Home > General Administration > Licensing > Systems Manager Licensing

Systems Manager Licensing

Cisco Meraki Systems Manager (SM) offers a full, Enterprise Mobility Management (EMM) solution, which includes Mobile Device Management (MDM), Mobile Application Management (MAM), Mobile Content Management (MCM), and Mobile Identity (MI).

24/7 phone support for SM networks is included with Systems Manager licensing.

This article outlines how SM licensing works, how older (legacy) SM networks work, and how to upgrade older networks to the current licensing model.

Systems Manager Licensing

All new SM accounts are full-featured and require licensing. For more info on how legacy (prior to 3/12/2015) SM networks operate, please refer to the Legacy SM Accounts section of this article.

SM Without Licensing

SM without licensing includes Systems Manager legacy and the SM Free 100 program. Systems Manager legacy networks don't have all the new features (since 3/12/2015). Legacy SM networks are not eligible for phone support, with the following additional notes:

  • Unlicensed SM users who own Cisco Meraki networking equipment are eligible for complementary email support.
  • For unlicensed SM users with no other Cisco Meraki equipment, our documentation and SM forum are available for troubleshooting help.

For Systems Manager legacy and SM Free 100, licenses can be purchased on a per-device basis. For example, to manage 150 devices in SM, a license for 150+ devices would need to be applied to the account.

SM With Licensing

SM licensing operates on the same co-termination model as other Cisco Meraki products, so it is subject to the same best practices and limitations. Please refer to our documentation for more info on our licensing model.

To obtain a quote and/or purchase licensing, please contact a Meraki representative for more info.

Exceeding SM Licenses

If the number of enrolled devices is equal to the licensed limit, no additional devices can be enrolled in the network until additional licensing is added or an existing device is unenrolled.

If you have no available SM licenses or your account is out of licensing compliance, you may see a login prompt when attempting to enroll an additional client device. It will not be possible to sign in through this prompt, as the device can only be enrolled once licensing is available and in compliance.

Legacy SM Accounts

Prior to 3/12/2015, Systems Manager was available as a free version in addition to licensed SM. These legacy SM networks can be used to manage any number of devices without licensing, but with a limited feature-set and no support. Licensed SM has always offered 24/7 support and the complete SM feature set.

A Legacy account on a Systems Manager Trial will revert to Legacy after the trial expires. Upgrading from Legacy to Enterprise, however, is a non-reversible process. 

Upgrading from Legacy SM

Legacy SM users have the option to seamlessly upgrade their account to the new SM model - no re-enrollment required. 

Upgrade from legacy SM with a cloud license unlocks the full feature-set (including features gated behind licensing) along with a phone support contract. Features include the following and future feature releases:

  • Android for Work

    • Flexible Android enrollment methods: institution-owned device owner or BYOD work profile modes

    • Silent app installs, managed Play Store, additional restrictions

    • COSU (Corporate-Owned Single Use) - multi-app kiosk mode

    • Device owner mode for increased device visibility and control

  • OAuth

    • Google authentication

    • Azure authentication

    • 3rd-party authentication - OpenID Connect

  • Cellular data management

    • Generate global and individual reports for cellular data usage

    • Monthly counter and plan start date for tracking usage by plan

    • Security policies to specify single or multiple data limit thresholds

    • Use policies to take action on devices going over their data limit

    • Restrict changes to cellular data usage for apps

    • Toggle data roaming and personal hotspot

  • Teacher's Assistant

    • Teacher portal using limited access roles

      • e.g. Teachers only see their classroom iPads and only during specific times

    • Lock devices into single app mode - All together now

    • Configurable time schedules

    • Show and tell - push an iOS device to an Apple TV - AirPlay

    • You will need this - push files to students using Backpack

  • Software installer

    • Upload files up to 3GBs to the Meraki cloud and distribute them to all your devices

      • for Enterprise iOS, Mac OS X, and Windows packages

    • Add custom scripts and expressions to software pushed to your devices

      • e.g. after installation run a script that consumes a license for Microsoft Office

  • Increased data security and connectivity

    • Per-App and Always-on VPN

      • AnyConnect certificate-based VPN

      • IKEv2 certificate-based VPN

  • Managed app configuration

    • ​​​​​​Configure apps on managed devices

    • Lookup supported configuration settings on Android devices

  • Dynamic tags

    • Install a lockdown profile based on device identity (e.g. security posture, app blacklist)

    • Install and remediate profiles based on device geolocation

    • Scope apps and profiles based on device owner, Apple Classroom, or AD group tags

  • Systems Manager API

    • Access Systems Manager device information

    • Trigger tagging and configuration updates

    • Remove and wipe devices

  • iOS 9 functionality

    • Install available OS updates

    • Keep device name up-to-date (found in supervised restrictions)

    • VPP device assignment - no longer need Apple IDs

    • Manage unmanaged apps

    • Lock the app store, but keep installing apps from Systems Manager

    • Added restrictions (e.g. Lock wallpaper and device name)

    • Managed Domains

  • iOS 9.3 functionality

    • Home Screen Layout

    • Safari autofill domains 

    • Lost Mode

    • Notification settings

    • Education Classroom app

    • Show/hide apps

    • Added restrictions (e.g. allowing changes to notifications, allowing Apple Music)

  • Systems Manager Sentry

  • Enrollment and user authentication

    • Directory group integration with LDAP search including Active Directory and Open Directory

    • Automatic integration with groups for automated device customization per user

    • Multi-user authentication - dynamically change device software and settings based on user

  • Samsung Knox integration

    • Kiosk mode

    • Added email support

    • Application whitelists and blacklists

    • Block application installations based on device permissions

  • Dynamic device provisioning

    • Dynamically add and remove applications and software based on device identity and/or user

  • Limited access roles

    • Create granular, custom roles using tags

      • e.g. Teachers only see their classroom iPads and only during specific times

      • e.g. Asset management team only sees company assets and not BYOD

  • Certificate management

    • Sign the SCEP certificate used for your mobile deployment

    • Automatically create and distribute unique certificates for Wi-Fi settings

  • Mobile data security and containerization

    • Open-in management and Containerization

    • Android for Work (Android Enterprise) - Work Profile

  • Cisco Identity Services Engine (ISE) integration

    • Network policy management on Cisco Meraki and Cisco on premise hardware

  • Extended device support

    • Windows Phone 8.1

    • Windows 10 MDM Profiles (e.g. Wi-Fi Provisioning)

To upgrade from legacy SM please contact Cisco Meraki, so we can connect you with your dedicated representative.

You must to post a comment.
Last modified
09:16, 24 May 2017


This page has no custom tags.


This page has no classifications.

Article ID

ID: 1802

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case