Disable Wi-Fi Private MAC Address on macOS 15
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-19-2024 09:58 PM
In macOS 15, the new Private MAC address settings is enabled by default, and there is a new settings in Profile to disable it, BUT it's only for a spacified SSID.
If you need a global setting to disable the Private MAC for all existed and new SSID, try to create a new policy to run this command:
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist PrivateMACAddressModeSystemSetting -int 1
It will not disable the Private MAC Address immediately, but it will work after forgot the network or reboot the computer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2024 05:22 AM
If I remember correctly, it's not just for a specific SSID. I think that SSID's network must be deployed with a Configuration Profile.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2024 11:17 AM
@AJPinto You are correct, in Jamf Pro 11.9.1 the "Disable MAC Address Randomization (macOS 15 or later)" option is part of the Network payload in a Configuration Profile and only applies to the SSID being configured in that Network payload.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-30-2024 06:11 AM
Anybody have issues with this working? I saw Jamf has the option now in WiFi configuration profile, but in our network anything with Private Mac Address is blocked. So I think when users upgrade to sequoia they dont get the chance to grab that setting before they are blocked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2024 08:17 AM - edited 09-30-2024 08:18 AM
Here is a blog post by @brunerd which describes a mechanism for disabling MAC address randomization that can be deployed to Macs running macOS Sonoma so when they are upgraded to macOS Sequoia they won't start with randomization enabled:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-09-2024 04:42 PM
Thanks for tagging me @sdagley and nicely spotted @Steven_Xu I've added support for setting the PrivateMACAddressModeSystemSetting key in my script setPrivateMACAddressMode.sh script. It's such a poorly named key so I refer to it (disable)PrivateMACAddressModeSystemSetting in the script and logs so the 0/1 "boolean" logic makes more sense. It only sets the default behavior and will have no effect on a network where the PrivateMACAddressModeUserSetting key is already set to static or rotating but it does take effect without reboot if you restart the WiFi via the script: restartWiFi_HC=1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-11-2024 01:23 PM
@Steven_Xu Should this setting PrivateMACAddressModeSystemSetting to 1 via a Configuration Profile result in any Wi-Fi configuration previously set to Fixed or Rotating reverting to Off after a restart? That is not the behavior I am seeing on my test Mac (although that Mac is running a version of macOS Sequoia >15.0.1)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-23-2024 10:21 AM
Is anyone able to prevent the Private MAC Address feature from enabling when upgrading from Sonoma to Sequoia (15.0.1)? I thought setting the PrivateMACAddressMode key prior to the upgrade was working, but no longer does in my testing.
The Wi-Fi configuration profile is not reinstalling, but the PrivateMACAddressMode key is being removed from the plist and there are several keys being added: PrivateMACAddressEvaluatedAt, PrivateMACAddressEvaluationState, CachedPrivateMACAddress, and CachedPrivateMACAddressUpdatedAt. *note the Wi-Fi profile does not currently have the setting to disable the Private MAC option configured. I didn't want to deploy any configuration updates until I work out all the details. I may need to try this upgrade scenario on my test environment that has the key configured.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-23-2024 12:09 PM
@thetfordb Deploying the PrivateMACAddressModeSystemSetting setting @Steven_Xu posted via Configuration Profile didn't work (possibly because of the MCX wrapping Jamf Pro applies to an App & Custom Settings payload), but following his example of writing the setting directly to the com.apple.airport.preferences.plist did work for me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-23-2024 12:12 PM
@sdagley I am using a script to deploy the setting. No configuration profile in my scenario has the setting configured.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-23-2024 01:00 PM
I'm looking at a Mac I applied the PrivateMACAddressModeSystemSetting key to com.apple.airport.preferences.plist while running macOS 14.6.1 and it is still there after upgrading to 15.0.1 and 15.1. That _may_ however be because I wrote an EA to check for the presence of the key and if it isn't found it gets re-written to that .plist.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-23-2024 01:01 PM
Could be. My script is running when the EA detects the value is not 'off'. I could have the EA make the modification which would be more immediate. I just don't like to modify things with an EA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-23-2024 01:47 PM
I should have been clearer. I have an EA that checks for the mod, a Smart Group that uses the output of the EA to report Macs that don't have the mod, and a Policy scoped to that Smart Group to apply the setting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-24-2024 11:39 AM
I may have resolved my issue. The configuration profile with the 'Disable MAC Address Randomization (macOS 15 or later)' setting enabled is needed prior to the upgrade. If you rely solely on the plist modification, the "evaluation" will still happen. If you have the profile in place, it seems to obey the setting in the plist file upon upgrade to Sequoia. I was testing in my production environment where we haven't updated our Wi-Fi config profile yet. My test environment has it and this workflow seems to work as designed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-30-2024 08:02 AM
Is there a command I can run to turn off Private MAC Address for a specific SSID? I don't want to change the default setting for all networks, just our school's SSID.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-30-2024 08:40 AM
I used what @Steven_Xu posted above and put it in a script.
#!/bin/bash
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist PrivateMACAddressModeSystemSetting -int 1
Create a policy to deploy it to your devices. I scoped to all. You can begin with a test environment if you want to test it. You will need a reboot after the command is ran. If you don't have a way of doing that yet i found this article super helpful. You will need to deploy swiftdialog for it to work.
https://medium.com/@laclementine/nudge-your-users-to-restart-their-mac-a66a93afc483
Once devices reboot the setting will be set.
I also turned off Private Mac addresses in Jamf configuration policy.
Hope this helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-30-2024 08:49 AM
Thanks! But I think this sets it as the default for ALL new and existing networks. I just want to set it for one specific SSID. Any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-30-2024 08:51 AM
I also use the Config Profile, but I'm finding that it doesn't always work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-30-2024 09:01 AM
Sorry about thaT! Miss read your post.
I just dissected @brunerd s script that he posted. I tried his, but it did not work. I did find the piece that is needed though:
#!/bin/bash
/usr/libexec/PlistBuddy -c "add :wifi.network.ssid.'enter SSID Here':PrivateMACAddressModeUserSetting string off" /Library/Preferences/com.apple.wifi.known-networks.plist
Just add your SSID. The mode is set to "off" if thats what you want. I believe the other options are "rotating" and "fixed"
For where "enter SSID here" is written you can use a parameter in Jamf (ex: $4) and set it to a variable so you can reuse it if needed.
hope this helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-30-2024 09:13 AM
Awesome, I will give this a shot. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2024 06:53 AM
Hi, my org is about to release OS15 to the populace and I need to deploy something that will disable this so users can continue to use the specific SSID of the wifi network. I tried deploying your script to a device that had the network in it's known list already so it failed (item already exists). This was already on 15 so I don't know if that was the cause but I guess I just want to know if this will work if I deploy to machines running 14, 13, etc and have the setting still in place post-upgrade so we don't get a bunch of calls that the wifi isn't working anymore.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Following - I have the same issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Good news! The script worked when deploying to devices running previous OS versions. I feel pretty confident in saying that the script only failed as the device was already on 15 and that I had manually set the SSID to not use private IP before. I would try deploying it to a couple of devices running 14 or 13, connect to the SSID you want to modify, then upgrade to 15 and see if the change persists. Best of luck!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
Can you confirm the script you used? I assume the top one from @Steven_Xu
I'm testing this out but I'm also in a rush to get it out so I appreciate the confirmation
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist PrivateMACAddressModeSystemSetting -int 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
I actually used the one from @emanueldiaz_09 as I only wanted 1 SSID to have the setting disabled. That's why I replied to his post specifically. I didn't try the top one. Sorry for any confusion and I hope yours works!