Disable Private Address iOS 14

mauricevanderzw
New Contributor

Our school uses MAC filter to assign SSID's to iPads (and to block unknown devices from wifi, etc.). iOS 14 wifi per default uses Private Address, which causes problems on new devices and devices which just have been wiped (updates devices seem to work fine), because since they use private address, our MAC filter doesn't recognise them anymore (until you manually disable private address). Request: disable private address. Thnx!

10 REPLIES 10

blackholemac
Valued Contributor III

check out this thread...it's an Apple feature. Short version: Jamf implemented what Apple put in the MDM spec...Apple's checkbox disables MAC address randomization, but doesn't make the switch in Settings immutable...Apple is the one who needs to fix it. I feel your pain because we are in the same boat: https://www.jamf.com/jamf-nation/feature-requests/9733/change-private-address-setting-via-profile-on-ios-14

dstranathan
Valued Contributor II

I see the ability to disable iOS 14 random MAC (AKA Private Address) is baked-into my instance of MS Intune on a per-SSID basis.

blackholemac
Valued Contributor III

It's baked into Jamf as well, but it doesn't prevent the end user from toggling the switch to randomize after it is initially set in iOS 14 itself on the device. It just sets it initially.

dstranathan
Valued Contributor II

@blackholemac While I have seen the setting in Intune (server-side), I haven't seen how it looks once applied on a production iOS 14 device yet. Didn't realize that an end-user could still toggle it manually (I assumed the setting would be greyed-out/immutable).

Update: I am seeing the same behavior as you are. Users can toggle the 'Private Address' setting if they want (Assuming the drill deep enough into the wi-fi network settings.)

St0rMl0rD
Contributor III

We had a big issue with this. Once we set up a profile to turn off the private address, all of our iPad mini 2s (100+ devices) running iOS 12 lost connection to our main wifi network - I then had to manually go and enter the username and passwords on every single device. A nightmare!

blackholemac
Valued Contributor III

From Apple: iOS 14.2 beta 4 has it set so an end user cannot modify this in the GUI when set. My recent observations: Unfortunately, I tried to set the setting through Jamf profiles while the device was still on iOS 13.x. When the device was upgraded, it did NOT take. HOWEVER, when wiped and on iOS 14.2 beta 4 natively, it worked.

dstranathan
Valued Contributor II

@blackholemac I'm seeing the same thing. I have 200+ iOS devices on iOS 13 (in Intune and Jamf - long story) that are getting updated to iOS 14 at the user's discretion (IT doesn't currently enforce an OS policy) and NONE of them appear to be honoring the profile setting after the update.

I see only 4 options for us:

-New devices iOS 14 will be managed correctly. Example: new iPhone 12s that are getting ordered/deployed (with iOS 14).
-IT staff sets the Private Address manually for the end-users (or trains users how to do it via a KB article etc).
-IT wipes all managed devices and installs iOS 14 clean then re-enrolls into MDM. Nope!
-Scope the profile to only iOS devices running iOS 14? This wont work for me in Intune due to the way our wi-fi profiles are configured.

COVID-19 makes this situation worse. IT has no idea what users will be on-site (and need wi-fi) and who doesn't.

This is gonna be ugly.

dstranathan
Valued Contributor II

Good news - Looks like the immutable flag now works properly in iOS 14.2. Users can no longer manually enable the "Private Address" setting once its managed via MDM.

robii
New Contributor III

I guess I am missing something. Where is this setting found? I am running 14.2 and have Disable MAC Address Randomization checked but the end user can still turn it back on. It there a restriction I need to set somewhere to make it immutable?

robii
New Contributor III

Never mind, the new profile hadn't been pushed to the iPad. Once I forced it to re-install the profile it worked.