This article answers some frequently asked questions regarding Meraki Systems Manager.
Systems Manager supports a variety of Android, Apple iOS, macOS, and Windows platforms. Some features are OS-dependent.
No, there is no limit to the number of devices you can manage with Systems Manager!
Clients using Meraki Systems Manager initiate outbound management connections to the Meraki cloud.
The list of IP addresses, ports, and protocols for which you need to allow outbound access for Meraki cloud communication varies by customer and can be viewed here:
The 'Meraki Management' profile contains mobile device management settings for devices. Vendors (like Apple, Google, and Microsoft) do not allow profiles that contain these settings to be non removable by default. All other profiles pushed through Systems Manager can be password protected. However, if the user removes the 'Meraki Management' profile, all profiles (and, potentially, apps) pushed through Systems Manager will be deleted as well.
Systems Manager makes a best effort to estimate a device's location. Occasionally this estimate is inaccurate. We use these four methods to locate a device, in order of decreasing accuracy:
Yes. However, you must install the SM app.
Yes. You can enable privacy settings for mobile devices under the MDM -> Settings page. Under the privacy tab you can disable both location tracking or SSID tracking for enrolled devices.
Yes, you can set a 'connectivity alert' from the Configure > Alerts page. When a device with the specified tag goes offline for the specified amount of time, you will receive an email alert. When the device comes back online, you will also receive an email alert.
If you are using VPP Device Assignment, then no Apple ID is required. Otherwise, an Apple ID and password are required for the app to be installed by and MDM/EMM vendor.
With iOS 6+, the device caches a users password for 15 minutes. If you install FREE apps in batches via Systems Manager with iOS 6+, you will have to enter the password once instead of doing it for every single App.
Devices running pre-iOS 6 will be required to enter a password for every app regardless of whether it is free or paid.
Yes, we support both Redemption Codes, Managed Distribution, and the Device Assignment method! If you add a non-free App, you'll see a field for you to enter VPP codes. Note, there's no way for us to verify if a code is valid or not -- make sure all codes are unused before adding to Systems Manager
Paid apps can only be reclaimed and reassigned only if it is deployed on a supervised iOS device. More details on how to do this are here: http://support.apple.com/kb/HT5188
For unsupervised devices, there is no way to remove the app in a way that allows you to reuse or reassign the redemption code. When a code is used to install an app on an unsupervised device, it is permanently consumed.
No. This is a limitation of Apple's MDM framework. However, if you're using VPP Device Assignment, you don't need to know or use Apple IDs. Check out the VPP page for more information.
Yes! This is currently available in Systems Manager. Note: this is not included in Legacy Systems Manager
Devices can be supervised in the Device Enrollment Program (DEP) or by using Apple Configurator, a macOS application. Once supervised, Apple's iOS permits additional restrictions to toggle over-the-air via Systems Manager. These 'iOS supervised restrictions' are listed under the 'iOS supervised restrictions' section on the 'Restrictions' tab of the MDM > Settings page.
On non-supervised devices, profiles will fail to deploy if, for example, Global HTTP Proxy is enabled. When the other iOS supervised restrictions are enabled (e.g., iMessage, Game Center), these restrictions will simply be ignored on a non-supervised device.
Android for Work allows for silent installation of Android apps (.apk). For more information about Android for Work, check out the article here.
Without Android for Work, when you push an app Systems Manager pushes a link of the app onto the device. The native Android framework does not allow installing the app silently.
You can install custom Android Apps that are not available in either Google Play or the Kindle Store using Systems Manager's Backpack feature or by using Android for Work with EMM integration.
For backpack, point the Backpack URL to your Android application package file (APK) and install the app on the device which will be available in the Backpack folder in the Systems Manager Android App.
Profiles and tags are very handy to configure different groups of devices and push apps to different subsets of devices.
Please reference our documentation for more info regarding profiles and tags.
First, locally uninstall the agent from the desired client.
Once the agent is removed, the client can be removed from Dashboard by checking it on the client list, and then selecting "Remove from network" from the 'Move' pull-down menu.
Remote desktop and screenshot can be disabled per network by navigating to Configure > General > Feature restrictions and disabling remote desktop, screenshot, or silent remote desktop.
Remote desktop and screenshot can also be disabled on a per client basis as follows: