System Manager Flashcards
What causes “NotNow” entry on event log when trying to update Apple app
“Due to passcode lock”
The error message “NotNow” is seen in the Event Log on an iOS device’s details page when an action cannot be performed because the device is locked with a passcode. These actions include pushing managed apps, installing profiles, and other actions. When this occurs the device will attempt to re-connect with the MDM server as soon as the device is unlocked in order to retry the action.
The device should update on its own the next time the device is unlocked; no special action is required on the part of the administrator.
If Meraki mgmt profile is removed by user, what happens to other Systems Manager profiles?
Reference doc states “if the user removes the ‘Meraki Management’ profile, all profiles (and, potentially, apps) pushed through Systems Manager will be deleted as well.”
(answer needs to be confirmed. )
Additional information related to (2):
On unsupervised installation of SM on corporate iOS devices, can Meraki mgmt profile be removed by user?
Yes…Ways to prevent:
i) Apple DEP deployment method has option to disable removal of management profile by users, when supervised mode is selected.
ii) Android Device Owner mode - Enrolling Android devices through Device Owner mode prevents end users from removing MDM management
ii) macOS device profile can be configured to prompt for a password when users try to remove management profile
Other ways to discourage removal:
To discourage removal, iOS and Android apps that are pushed out using Systems Manager can be set to uninstall upon removal of the Meraki management profile using the ‘Remove With MDM’ flag (on apps under Systems Manager > Manage > Apps). Removing apps will leave devices with a limited set of basic features.
Drag and drop - Put enrollment related steps in right order : enroll, create profile, add profile settings(??), apply profile, create device tags
“Not sure of answer or exact options:
create tags, create profiles, enroll, assign/add profile settings(??), apply profile”
Cannot recall exact answer options, refer to first reference doc (‘Pre-tag for Seamless Onboarding’)
What operations can only be done on MacOS/Win laptops and not on mobile devices
Remote desktop, screenshot, network stats, command line, process list (answers on test are first 2)
Exhibit showing Sentry Policy settings(Network-wide->Sentry Policies->Add new group policy MDM scope (similar to ECMS2 -lab 10-3 step2)) -select the 2 correct answers relating to policy actions
Look for one answer that refers to matching the relevant tag, and other answer that refers to the SM security ‘policy’ used for the compliant/violating tag assignment (think last option given) ..other answers that include references to group-policies for example are incorrect
Which Meraki product is required for SM Sentry enrollment
MR AP Sentry feature to force unenrolled clients to enroll
What is the Meraki Best Practice deployment method for Apple corporate devices
DEP
How to automatically update managed iOS Appstore apps?
Should get updated automatically by default (By default, iOS apps provisioned through Systems Manager that are found in the App Store will self-update if automatic updates has been turned on in the Settings.)
(me)
Impact of Device Removal.
Solely removing a device from the Systems Manager Dashboard network will not have any immediate impact on the device, except prevent further MDM management until the device is re-enrolled. Any apps or profiles that are already pushed to a device will remain active will remain on the device.
To completely remove a device, be sure to follow the previous steps in this article to remove associated settings and apps from the device. You may also want to use selective wipe on a device if it will be allocated for a different purpose and existing managed profiles/apps should be removed.