Thursday, June 13, 2019

Configuring Android Devices with Cisco Meraki

A while ago I did a post on how to setup iOS with the Cisco Meraki MDM, and now I'm going to setup 16 Azus Zenfone 4 Max with the Cisco Meraki MDM.  I did do a post on how to setup android for work with the Feronics Deep Freeze MDM; Now given the major issue with this MDM that we found is it would take hours for the MDM to sync changes if it did at all.  My organization thought we could save some money by going with them and it was ok at first taking about 15/20 minutes for changes to sync.  After a while though it turned into hours.  The differences in the Meraki MDM settings between Android and iOS are determined by the nature of the platforms such as the close source nature of iOS; there are things we can do to iOS that we can't on android so it takes a little bit more time to setup android devices.  However for 80% of the features everything we need is there in Meraki, and the rest of the options that we want are local to the phone so it takes more of my time to setup but once setup and properly documented should be very manageable.

The setup for the android phones are for the purpose of being able to add and remove applications quickly, and these devices are to be used for makerspaces, and by non device owners, so we want to make sure organization information and accounts can not be used or accessed unless it's something we want them to be able to allow.  IE - No email access via app, restricting add/removing accounts.  Allowing the use of the camera and connecting to a computer to transfer video/pictures.

First I'm going to go over the settings for the Cisco Meraki

first follow this guide Cisco has created.  It is great documentation for setting up Android for work, up until you choose using a Google Managed Domain.  This guide will cover setting up a Google Managed Domain with Meraki.

Step 1 - Go to Orgainization → MDM



Step 2 - Generate and Android EMM Provider selecting Google Managed domain.



Step 3 - To get the token you will need to login to your google admin and generate the token.  Once you have done that you will add the domain and the token to your Meraki.


Step 4 - Then setup your meraki with the info provided and enroll your organization.



Step 5 - Configure Meraki Settings for Android.  Go to System Manager → Settings


Step 6 - Add Profile


Step 7 - Add Device profile (default)

Step 8 - Configure the Profile.  For the Android setup I have 8 different settings for the Android profile


Step 9 - Restrictions


Step 10 - Passcode Policy

Step 11 - WiFi Policy (you can have as many as you need)


Step 12 - Privacy

Step 13 - Android Device Owner

Step 14 - Android Restrictions


Step 15 - Android System Apps

This can be setup to be black or whitelist.  For the purposes I need using the whitelist is preferred.


Step 16 - Setting Up Devices

You have 3 options when configuring Android Devices.
https://developers.google.com/android/work/overview

  1. A work Profile (typically used when a user has a personal device)
  2. Device Owner (typically used for devices owned by the organization)
  3. Knox Enrollment (More info here)

Now the one I'll be using for these devices are device owner because I want complete control of the device (please refer to the Android Enterprise Deployment Guide for exact differences).  When you go to assign the phone an account type in afw#meraki then put in the 10 digit code or scan the QR Code.  This will add the device to the Meraki MDM.  You will be prompted to add an account; the default will be Android Enterprise, but because this is not a meraki managed account, we need to use a different account to adding the device to the MDM which I have pre-configured in the Google Admin Console



Step 17 - If the device is not new Factory reset the device.  Select the language as English US and English Canada

Step 18 - Set Internet Connection for Only WiFi Connection

Step 19 - Connect to a network

Step 20 - Accept Privacy Rights Terms

Step 21 - Setup As a New Device

Step 22 - Put in afw#meraki for the Google Account.  This will start the android for enterprise enrollment.

Step 23.  Sign in with an domain account you want associated with the device.

Step 24 - Accept the terms from the Google Device Admin and Install

Step 25 - Accept all elevation permissions from meraki and google device admin.  Go to Settings -> Accounts and Remove the Android enterprise account.

Step 26 - Run all system updates applicable and install

Step 27 - Double check the keyboard by going Settings -> Language and Input -> Virtual Keyboard.  You should See ZenUI Keyboard.  Go to Manage keyboard and Disable Google Voice Typing. (This you will have to fix after security patches seems to been a ZenUI issue with Meraki)

Step 28.  Disable Notifications by going to Settings -> Sound & Vibrartion -> enable do not disturb.  Set to Until you turn this off.  Disable - all from the allow list.  Enable - Block when screen is on.  Disable Notiification.


How to fix CURL call imporitng an RSS feed on a site blocking CURL calls

There is a 3rd party service provider that my organization uses called bibliocommons.  They have these nice book carousels.  However the car...