iOS disable "Private Address"

alessio_tedesco
New Contributor III

hi all,
is there a way to enforce the setting "Private Address" turned off?
We actually have a Cisco ISE in our internal network that uses mac address to detect if it is an iPhone (we push mac addresses in a specific group) and then moves the iPhones to another network. Since Private Address is on, it transmits to the network controller a different MAC address and breaks our rule.

1 ACCEPTED SOLUTION

Tribruin
Valued Contributor II

It is available in the WiFi Configuration Profile setting: Disable MAC Address Randomization (iOS 14 or later)

Originally an MDM could change the setting, but it was user overridable. But as os iOS14.1 (or 14.2), the setting can not be overridden by the user anymore if set by a profile.

View solution in original post

15 REPLIES 15

Tribruin
Valued Contributor II

It is available in the WiFi Configuration Profile setting: Disable MAC Address Randomization (iOS 14 or later)

Originally an MDM could change the setting, but it was user overridable. But as os iOS14.1 (or 14.2), the setting can not be overridden by the user anymore if set by a profile.

Mr_Todd
New Contributor II

I am trying to employ this limitation for the iPads in my school district, but it is not working. I have created a configuration profile using the “Disable MAC Address Randomization (iOS 14 or later)” as prescribed; however, it is not working. The Private Address option on the iPad is still active and can be turned on and off by the user. Is anyone else seeing this issue and if so, is there a solution?

Mr_Todd
New Contributor II

I am trying to employ this limitation for the iPads in my school district, but it is not working. I have created a configuration profile using the “Disable MAC Address Randomization (iOS 14 or later)” as prescribed; however, it is not working. The Private Address option on the iPad is still active and can be turned on and off by the user. Is anyone else seeing this issue and if so, is there a solution?

wdpickle
Contributor

Do you know if this applies to all SSIDs the iPad can connect to or is it just the specified SSID associated in the config profile?

mainelysteve
Valued Contributor II

@wdpickle Just the specified SSID in your profile.

user-hRLOJfwMia
New Contributor

This is absolutely terrible. Is there really no way to turn off the Private Wi-Fi address for all SSIDs? We have several networks here that are controlled by RADIUS, and have constantly aborts in the network because of this ... special feature.

mainelysteve
Valued Contributor II

@user-hRLOJfwMia It is and no it's still per SSID. Provide feedback to Apple to get that changed to a system wide setting. I've complained about it to my state SE's and questioned it during a regional SE meeting back in the fall.

david_yenzer
Contributor II

*grumble* This one bit us again at the start of this school year.

In my own experimentation with it, I have found that I can get it to take but it requires wiping the device; which doesn't make a lot of sense for a configuration profile. To this end, I feel it's better to turn off the private network manually but keep this option running so as devices get wiped, it will retain this option. No sense in wiping 6000+ devices just to get this one feature working properly.

joeharden
New Contributor II

Still seeing this up to 14.8... haven't tried much with ios15 yet.

ALA_Matt
New Contributor II

Hi, I am not sure if it is working for you now, if it is with the iPadOS 15, or something else, but I was not able to have it take when the devices were already on the configuration / wifi.  If I took a device off the wifi config then add it again with the "Disable MAC Address Randomization (iOS 14 or later)" on, THEN it worked.  May be the same with you and that is why the Wipe was working since wiping it would also be taking the device off the Configuration and installing it again.  May be worth trying out as it would be much faster than wiping.  Still unfortunate it requires devices to be taken off the wi-fi configuration / wifi for a bit.  You would for sure want an onboarding network or something otherwise it would be a whole lot of reconnecting to the internet! 

Mr_Todd
New Contributor II

Hi Matt,

Thanks for providing a solution that worked for you. We did finally get this to work and I suspect it was with the help of an update. I was able to go from 1 of 4 working to all the devices working. Of course, this was around when Apple released iPadOS 15, so that may have played a part as well. I'm just glad it is working and so is our network admin.

ALA_Matt
New Contributor II

Yeah not a problem!  Glad it is working now!  

So were you able to Disable association MAC address randomization for all iPads enrolled with your MDM for all SSID's?

applebit
New Contributor II