Jamf Nation Community

mauricevanderzw · ‎09-22-2020

Our school uses MAC filter to assign SSID's to iPads (and to block unknown devices from wifi, etc.). iOS 14 wifi per default uses Private Address, which causes problems on new devices and devices which just have been wiped (updates devices seem to work fine), because since they use private address, our MAC filter doesn't recognise them anymore (until you manually disable private address). Request: disable private address. Thnx!

blackholemac · ‎09-22-2020

check out this thread...it's an Apple feature. Short version: Jamf implemented what Apple put in the MDM spec...Apple's checkbox disables MAC address randomization, but doesn't make the switch in Settings immutable...Apple is the one who needs to fix it. I feel your pain because we are in the same boat: https://www.jamf.com/jamf-nation/feature-requests/9733/change-private-address-setting-via-profile-on-ios-14

dstranathan · ‎09-29-2020

I see the ability to disable iOS 14 random MAC (AKA Private Address) is baked-into my instance of MS Intune on a per-SSID basis.

blackholemac · ‎09-29-2020

It's baked into Jamf as well, but it doesn't prevent the end user from toggling the switch to randomize after it is initially set in iOS 14 itself on the device. It just sets it initially.

dstranathan · ‎09-30-2020

@blackholemac While I have seen the setting in Intune (server-side), I haven't seen how it looks once applied on a production iOS 14 device yet. Didn't realize that an end-user could still toggle it manually (I assumed the setting would be greyed-out/immutable).

Update: I am seeing the same behavior as you are. Users can toggle the 'Private Address' setting if they want (Assuming the drill deep enough into the wi-fi network settings.)

St0rMl0rD · ‎10-27-2020

We had a big issue with this. Once we set up a profile to turn off the private address, all of our iPad mini 2s (100+ devices) running iOS 12 lost connection to our main wifi network - I then had to manually go and enter the username and passwords on every single device. A nightmare!

blackholemac · ‎10-27-2020

From Apple: iOS 14.2 beta 4 has it set so an end user cannot modify this in the GUI when set. My recent observations: Unfortunately, I tried to set the setting through Jamf profiles while the device was still on iOS 13.x. When the device was upgraded, it did NOT take. HOWEVER, when wiped and on iOS 14.2 beta 4 natively, it worked.

dstranathan · ‎10-27-2020

@blackholemac I'm seeing the same thing. I have 200+ iOS devices on iOS 13 (in Intune and Jamf - long story) that are getting updated to iOS 14 at the user's discretion (IT doesn't currently enforce an OS policy) and NONE of them appear to be honoring the profile setting after the update.

I see only 4 options for us:

-New devices iOS 14 will be managed correctly. Example: new iPhone 12s that are getting ordered/deployed (with iOS 14).
-IT staff sets the Private Address manually for the end-users (or trains users how to do it via a KB article etc).
-IT wipes all managed devices and installs iOS 14 clean then re-enrolls into MDM. Nope!
-Scope the profile to only iOS devices running iOS 14? This wont work for me in Intune due to the way our wi-fi profiles are configured.

COVID-19 makes this situation worse. IT has no idea what users will be on-site (and need wi-fi) and who doesn't.

This is gonna be ugly.

dstranathan · ‎11-05-2020

Good news - Looks like the immutable flag now works properly in iOS 14.2. Users can no longer manually enable the "Private Address" setting once its managed via MDM.

robii · ‎11-17-2020

I guess I am missing something. Where is this setting found? I am running 14.2 and have Disable MAC Address Randomization checked but the end user can still turn it back on. It there a restriction I need to set somewhere to make it immutable?

robii · ‎11-17-2020

Never mind, the new profile hadn't been pushed to the iPad. Once I forced it to re-install the profile it worked.

Jamf Nation Community

Disable Private Address iOS 14