Are you excited about all the new Apple innovation coming in iOS 13 and macOS 10.15 Catalina? Great, so are we! Both iOS 13 and macOS Catalina are introducing significant changes to Apple’s enterprise management capabilities and we are excited to announce that Cisco Meraki Systems Manager will support new settings and features on both platforms. Here are some of the planned changes coming to Meraki Systems Manager to support iOS 13 and macOS Catalina.
Changes to Device Restrictions
Between iOS 13 and macOS Catalina, Meraki Systems Manager will support a grand total of seventeen device restriction settings changes. The changes include six new restriction settings and eleven settings that are changing supervision requirements.
Allow Find My Device in the Find My app (iOS)
Allow Find My Friends in the Find My app (iOS)
Force Wi-Fi power on (iOS)
Allow Files Network Drive Access (iOS)
Allow Files USB Drive Access (iOS)
Allow continuous path keyboard (iOS)
Allow Handoff (New to macOS)
Supervision Requirement Changes
Now Requires Supervision:
Allow adding Game Center friends
Allow installing apps
Allow use of camera
Allow cloud Keychain sync
Allow document sync
Allow explicit music and podcasts
Allow use of iTunes Store
Allow use of Safari
Allow users to use saved passwords in Safari and AutoFill Passwords feature
No Longer Requires Supervision:
Allow remote screen observation by the Classroom app
Restrictions settings that are changing status in iOS 13 and macOS 10.15, will retain their configured effect if an unsupervised device is upgraded. For example, if camera use is blocked by restrictions settings on an unsupervised device running iOS 12.4 and lower, the restriction setting will continue to block the Camera app when the device is upgraded to iOS 13.
New Settings Updates
Along with the Restrictions payload, Apple has updated a number of different settings with enhanced options to affect behavior on devices. Meraki Systems Manager will also support changes to the following payloads at the time of release:
Wi-Fi – Support for WPA3 authentication
Exchange ActiveSync – Manage synching of Contacts, Calendars, and Mail independently on iOS
Web Content Filter – macOS support for Filter Data Providers
Privacy Preferences Policy Control – Manage new permissions in macOS
Single App Mode – Manage Voice Control settings on iOS or tvOS
Automated Device Enrollment Changes
Automated Device Enrollment (also known as DEP) will now enforce mandatory enrollment in Meraki Systems Manager. Also, we have introduced a new option to skip “Dark Mode” setup on iOS and macOS.
In the weeks following the launch of iOS 13 and macOS Catalina, Meraki Systems Manager will continue the momentum by rolling out support for more advanced features and functionality. This includes, but is not limited to:
Support for brand new macOS Catalina settings payloads
New Extensible Single Sign On capabilities to allow for native Apple Kerberos SSO and 3rd-party integration
Custom enrollment webpage to more readily personalize and secure the enrollment process on devices
If you would like to learn more about Systems Manager, join us for an upcoming webinar (where you can qualify to earn free System Manager licenses), or call the Meraki sales line to start a risk-free evaluation.
Activation Lock is a security feature on Apple iOS devices that prevents unauthorized use of an iOS device after it has been factory reset, rendering the device useless. While this is an amazing feature for personal use, it has presented challenges for IT administrators trying to deploy iOS devices for enterprise use cases. While IT administrators desire the added security Activation Lock provides, they are often frustrated by the lack of enablement control and device status insight.
Cisco Meraki’s mobile device management solution, Systems Manager, fully supports management of Activation Lock on supervised iOS devices. Let’s pull back the curtains and see how Cisco Meraki Systems Manager can help you effectively manage the Activation Lock status of your device fleet.
How is Activation Lock enabled?
There are two different ways to enable Activation Lock:
Device Activation Lock: The device owner enables Find My iPhone/iPad on the device with their personal Apple ID account.
MDM Activation Lock: Meraki Systems Manager enables Activation Lock with an MDM command. This action is only available on supervised iOS devices enrolled using Automated Device Enrollment through Apple Business Manager (ABM) or Apple School Manager (ASM).
How do I check the Activation Lock status of iOS devices?
You can view the Activation Lock status for each device in the “Management” section of the device’s details page in Meraki Systems Manager.
If Activation Lock is “Enabled”, Find My iPhone/iPad is enabled and the device’s activation may be locked by an owner’s personal Apple ID. MDM Activation Lock indicates that Meraki Systems Manager sent a command to enable Activation Lock on the device. The device’s activation may be locked by the Apple ID of an IT administrator with management rights in the ABM or ASM portals.
You can also view the Activation Lock status in the Devices list in Meraki Systems Manager by adding the applicable column to your view.
I wiped an iOS device and Activation Lock is enabled. How do I bypass or disable Activation Lock?
There are several methods to bypass or disable Activation Lock:
Apple ID: Enter the email address and password of the account that enabled Activation Lock on the device. Depending on how Activation Lock is enabled, this may be the user’s personal Apple ID credentials or the Apple ID credentials of an ABM/ASM administrator.
Bypass Code: When Activation Lock is enabled on supervised iOS devices, Meraki Systems Manager stores a bypass code, a randomized 30 character string, which can be used to clear the device’s Activation Lock state. In situations where both device and MDM Activation Lock may have been enabled, Meraki Systems Manager stores the codes generated for each type. The bypass code can then be entered at the Activation Lock screen to clear the Activation Lock status.
Clear Activation Lock Command: Meraki Systems Manager can send a remote command to Apple to clear Activation Lock on supervised iOS devices using the known bypass codes.
How can Meraki Systems Manager help me manage Activation Lock settings?
Meraki Systems Manager can only manage Activation Lock settings on supervised devices. If devices are supervised, Systems Manager prevents end users from being able to enable Device (Find My iPhone/iPad) Activation Lock by default on enrollment.
Via the “Privacy & Lock” payload, Meraki Systems Manager can be configured to automatically allow Device Activation Lock, and/or automatically enable MDM Activation Lock when devices are enrolled.
Check out Meraki Documentation for more information on how to manage Activation Lock settings and behaviors with Meraki Systems Manager. If you would like to learn more about Systems Manager, join us for an upcoming webinar (where you can qualify to earn free System Manager licenses), or call the Meraki sales line to start a risk-free evaluation.
Welcome to the second edition of ‘In the Know’. In the Know posts showcase features or capabilities that already exist in the Cisco Meraki portfolio but may not be as well known. For reference, here is last month’s In the Know about Windows 10.
First things first, Apple’s iOS 10 is here and macOS Sierra is coming soon. There are many things Meraki has already been doing to aid administrators in both preparing for and deploying the latest and greatest.
Meraki added extremely early, general support for iOS 10 and macOS betas after the start of Apple’s Worldwide Developers Conference (WWDC) last June. For those with access to the betas, Meraki was ready–far ahead of the status quo. Early this year, Meraki released a solution for administrators using Apple products and Meraki Systems Manager to issue OS updates over the air. Over-the-air updates provide the ability to push the latest version of iOS and macOS to an entire fleet of devices remotely and with only a few mouse clicks. Keeping devices up to date is essential in order to deploy the latest security patches and features. More information can be found on the documentation article here.
Also announced at WWDC were many improvements with iOS 10 and Cisco specific features, like fast lane profiles or fast-tracking the mobile enterprise, which promised to change the way people work. This is carried out through network optimization around performance, creating an even better experience for Cisco voice communication, and reinventing teamwork and meetings with Cisco collaboration tools on iPhone and iPad. See below for an example of setting up per-app QoS with iOS 10 and Cisco in the Systems Manager Dashboard, and click here for documentation.
Systems Manager legacy customers interested in these powerful features can find out how to take advantage of them here. For those new to Meraki or Systems Manager, start a free trial.