Cisco Meraki offers the only solution that provides unified management of mobile devices, Macs, PCs, and the entire network from a centralized dashboard. Enforce device security policies, deploy software and apps, and perform remote, live troubleshooting on thousands of managed devices.
Cisco Meraki Systems Manager provides over-the-air centralized management, diagnostics, and monitoring for the mobile devices managed by your organization — from iPads and Androids to Macs and PCs. Systems Manager monitors each of your organization’s devices, showing useful metrics such as client hardware/software information and recent location, and even lets administrators remotely lock and erase devices.
Systems Manager can be used to deploy apps to all of your managed devices through the Systems Manager Manage Apps page. The Meraki Dashboard integrates directly with Google Play and both the iOS and macOS App Stores, which allows you to quickly. Cisco Meraki is fantastic, it blows the features of Apple's Profile Manager out of the water. One thing I would very much like to be able to do however is to push Volume Purchased Mac Apps to all our devices via Meraki, or something similar.
Enforce policies across mobile devices administered by your organization. Protect devices and their data, control their usage with fine-grained passcode policies, and restrict access to the app store, gaming, and content.
Systems Manager also makes it easy to define and deploy network settings like wireless connectivity, security settings, and remote VPN access to all devices on your network at once. Instead of manually provisioning devices for network connectivity, or relying on end users to do so, configure settings such as WPA2-Enterprise in the dashboard, and let the cloud push the settings to end-user devices.
Backpack lets you deliver and manage documents, images, apps, and other files on Android devices. Bundle documents and files into a backpack and deliver it over-the-air to one device or thousands of devices, right from the dashboard. Built-in file synchronization keeps the content on the device up-to-date with the latest version of the file in the administrator’s backpack.
Prepare separate backpacks to be delivered to different classrooms, departments, or groups. Use tags to selectively deliver content to the appropriate devices.
While user-owned devices have exploded onto networks everywhere, it’s imperative to keep network access secure without causing an undue IT burden.
Improve the security of BYOD initiatives by enforcing data encryption, remotely wiping lost devices, and even restricting network access to managed devices. Cisco Meraki wireless has built-in support for BYOD, making it easy to securely support BYOD — without extra appliances, licenses, or complex configuration.
Layer 7 client fingerprinting technology integrated into all Cisco Meraki products lets you see all the devices on your network, with no configuration required. Client devices are automatically identified and classified, letting you distinguish between mobile devices, desktop PCs, see device operating systems, and even see device hardware manufacturers.
Automatically apply network policies for managed device characteristics
Device-specific policies can be automatically applied by Cisco Meraki wireless APs to restrict, quarantine, or throttle user-owned devices.
Cisco Meraki client fingerprinting technology immediately recognizes iOS, Android, Windows, and Mac devices, and even lets you apply more restrictive policies for unknown devices.
Analyze network activity with automatic reporting
See how many BYOD clients have connected, measure the bandwidth they’ve used, and even see their percentage of total traffic.
Network summary reports are delivered to your inbox at any time or on an automatic, monthly schedule. How to access mac photos app photo.
Try Meraki
Attend a webinar to receive a complimentary Meraki 802.11ac access point, request evaluation gear, or start an instant live demo.
The Volume Purchase Program (VPP) is an Apple portal for businesses and schools to purchase and license apps and books in volume. Systems Manager fully integrates with VPP to easily distribute, revoke, and centrally manage your licenses, supporting both of Apple’s methods of managed distribution and licensing via redemption code. This article will explain how to link your VPP account to Dashboard, and what the licensing distribution options are. VPP facilitates silent deployments of App Store and Mac App Store applications to iOS and macOS devices, while allowing your company/institution to maintain ownership of the applications you purchase.
In order to understand how Apple's managed distribution model is designed, it is strongly recommended to review Apple's Business and Education whitepapers on VPP app distribution before using this tool in Systems Manager.
Enrolling into VPP is free:
Businesses can enroll in VPP here.
Educational institutions can enroll in VPP here.
Educational institutions with Apple School Manager access can enroll in VPP here
Note: Apple School Manager VPP accounts support location based VPP licenses where a single VPP account/token can be connected to Meraki Systems Manager with licenses purchased from many different VPP accounts. This makes purchasing licenses and syncing to Meraki Systems Manager a more simplified experience. For more information on location based VPP tokens and all of its features go here. Existing VPP accounts can be invited into the new Apple School Manager location based VPP accounts by following this.
Adding Apple VPP Account(s) to Systems Manager
Note: It is recommended that your Apple VPP token does not reside in multiple MDM solutions
In Dashboard, navigate to the Organization > MDM page.
Scroll down to Apple VPP Accounts.
Select Add new.
In the Add VPP account window input the required information:
Name: Name of the VPP administrator's account. This will be shown on the email sent to invited users, and should indicate your organization.
Email: Email address on record for the VPP account.
Service token: Download from the Apps & Books section from the Apple School Manager portal at school.apple.com or Apple Business Manager at business.apple.com.
VPP Location server tokens can be downloaded on Apple School Manager and Apple Business Manager accounts in Settings > Apps and Books > My Server Tokens here:
Allowed admins: Which Dashboard administrators should be allowed to manage users and app licenses for this VPP in Dashboard.
Assignable networks: Which Systems Manager networks within an Organization are able to use VPP device assignment.
5. Click Update.
Note: If a 'VPP service token can't be blank' error appears when attempting to save, make sure there are no special characters or trailing numbers such as '(1)' in the filename of the vpp service token. This can also indicate that your VPP token is already bound to another MDM solution. If this is the case, you will need to remove the token from the existing solution or generate a new VPP token to upload into Dashboard.
6. Once your account is synced, you should see your licenses populated in Systems Manager > Manage > VPP
Renewing a VPP Token
Renewing a VPP Token is as simple as repeating the steps for adding a VPP token to your Dashboard Organization, but instead of selecting Add New in step 3 above, you select the existing VPP Token entry and click Update Token. From there, you can download the new copy of your VPP Token from the ABM/ASM portal, upload it to your Dashboard Organization, and save your changes to complete the VPP Token renewal.
VPP Deployment Methods
There are three options for VPP license distribution. Please see Apple's documentation for a full list of requirements and feature differences.
Device Assignment
Assign licenses to specific iOS, iPadOS, macOS, or tvOS devices, based on serial numbers. This allows for pushing applications without requiring the device to be signed in with an Apple ID, as well as silently installing apps without any end user input when used with supervised devices.
User Assignment
Assign licenses to a specific users, based on an Apple IDs. This is useful in cases like 1:1 deployments for schools, where students have their own iPads and unique Apple IDs to sign-in with. User assignment can also be used to license iOS App Store applications.
Distribute licenses as redeemable codes, which can be given to end users to claim. This method is deprecated by Apple, and not recommended over the two managed distribution methods.
Note: It is recommended to license apps either by device or user, not both.
Any unused VPP Redemption Codes can be migrated to the more robust Device Assignment or User Assignment licenses by following this.
Device Assignment
VPP Device Assignment grants app licenses directly to a device, identifying it by serial number. This makes VPP Device Assignment the best option to use when you do not want to associate your apps to end user's Apple ID(s). Furthermore, on Supervised iOS devices and macOS 10.11+, apps install completely silently with VPP Device Assignment. For detailed steps on how to grant and revoke VPP Device Assignment licenses, please watch the video below:
The following requirements must be met in order to use VPP Device Assignment:
iOS 9+, macOS 10.11+, or tvOS 12+
VPP enabled in Dashboard
Available licenses on the VPP portal
In addition to the above requirements, the app itself must support device assignment. This can be checked by navigating to Systems Manager > Manage >VPP, and checking the Device-assignable column (shown below). An app with a Y supports device licensing:
To enable VPP device licensing for an app:
In Dashboard, make sure the app has been added under Systems Manager > Manage > Apps.
Select the app to view more details.
Enable VPP device licensing:
Free apps: Enable the checkbox for Use VPP device license.
Paid apps: Set the Purchase Method to VPP Device Assignment:
Click Save Changes.
On app install, a license for the app will be associated with the serial number of the device that downloaded it, allowing anyone to use the app on that device.
VPP Apple ID User Assignment
VPP User Assignment grants apps to end user's Apple ID(s). This is a great option for 1-to-1 deployments where end users are already using their own Apple IDs. For detailed steps on how to grant and revoke VPP Apple ID licenses, please watch the video below:
The following requirements must be met in order to assign licenses on a per-user basis:
iOS 7+, or macOS 10.9+
VPP enabled in Dashboard
Available licenses on the VPP portal
Each user must have a personal Apple ID to receive managed distribution apps. This licensed Apple ID must then be signed in on the iOS/macOS device in order to receive VPP apps.
Note: Apple limits each Apple ID to 10 devices, so it is not recommended to use a shared Apple ID across all of your organization’s devices.
Configuring user assignment consists of the following steps:
Invite user to receive licenses.
Grant license for the desired app to the user.
Deploy the app with Systems Manager.
A license can also be reclaimed by revoking a user's app license.
Invite User to Receive Licenses
You can bulk import and invite VPP users via CSV, as well as individually.
Navigate to the Systems Manager > Manage >VPP page.
Click on the User management tab.
Select + Add user on the right of page.
Input the account information of the user to grant VPP access.
Find and check the desired user(s) in the list, and select Send invitation(s).
Confirm that User status for the selected user(s) changes from New to Invited.
Invited users will receive an email from Cisco Meraki. Accepting the invitation will require the user to sign in to iTunes or the App Store with their Apple ID, and accept Apple's VPP terms and conditions.
Note: Invitation links are unique and can only be accepted once. The Apple ID which is used to accept the invitation is not received or reported by Systems Manager.
The following image shows a list of users with various statuses. Only 'Associated' users have accepted the invite.
Grant License for Desired App to User
To automatically assign licenses to users in scope, and avoid manually granting licenses to users, see this article.
Navigate to the Systems Manager > Manage >VPP page.
Click on the Licensed applications tab.
Select the app to grant license for (if multiple VPP accounts have been added on the Org > Settings page, ensure the proper account is selected from the VPP account' drop-down menu).
Check the box next to the user and click on + Grant license to user(s).
Confirm license access to selected number of users.
At this point, 'licensed' users have been granted a VPP license for the selected app. Licensed users will be able to download this app onto their device by signing in with the licensed Apple ID, and navigating to the 'Purchased' tab in Apple's App Store.
In order for the licensed app to be managed by Systems Manager the app must still be deployed via Systems Manager.
Deploying Apps with Systems Manager
Navigate to the Systems Manager > Manage > Apps page.
Select + Add new>iOS App Store app or macOS App Store app.
Search for and choose the desired app already licensed.
Define the scope of the app. This should cover the user/devices that were licensed through VPP.
(Paid apps only) Set the Purchase method to VPP app assignment.
Confirm clients in scope at bottom of page.
Click Save Changes.
Revoking a User's App License
To automatically revoke licenses from users who are no longer scoped for an app, and avoid manually revoking licenses from users, see this article.
In order to re-claim a license, the user's app license must be revoked. A license can be revoked for a specific app, or a user's access to all licensed apps can be revoked. As per Apple's policies, a revoked user will be granted a 30-day grace period before any re-claimed apps are removed from the user's purchase history. Once a license has been revoked for one user, it can be reassigned to another user after a brief time (typically about two minutes).
Synology apps download. To revoke access to a specific app:
Navigate to the Systems Manager > Manage > VPP page.
On the Licensed applications tab, click on the name of the desired app.
Check the box for the user to revoke access.
Select Revoke license from user(s).
To revoke licenses for all distributed apps by retiring user:
Navigate to the Systems Manager > Manage >VPP page.
Select the User management tab.
Check the box next to the user to revoke access.
Select Retire user(s).
a User's App License
Apple Books (iBooks) App License
Apple Books are assigned per user and not per device. Please take note when assigning an Apple book via VPP:
VPP Apple book licenses must be granted to an Apple ID (user) and requires an Apple ID to sign in.
VPP Apple book licenses are not device assignable.
Apple Book licenses are permanent and cannot be revoked or reassigned.
Cannot Deploy Apps To Mac Meraki Chrome
Irrevocable next to an App verifies the license is permanent and cannot be revoked from the Apple ID it is assigned to.
Cannot Deploy Apps To Mac Meraki Password
Location Based VPP in Apple School Manager & Apple Business Manager
Cannot Deploy Apps To Mac Meraki Cloud
On Apple School Manager and Apple Business Manager, Apple has added a new concept called 'Locations'. Locations gives the Apple portal administrator the ability to transfer VPP licenses between different Locations (which will transfer the VPP licenses between different VPP tokens). Be sure to add the VPP tokens to Org > MDM for all/any of the Apple School Manager or Apple Business Manager Locations that you want to sync licenses from. Use the following screenshots to help confirm that the VPP licenses are in the desired VPP Location/token.
Meraki Camera App
Troubleshooting VPP Installs
Cannot Deploy Apps To Mac Meraki Settings
If you've followed the above steps and have issues installing apps onto your device, see the troubleshooting guide here.