If a managed device goes missing or is potentially stolen, various types of commands and data from Systems Manager can be used by administrators to help locate the device. Additionally, if a device is lost and sensitive data on the device needs to be erased, Systems Manager can be used to remotely wipe the device of all its data.
To locate a missing client, it is imperative that the device be tagged appropriately to distinguish it as a missing device. A Connectivity alert can then be configured to allow administrators to be notified when a missing device comes online with the Meraki Cloud Controller. When online, various information will be refreshed to provide administrators with the most up-to-date information regarding the missing device states.
- Tag devices (optional)
- Configure connectivity alerts for tagged devices
- Gather information from a device’s Client details page
- Erase data from mobile clients (optional)
Tag devices (optional)
Tag client devices with a new tag or use an existing tag to configure connectivity alerts in the next step. For information on how to associate tags to devices please follow the instructions in step 1 here.
Configure connectivity alerts for tagged devices
Note: Devices for which connectivity alerts are configured have to be online first before they are applied.
Note: Should third party investigators require access to Dashboard data in read only mode, instructions for configuring network admins with read only access can be found here.
- Navigate to Configure > Alerts
- Under Connectivity alerts, place a check mark next to 'A client with <select a tag> tag goes offline for <select number of minutes > minutes'
- Set Delivery settings to one of the following options:
- Network owner – A network admin with an Owner privilege.
- All network admins – Network admin users configured from the Configure > Network administration > Network admins heading.
- Other email addresses – Any valid email addresses. This is a good option for configuring delivery options for external users interested in monitoring connectivity alerts.
After saving changes, if devices associated to the tag selected in step 2.3 are offline for the selected number of minutes, an email will be sent to the user group selected in 2.4. A subsequent email will also be sent when these devices come online.
Gather information from Client details
Select a device to investigate from Monitor > Clients.
For the duration of the recovery effort, administrators can find the following list of data and commands from the Client details page useful:
Information across all platforms
- Serial number: Since this unique identifier cannot be altered, it can be used to physically identify the missing device, if found.
- Online status bar: Displays device's connectivity to the Systems Manager in the last 24 hours. This component can be used to monitor the frequency and duration of when the device is active with an internet connection.
- Public IP address: The public IP address can be useful if the Internet Service Provider (ISP) is able to provide information to what customer account the IP address is registered to. Please contact the ISP for more information.
- Approximate location: Displays a device’s approximated location. For more information about the four methods used to approximate the location of a managed device click here.
- Last online: Displays a timestamp of the device's last check-in with Systems Manager. If the Last online status is now, the device is connected to Systems Manager and will respond to events from Dashboard.
Windows and Mac-specific information
- Connection log – Lists a device's association to SSIDs over time. The connection log helps administrators to understand when a device was associated or disassociated to particular SSIDs. Since SSIDs are commonly named after business locations, this information may help to identify the location that the device currently resides in.
- Live tools :: Screenshot – Captures a screenshot of a device's computer desktop. This feature is useful because end users might leave clues about their identities in open programs.
Devices require the presence of either the Cisco Meraki Systems Manager app for iOS or Android to use commands below. For more information about installing the Cisco Meraki SM iOS App please click here.
- Mobile security tools: The device can be remotely locked or erased - iOS devices that are supervised can also be placed in lost mode.
- GPS location - Requests a location update using a device's GPS hardware. When executed successfully this command will provide a more accurate location resolution for the Approximate location component. Network administrators can prompt the device user to launch the app. The message can be customized to encourage the device user to accept the notification prompt. Doing so will launch the app and allow for the device to update information to Dashboard.
- Send Notification – Sends a notification to a device. This command can be used to send a targeted message to an end-user to call a phone number so that the device can be returned out of good faith.
- Last reported SSID connection for mobile devices is displayed on the Monitor > Clients page. The app must be running in order to fetch its details. Since SSIDs are commonly named after business locations, this information may help to identify the location that the device currently resides in.
- Beacon - Sounds an alarm on the device for the duration specified. Android only.
Erase data from mobile clients (optional)
When all options are exhausted, administrators can select to wipe missing mobile devices of their content and settings.
- Mobile Security : Erase device - Wipes a device of it's content and settings. For this command to issue correctly, the device has to be unlocked and checked-in with Systems Manager. Once wiped, the device will no longer be managed by Systems Manager.
Systems Manager provides administrators with a plethora of data and commands to potentially locate devices should they go missing. This data can be used in criminal investigations as well. Screenshots of various device states can be stored and later used as evidence.