What platforms does Meraki Systems Manager support?

 Systems Manager supports a variety of Android, Apple iOS, Mac OS, and Windows platforms. Some features are OS-dependent.

  • Apple iPad, iPod Touch, and iPhone (iOS 4 or higher)
  • Android (2.2 or higher): Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean
  • Mac OS X (10.5, 10.6, 10.7, 10.8)
  • Windows 7 and later, Vista, XP (Service Pack 3 or higher), Server 2008
  • Amazon Kindle Fire

Is there a limit to the number of devices I can manage with Systems Manager? 

No, there is no limit to the number of devices you can manage with Systems Manager!

What ports do I need open on my firewall to manage my devices with Systems Manager?

Clients using Meraki Systems Manager initiate outbound management connections to the Meraki cloud.

The list of IP addresses, ports, and protocols for which you need to allow outbound access for Meraki cloud communication varies by customer and can be viewed here: 

https://dashboard.meraki.com/manage/support/firewall_configuration

Why can I remove the 'Meraki Management' profile even when I set a password policy?

The 'Meraki Management' profile contains mobile device management settings for iOS devices. Apple does not allow profiles that contain these settings to be password protected. All other profiles pushed through Systems Manager can be password protected. However, if the user removes the 'Meraki Management' profile, all profiles (and, potentially, apps) pushed through Systems Manager will be deleted as well.

Why is my device's location sometimes inaccurate?

Systems Manager makes a best effort to estimate a device's location. Occasionally this estimate is inaccurate. We use these four methods to locate a device, in order of decreasing accuracy:

  • GPS location (via GPS) - this is the most accurate, but is only available for Android, and iOS (using the SM app) devices.
  • Location of Meraki products (via AP) - if your organization has other Meraki products, such as WiFi access points, we can use their location as part of the calculation.
  • BSSID geolocation (via WiFi) - location based on the BSSID (the address of the WiFi network).
  • IP geolocation (via IP) - location based on the device's most recent IP address. This is our fallback mechanism, and the one that's most likely to be inaccurate.
For more information, please consult this Knowledge Base article: http://kb.meraki.com/knowledge_base/how-systems-manager-approximates-the-location-of-a-managed-device.

Can you locate iOS devices using GPS?

Yes. However, you must install the SM app.

Can I disable location tracking for privacy reasons?

Yes. You can enable privacy settings for mobile devices under the MDM -> Settings page. Under the privacy tab you can disable both location tracking or SSID tracking for enrolled devices.

Can I be notified when a client goes offline or comes online?

Yes, you can set a 'connectivity alert' from the Configure > Alerts page. When a device with the specified tag goes offline for the specified amount of time, you will receive an email alert. When the device comes back online, you will also receive an email alert.

Does the user have to enter the Apple ID password for every app installed?

When Apps are deployed via MDM, Apple requires an Apple ID and password for the app to be installed. Apps downloaded and installed via Apple Configurator do not require entering an Apple ID and password, however, the iOS device has to be physically connected to the OS X device running Apple Configurator.

With iOS 6+, the device caches a users password for 15 minutes. If you install FREE apps in batches via Systems Manager with iOS 6+, you will have to enter the password once instead of doing it for every single App.

Paid apps redeemed via VPP still require the user to enter a password for EVERY app. Devices running pre-iOS 6 will be required to enter a password for every app regards of whether it is free or paid.

Do you support Apple's Volume Purchase Program (VPP)?

Yes, we support both Redemption Codes and the Managed Distribution method! If you add a non-free App, you'll see a field for you to enter VPP codes. Note, there's no way for us to verify if a code is valid or not -- make sure all codes are unused before adding to Systems Manager

I deployed a paid App via a VPP code; can I reclaim the App back?

Paid apps can only be reclaimed and reassigned only if it is deployed on a supervised iOS device. More details on how to do this are here: http://support.apple.com/kb/HT5188

For unsupervised devices, there is no way to remove the app in a way that allows you to reuse or reassign the redemption code. When a code is used to install an app on an unsupervised device, it is permanently consumed.

Can you push iTunes credentials so that users aren't prompted for an Apple ID?

No. This is a limitation of Apple's MDM framework.

What Apple ID should I use for my app deployment? Student or School ID?

The Apple ID you choose to deploy apps in a school environment, ultimately depends on who will own the apps - the school or the student - and how the devices are managed. Checkout our Deploying Apple iOS devices in schools guide here.

I want to upgrade to the latest iOS software - can I do that with Systems Manager?

No. This is currently a limitation of Apple's MDM framework.

What are 'iOS supervised restrictions,' and how do I enable them on my iOS device?

Supervised devices are those that are physically synced with a Mac computer, and 'supervised' via Apple Configurator, a Mac application. Once supervised via Apple Configurator, Apple's iOS permits additional restrictions to toggle over-the-air via Systems Manager. These 'iOS supervised restrictions' are listed under the 'iOS supervised restrictions' section on the 'Restrictions' tab of the MDM > Settings page.

On non-supervised devices, profiles will fail to deploy if Global HTTP Proxy is enabled. When the other iOS supervised restrictions are enabled (e.g., iMessage, Game Center), these restrictions will simply be ignored on a non-supervised device.

Why do I have to click to install apps I push to an Android device? 

Systems Manager provides integration with Google Play and Amazon Kindle store. When you push an app Systems Manager pushes a link of the app onto the device. The base Android framework does not allow installing the app silently. We're working to provide silent app installs on select Android platforms.

How do I install custom Android Apps without the Playstore?

You can install custom Android Apps that are not available in either Google Play or the Kindle Store using Systems Manager's Backpack feature. Point the Backpack URL to your Android application package file (APK) and install the app on the device which will be available in the Backpack folder in the Systems Manager Android App.

How do I use profiles and tags in my deployment for different groups of devices?

 Profiles and tags are very handy to configure different groups of devices and push apps to different subsets of devices.

Checkout our detailed page that outlines how profiles and tags work: http://docs.meraki.com/display/SM/Understanding+Tags+and+Profiles 

How do I uninstall Systems Manager from a client?

First, locally uninstall the agent from the desired client.

  • Windows - use the Add/Remove Programs control panel to uninstall the Meraki Systems Manager Agent.
  • Mac - download, unzip, and run our uninstaller.
  • iOS - open Settings, navigate to General->Profiles->Meraki Management, then tap remove.
  • Android - uninstalling is a two-step process:
    1. Open Settings > Security > Device Administrators, and select 'Meraki Systems Manager'. Touch 'Deactivate'.
    2. Open System Settings > Applications > Manage Applications. From here, navigate down and select 'Systems Manager', and touch 'Uninstall'.

Once the agent is removed, the client can be removed from Dashboard by checking it on the client list, and then selecting "Remove from network" from the 'Move' pull-down menu.

How do I prevent remote desktop or screenshot from being invoked on certain clients?

We are in the process of adding additional privacy options to Systems Manager. Until then, remote desktop and screenshot can be disabled client-side as follows:

  • Windows: download meraki_sm_privacy.reg and merge into the registry
  • Mac: download ci.conf and place in '/etc/meraki/' (create a folder called "meraki" in /etc)

How do I mass-deploy the Windows agent using an AD GPO?

You may find this KB article useful. Systems Manager Deployment - GPO

Is there any more documentation on how to get started?

Yes, please watch our getting started videos. A best practices deployment guide is coming soon!