Systems Manager is Cisco Meraki's Enterprise Mobility Management (EMM) solution, which includes technologies covering Mobile Device Management (MDM), Mobile Application Management (MAM), Mobile Content Management (MCM), and Mobile Identity Management (MIM).
To see a high-level overview of features available, check the official Systems Manager datasheet.
Creating an EMM Network
Before you can begin, be sure to sign up for a Dashboard account, or login to your existing account. Once you're signed in, navigate on the lefthand bar to Organization > Configure > Create network to create an EMM network. You can enroll all devices into a single network, or use multiple networks to organize your devices more granularly. If you have multiple EMM networks within your organization, you can easily move devices between them without needing to re-enroll them.
Planning your Deployment
One of the biggest advantages of Systems Manager is the ability to enroll, manage, and monitor so many different device types. Since each operating system has a unique MDM feature set, it's important to review the relevant documentation below for the device types you plan to manage. It is recommended to use a shared or organization-owned Apple ID to set up these services, instead of a personal Apple ID, because others may need to access the account to renew these services in the future.
iOS, iPadOS macOS, and tvOS - Required
Apple Push Notification Service (APNS): Systems Manager uses APNS to communicate between Apple, Cisco Meraki, and your enrolled Apple devices. This makes an APNS token required to enroll & manage Apple devices.
iOS, iPadOS, macOS, and tvOS - Optional
Device supervision: Supervising your Apple devices is typically recommended if they are organization-owned, or if you want to enable Systems Manager to control additional configurations. Note that supervision requires either setting up new devices, or factory resetting existing devices.
There are two options for supervision:
- Device Enrollment Program (DEP): DEP allows you to permanently manage your organization's iOS, iPadOS, macOS devices. Your devices need to qualify with Apple's program to use this method, but also grants you the most control over your devices. For example, DEP allows you to make MDM enrollment mandatory and unremovable.
- Apple Configurator 2: Use AC2 to enroll and supervise iOS or iPadOS devices manually, if your devices don't qualify for DEP.
Apple's Volume Purchase Program (VPP): VPP allows you to centrally manage and maintain ownership of a library of purchased application licenses. In conjunction with supervision, it also allows Systems Manager to push apps silently (without user interaction) to iOS, iPadOS, macOS, or tvOS devices.
Apple School Manager (ASM): For education deployments, ASM allows you to create managed Apple IDs and utilize the Apple Classroom app for controlling student devices. It also supports Shared iPad mode, in the case where multiple students are using a device.
Windows and macOS agent:
The Meraki agent is a program that enables additional features on Windows desktops and Macs. For example, the agent allows your Dashboard administrators to use the software installer and remote desktop with enrolled clients. Windows 10 and macOS can be enrolled with both the agent and MDM management profile, so it is recommended to enroll with both for full functionality with Systems Manager.
More info can be found in the Agent vs Profile article.
Dashboard will step you through the enrollment process in the Systems Manager > Manage > Add devices page. Additional information can be found in the device enrollment guide.
Systems Manager Concepts
There are a few core concepts to understand when managing devices through Systems Manager. Our documentation page covers each of these in a separate section.
Tags are a fundamental concept in Meraki Systems Manager. Tags connect devices, profiles, and apps together, and allow you to install different apps and settings to specific devices. For more information, review how to use tags in Systems Manager.
iOS, iPadOS, macOS and tvOS : Systems Manager integrates directly with the both the public and enterprise app stores, and also supports deploying custom .ipa files. To silently install apps without Apple IDs or user prompting, please review how to use Systems Manager with Apple's Volume Purchase Program (VPP).
Android: SM can be used to deploy Google Play apps or custom .apk files. Organizations using Android Enterprise can create 'Managed' Play Stores that only will only display applications you approve. See this article for more info.
Windows and macOS: Systems Manager can install .msi, .exe, .pkg, .app, and .dmg files. To find information on how to install software on Windows and Macs, see this article. Additionally for macOS: VPP can be used to license apps directly to an end user's Apple ID. This will allows end users to see the apps as "Purchased" in the Mac App Store.
After a device has its Meraki Management enrollment profile, additional configuration profiles can be installed via Systems Manager. These profiles contain settings that configure things like WiFi access, VPN access, device restrictions, app homescreen layouts, email ActiveSync settings, and much more on your devices! Profiles allow you to easily customize and secure your enrolled devices For more information, review how to use profiles in Meraki Systems Manager.
Using geofencing or security policies allows you to constantly monitor your devices for a myriad of compliance checks like device location, root/jailbreak status, cellular data limits, and application blacklists. They can be used to instantly alert you of violations, and automatically add or remove apps and profiles based on that status. For example, removing secure email credentials and wireless settings if a user installs torrenting software.
Systems Manager Licensing
Systems Manager licensing status can be viewed in Organization > License Info. For additional information on Systems Manager Licensing, click here. To get started on an instant 30-day trial visit https://meraki.cisco.com/sm.