Home > Enterprise Mobility Management > Profiles and Settings > Configuration Settings

Configuration Settings

The Systems manager > MDM > Settings page allows you to configure the specific settings associated with a particular configuration profile. These settings and profiles can be used to ensure that your devices meet business requirements and receive the configurations your users need to work.

 

After creating a new profile, click the 'Add settings' option on the left to begin adding settings payloads to your profile. Profiles can contain multiple payloads at once, and multiple profiles can be installed on a device. Your settings and profiles should be tailored to how your device deployment and tag structure are organized. 

 

The rest of this article quickly introduces each of the major settings payload options.  

Restrictions

This option is used to set various restrictions on managed devices, which allow you to control what access and functionality your end users have. Some examples include blocking iMessage, the App Store, setting a Safari web content filter, enabling single app mode, or blacklisting/whitelisting iOS apps. Note that some of the iOS restrictions require devices to be supervised to be applied.

Privacy

Unchecking these options will prevent Systems Manager from displaying SSID or location information for clients in scope of the profile.

Passcode

This option is used to enforce passcode requirements when unlocking iOS, Mac, Windows, and Android devices. Note that each operating system may enforce each requirement differently, or only support a subset of the configurations displayed. This payload does not allow you to specify a particular password to be pushed down to devices.

If using this in conjunction with the 'Restrictions' payload for iOS, ensure that the 'Allow modification of passcode settings (iOS 9+)' option is not selected in restrictions.

AirPlay

With AirPlay configuration in Systems Manager, devices can be pre-provisioned with the connection details for AirPlay devices. This can be a great way to secure Apple TV and other AirPlay resources from unauthorized users while ensuring that presenters' devices have all the information required to connect. 

Systems Manager can also be customized to only list specific AirPlay devices, allowing for restricted general access to these resources.

ActiveSync

Allows you to push down Exchange email configurations. For more information, see the full article here.

Credentials

This tool is used to push X.509 (.cer, .p12) certificates to devices. These certificates can be generated by a 3rd party certificate authority or by a locally hosted certificate authority. A good use case for this feature is to push a verified certificate to an iOS device to wirelessly authenticate via 802.1X.

These will automatically populate under the "Trust" feature in a WPA2-Enterprise WiFi profile under the "WiFi" tab.

Web Clips

Web clips are shortcuts to web URLs (similar to browser bookmarks) that you can push out to your iOS devices for an easy way to access commonly-visited websites. Please be sure that the icon you upload is less than 144 x 144 pixels and in .png format. See the full article on web clips here.

Backpack

Backpack allows administrators to securely deliver content like student lesson plans or employee resources to managed devices. See the full article here for more info.

WiFi

WiFi settings can be used to push out a wireless profile to your managed devices. Some example use cases for this feature are:

  • Providing an Internet connection for your devices, but do not want to explicitly provide the SSID name or credentials to the end user
  • Pushing out WPA2-Enterprise WiFI profiles with 802.1X authentication (EAP-MSCHAPv2, EAP-TLS, etc.) This can be further configured with "Trusted Certificates" that you upload, utilizing the "Credentials" feature described below

VPN

You can push out a client-to-gateway VPN solution here for your iOS and Android devices using L2TP/IPSec. This is a great way to push out pre-configured VPN settings to allow end users to tunnel back to a secured LAN.

Samsung KNOX

KNOX-specific settings for Android devices enrolled through KNOX and not Android Enterprise. For information on these features, see the KNOX article. For more info on different types of Android enrollments, see the Android Enrollment article.

Wallpaper

Requires iOS supervision. This payload allows you to specify the background wallpaper and lock screen image for your supervised iOS devices. Choose images with dimensions that exactly match your devices' dimensions.

App Settings

Managed app settings allow you to preconfigure specific applications installed on your managed devices via key/value pairs. See the full article here for more info.

More Android

The Device Owner, Kiosk Mode, and System Apps payloads only affect Androids enrolled in device owner mode.

  • App Permissions: This setting allows for custom application permissions. Examples include denying an application access to the device's contacts, saved payments methods and even network access. Application permissions vary app to app and a list of relevant permissions can be found using the "Fetch permissions" button that appears once an app has been selected.
  • Device Owner: Contains additional restrictions like preventing factory reset or adding additional accounts on corporate-owned assets.
  • Kiosk Mode: Locks DO-mode devices into one or more specific applications. This can be configured with an unlock code to temporarily exit kiosk mode, or specify application upgrade windows.
  • System Apps: Allows you to block specific pre-installed apps from appearing in device owner mode. Enter in the app identifier, such as 'com.google.android.dialer' for the default Google phone app. Note that different device vendors may have proprietary app IDs. For more information, see here.

More iOS

The Education, Home screen Layout, and Notifications payloads all require iOS device supervision.

  • Education: used to configure Apple School Manager Classroom settings
  • Home screen Layout: allows you to specify how application icons will be arranged across devices. This prevents users from rearranging icons, or uninstalling apps from the homescreen. Apps can still be removed from Settings > General > Storage & iCloud Usage > Manage Storage ​​​​. Note that apps that are installed that are not explicitly placed in this payload will appear in random order behind the icons that are set.
  • Notifications: configure notification settings on a per app basis
  • Per App VPN: configure a VPN connection with AnyConnect or IKEv2. The device will only tunnel traffic when the specified applications are launched

iOS Home Screen Layout Payload

The Systems Manager Home Screen Layout payload allows the specification of how applications icons will be arranged across iOS devices. This payload prevents the end-user from rearranging icons and uninstalling applications from the home screen. For the payload there are several nuances to be aware of:

  • iOS devices will need to be supervised for the payload to function.
  • All app icons set in the payload will be deterministic in their positioning, however the remaining app icons will be randomly placed in succession on the screen page.
  • Empty folders and pages created in the payload will not appear.
  • Web clips can not be placed as part of the home screen layout.

Note: Apps can still be removed from Settings > General > Storage & iCloud Usage > Manage Storage.

Final Home Screen Layout.png

 Home Screen Page.jpeg

Creating Home Screen Layout

  1. Navigate to Systems manager > MDM > Settings.
  2. Use an existing profile, or create a new Meraki managed profile.
  3. Select + Add Settings > More iOS > Home screen layout.

Home Screen Layout Payload.png

Blank Home Screen Layout.png

Adding Applications

Applications can be added through the Add app dropdown. The dropdown will include all native applications and iOS applications from the apps page.

Home Screen Layout Application Drop Down.png

Selecting the application from the dropdown will add the application to the current page. To re-position the application or move the application to the dock hold the icon and drag to desired location. To remove the application hit the on the top right of the icon.

Adding Application.png

When adding applications from apps page, ensure they are installed on the device otherwise layout may not appear as configured.

Creating New Folders

Folders can also be created to help contain and organize applications. To create a folder, select Add folder and a folder will be added to the current page.

Note: Folders created with no applications will not appear on the screen when the payload is pushed.

Creating Folder.png

Once a folder has been created it can be selected to add applications and pages. The option to edit the folder name will also become available. Finally, to navigate between pages, select the green link to change directory, in this case Page 1.

Folder View.png

In the example below, the folder was renamed to Camera and Clock and the camera application was added.

Clock and Camera Folder.png

Folder.jpeg

Creating New Pages

Additional layout pages can also be added to the current view. Selecting Add page will add additional pages and to remove pages simply select Remove page when viewing the page. Creating a new page will allow you to add applications and folders to the new page.

Creating Page.png

The example below has a newly created page with a folder and the calculator application added.

New Page with items.png

The screen belows shows the folder we created on the new page. The calculator app does not appear (although set in our payload) because it is not installed on our actual device. 

New Page w App and Folder.jpeg

More macOS

  • Filevault: see this article for configuration details
  • System Preferences: specify which options to lock out on your devices. Note that third-party preferences could be limited by pushing a script to install a custom .plist with the software installer. For an example of how scripts can be deployed, see this article.
You must to post a comment.
Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 4279

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community