. Save as PDF

On-device Enrollment  

If you have a Dashboard account set up with an EMM network, you can find instructions under Systems Manager > Manage > Add devices, or follow along the steps below.

Note that there are two methods for Windows installation: Agent or Profile. Either one can be used for enrollment, but since each enables a different subset of features, both should be utilized when possible to access all available MDM features.

Profile installation is only supported on Windows 10 or Windows 11 with non-Legacy Systems Manager accounts. Older Windows desktop versions, and Legacy customers will need to use the agent installation.

Agent Installation 

It is important to note that for agent versions up to v3.0.3, the agent installer package is network specific, meaning you must use an install package downloaded directly from the Systems Manager network from which you wish to manage your clients. Agent versions starting with v3.1 and up are network-agnostic.

In addition, Systems Manager software must be installed with local administrator privileges as applicable by the device type.

Download the Agent Installer

  • In Dashboard, navigate to Systems Manager > Manage > Add devices > Windows. Click the Download button. MerakiPCCAgent.msi should begin downloading.
  • The installer can also be reached by navigating to enroll.meraki.com, entering the 10-digit network ID found in Dashboard, and downloading the agent there.
  • Note that this installer will enroll devices into the Systems Manager network it was downloaded from.

Screen Shot 2017-10-19 at 4.10.27 PM.png2017-10-19 16_12_08-Microsoft Edge.png

Run the Agent Installer

Version 1.0 - 3.0.3
  • After the installer finishes downloading, double-click MerakiPCCAgent.msi and click Run when prompted.
  • Accept the Licensing Agreement and click Install.
  • Once the Systems Manager Agent has finished installing, your Windows device will show up under Monitor > Clients in Dashboard as soon as it has an Internet connection.
Version 3.1.0+
  • After the installer finishes downloading, double-click SMAgent-x.x.x.msi and click Run when prompted.
  • Accept the Licensing Agreement and click Next.
    226AD703-D2EB-4C60-BC3E-1B7D8E816A8F.jpeg
  • Enter the Network ID or Network Enrollment String at the prompt then click Next
    9DEE7512-97D1-4A03-813F-99ED433942CF.jpeg
  • Confirm the desired enrollment network name appears and then click Next
    531929E5-0D49-48C3-AC57-5A5FE1230678.jpeg
  • Click Install
    C3B8874F-7722-465C-8DCC-B4DB56149595.jpeg
  • Once the Systems Manager Agent has finished installing, your Windows device will show up under Monitor > Clients in Dashboard as soon as it has an Internet connection.
Command Line Options

The agent can be installed via command line to support use cases where scripting for mass deployment and/or silent installation are required.  To install the agent silently via command line run the following commands

Version 1.0 - 3.0.3

msiexec.exe /q /i <Path to agent installer msi>
    ex. msiexec.exe /q /i c:\temp\MerakiPCCAgent.msi

Version 3.1.0+ 

msiexec.exe /q /i <Path to agent installer msi> ENROLLMENT_CODE=<network enrollment code or enrollment string>
    ex. msiexec.exe /q /i c:\temp\SMAgent-x.x.x.msi ENROLLMENT_CODE=123-45-6789
    ex. msiexec.exe /q /i c:\temp\SMAgent-x.x.x.msi ENROLLMENT_CODE=smnetworkenrollmentstring

You can also use methods like Systems Manager Sentry or Active Directory Group Policy Objects to install the agent en masse. 

Version 3.5.X+

Version 3.5.X+ of the Windows Agent now supports Meraki Authentication and Active Directory authentication methods, allowing you to silently enroll the agent when using certain authentication methods:

msiexec.exe /q /i <Path to  installer msi> ENROLLMENT_CODE=<network enrollment code / enrollment string> EMAIL=<email> PASSWORD=<password>

ENROLLMENT_CODE The numeric enrollment code or ENROLLMENT_STRING found under Systems Manager > Add Devices
EMAIL

Specifies the user to authenticate. This is the user/owner's email address.

For Active Directory, depending on the LDAP configuration on Systems Manager > General this it may only be the email name preceding the @
PASSWORD The password for the specified user

Other SM Authentication methods such as Azure AD, Google, OpenID and SAML do not currently support silent installation.

Troubleshooting Agent Installer

If the installer finishes with an error such as "Meraki Systems Manager Agent Setup Wizard ended prematurely" make sure that the .msi was attempted to be run as Administrator. Right click on the agent .msi and run as Administrator. To install the SM Agent, administrator privileges are required. 

 Screen Shot 2021-08-06 at 11.31.29 AM.png

Agent Installer Log

To generate a SM agent installer .log (for additional debugging) run it with the /l*v install.log command added to the msiexec argument, like this: 

msiexec /quiet /i SMAgent-3.1.0.msi /l*v install.log ENROLLMENT_CODE=<your SM network enrollment code or enrollment string>

Profile Installation 

Systems Manager can only push user-level settings (e.g. a payload with restrictions, wifi) to the device if the MDM-enrolled user is currently logged into the device. Other agent based features which do not change user-level settings (such as agent live tools) should work no matter which user is logged in. For more information on the differences between Windows agent and profile enrollment features, refer to the Systems Manager Agent and MDM Profile Enrollment document.

Profile installation requires administrator privilege. 

Open Work Access Settings

  • Navigate to Systems Manager > Manage > Add devices > Windows
  • Option 1: From the device, you wish to enroll, navigate to enroll.meraki.com, and enter the 10-digit network id found in Dashboard.Click the 'Open workplace settings' link to open the Work Access settings page. The agent can be downloaded from this page as well.
  • Option 2: In Windows settings, navigate to 'Settings > Accounts > Access work or school.' You can also search 'Connect to work or school' in your Windows menu to find the below page.
  • On native Windows 10, click 'Enroll only in device management'

 

2017-10-19 16_12_08-Microsoft Edge.png

Capture.png

 

  • Enter an email address and click Next.

Note: Any email can be entered here, as it is not used to authenticate the enrollment. If your organization has InTune bundled in with your Office365 or Azure instance, do not enter a domain-joined email, as it will begin enrollment into InTune instead of prompting for your server information to complete the following steps.

Screen Shot 2017-10-19 at 4.40.42 PM.png

  • In the Server box, enter your server URL (check your browser URL while signed into Dashboard, e.g. n155.meraki.com), and click Connect or Continue.

2017-10-19 16_24_51-Microsoft account.png

  • Enter your network ID, where XXX-XXX-XXXX is the network-specific ID.
  • Click register. You should see a message that the device is 'Connected to Systems Manager' as below. The device will automatically synchronize with the Meraki Cloud and appear in the client list.

2017-10-19 16_27_00-Settings.png

Additional Enrollment Methods 

SM Sentry Enrollment SSID 

You can also use SM Sentry to force iOS, Android, Windows, and Mac devices to enroll in Systems Manager for an efficient mass deployment or BYOD. When enabled on a given SSID for a Cisco Meraki wireless AP, Sentry facilitates the secure and rapid onboarding and deployment of SM to mobile devices. For more information on Systems Manager Sentry enrollment, please visit the following page.