Onboarding BYOD or company-owned devices into your MDM platform can be quite a challenge.  But if you’re using a Cisco Meraki wireless network, you’ve got a new and easy method to get those devices up to speed: Systems Manager Sentry. Cisco Meraki wireless access points can now check to see that devices are enrolled in Systems Manager before allowing access to an SSID and direct a user to self-enroll before accessing the network. Systems Manager is our 100% free tool for mobile device management that doesn’t require any other Cisco Meraki networking products, but if are using it along with our wireless gear, you’ll see the benefits of integration.

Without the help of Sentry, administrators would constantly be playing catchup, trying to onboard each new device walking through the door. Systems Manager Sentry can take that burden off of the shoulders of IT administrators and pass it to the end user. To gain WiFi access, end users will need to enroll their devices into Systems Manager, bringing along the access policies and network settings defined by IT, ensuring a secure and reliable network environment. To learn more about the capabilities of Systems Manager, check out the product page.

How it’s configured

Navigate to the Access Control tab of your wireless network in dashboard.  Select an SSID, and select Systems Manager Sentry from among the splash page options.   As a best practice, we don’t suggest enabling SM Sentry on open Guest SSIDs because you might start monitoring the devices of guests that unwittingly installed Systems Manager in order to gain WiFi access. We’ve turned on Sentry at our office for the “Meraki-BYOD” SSID.

Configure Systems Manager Sentry on your wireless network through the Access Control settings

How it works

What happens when a user tries to connect to the Meraki-BYOD SSID? The Meraki access point will scan iOS and Android devices for enrollment in Systems Manager. If the device is enrolled, welcome to Meraki-BYOD!  If not, iOS and Android devices will be directed to install the Systems Manager profile. In addition to Systems Manager using SSL as a secure communication channel, it uses SCEP to assist in secure installation.

Devices will be directed to enroll into Systems Manager before joining the network

Users will follow the two-step process and then will receive access to the SSID.  Systems Manager settings will be applied to the end user devices, ensuring important security and access policies are in effect when BYOD devices are on your organization’s network.