Skip to main content
Cisco Meraki Documentation

Systems Manager Security Standards Update

  1. Last updated
  2. Save as PDF

Overview

Meraki is in the process of upgrading its backend infrastructure to the latest security standards. This upgrade includes changes to how enrolled Systems Manager clients communicate with the Meraki dashboard. Devices running a deprecated version of the SM agent on macOS and Windows machines need to be updated to a later version in order to continue normal communications with dashboard. Devices will not be unenrolled if action is not taken, but remote management may be lost if devices lose dashboard connectivity.

 

The full upgrade to Meraki’s backend is expected to be completed by end of day Pacific Time June 27th, 2018.

 

We have automatically updated the vast majority of devices in this affected scope, without any end user impact. However, there remain some devices that, despite numerous attempts, cannot be updated remotely due to misconfigured firewall rules, offline devices, or otherwise unresponsive clients. These devices will require Dashboard admins to update the Systems Manager Android app or Mac/Windows agent.

Actions Needed

If we detected devices that require manual intervention to update the SM agent, you should see a dashboard banner or email notifying organization-write level admins. Please review the following steps for instructions on detection and next steps for devices that require app or agent updates.

Android 4 Devices

Only devices on both Android 4 and with an SM app version below 3.5.2 will require updates. Devices on Android 5+ and enrolled via Knox or Android Enterprise are not affected.

 

One way to quickly check which devices are affected is to navigate to Systems Manager > Manage > Apps, and select the Android SM app from the list. At the bottom of the page, a Status table can be customized to include Platform for the Android OS build, and Version to indicate app version. In the below screenshot, none of the devices are affected, as those that are below app version 3.5.2 are at least Android 6 or above.

 

If your network has devices that are on Android 4 and below version 3.5.2, you will need to deploy the latest version of the app. This can be done through the Apps page, or, in the case where the device is no longer communicating with Dashboard, through the Play Store on the device. If possible, we recommend upgrading the OS of the device, as Google plans to end support for Android 4 management in 2019 with the release of Android Q. More info will be provided on this in an upcoming notice.

 

1.png

 

Mac and Windows Devices

You can check if any of your Mac or Windows devices are affected by adding the Agent up-to-date? column to the Systems Manager > Monitor > Devices page. Devices that are labeled with No need to be updated to re-establish dashboard connectivity.

Note that devices enrolled with both the agent and MDM profile may be able to continue checking in via MDM profile, but agent features will not function until updated.

2.png

For Mac devices that have an MDM profile installed, consider using the Apps page to distribute the latest version of the SM agent in bulk, as described here. This option is not available on Legacy accounts.

 

Windows devices can have the agent deployed in bulk via GPO.


Otherwise, download the agent installer from Systems Manager > Manage > Add devices to obtain the latest version, selecting for Mac or Windows, and run the installer on the device.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
    Stage
    Final
  2. Tags
    1. Security
    2. SM
    3. systems manager
    4. tls