Using Systems Manager to Locate a Missing or Stolen Device
If a managed device goes missing or is potentially stolen, various types of commands and data from Systems Manager can be used by administrators to help locate the device. Additionally, if a device is lost and sensitive data on the device needs to be erased, Systems Manager can be used to remotely wipe the device of all its data.
Note: For general information on how Systems Manager locates managed devices, see this article.
To locate a missing client, it is imperative that the device be tagged appropriately to distinguish it as a missing device. A Connectivity alert can then be configured to allow administrators to be notified when a missing device comes online with the Meraki Cloud Controller. When online, various information will be refreshed to provide administrators with the most up-to-date information regarding the missing device states.
- Tag devices (optional)
- Configure connectivity alerts for tagged devices
- Gather information from a device’s Client details page
- Erase data from mobile clients (optional)
For supervised iOS devices running 9.3+, use the Lost Mode feature to help track and remediate your devices. For other device types, continue with the steps outlined in this article.
Tag client devices with a new tag or use an existing tag to configure connectivity alerts in the next step. For information on how to associate tags to devices please follow the instructions in the first step here.
Configure Connectivity Alerts
Note: Setting connectivity alerts on devices requires them to check in online first before they are applied.
Note: Should third party investigators require access to Dashboard data in read only mode, instructions for configuring network admins with read only access can be found here.
- To enable connectivity alerts for your tagged devices, navigate to Configure > Alerts
- Under Connectivity alerts, place a check mark next to 'A client with <select a tag> tag goes offline for <select number of minutes > minutes'
- Set Delivery settings to one of the following options:
- Network owner – A network admin with an Owner privilege.
- All network admins – Network admin users configured from the Configure > Network administration > Network admins heading.
- Other email addresses – Any valid email addresses. This is a good option for configuring delivery options for external users interested in monitoring connectivity alerts.
After saving changes, if devices associated to the tag selected in step 2 are offline for the selected number of minutes, an email will be sent to the user group selected in 3.. A subsequent email will also be sent when these devices come online.
Gather Information from Client Details
Select a device to investigate from Monitor > Clients.
For the duration of the recovery effort, administrators can find the following list of data and commands from the Client details page useful:
All Device Types
- Serial number: Since this unique identifier cannot be altered, it can be used to physically identify the missing device, if found.
- Online status bar: Displays device's connectivity to the Systems Manager in the last 24 hours. This component can be used to monitor the frequency and duration of when the device is active with an internet connection.
- Public IP address: The public IP address can be useful if the Internet Service Provider (ISP) is able to provide information to what customer account the IP address is registered to. Please contact the ISP for more information.
- Approximate location: Displays a device’s approximated location. For more information about the four methods used to approximate the location of a managed device click here.
- Last online: Displays a timestamp of the device's last check-in with Systems Manager. If the Last online status is now, the device is connected to Systems Manager and will respond to events from Dashboard.
Windows and Mac-specific Info
- Connection log – Lists a device's association to SSIDs over time. The connection log helps administrators to understand when a device was associated or disassociated to particular SSIDs. Since SSIDs are commonly named after business locations, this information may help to identify the location that the device currently resides in.
- Live tools :: Screenshot – Captures a screenshot of a device's computer desktop. This feature is useful because end users might leave clues about their identities in open programs.
Android and iOS devices require the Systems Manager app installed to use the below commands. For more information about installing the Meraki SM iOS App please click here.
- GPS location - Requests a location update using a device's GPS hardware. When executed successfully this command will provide a more accurate location resolution for the Approximate location component. Network administrators can prompt the device user to launch the app. The message can be customized to encourage the device user to accept the notification prompt. Doing so will launch the app and allow for the device to update information to Dashboard.
- Send Notification – Sends a notification to a device. This command can be used to send a targeted message to an end-user to call a phone number so that the device can be returned out of good faith.
- Last reported SSID connection for mobile devices is displayed on the Monitor > Clients page. The app must be running in order to fetch its details. Since SSIDs are commonly named after business locations, this information may help to identify the location that the device currently resides in.
- Beacon - Sounds an alarm on the device for the duration specified. Android only.
- Lost Mode - Supervised iOS only - see here.
Erase Data (optional)
When all options are exhausted, administrators can select to wipe missing mobile devices of their content and settings.
- Selective wipe - Removes all applications and settings provisioned through Systems Manager
- Erase device - Wipes a device of all its content and settings (factory reset). This command will issue the next time the device is unlocked and checked-in with Systems Manager. Once wiped, the device will no longer be managed by Systems Manager.