Home > Enterprise Mobility Management > Profiles and Settings > Configuration Settings

Configuration Settings

The Systems manager > MDM > Settings page allows you to configure the specific settings associated with a particular configuration profile. These settings and profiles can be used to ensure iOS and Android devices meet your business requirements.


This option is used to set various restrictions for iOS and Android devices. Setting restrictions will allow you to control the way your end users interact with a managed device. A commonly used feature is setting content ratings. For example, if you are deploying iPads to students in a school, you can set a specific level of content or you can restrict movies, TV shows, and apps all together to conserve bandwidth.

Note: Although you cannot currently set a restriction password via dashboard, once restrictions are set, they cannot be removed. The only customization available for end users is to further restrict access to themselves.


This option is used to require a passcode to unlock an iOS or Android device managed by a pre-determined profile. Various passcode options can be set (e.g. passcode type, strength, when to lock the device).

Note: This is not an option to set a restriction password, which can be set locally on your iOS device under Settings > General > Restrictions. Please see the note in the Restrictions section for more details.


WiFi settings can be used to push out a wireless profile to your managed devices. Some example use cases for this feature are:

  • Providing an Internet connection for your devices, but do not want to explicitly provide the SSID name or credentials to the end user
  • Pushing out WPA2-Enterprise WiFI profiles with 802.1X authentication (EAP-MSCHAPv2, EAP-TLS, etc.) This can be further configured with "Trusted Certificates" that you upload, utilizing the "Credentials" feature described below


You can push out a client-to-gateway VPN solution here for your iOS and Android devices using L2TP/IPSec. This is a great way to push out pre-configured VPN settings to allow end users to tunnel back to a secured LAN.

Web Clips

Web clips are shortcuts to web URLs (very much like browser bookmarks) that you can push out to your iOS devices for an easy way to access commonly-visited websites. Please be sure that the icon you upload is less than 144 x 144 pixels and in .png format.


This tool is used to push X.509 (.cer, .p12) certificates to devices. These certificates can be generated by a 3rd party certificate authority or by a locally hosted certificate authority. A good use case for this feature is to push a verified certificate to an iOS device to wirelessly authenticate via 802.1X.

These will automatically populate under the "Trust" feature in a WPA2-Enterprise WiFi profile under the "WiFi" tab.


Backpack is a feature used to securely deliver content to managed devices. Administrators have the option to keep the content updated in accordance to the source host's version of the content.


Geofencing allows you to define a geographical area that you would like your devices to stay within. You are able to view a devices geofencing status on the Network-wide > Monitor > Clients page. You can also configure alerts to be notified by e-mail if a device has been outside of the geofenced area for a specified amount of time.

You must to post a comment.
Last modified
12:59, 15 Feb 2017


This page has no custom tags.


This page has no classifications.

Article ID

ID: 4279

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case