Meraki System Manager is a free browser based Mobile Device Management system which we use to manage all of our iOS devices. Once a Profile is installed to the iOS device we are able to set security profiles depending on the use of the iOs device and remotely install apps, as well as providing a full inventory of all your iOS devices.
To be able to use Meraki System Manager in your school firewall ports will need to be opened. This may well be done by your LEA or broadband provider. The following firewall ports need to be opened to be able to talk to these IP addresses.
The IP address that Meraki use which will need to be opened up through the firewall are 220.127.116.11/24, 18.104.22.168/24, 22.214.171.124/24, 126.96.36.199/24, 188.8.131.52/24, 184.108.40.206/24, 220.127.116.11/24, 18.104.22.168/24, 22.214.171.124/24, 126.96.36.199/24, 188.8.131.52/32 and 184.108.40.206/32. The TCP Ports are HTTP (80), HTTPS (443), 7734, 7752, 2195, 2196, 5223 and 5228. The UDP Ports are 7351, 9350, 1812, 1645 ans 123.
To get started you need to register for a Meraki Systems Manager account. Once registered you will be presented with a screen as below.
The first thing you need to do is click on Organization, then Settings. This will enable you to set up other users to access System Manager for your organisation. Just click ‘Create New’ enter the persons name and e-mail address and they will be sent password details to be able to log in. Once they are on the user list change from ‘Read-only’ to ‘Full’ in order for them to be able to manage the system. In the bottom half of the screen you will need to create an Apple MDM push certificate. Follow the below Certificate generation steps to do this:
- Download your certificate signing request (CSR), signed by Meraki: Meraki_Apple_CSR.csr
- Upload your CSR to Apple and download your push certificate: Apple Push Certificate Portal
- Upload your push certificate (MDM_Meraki_Inc_Certificate.pem) to Dashboard:
- Save this page.
Without doing this you will not be able to push anything out to your iOS device.
Once this is done you can get on with configuring profiles and settings for the iPads! To create a new profile click on Mobile, Profile then select ‘Add a new profile’. You can create profiles for groups of iPad depending on the user.
Leave the Configuration as default
Enter a name for the profile
I would recommend changing the Removal Policy to ‘Require a password to remove this policy then enter in a password in the password box
Change the scope to ‘containing at least ONE of the following tags’ and type in a name to for example ‘Staff iPads’ and click Add Options. If the name already exists just click the name once you start typing.
Click ‘Save Changes’ at the bottom of the page or click ‘Add a new profile’ to add another profile, just make sure you click ‘Save Changes when you are finished!
Once you have created the profile you then need to set up Settings for each profile created. To do this select Mobile, then Settings. Select the required Profile from the top drop down menu. Configuring Settings as required under each of the tabs. We have just configured the Restrictions, Passcode and WiFi tabs. Click ‘Save Changes’ at the bottom of the page before you select the next profile to configure.
The next step is to add iOS devices into your Meraki system. Go to Mobile and click on Deployment. There are three options to deploy iOS devices the first is to do it manually on each device, the second is via Apple Configure and the third is via e-mail. The option we use for all new devices is to do it manually. Follow the instructions on the deployment screen and aslo shown below to add an iOS device.
TIP: before adding the iOS device to Meraki on the device go to Settings, General, About and change the name of the iPad to something relevant. This way you will be able to identify the device easily in Meraki System Manager.
Once a device has been added it will appear in Clients under Monitor.
To add an iOS device to a profile click on the devices name and edit details. If the name does not match the system name change it to the same name as the device. Click in the Tag box and start typing the name of the tag to match the name entered when setting up the profile. A device can have multiple tags. This especially when dealing with the deployment of apps as this allows apps to be deployed to specific iOS devices, for example deploying an Art specific app to only the Art teachers.
The client list contains a lot of information about the device, including serial number, iOS version, the approximate location, model number and what apps are installed. From this screen you are able to clear the password, lock or erase the device, check-in now, refresh details, refresh app list and reinstalling missing apps.
The final thing left to do is to deploy apps. To do this go to Mobile and click on iOS Apps. To add apps click on ‘Add a new iOS device’, enter the app name in the first box, change the Country from ‘United States’ to ‘Britain (UK)’ and click ‘Search’
To select the app click ‘Add’ at the end of the line
Change the Scope to ‘containing at least ONE of the following’ if you want to target the app to specific iOS device or leave on ‘with ANY tag’ to install the app on all iOS devices in your Meraki system. If the scope has been changed enter the group name in the ‘Tags to scope install’ box as per tags you have given the iOS devices in the clients section.
If the app is a paid for app enter the codes from your VPP purchase into the ‘Redemption code’ box.
Especially if it is a paid for app you are adding make sure you tick the ‘remove with MDM’ box as this will enable you to reclaim the redemption code back at a later day of required. We do not check the ‘Prevent backup’ box.
Just make sure you click ‘Save Changes’ at the bottom of the page!
This should be all you need to get your Meraki deployment of the ground.