June Technology 2017

Registering Your iPad

Students at Bellarmine are connected to our systems once they register their iPads. Unregistered iPads are not allowed on our network. If you have purchased your iPad through Bellarmine, the IT staff have already registered the device. If you purchased your iPad elsewhere, then registering your iPad is fairly easy, and it can be done at home. The directions for registering are detailed below.

When Should I Register?

You will usually need to register under one of the following conditions.

  • You are new to Bellarmine and have never registered before.
  • You purchased an iPad from someplace other than Bellarmine.
  • You had to wipe your iPad to fix a problem.
  • You removed your Meraki profile to fix a problem.
  • You replaced your iPad through an insurance claim.
Note: If you bought your iPad from Bellarmine, the IT staff has already registered your device.

Each Student Needs An Apple ID

Before you begin your registration process, you will need an AppleID. If you are setting up a new iPad, then the setup wizard on the tablet will ask you to supply or create an AppleID. If you are using an old iPad, it probably has an AppleID already configured. The AppleID is used for many things. When registering your iPad, you will need your AppleID to install the Meraki Systems Manager app.

Registering An iPad With Bellarmine

Initial Settings

  1. If your iPad is new out-of-the-box, then plug into power and complete the setup wizard.
  2. Location Services need to be turned on. (Settings>Privacy>Location Services)
  3. Login to your AppleID.
  4. Connect to iCloud and enable backups. (Settings>Your Name>Your Device>iCloud Backup = On)

Installing Meraki

  1. Install the Meraki Systems Manager. Follow the link or go to the app store.
  2. Enroll your iPad (Code: 015-037-9736)
  3. Follow the prompts to complete the process.
  4. See the Meraki Disclosure tab above for additional information.

Complete An Online Registration Form

  • Complete the form at http://www.bprep.org/register
  • The ICT staff should finish processing your setup within 48 hours.
  • After 48 hours, open the Meraki App. From there, you can install the rest of your school apps.

Note: If you have purchased your iPad through Bellarmine, you can skip this page. The setup has been completed for you. If you would like assistance setting up an iPad you bought elsewhere, you can bring it by the Technology Support Center in the Admin Building.


Email Setup

  1. Open Settings.
  2. Press Mail>Accounts.
  3. Press Add Account.
  4. Press Google.
  5. Enter your full name, Bellarmine email address and password.
  6. Change the description to Bellarmine, then press Next.
  7. Press Save.

Enroll In Volume Purchase Program

  1. Wait 48 hours after you register your iPad.
  2. Open the Mail app.
  3. Open the email titled Invitation to receive Apple licenses from Bellarmine App Manager.
  4. Open the link titled click this invitation.
  5. Press Sign In.
  6. Enter your Apple ID password, then press OK.
  7. Press Agree, then press Agree again.
  8. Press the OK button.
  9. In a few hours, Bellarmine will license apps on your behalf .
  10. These apps will be available to install inside your Meraki App.
You can visit http://www.bellarmineprep.org/april-tech to see the complete list of apps that should be on your iPad.

Setup Your iPad Calendar

Get your MOODLE Assignments and Academic Schedule

  1. Login to http://moodle.bprep.org using the Safari browser on your iPad.
  2. Open the left navigation panel, the icon with 3 horizontal lines.
  3. Open the calendar link.
  4. On the bottom of the calendar, select Export Calendar.
  5. Choose "All Events" and "Custom".
  6. Choose Get Calendar URL.
  7. Copy the URL generated by MOODLE. It can be a little tricky.
  8. On your iPad, go to Settings>Calendars>Accounts>Add Account
  9. Go to Other
  10. Go to Add Subscribed Calendar
  11. Paste in the URL for MOODLE you copied earlier.
  12. Click Next and change the description to "MOODLE". Click Next again.

Meraki Systems Manager

Capabilities and Usage Disclosure


Network Access Policy:


Bellarmine does not provide access to an open, BYOD network on campus. Rather, access to our network is restricted to employees and students to maintain a secure, properly supervised environment. Access to Bellarmine's network is granted through the ICT Department. Limited access is occasionally granted to individuals affiliated with the school who would like use our network services temporarily for school related purposes. Devices are generally approved if they are able to support the installation of Meraki Systems Manager software. Installation of the Meraki systems manager is a prerequisite to all Wi-Fi connections.

Individuals who want access to the Bellarmine Preparatory School network must consent to installing the Meraki Systems Manager App on their device(s). Furthermore, people who want access to the Bellarmine Preparatory School network must identify themselves with a first name, last name and email address. This identity information is associated with the inventories of their devices generated by Meraki Systems Manager.

Usage Policy

The Meraki Systems Manager collects information about the device on which it is installed, including an estimated location, network connection status, installed software and hardware utilization. Direct access to this device information is restricted to Bellarmine ICT staff. The Meraki Systems Manager also gives Bellarmine ICT staff the ability to manage a device remotely. Bellarmine uses the Meraki Systems Manger to assist users with support issues, to distribute software, monitor compliance with the acceptable use of our systems, report on system utilization for capacity planning and protect our systems from security threats or abuse. Parents may request reports of their sons' or daughters' technology usage by sending an email to rogersa@bellarmineprep.org. School administrators may also request and be given information regarding a student's technology use. Bellarmine may be compelled by the courts to disclose network information as part of a legal proceeding. Otherwise, if a device is appropriately and legitimately connected to Bellarmine's network, Bellarmine will not disclose information collected using Meraki Systems Manager to employees or third parties. Bellarmine will not relinquish remote control of managed devices to employees or third parties.

Meraki MDM Capabilities


Supported Platforms

  • Apple iPad, iPod Touch, iPhone, Apple TV (iOS 5 or higher)
  • Android (2.2 or higher)
  • Mac OS X (10.5, 10.6, 10.7, 10.8, 10.9, 10.10)
  • Windows Phone 8.1 (Enterprise only), Windows Pro 8.1, 8, 7, Vista, XP (Service Pack 3 or higher), Microsoft Server 2008, R2, 2012
Management
  • Managed via the web using Meraki’s secure browser based dashboard
  • Centralized administration of managed devices
  • Organization level two-factor authentication
  • Role-based administration
  • Inventory data export to CSV
  • Remote command line
  • Administrative event log and activity log
  • Automatic alerts for installed software, geofencing, enrollment, and dynamic security
  • reporting
  • Copy profiles across different networks
  • Enterprise wipe and dissolving management profiles (Enterprise only)

Software and App Management
  • Inventory of installed software and apps
  • Custom deployment of software and App Store apps
  • Integration with Apple App Store and Apple’s Volume Purchase Program
  • Software installation via .msi and .pkg (Windows and Mac)
  • Software uninstallation (Windows and Mac)
  • Custom uninstallation of iOS and Android apps
  • Restrict app installation
  • Restrict in-app purchase
  • Unauthorized software and app installation monitoring and notification
  • Install Enterprise Apps

Content Management
  • Custom deployment of files, documents, apps (iOS and Android)
  • Update and deploy the latest version to devices (iOS and Android)
  • Managed and distribute app licenses (iOS with VPP)
  • Deploy iBook licenses

Device Restrictions
  • Restrict use of camera (iOS and Android)
  • FaceTime, Siri, iTunes Store, multiplayer gaming (iOS)
  • Restrict content consumption (YouTube, explicit music & podcasts, content rated movies, TV shows, and apps) (iOS)
  • Force encrypted backup (iOS) and encrypted storage (Android)
  • Enforce passcode policies and failed entry device wipe policy (iOS and Android)
  • Single App mode (iOS and Android – Samsung KNOX)
  • Autonomous Single App mode (iOS) (Enterprise only)
  • Automatic and whitelisted content filter (iOS)
  • Restrict use of AirDrop (iOS)
  • Restrict changes to cellular data usage for apps ( iOS)
  • Toggle Voice and Data Roaming Settings (iOS)
  • Restrict which Airplay devices are listed (iOS)

Troubleshooting and Live Controls
  • Remote device lock, unlock, and wipe (iOS and Android)
  • Remote reboot and shutdown (Windows and Mac)
  • Remote desktop and screenshot (Windows and Mac)
  • Access device process list (Windows and Mac)
  • Send instant notification to device (Windows and Mac)
  • Monitor active TCP connections, TCP stats, and routing table (Windows and Mac)
  • Selective Wipe (iOS , Mac, and Android)
  • Toggle voice and data roaming (iOS)
  • Initiate Airplay remotely (iOS)

Security
  • Device location using device WiFi, IP address, and GPS data
  • Containerization, separation of Managed and unmanaged data (via Open-in with iOS)
  • Unenrollment monitoring and notification
  • Antivirus, antispyware, firewall, disk encryption, passcode and password, screenlock, timeout , and jailbreak and root detection
  • Restrict access to iCloud (iOS)
  • Restrict users to accept untrusted TLS certificates (iOS)
  • Force encrypted backup (iOS) and encrypted storage (Android)
  • Global HTTP Proxy (iOS)
  • Enforce passcode policies and failed entry device wipe policy (iOS and Android)
  • Scan client device for Systems Manager before allowing network access (NAC)* (iOS, Android, Windows, and Mac)
  • Simple Certificate Enrollment Protocol (SCEP)
  • Customer Certificate Signing for certificate provisioning (Enterprise only)
  • Access rights to limit Dashboard control (e.g. cannot erase BYOD devices iOS and Mac) (Enterprise only)
  • Dynamic profile management - Security compliance, Geofence management, Time Based (Enterprise Only)
  • Cisco ISE MDM API Integration (Enterprise only)

Network Configuration Deployment
  • Deploy WiFi settings including WPA2-PSK & WPA2-Enterprise (iOS and Mac)
  • Deploy VPN configuration and authentication settings (iOS and Mac)
  • Deploy server side digital certificates (iOS)
  • Scan client device for Systems Manager before allowing network access (NAC)* (iOS,
  • Android, Windows, and Mac)
  • Systems Manager Sentry (iOS, Android, Mac OS X)
  • Automatic Wi-Fi EAP-TLS certificate based authentication to Meraki wireless (iOS, An-
  • droid, and Mac)
  • Deploy Airplay destinations and passwords
  • Group Policy Integration into the Cisco Meraki Hardware stack (Enterprise only)
  • Cisco ISE MDM API Integration (Enterprise only)

Device Enrollment
  • App enrollment (iOS and Android)
  • Auto enrollment through DEP (iOS 7+ and Mac OS X 10.10)
  • Streamlined device enrollment through SM-Sentry (requires MR access point and is avail-
  • able for iOS, Android, and Mac)
  • On-device enrollment (iOS and Android)
  • Integration with Apple Configurator & Apple iPhone Configuration Utility (iOS)
  • SMS or email enrollment invitation (iOS and Android)
  • Manual installer deployment (Windows and Mac)
  • Integration with Active Directory’s GPO (Windows)
  • Quarantine devices upon enrollment (iOS, Mac, and Android)

Monitoring
  • Hardware vitals and specs reporting
  • Network access, connectivity, signal strength monitoring
  • Restriction compliance monitoring
  • Device location with device WiFi connection, IP address, and GPS data
  • Battery, storage, RAM and CPU usage, outage monitoring
  • Network location override

Automatic Provisioning (Enterprise only)
  • Group Policy integration into the Cisco Meraki Hardware stack
  • Active Directory and LDAP integration at time of enrollment
  • Automatically apply tags and device owners based on Active Directory and LDAP groups
  • Automatically distribute and revoke App licenses with VPP

Email Settings
  • Exchange Active Sync email account provisioning (iOS)
  • Assign owners to devices