Skip to main content
Cisco Meraki Documentation

Systems Manager Glossary of Terms

  1. Last updated
  2. Save as PDF

Overview

MDM Solutions like Meraki Systems Manager use a number of various terms and acronyms which are specific to MDM or have yet to be truly standardized across the industry.  As such, these terms may have ambiguous meanings to people who are being first introduced to MDM, or Systems Manager in particular, for the first time. 

This article is intended as a quick reference guide to what some of these terms and acronyms are and their uses.

Glossary

ABM - Apple Business Manager.  Apple’s portal for managing the DEP/VPP needs of non-education organizations.  Explicitly does not include the Managed Apple ID/Classroom toolset.  

AFW - Android for Work a.k.a. Android Enterprise.  Term used as the over-all term for Android MDM. You may also hear this referred to as the “Android work profile”.

ASM - Apple School Manager.  Apple’s portal for managing the DEP/VPP needs of schools and also grants access to the Managed Apple ID suite of tools.  

Autotag - A tag which is sourced on an externality of the device, its state, or metadata about the target.  Examples: All SM Devices have a ‘type’ autotag which is defined by its core OS type (mac devices, windows devices, ios devices, android devices, chrome devices, tvos devices), and devices which have Owners inherit the owners’ tags as Owner autotags.  

BYOD Mode - Bring Your Own Device Mode, or Work Profile Mode. The default enrollment mode on Android.  This enrollment mode creates a ‘work container’ in which all MDM things will live with behaviors similar to that of a VM.  

Cisco Clarity - Clarity is the marketing term used for AMP when running on iOS devices.  

Compliance - The security posture of a device. Security policy compliance state can be used as an autotag.

DEP - Apple Device Enrollment Program.  Now part of ABM/ASM. You may hear DEP referred to as the “Automatic Device Enrollment”.  See Also: VPP, ASM, ABM

Device Owner Mode - An enhanced management mode on Android devices which enables more advanced MDM features.  Requires factory reset of target device to enable, and is designed for use only on Company Owned devices.  

EMM - Enterprise Mobility Management, another branding of MDM that basically just means “MDM”.

Limited-Access Roles - This feature allows admins limited ability to see or use live tools on end devices, with no other access available to them.  

Managed - In control of by SM. Managed apps, managed profiles, and managed devices can all be controlled by SM. 

MDM - Mobile Device Management

Owners - User objects.  Owners may have 0-to-many devices, but Devices may have only 0 or 1 Owners.  Each owner type has multiple information fields associated with it, and type is dictated by the source of the user (Active Directory, Azure AD, Google Oauth, etc)

Payload - A payload is a discrete bundle of configuration options which may be contained within Profiles

PCC - PC Controller, the former name of Systems Manager (back when it was just the desktop agents).  

Profile - A profile is a collection of configuration payloads which may be scoped to devices or users

SCEP - Simple Certificate Enrollment Protocol, the mechanism by which SM creates and deploys certificates to its end devices utilizing the Org PKI Chain.  

Scope - The target of an installation. Tags can be used to scope apps/profiles to a subset of devices. 

Sentry - Branding term for SM Cross-compatibility features with other network type(s).  As of 2019, these consist of: Sentry Splash (MR, MS), Sentry Wifi (MR), Sentry VPN (MX), Sentry Policies (MR, MX), Sentry Ethernet (MS) 

Single-App mode - Force-launches a single app on iOS devices and doesn’t allow it to be closed. Also referred to as ‘Kiosk mode’ as a more generalized term.  

SM Agent - Refers to the macOS or Windows Systems Manager Agent binary package (m_agent or Meraki PCC Agent).

SM App - Refers to the Systems Manager app (com.meraki.sm) on either Android or iOS.

SSP - The Meraki Self-Service Portal. This portal allows end-users limited access to their MDM enrolled devices, as defined by the network enrollment code entered and the username/password entered into the site. Will also be used with Trusted Access.

Supervision - An enhanced management mode on iOS devices which enables more advanced MDM features.  Requires factory reset of target device to enable, and is designed for use only on Company Owned devices.  

Tags - The system that connects devices/owners, apps, and profiles together. Tags allow installing apps and profiles on a subset of devices. 

User-Mode Enrollment - Enrollment in the iOS-equivalent of Android BYOD mode.  Carries restricted payload types and dramatically restricts the amount and type of metadata observed by the MDM server about the device.  

VPP - Apple Volume Purchase Program. Apple's portal/API which allows mass purchase, assignment, and deployment of Apps and iBooks.