General Systems Manager Configuration
The Systems manager > Configure > General page in Dashboard offers configuration options to dictate how your Systems Manager network will function. Note that if you have Cisco Meraki hardware in the same organization, some of these below settings will be found instead in Network-wide > Configure > General .
Network administration
You can assign a relevant, easy to distinguish network name for your Systems Manager network. Generally, it's good to ensure that this name includes "Systems Manager", "SystemsManager", or "SM" along with something that identifies the region or network for which the mobile devices will be associated.
You can define the users (based on e-mail address) who will be allowed to manage your Systems Manager network. There are two levels of privileges: full and read-only. Network administrators with full privileges will have read/write access to your network, whereas a read-only admin will not be able to make any modifications.
The following articles outline Dashboard administrative roles in more detail:
Network time-zone
This should be set to whichever time zone you are headquartered in. Please keep in mind that this setting is very important for accurate event logging and monitoring.
Network locations
You can define a custom location for a range of public or private IP addresses that a client device checks-in from. This setting is used to help network administrators statically assign latitude and longitude coordinates with more precision than those derived from an external location lookup of a public IP. Public IPs often map out to that network's ISP, which may not be in close proximity to the actual device.
Time-based tags
Time-based tags allow you to create dynamic tags that change based on the time and day. See this article for information.
Do Not Disturb
Do Not Disturb schedules allow you to define periods in which either Profiles, Apps, or both will delay updates until outside of the scheduled Do Not Disturb period.
Cellular data usage
Allows you to define the day your cellular data cap resets.
User authentication settings
This section allows you to configure enrollment authentication, and link any external user directory services. The multi-user authentication field allows users to switch between two user profiles within the mobile SM application, which will load a different user's set of profile settings and applications upon sign-in.
Enrollment settings
You can choose specific IP addresses which are allowed to be used to enroll into your Systems Manager network or allow enrollment from all IPs. You can also choose if devices are initially quarantined or not.
If you would like devices to automatically receive a tag when enrolling in your network, then you can add it as a default tag. Note that this feature does not affect DEP enrollments, only devices manually enrolled through m.meraki.com or Apple Configurator 2.
The Systems Manager app will allow you to enroll quickly and automatically discover Systems Manager networks if you are associated to a Meraki network, but preventing automatic network discovery will disable this feature.
Access rights
By default, Systems Manager installs a management profile onto your Apple devices during enrollment, which grants Dashboard admins full MDM functionality, such as installing apps/profiles and reading installed app lists and network information.
In some cases, such as sensitive BYOD deployments, you may want to limit the amount of visibility and control Dashboard has over devices. To override these settings, uncheck the boxes corresponding to macOS or iOS prior to enrollment into Systems Manager. Because these settings are only sent to devices during enrollment, you must re-enroll any devices already under management for changes to take effect. A device that has been enrolled with disabled access rights will list those rights in the client details page.
On the device, you can see which rights are allowed for Systems Manager by selecting the management profile, found in Settings > General > Device Management > Meraki Management > More Details > Mobile Device Management, as seen below. Notice in the below example that network info, erase device, and the other disabled rights are not listed.
Feature restrictions
The options here allow you to disable features like screenshot and silent remote desktop functionality.
Self-Service Portal settings
Self-service portal settings allow you to disable or enable Self-Service Portal access globally on your network. Specific users will still need to be enabled for access on the Systems Manager > Configure > Owners page.