https://community.cisco.com/t5/endpoint-security/syste-manager/m-p/5446711#M13189 <P>Hi Team, can system manager meet all the below requirements</P><OL><LI>A secure portal for BYOD users to enroll and provision their devices</LI><LI>Centralized security policy enforcement.</LI><LI>Remotely lock and wipe data and installed apps - Inventory devices, operating systems (OSs), patch levels, organization and third-party apps, and revision levels.</LI><LI>Distribution whitelists and blacklists.</LI><LI>Permission-based access controls for access to the organization’s networks and data.</LI><LI>Selective wipe and privacy policies for organization apps and data, i.e., sandboxing.</LI><LI>Distribution and management of digital certificates (to encrypt and digitally sign emails and sensitive documents).</LI><LI>Role-based access groups with fine-grained access control policies and enforcement.</LI><LI>Over-the-air (OTA) distribution of software (apps, patches, updates) and policy changes.</LI><LI>Postpone automatic updates from Internet service providers (ISPs), e.g., in cases where an automatic OS update may cause critical apps to fail<BR />Secure logs and audit trails of all sensitive BYOD activities</LI><LI>Capability to locate and map lost devices for recovery.</LI><LI>Backup and restore BYOD device data.</LI><LI>Remove or install profiles based on geographic location, to ensure compliance with relevant foreign legislation, e.g., data privacy and security</LI></OL> Thu, 20 Aug 2020 13:36:15 GMT LSA4 2020-08-20T13:36:15Z https://community.cisco.com/t5/endpoint-security/syste-manager/m-p/5446711#M13189 <P>Hi Team, can system manager meet all the below requirements</P><OL><LI>A secure portal for BYOD users to enroll and provision their devices</LI><LI>Centralized security policy enforcement.</LI><LI>Remotely lock and wipe data and installed apps - Inventory devices, operating systems (OSs), patch levels, organization and third-party apps, and revision levels.</LI><LI>Distribution whitelists and blacklists.</LI><LI>Permission-based access controls for access to the organization’s networks and data.</LI><LI>Selective wipe and privacy policies for organization apps and data, i.e., sandboxing.</LI><LI>Distribution and management of digital certificates (to encrypt and digitally sign emails and sensitive documents).</LI><LI>Role-based access groups with fine-grained access control policies and enforcement.</LI><LI>Over-the-air (OTA) distribution of software (apps, patches, updates) and policy changes.</LI><LI>Postpone automatic updates from Internet service providers (ISPs), e.g., in cases where an automatic OS update may cause critical apps to fail<BR />Secure logs and audit trails of all sensitive BYOD activities</LI><LI>Capability to locate and map lost devices for recovery.</LI><LI>Backup and restore BYOD device data.</LI><LI>Remove or install profiles based on geographic location, to ensure compliance with relevant foreign legislation, e.g., data privacy and security</LI></OL> Thu, 20 Aug 2020 13:36:15 GMT https://community.cisco.com/t5/endpoint-security/syste-manager/m-p/5446711#M13189 LSA4 2020-08-20T13:36:15Z https://community.cisco.com/t5/endpoint-security/syste-manager/m-p/5446712#M13190 <P>Hi <A href="https://community.meraki.com/t5/user/viewprofilepage/user-id/2002">@LSA4</A>! Let me try to answer at least a few of your questions. Guess the guys who are more into Systems Manager will chime in later.</P><P>1. Yes, that‘s what Sentry is being used for <A href="https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview" target="_blank" rel="noopener nofollow noreferrer">https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview</A></P><P>2. Yes, e.g. by using Policies</P><P><A href="https://documentation.meraki.com/SM/Profiles_and_Settings/Configuration_Profiles" target="_blank" rel="noopener nofollow noreferrer">https://documentation.meraki.com/SM/Profiles_and_Settings/Configuration_Profiles</A></P><P>3. Yes (depending on the type of device / enrollment)</P><P><A href="https://documentation.meraki.com/SM/Monitoring_and_Reporting/Selective_Wipe_and_Device_Quarantine_in_Systems_Manager" target="_blank" rel="noopener nofollow noreferrer">https://documentation.meraki.com/SM/Monitoring_and_Reporting/Selective_Wipe_and_Device_Quarantine_in_Systems_Manager</A></P><P>4. I don‘t quite understand</P><P>5. See Sentry</P><P>6. See 3.</P><P>7. You can push certificates <A href="https://documentation.meraki.com/SM/Profiles_and_Settings/Certificates_Payload_(Pushing_Certificates)" target="_blank" rel="noopener nofollow noreferrer">https://documentation.meraki.com/SM/Profiles_and_Settings/Certificates_Payload_(Pushing_Certificates)</A></P><P>8. RBAC from a management perspective?</P><P>9. Yes, see 2. and <A href="https://documentation.meraki.com/SM/Apps_and_Software" target="_blank" rel="noopener nofollow noreferrer">https://documentation.meraki.com/SM/Apps_and_Software</A></P><P>10. I don‘t have an answer for that question</P><P>11. Yes <A href="https://documentation.meraki.com/SM/Tags_and_Policies/Geofencing_with_Managed_Devices" target="_blank" rel="noopener nofollow noreferrer">https://documentation.meraki.com/SM/Tags_and_Policies/Geofencing_with_Managed_Devices</A></P><P>12. I don‘t have an answer for that question</P><P>13. Yes, via Geofencing and Policy (see 11. as a start)</P><P>Hope that helps. You‘ll find additional (high level) information in the data sheet: <A href="https://meraki.cisco.com/lib/pdf/meraki_datasheet_sm.pdf" target="_blank" rel="nofollow noopener noreferrer">https://meraki.cisco.com/lib/pdf/meraki_datasheet_sm.pdf</A></P> Thu, 20 Aug 2020 18:09:03 GMT https://community.cisco.com/t5/endpoint-security/syste-manager/m-p/5446712#M13190 Christian_Ney 2020-08-20T18:09:03Z