Home > General Administration > Licensing > Systems Manager Licensing

Systems Manager Licensing

Cisco Meraki Systems Manager (SM) offers a full, Enterprise Mobility Management (EMM) solution, which includes Mobile Device Management (MDM), Mobile Application Management (MAM), Mobile Content Management (MCM), and Mobile Identity (MI).

24/7 phone support for SM networks is included with Systems Manager licensing.

This article outlines how SM licensing works, how older (legacy) SM networks work, and how to upgrade older networks to the current licensing model.

Systems Manager Licensing

All new SM accounts are full-featured and require licensing. For more info on how legacy (prior to 3/12/2015) SM networks operate, please refer to the Legacy SM Accounts section of this article.

SM Without Licensing

SM without licensing includes Systems Manager Legacy and the SM Free 100 program. Systems Manager Legacy networks have not received any new features since 3/12/2015. Legacy SM networks are not eligible for phone support, with the following additional notes:

  • Unlicensed SM users who own Cisco Meraki networking equipment are eligible for complementary email support.
  • For unlicensed SM users with no other Cisco Meraki equipment, our documentation and SM forum are available for troubleshooting help.

For Systems Manager Legacy and SM Free 100, licenses can be purchased on a per-device basis. For example, to manage 150 devices in SM, a license for 150+ devices would need to be applied to the account.

SM With Licensing

SM licensing operates on the same co-termination model as other Cisco Meraki products, so it is subject to the same best practices and limitations. Please refer to our documentation for more info on our licensing model.

To obtain a quote and/or purchase licensing, please contact a Meraki representative for more info.

Exceeding SM Licenses

If the number of enrolled devices is equal to the licensed limit, no additional devices can be enrolled in the network until additional licensing is added or an existing device is unenrolled.

If you have no available SM licenses or your account is out of licensing compliance, you may see a login prompt when attempting to enroll an additional client device. It will not be possible to sign in through this prompt, as the device can only be enrolled once licensing is available and in compliance.

Legacy SM Accounts

Prior to 3/12/2015, Systems Manager was available as a free version in addition to licensed SM. These legacy SM networks can be used to manage any number of devices without licensing, but with a limited feature-set and no support. Licensed SM has always offered 24/7 support and the complete SM feature set.

A Legacy account on a Systems Manager Trial will revert to Legacy after the trial expires. Upgrading from Legacy to Enterprise, however, is a non-reversible process. 

Upgrading from Legacy SM

Legacy SM users have the option to seamlessly upgrade their account to the new SM model - no re-enrollment required. 

Upgrade from legacy SM with a cloud license unlocks the full feature-set (including features gated behind licensing) along with 24/7 phone and email support. Features include the following and future releases:

All Platforms

  • Software installer

    • Upload files up to 3GBs to the Meraki cloud and distribute them to all your devices

      • for Enterprise iOS, macOS and Windows packages

    • Add custom scripts and expressions to software pushed to your devices

      • e.g. after installation run a script that consumes a license for Microsoft Office

  • Security policies

    • Audit all devices for:
      • Blacklisted apps

      • Mandatory running apps

      • Minimum OS versions

      • Cellular data monthly usage

        • Security policies to specify single or multiple data limit thresholds

        • Use policies to take action on devices going over their data limit

        • Restrict changes to data roaming, personal hotspot, and data usage for apps 

  • Dynamic device provisioning

    • Enable or revoke access to the network, email, or apps/data based on device identity (e.g. security posture, geolocation, app blacklist, AD login, etc.)

    • Scope apps and profiles based on device owner, Apple Classroom, or AD group tags

  • Enrollment and user authentication

    • Directory group integration with LDAP search including Active Directory and Open Directory

    • Automatic integration with groups for automated device customization per user

    • Multi-user authentication - dynamically change device software and settings based on user

  • Systems Manager Sentry

  • OAuth

    • Google, Azure authentication

    • 3rd-party authentication - OpenID Connect

  • Cisco Identity Services Engine (ISE) integration

    • Network policy management on Cisco Meraki and Cisco on premise hardware

  • Systems Manager API

    • Access Systems Manager device information

    • Trigger tagging and configuration updates

    • Remove and wipe devices

  • Limited access roles

    • Create granular, custom roles using tags

      • e.g. Teachers only see their classroom iPads and only during specific times

      • e.g. Asset management team only sees company assets and not BYOD

  • Teacher's Assistant

    • Teacher portal using limited access roles

      • e.g. Teachers only see their classroom iPads and only during specific times

    • Lock devices into single app mode

    • Configurable time schedules

    • Show and tell - push an iOS device to an Apple TV - AirPlay

    • Push files to students using Backpack​​​​

Apple

  • Software installer

    • Upload files up to 3GBs to the Meraki cloud and distribute them to all your devices

      • For macOS software, custom enterprise iOS apps

      • Add custom scripts and expressions to software pushed to your devices

  • iOS 10.3 functionality

    • Lost mode sound alerts

    • WiFi/SSID whitelisting, additional restrictions

  • Per-App and Always-on VPN

    • AnyConnect certificate-based VPN
    • IKEv2 certificate-based VPN
    • Launch VPN connection automatically for specific apps, or domains
  • Managed app configuration

    • Pre-​​​configure app settings on managed devices

  • Apple School Manager integration

    • Configure Classroom app across devices

    • Import and tag based on ASM classrooms and subjects

  • iOS 9.3 functionality

    • Home Screen Layout

    • Safari autofill domains 

    • Lost Mode

    • Notification settings

    • Education Classroom app

    • Show/hide apps

    • Added restrictions (e.g. allowing changes to notifications, allowing Apple Music)

  • iOS 9 functionality

    • Install available OS updates

    • Keep device name up-to-date (found in supervised restrictions)

    • VPP device assignment - no longer need Apple IDs

    • Manage unmanaged apps

    • Lock the app store, but keep installing apps from Systems Manager

    • Added restrictions (e.g. Lock wallpaper and device name)

    • Managed Domains

Android

  • Android for Work (Android Enterprise)

    • Flexible Android enrollment: institution-owned device owner mode or BYOD work profile modes

    • Silent app installs, managed Play Store, allow only whitelisted apps

    • COSU (Corporate-Owned Single Use) - multi-app kiosk mode

    • Encrypted, native mobile data work profile container

    • Block ADB, factory reset, additional restrictions

  • Managed app configuration

    • Pre-​​​configure app settings on managed devices
    • Lookup supported configuration settings on Android devices

  • Samsung Knox integration

    • Kiosk mode

    • ActiveSync email support

    • Application whitelists and blacklists, device permissions

  • Containerized email configuration

Windows

  • Software installer

    • Upload files up to 3GBs to the Meraki cloud and distribute them to all your devices

      • for .msi and .exe Windows packages

    • Add custom scripts and expressions to software pushed to your devices

      • e.g. after installation run a script that consumes a license for Microsoft Office

  • Extended device support

    • Windows Phone 8.1

    • Windows 10 MDM Profiles

      • ​​​​​​​Wireless SSID configuration

      • Certificate provisioning

      • Passcode enforcement

  • ​​​​​​​​​​​​​​Security policies

    • ​​​​​​​Remediate vulnerable devices (e.g. unpatched machines susceptible to WannaCry)

    • Detect if security software is running, enforce minimum OS versions

    • Use Sentry Policies to inform actions at the network level

  • Remote wipe on Windows 10

  • Certificate management

    • Sign the SCEP certificate used for your mobile deployment

    • Automatically create and distribute unique certificates for Wi-Fi settings

To upgrade from legacy SM please contact Cisco Meraki, so we can connect you with your dedicated representative.

You must to post a comment.
Last modified
08:18, 21 Jul 2017

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 1802

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case