Device Setup
Meridian Seven operates a BYOD (Bring Your Own Device) model. Your personal device needs to meet our security requirements before accessing company systems. The setup script automates this process.
Quick Start
Section titled “Quick Start”Windows
Section titled “Windows”What the Script Does
Section titled “What the Script Does”The script automatically configures your device to meet Meridian Seven’s security requirements:
| Step | What Happens |
|---|---|
| OS Check | Verifies macOS 14+ or Windows 11 22H2+ |
| 1Password | Installs the app and CLI if missing |
| 1Password Sign-In | Prompts you to sign in (only manual step) |
| CrowdStrike | Downloads and installs the endpoint security sensor |
| Disk Encryption | Enables FileVault (macOS) or BitLocker (Windows) |
| Screen Lock | Checks timeout is 5 minutes or less |
| Firewall | Enables the system firewall if not already on |
The only step requiring your input is signing in to 1Password. Everything else is automated.
After Running the Script
Section titled “After Running the Script”- Re-run the script to confirm all checks pass (all ✓)
- Restart your computer if prompted (FileVault or CrowdStrike may require it)
- Verify CrowdStrike — ask the CTO to confirm your device appears in the Falcon Console
- Save your FileVault recovery key in 1Password if you were prompted to enable encryption
Requirements
Section titled “Requirements”| Requirement | macOS | Windows |
|---|---|---|
| OS Version | macOS 14 (Sonoma)+ | Windows 11 22H2+ |
| Disk Encryption | FileVault | BitLocker |
| Screen Lock | ≤ 5 min timeout | ≤ 5 min timeout |
| Firewall | Enabled | Enabled |
| EDR | CrowdStrike Falcon | CrowdStrike Falcon |
| Password Manager | 1Password + CLI | 1Password + CLI |
Troubleshooting
Section titled “Troubleshooting”1Password CLI not found
Section titled “1Password CLI not found”Close and reopen your terminal after installation. On macOS, you may need to run:
CrowdStrike not installing
Section titled “CrowdStrike not installing”If the script says credentials are unavailable, contact the CTO — the Doppler service token may need to be configured.
FileVault requires restart
Section titled “FileVault requires restart”FileVault starts encrypting after you restart. This is normal — restart and re-run the script.
Need help?
Section titled “Need help?”Post in Slack #security or ask the CTO directly.
Full Documentation
Section titled “Full Documentation”For the complete device setup guide with detailed troubleshooting, see the Device Setup Guide in the security documentation.
For the full BYOD policy, see the BYOD Endpoint Security Policy.