We’re excited to announce a new customer-initiated free trial program for Systems Manager, Cisco’s Enterprise Mobility Management solution. This program enables anyone to get started with Systems Manager right away through a more managed and supported experience and replaces the previous SM Free 100 device program.
After visiting the Systems Manager signup page, enter basic contact details and device count and a fully support 30-day free trial will automatically be provisioned. This also includes access to Meraki support for 24/7 questions.
For more information or to get started immediately with a trial, please visit the signup page or contact your Cisco Meraki representative.
As everyone starts to wrap up the calendar year, it seems like a good time to rap about some of the things Systems Manager, Cisco’s Enterprise Mobility Management (EMM) solution, has added in 2016. In case a rap isn’t intriguing, then maybe we can call this a poem.
Systems Manager Rap/Poem: 2016
About a week before Christmas and recapping this year
There was security spreading – amidst all the fear
OS updates and patches, in one easy click
No adding viruses to Windows, through USB stick
iPad, iPhone, and Mac are bringing much more to do
Also wallpaper and homescreen, are things to edit now too
There’s a vault for your files, and you’re seeing CYOD
Which means you choose what you get, it’s not just BYOD
For the Fast lane at work you want Apple and Cisco
First to help were your friends, here in San Francisco (‘Meraki’ – backup vocals)
We’re on the Gartner MQ (Magic Quadrant) because we’re big in the mix
For all your EMM needs, and not just one, small fix App config brings settings fitted for all the users
Making a custom experience and a choice for your choosers
We have an API for this and we have one for that
GET a device you need and PUT a lock where it’s at
We launched tools for teachers with peace of mind to us all
And ways to guide the students – even in study hall (‘hall pass!’ – backup vocals)
Track the cellular data to manage all of the mobile
Keep that LTE in line, when it’s feeling too noble
With Sentry VPN you keep security teams happy
While making CIOs thrilled and the UX (user experience) not crappy
User experience is the best and even more than before
Just go to MDM > Settings and see it’s never a chore
SM for the win (FTW), that’s what they say
We use it all the way East, and back to the Bay
Cisco’s enterprise mobility, so you know it’s great
With SM you get features, with none of the wait
SM for the win (FTW), that’s what they say
We use it all the way East, and back to the Bay
Cisco’s enterprise mobility, so you know it’s great
With SM you get features, with none of the wait
This is only a fraction of the things we’ve done this year.
To check out the buzz and start a instant free trial, click here.
If you like this and want more, then let us know on Facebook or Twitter
– maybe we’ll even add a recording. ????
The fine people at Cisco Meraki are always looking for even better ways to help customers as they configure and manage their IT environments. Offering 24/7 phone support and giving guidance is merely one of the many avenues used to help create the best experience possible for users around the globe. Below are two videos the Meraki support team created to show how to most effectively manage one-to-one and Shared iPad deployments with Systems Manager–just in time for the holiday break here in the U.S.
The first video is a breakdown of setting up Shared iPad in six simple steps. This includes all the configuration needed in the Meraki dashboard using Systems Manager as well as configuration for Apple School Manager at school.apple.com. Shared iPad provides a way to manage iPads in the classroom where they can be shared with multiple students. Students can log into an iPad from a cart or classroom for a personalized experience, and the student’s work (data) gets saved back to their account.
For more information about Apple School Manager, check out the Apple help article here.
Up next is a video which similarly shows how to configure an iPad for use in the classroom, but focuses on a one-to-one environment. ‘One-to-one’ is used to describe a program where there is one computer, or in this case iPad, per student.
Meraki customers are encouraged to give real time feedback by submitting a wish at the bottom of any page in the Meraki dashboard. This feedback, called ‘Make a Wish’, is one of the many tools Meraki uses to keep in touch with current customer needs. See below for an example.
Managing cellular data plans can difficult and expensive. The cost of exceeding data plans and the lack of visibility into managed devices’ cellular usage has made it challenging to have company cellular policies, let alone maintain them. Meraki Systems Manager has provided tools to manage and increase the visibility of mobile devices, as well as the likes of desktops and servers, since 2010. Today, we are happy to announce yet another big step in the evolution of Cisco’s mobility management with the addition of cellular data management.
Systems Manager customers have cellular data management functionality now, and they have it for no extra charge. It was made automatically available–like all updates to Dashboard. At Meraki, there is a lot of pride around offering the best tools possible while maintaining a rapid feature trajectory that redefines the industry’s status quo.
Practically, cellular data management enables the ability to do three important things;
Track data usage on managed devices globally and individually
Automatically take action on devices going over data limits
Firstly, to view tracked data usage over all managed devices, simply navigate to Monitor > Clients and click the ‘+’ button in the top right hand corner, then add ‘Cellular data’ to the table. Next, enter a plan reset date on the Configure > General page–the default is the first of the month. This will specify when the monthly counter should restart and will allow for easier data usage tracking over time and on-the-fly. Current data usage can also be tracked individually on a specific device’s client page as shown below.
The first selector allows for a quick view to show data for the past day, week, month, or 3 months. The second selector toggles between different policies and thresholds.
Secondly, single or multiple data caps can be set using policies in Systems Manager by navigating to the Configure > Policies page. Check the box for ‘Device cellular data usage’ and enter the amount for the maximum data allowance in MBs. Policies can be used to manage, monitor, and create reports for many different actions. Below is an example policy which is configured to track a cellular data usage limit of 10GBs*.
Security policies in Systems Manager become even more powerful when used to automatically take action on devices. Changing the scope of devices with tagging provides the ability to control profiles or add and remove apps based on security posture. If a device exceeds a data limit or violates security compliance, Systems Manager can be configured to automatically lock it into single app mode, disable settings, or even remove company data, access, and apps. To get more information on tagging in Meraki Systems Manager, check out the documentation article here.
Last but certainly not least, all good security policies should be accompanied by a report. Systems Manager makes is easy to enable daily, weekly, or monthly reports for any of the security policies created. Along with this is the option to select which kind of devices are important to each policy and whether or not only failing devices should be included.
Systems Manager legacy customers interested in these powerful features can find out how to take advantage of them here.
Welcome to the second edition of ‘In the Know’. In the Know posts showcase features or capabilities that already exist in the Cisco Meraki portfolio but may not be as well known. For reference, here is last month’s In the Know about Windows 10.
First things first, Apple’s iOS 10 is here and macOS Sierra is coming soon. There are many things Meraki has already been doing to aid administrators in both preparing for and deploying the latest and greatest.
Meraki added extremely early, general support for iOS 10 and macOS betas after the start of Apple’s Worldwide Developers Conference (WWDC) last June. For those with access to the betas, Meraki was ready–far ahead of the status quo. Early this year, Meraki released a solution for administrators using Apple products and Meraki Systems Manager to issue OS updates over the air. Over-the-air updates provide the ability to push the latest version of iOS and macOS to an entire fleet of devices remotely and with only a few mouse clicks. Keeping devices up to date is essential in order to deploy the latest security patches and features. More information can be found on the documentation article here.
Also announced at WWDC were many improvements with iOS 10 and Cisco specific features, like fast lane profiles or fast-tracking the mobile enterprise, which promised to change the way people work. This is carried out through network optimization around performance, creating an even better experience for Cisco voice communication, and reinventing teamwork and meetings with Cisco collaboration tools on iPhone and iPad. See below for an example of setting up per-app QoS with iOS 10 and Cisco in the Systems Manager Dashboard, and click here for documentation.
Systems Manager legacy customers interested in these powerful features can find out how to take advantage of them here. For those new to Meraki or Systems Manager, start a free trial.
This is the first in an exciting new series of posts to keep everyone in the know. In the Know posts showcase features or capabilities that already exist in the Cisco Meraki portfolio but may not be as well known. Up first are some of the major benefits of using the Cisco Meraki Systems Manager EMM solution with Windows 10 devices.
Installing software and keeping it up to date is one of the many concerns for today’s IT administrators. The Meraki cloud can centrally host up to 3GB of installer files in order to further simplify software deployment. Software can be hosted privately as well. To learn more about installing applications on traditional devices see our product documentation, or look below for an example.
A challenge of managing laptops, tablets, or phones is that it becomes easier than ever for sensitive data to end up in the wrong hands—literally. Systems Manager provides the ability to remotely wipe managed devices. Enough said.
REMOTELY WIPE MANAGED DEVICES AND SECURE SENSITIVE DATA
Whether Windows devices are corporate-owned or user-owned, it is sometimes necessary to restrict their functionality. Common restrictions include disallowing the use of a camera, disabling Cortana, restricting WiFi or Bluetooth access, preventing use of external storage, or removing access to Internet Explorer. Restrictions can be found in Dashboard by navigating to MDM > Settings > Restrictions.
If you’re a Systems Manager legacy customer and are interested in these powerful features, then find out how you can take advantage of them here.
If you’re new to Meraki or Systems Manager, you can also start a free trial.
iOS 9.3 has been live for a couple months, and the buzz has been big, to say the least. So let’s talk about some of the things Systems Manager and iOS 9.3 bring to education and the enterprise.
We will start things off strong with the much anticipated Classroom App. Systems Manager and Apple Classroom enable teachers to guide, view, and track students’ progress. This includes the ability to see and remotely control the iPads of all the students in a classroom. Want to focus everyone on a specific iBook? Easy. Need to drive students to a specific web page? No problem. These capabilities allow teachers to enrich the classroom like never before by giving teachers assistance (pun intended) that they require in the era of the Internet of Things.
This video outlines a simple, comprehensive walkthrough for building Apple Classroom with Systems Manager. For more information the documentation article can be found here.
Another useful tool included in iOS 9.3 is the ability to show and hide apps. This allows administrators to blacklist or whitelist apps rather than having to uninstall and reinstall them on each device every time the student arrives on campus. This is extremely useful when it’s necessary to temporarily or permanently hide unwanted apps, or automatically disable anything deemed inappropriate for the classroom or enterprise.
After the desired apps have been selected for any group of supervised devices, home screen layout provides the ability to arrange and lock all the icons. Configure multiple pages, the dock, and folders with apps. These tools, along with software provisioning, make up the iOS version of imaging a desktop—except Meraki’s cloud management means everything will be done both over the air and dynamically.
Loss and theft are some of the most common concerns for schools and businesses managing mobile devices for both the devices themselves and any sensitive data contained on them. A new functionality called Lost Mode allows admins to lock a device, add a lock screen message and footnote, and leave a phone number to call if the device is found. Systems Manager can track lost or stolen institutionally-owned and supervised devices with no end user interaction necessary. As a last resort, admins also have the ability to remotely wipe devices.
Last but not least, the Managed Domains feature allows administrators to control the flow of sensitive data in a network. Back in iOS 7, Apple introduced the idea of Open In management. This provided a way to specify if documents from managed sources, like apps or email, are allowed to communicate with unmanaged sources—think containerization made simple. iOS 8 introduced the concept of managed Safari domains, so that any downloaded content could also be treated as managed or unmanaged. iOS 9 added AirDrop to the mix as a managed source. Finally, we arrived at iOS 9.3 where Safari Password Autofill Domains can be specified, allowing end users to save passwords from only approved URLs.
If you want to learn more about how Systems Manager and Apple can provide powerful solutions for education, including a live demonstration of iOS 9.3 with Apple School Manager, then join us for our upcoming iOS 9.3 webinar.
Meraki Systems Manager continues to offer extensive functionality for Apple platforms. Only recently we announced same day support for iOS 9 in conjunction with a new strategic joint development partnership between Cisco and Apple. We continued that story with the launch of extensive new features for Systems Manager on February 9th. In this particular post we are going to explore the Apple specific elements of that launch.
With MDM it has always been important to make sure you keep the users informed. This ensures they attribute changes to their device to administrative control and not to a fault. The iOS Wallpaper functionality of iOS 9 offers a great way of keeping users informed, while also offering branding and user experience options.
The Lock and Home page Wallpapers can be configured independently or together with a simple drag and drop. The reason that changing the Wallpaper with Systems Manager offers a great way of interacting with the user is because it can be tied to tags. This means that the Wallpaper can change dynamically based on various events, for example based on the person using the device or its posture.
FileVault disk encryption
Information is the lifeblood of any organization, with the securing and management of this data under increasing scrutiny. Encryption of information on portable devices such as laptops is frequently being mandated in regulated industries such as health care. The loss of confidential or private information can lead to stiff penalties, brand damage, and dented consumer confidence.
FileVault in OS X provides strong data security with full disc encryption using AES. With full disk encryption, data on a mislaid or stolen device is useless to the unauthorised recipient. Systems Manager now supports FileVault disk encryption management, and in typical Meraki fashion, has been made as simple as possible.
The difficulty associated with disk encryption is not typically with encrypting data but in decrypting it when required. For example, when an employee leaves the organization it may be necessary to access the customer data on their device. If the password or recovery key has not been provided by the departed employee, then the data is lost forever.
Systems manager supports all three methods of FileVault data recovery: an institutional recovery key, a personal recovery key, or both simultaneously. Institutional recovery keys are transparently managed by the Meraki cloud ensuring they are never lost. More information on FileVault 2 can be found on our documentation portal.
OS X system preferences
To top off the list of Apple functionality added in this Systems Manager launch there are now 35 new OS X system preferences to play with. This includes things such as control of Security & Privacy settings, Software Updates, and Parental Controls. Further information on these OS X systems preferences is again located on our documentation portal.
The new features for Apple platforms included as part of this launch are available today. If you are a Systems Manager Legacy customer interested in these new capabilities, then you can upgrade to the full version by simply contacting our sales team. The full version includes a wealth of features on top of those mentioned in this post, with further information available on the Systems Manager licensing page.
Excited by the new content in this systems manager launch? We are! The team will be highlighting these features and more in upcoming Systems Manager webinars. Alternatively if you can’t wait to get started, contact us to begin a no risk trial and we will help get you up and running.
The Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) arena is an exciting technology field with rapid innovation across a wide breadth of platforms. On February 9th we announced the launch of a host of new Systems Manager (SM) features and functionality for these platforms, and as part of this release SM now supports Android for Work.
This provides a major boost to the manageability of Android devices as it makes it much simpler for employees to use their own device for work. It does this without ceding the user’s control of their personal device, while allowing the organization to ensure appropriate security.
An example of one of the areas where functionality has been significantly extended over existing Android controls, is in the area of restrictions. There are now three new categories of Android restrictions available in SM, in addition to the previously available ones. Keyguard restrictions help secure an Android device when it is locked. Although you may be confident your data’s security when the device is locked, information could still leak out without the correct keyguard settings, for example a notification that displays the content of an SMS even when the device is locked. With keyguard restrictions you can now disable any or all of the following items:
All keyguard features
In addition to keyguard controls, an administrator can now also apply restrictions to other system areas. One brilliant addition is the ability to prevent users from installing applications from unknown sources. With the prevalence of malware and other dangerous apps in the Android ecosystems, allowing users to turn off this safety net is often not desirable. This control lets the administrator decide. The complete list of system restrictions we are announcing in this launch is:
Prevent Android Debug Bridge (ADB) access
Prevent installation of apps from unknown sources
Prevent uninstalling of apps
Prevent app control
Enforce application verification
Disable screen capture
Disable volume adjustment
Disable factory reset
Along with the new restrictions, there is now containerization with separate Google Play stores for personal and work apps. This allows separate instances of identical applications to be isolated within the appropriate personal or work container. For example you can have two instances of Gmail with one configured for personal use and the other configured for IMAP access to a corporate mail server.
Administrators can now be confident in the knowledge that corporate data can be erased with the removal of the work app from a device, and users will be reassured that their personal data won’t be affected. A complete wipe of the work profile removes all the contained applications and data meaning off boarding employee devices is straightforward and secure.
Android for Work and the other new features included as part of this launch are available today. If you are a Systems Manager Legacy customer interested in these new capabilities, then you will need to upgrade to the full version. This includes a wealth of features on top of those mentioned in this post, with further information available on the Systems Manager licensing page.
More information can be found on our documentation portal, with upcoming Systems Manager webinars highlighting these features. Alternatively contact us to begin a no risk trial and we will help get you up and running.
One of the most popular capabilities of our MX security appliances and MR wireless access points is their ability to control what is going on in the network. This can be accomplished via a whole range of built in features such as Layer 7 traffic shaping, Layer 7 firewalling, intrusion prevention, malware scanning, and content filtering. Importantly these features can be easily applied in varying ways to different devices or users with the creation of custom network policies.
Known as Group Policies, these customized network rules prevent network administrators having to enforce a ‘one size fits all’ policy. They can make the network fit their users’ requirements, rather than the other way round. As is typical of Meraki feature design, the simplicity of configuration makes deploying it achievable and not an unattainable dream.
However, what if we could make this even simpler to implement? Systems Manager Sentry provides simple, automatic security that is context aware. Sentry Policies enable dynamic updates to a client device’s assigned Group Policy based on contextual information gathered by the Systems Manager MDM. Now your firewall, traffic shaping, or content filtering rules can be automatically updated based on changes to a device’s security posture, logged-in user, or even location.
Sentry Policies are automatically made available when Systems Manager is deployed with Meraki network equipment. Due to the unified Meraki cloud management architecture, no complex integration or further configuration is required. If you can’t see Sentry Policies in your dashboard, then you are running an older version of Systems Manager. Click here to find out how to upgrade.
For one example of how Sentry Policies can be implemented,consider a content filtering deployment in an education environment. The multi-user authentication capability of the Systems Manager app allows devices such as iPads to have unique apps, settings, and restrictions per student. When a student logs into the device, Sentry Policies can trigger a content filtering policy change on the MX suitable for that class’s age group or subject. This is done without any teacher or administrator intervention.
For security conscious customers, Sentry Policies can also be used to control network access. When a device is detected that is jailbroken or has an undesirable app installed, Sentry can implement firewall rules in the access points to block that device’s connectivity to sensitive corporate resources. Again, this requires no administrator intervention.
Systems Manager Sentry is unique in the way it enables automated security and simplified IT operations by unifying network and endpoint management. To find out more, sign up for one of our advanced webinars covering the Sentry feature set, or contact us to get a live demonstration.