Managing cellular data plans can difficult and expensive. The cost of exceeding data plans and the lack of visibility into managed devices’ cellular usage has made it challenging to have company cellular policies, let alone maintain them. Meraki Systems Manager has provided tools to manage and increase the visibility of mobile devices, as well as the likes of desktops and servers, since 2010. Today, we are happy to announce yet another big step in the evolution of Cisco’s mobility management with the addition of cellular data management.
Systems Manager customers have cellular data management functionality now, and they have it for no extra charge. It was made automatically available–like all updates to Dashboard. At Meraki, there is a lot of pride around offering the best tools possible while maintaining a rapid feature trajectory that redefines the industry’s status quo.
Practically, cellular data management enables the ability to do three important things;
Track data usage on managed devices globally and individually
Automatically take action on devices going over data limits
Firstly, to view tracked data usage over all managed devices, simply navigate to Monitor > Clients and click the ‘+’ button in the top right hand corner, then add ‘Cellular data’ to the table. Next, enter a plan reset date on the Configure > General page–the default is the first of the month. This will specify when the monthly counter should restart and will allow for easier data usage tracking over time and on-the-fly. Current data usage can also be tracked individually on a specific device’s client page as shown below.
The first selector allows for a quick view to show data for the past day, week, month, or 3 months. The second selector toggles between different policies and thresholds.
Secondly, single or multiple data caps can be set using policies in Systems Manager by navigating to the Configure > Policies page. Check the box for ‘Device cellular data usage’ and enter the amount for the maximum data allowance in MBs. Policies can be used to manage, monitor, and create reports for many different actions. Below is an example policy which is configured to track a cellular data usage limit of 10GBs*.
Security policies in Systems Manager become even more powerful when used to automatically take action on devices. Changing the scope of devices with tagging provides the ability to control profiles or add and remove apps based on security posture. If a device exceeds a data limit or violates security compliance, Systems Manager can be configured to automatically lock it into single app mode, disable settings, or even remove company data, access, and apps. To get more information on tagging in Meraki Systems Manager, check out the documentation article here.
Last but certainly not least, all good security policies should be accompanied by a report. Systems Manager makes is easy to enable daily, weekly, or monthly reports for any of the security policies created. Along with this is the option to select which kind of devices are important to each policy and whether or not only failing devices should be included.
Systems Manager legacy customers interested in these powerful features can find out how to take advantage of them here.
This is the first in an exciting new series of posts to keep everyone in the know. In the Know posts showcase features or capabilities that already exist in the Cisco Meraki portfolio but may not be as well known. Up first are some of the major benefits of using the Cisco Meraki Systems Manager EMM solution with Windows 10 devices.
Installing software and keeping it up to date is one of the many concerns for today’s IT administrators. The Meraki cloud can centrally host up to 3GB of installer files in order to further simplify software deployment. Software can be hosted privately as well. To learn more about installing applications on traditional devices see our product documentation, or look below for an example.
A challenge of managing laptops, tablets, or phones is that it becomes easier than ever for sensitive data to end up in the wrong hands—literally. Systems Manager provides the ability to remotely wipe managed devices. Enough said.
REMOTELY WIPE MANAGED DEVICES AND SECURE SENSITIVE DATA
Whether Windows devices are corporate-owned or user-owned, it is sometimes necessary to restrict their functionality. Common restrictions include disallowing the use of a camera, disabling Cortana, restricting WiFi or Bluetooth access, preventing use of external storage, or removing access to Internet Explorer. Restrictions can be found in Dashboard by navigating to MDM > Settings > Restrictions.
If you’re a Systems Manager legacy customer and are interested in these powerful features, then find out how you can take advantage of them here.
If you’re new to Meraki or Systems Manager, you can also start a free trial.
It’s that time of the year again — the Cisco Meraki team is packed and ready to attend ISTE 2016 for the 5th year! If you’re also planning to attend, be sure to stop by booth #2537 and say hello to the Meraki team. There’s no way to miss us in our bright green Meraki T’s!
New Products and Dashboard
Just like every year, we’re bringing all our latest products — including the brand new MC 74 — and will be giving 1:1 demos of our dashboard each day. After 4 successful ISTE shows, we have a pretty good idea of what it is you’re looking to learn from us. That’s why we are switching it up (no pun intended) for ISTE 2016 and featuring more than just demos in the booth.
Mobility Management Lab
There’s no denying how important mobility management is in today’s classroom, so this year we are bringing along our Systems Manager experts to show off just how easy it can be with Meraki. Attend one of our hourly presentations in the Mobility Management Lab and you’ll walk away with a FREE Meraki hat! Here’s what we’ll be covering:
Cisco Collaboration Products
The Cisco Collaboration team will also be joining us in the booth to talk about the newest features for digital classrooms and the digital campus. Each presentation will take place twice a day, so swing by at a time that’s convenient and check out what they have to share.
No matter what you’re interested in learning this year at ISTE, the Cisco Meraki team is here to help. Hope to see you in Denver next week!
It may seem like the school year just wrapped up, but for IT administrators, a new school year with new teachers, students, and deployments of managed devices will be starting before long. Meraki wants to help make those device deployments easier on IT admins and their purse strings with special pricing on Systems Manager licensing through July 30th.
Meraki Systems Manager, Cisco’s Mobility Management solution, offers schools a simple, comprehensive way to manage and monitor devices, in and out of the classroom. Seamless integration with iOS 9.3 gives users access to Apple’s suite of powerful classroom tools, making Systems Manager a strong candidate for this year’s most useful teacher’s assistant.
Set up geofencing rules quickly and intuitively with Google Maps integration.
Geofence devices, push apps, restrict camera usage, and more—all through the intuitive Meraki dashboard. Systems Manager doesn’t require any additional Meraki hardware to work, but it should be noted that using Systems Manager in conjunction with the rest of Meraki’s full stack solution of access points, switches, and security appliances gives customers access to enhanced functionality.
Contact your Cisco Meraki representative or local reseller to take advantage of this fantastic promotion and in the meantime, sign up for a Systems Manager webinar!
iOS 9.3 has been live for a couple months, and the buzz has been big, to say the least. So let’s talk about some of the things Systems Manager and iOS 9.3 bring to education and the enterprise.
We will start things off strong with the much anticipated Classroom App. Systems Manager and Apple Classroom enable teachers to guide, view, and track students’ progress. This includes the ability to see and remotely control the iPads of all the students in a classroom. Want to focus everyone on a specific iBook? Easy. Need to drive students to a specific web page? No problem. These capabilities allow teachers to enrich the classroom like never before by giving teachers assistance (pun intended) that they require in the era of the Internet of Things.
This video outlines a simple, comprehensive walkthrough for building Apple Classroom with Systems Manager. For more information the documentation article can be found here.
Another useful tool included in iOS 9.3 is the ability to show and hide apps. This allows administrators to blacklist or whitelist apps rather than having to uninstall and reinstall them on each device every time the student arrives on campus. This is extremely useful when it’s necessary to temporarily or permanently hide unwanted apps, or automatically disable anything deemed inappropriate for the classroom or enterprise.
After the desired apps have been selected for any group of supervised devices, home screen layout provides the ability to arrange and lock all the icons. Configure multiple pages, the dock, and folders with apps. These tools, along with software provisioning, make up the iOS version of imaging a desktop—except Meraki’s cloud management means everything will be done both over the air and dynamically.
Loss and theft are some of the most common concerns for schools and businesses managing mobile devices for both the devices themselves and any sensitive data contained on them. A new functionality called Lost Mode allows admins to lock a device, add a lock screen message and footnote, and leave a phone number to call if the device is found. Systems Manager can track lost or stolen institutionally-owned and supervised devices with no end user interaction necessary. As a last resort, admins also have the ability to remotely wipe devices.
Last but not least, the Managed Domains feature allows administrators to control the flow of sensitive data in a network. Back in iOS 7, Apple introduced the idea of Open In management. This provided a way to specify if documents from managed sources, like apps or email, are allowed to communicate with unmanaged sources—think containerization made simple. iOS 8 introduced the concept of managed Safari domains, so that any downloaded content could also be treated as managed or unmanaged. iOS 9 added AirDrop to the mix as a managed source. Finally, we arrived at iOS 9.3 where Safari Password Autofill Domains can be specified, allowing end users to save passwords from only approved URLs.
If you want to learn more about how Systems Manager and Apple can provide powerful solutions for education, including a live demonstration of iOS 9.3 with Apple School Manager, then join us for our upcoming iOS 9.3 webinar.
Meraki Systems Manager continues to offer extensive functionality for Apple platforms. Only recently we announced same day support for iOS 9 in conjunction with a new strategic joint development partnership between Cisco and Apple. We continued that story with the launch of extensive new features for Systems Manager on February 9th. In this particular post we are going to explore the Apple specific elements of that launch.
With MDM it has always been important to make sure you keep the users informed. This ensures they attribute changes to their device to administrative control and not to a fault. The iOS Wallpaper functionality of iOS 9 offers a great way of keeping users informed, while also offering branding and user experience options.
The Lock and Home page Wallpapers can be configured independently or together with a simple drag and drop. The reason that changing the Wallpaper with Systems Manager offers a great way of interacting with the user is because it can be tied to tags. This means that the Wallpaper can change dynamically based on various events, for example based on the person using the device or its posture.
FileVault disk encryption
Information is the lifeblood of any organization, with the securing and management of this data under increasing scrutiny. Encryption of information on portable devices such as laptops is frequently being mandated in regulated industries such as health care. The loss of confidential or private information can lead to stiff penalties, brand damage, and dented consumer confidence.
FileVault in OS X provides strong data security with full disc encryption using AES. With full disk encryption, data on a mislaid or stolen device is useless to the unauthorised recipient. Systems Manager now supports FileVault disk encryption management, and in typical Meraki fashion, has been made as simple as possible.
The difficulty associated with disk encryption is not typically with encrypting data but in decrypting it when required. For example, when an employee leaves the organization it may be necessary to access the customer data on their device. If the password or recovery key has not been provided by the departed employee, then the data is lost forever.
Systems manager supports all three methods of FileVault data recovery: an institutional recovery key, a personal recovery key, or both simultaneously. Institutional recovery keys are transparently managed by the Meraki cloud ensuring they are never lost. More information on FileVault 2 can be found on our documentation portal.
OS X system preferences
To top off the list of Apple functionality added in this Systems Manager launch there are now 35 new OS X system preferences to play with. This includes things such as control of Security & Privacy settings, Software Updates, and Parental Controls. Further information on these OS X systems preferences is again located on our documentation portal.
The new features for Apple platforms included as part of this launch are available today. If you are a Systems Manager Legacy customer interested in these new capabilities, then you can upgrade to the full version by simply contacting our sales team. The full version includes a wealth of features on top of those mentioned in this post, with further information available on the Systems Manager licensing page.
Excited by the new content in this systems manager launch? We are! The team will be highlighting these features and more in upcoming Systems Manager webinars. Alternatively if you can’t wait to get started, contact us to begin a no risk trial and we will help get you up and running.
One of the most popular capabilities of our MX security appliances and MR wireless access points is their ability to control what is going on in the network. This can be accomplished via a whole range of built in features such as Layer 7 traffic shaping, Layer 7 firewalling, intrusion prevention, malware scanning, and content filtering. Importantly these features can be easily applied in varying ways to different devices or users with the creation of custom network policies.
Known as Group Policies, these customized network rules prevent network administrators having to enforce a ‘one size fits all’ policy. They can make the network fit their users’ requirements, rather than the other way round. As is typical of Meraki feature design, the simplicity of configuration makes deploying it achievable and not an unattainable dream.
However, what if we could make this even simpler to implement? Systems Manager Sentry provides simple, automatic security that is context aware. Sentry Policies enable dynamic updates to a client device’s assigned Group Policy based on contextual information gathered by the Systems Manager MDM. Now your firewall, traffic shaping, or content filtering rules can be automatically updated based on changes to a device’s security posture, logged-in user, or even location.
Sentry Policies are automatically made available when Systems Manager is deployed with Meraki network equipment. Due to the unified Meraki cloud management architecture, no complex integration or further configuration is required. If you can’t see Sentry Policies in your dashboard, then you are running an older version of Systems Manager. Click here to find out how to upgrade.
For one example of how Sentry Policies can be implemented,consider a content filtering deployment in an education environment. The multi-user authentication capability of the Systems Manager app allows devices such as iPads to have unique apps, settings, and restrictions per student. When a student logs into the device, Sentry Policies can trigger a content filtering policy change on the MX suitable for that class’s age group or subject. This is done without any teacher or administrator intervention.
For security conscious customers, Sentry Policies can also be used to control network access. When a device is detected that is jailbroken or has an undesirable app installed, Sentry can implement firewall rules in the access points to block that device’s connectivity to sensitive corporate resources. Again, this requires no administrator intervention.
Systems Manager Sentry is unique in the way it enables automated security and simplified IT operations by unifying network and endpoint management. To find out more, sign up for one of our advanced webinars covering the Sentry feature set, or contact us to get a live demonstration.
Not long ago the configuration of a computer’s settings were the responsibility of the end user. This spawned numerous guides, created by beleaguered IT administrators, that tried to ease the number of repetitive helpdesk support calls on common topics.
What if you could do away with the multi page WiFi configuration guide, yet still allow users to connect securely? Systems Manager Sentry provides simple, automatic security that is context aware. Sentry WiFi settings automate the configuration of mobile device wireless connectivity. This simplifies the task of joining the network for both the user and IT administrator, eliminating one of those clunky step-by-step guides from your help portal. Watch the video below to see this feature in action.
Systems Manager can create WiFi configuration payloads which contain configuration settings for a wireless network. It can then deliver this to the client device so they know how to get connected without the user having to follow a guide. Sentry WiFi settings take advantage of the native cloud integration of Meraki’s networking stack with Systems Manager MDM.
With Sentry, Systems Manager queries the Meraki WLAN network to understand what the security requirements are for a chosen SSID. Now instead of the IT administrator manually configuring the settings, the configuration fields are automatically populated with the correct information, eliminating possible errors and saving time.
The convenience of Sentry WiFi settings becomes exceptionally powerful when combined with the tagging engine available in Systems Manager. Tags are Systems Manager’s way of choosing what managed devices should get what settings. As tags can be automatically applied, this means client devices can receive WiFi settings based on dynamic events such as the time of day, device user, device type, location, or security posture.
If you would like to find out more about Systems Manager Sentry, then you can attend one of our specialist Sentry webinars, or alternatively contact your Meraki representative for more information. If you are an existing Meraki WLAN customer, Systems Manager offers an industry leading MDM capability with a unique level of network integration, that due to its simplicity can secure and automate your IT operation in minutes.
With the release of iOS 9 Apple introduced a number of improvements to the Volume Purchasing Program (VPP). Of these improvements, one of the more significant is app assignment by device. With this new functionality it is now possible to assign VPP apps to an iOS device without the need for an Apple ID, and if that device is supervised, the installation is silent.
Before this change, it was only possible to assign apps to a user by associating them with an Apple ID. This method of app management can be an administrative nightmare when used in environments such as K-12 education, where many users may be working with a particular device. Students may not have an Apple ID, or may be too young to have one without parental consent. Additionally, it meant that an Apple ID needed to be configured on the iPad for apps to be silently pushed to supervised devices.
With VPP device assignment, an Apple ID is no longer required and with supervised devices, apps can be pushed silently with no end user interaction. Silent app push has a huge impact on an administrator’s ability to seamlessly deliver iOS apps to users. Combining this new functionality with Meraki Systems Manager features, such as multiuser authentication, can offer a fantastic classroom experience. Apps and settings are tailored to each student’s needs and dynamically changed as the user changes.
Systems Manager Legacy customers can gain access to this great new functionality by upgrading to the latest version of Systems Manager. Please contact your Meraki representative for further information or alternatively sign up for a specialist Systems Manager Teacher’s Assistant webinar here. Additionally stay tuned to our YouTube channel for additional video guides to this functionality.
This week marks the start of Wireless Field Day 8 (#WFD8), part of the Tech Field Day series of events. For those less familiar with Tech Field Day, it brings together IT vendors and industry bloggers, speakers, podcasters and writers for engaging technology discussions.
A fantastic feature of this coming together of industry experts is the comprehensive live streaming and video replays of the sessions that allow anyone to participate. Cisco will be participating in #WFD8 with presentations starting on October 1, 2015 at 9:30 am PT, with the live stream available from the Wireless Field Day 8 website.
As part of the Cisco sessions at #WFD8 there will be a segment on Meraki Systems Manager and the Sentry features that offer simple automatic security that is context aware. Meraki has featured at past Wireless Field Days and you can catch up by searching Meraki and Wireless Field Day on YouTube. In the video below from WFD7, Raj Krishna, Wireless Product Manager, discusses and demonstrates the Cisco Meraki traffic analytics capabilities.
With Systems Manager Sentry, a number of complex security features can be very easily deployed because of the native integration offered by the Meraki cloud. Meraki network components and Systems Manager Enterprise Mobility Management are connected to the cloud and share data. This means the network can make highly informed decisions on how it should treat end devices.
One of the Sentry features that highlights the benefit of this integration is Sentry policies. Sentry policies allow any network group policy available on Meraki networking equipment to be dynamically applied based on device posture. This posture is determined by Systems Manager and is highly granular. For example, we can detect whether the antivirus software has been uninstalled and who the device belongs to. The network can then implement appropriate firewall or security rules.
To learn more, please attend one of our specialist webinars that cover Sentry in more detail, or better yet, watch the Cisco #WFD8 session live from 9:30AM PT onwards on October the 1st.