Is there a way to prevent users from changing the private IP address setting on MacOS 15?

padders
New Contributor

Hi all, we're looking into managed Wi-Fi network settings for our MacOS 15 devices when users begin upgrading (deferred for the full 90 days), but within the network payload settings or the restrictions settings there is no way to disallow the users ability to change the private IP address back to fixed or rotating. The "Disable MAC Address Randomization" works when we deploy a network to machines, but users can still just go into settings and enable this. Any ideas or have I just missed a simple setting somewhere?

This is early days and we still have until December before our users start upgrading.

4 REPLIES 4

alan
New Contributor

I'm seeing something similar here. I deploy the profile with the "Disable MAC Address Randomization" payload and it works. The option is not visible in the setting pane however after a restart it appears that the setting is no longer enforced and the setting is visible and can be edited. 

 

_Daley
New Contributor III

Also encountering this behavior. It's notable that in the "About private Wi-Fi addresses and enterprise networks" documentation, they mention the following: "use Wi-Fi MDM settings to turn off a device's Private Address setting for their Wi-Fi network. On macOS, this setting can be turned on or off at any time by the device's user."

 

This might be why. Is there any reason why you want to disable this setting? If you are reliant on static nac addresses, I'd also recommend having a read through the following, since there is no traditional way of disabling them pre-upgrade. https://www.brunerd.com/blog/2024/09/27/getting-ahead-of-private-wi-fi-address-changes-in-macos-sequ...

 

 

padders
New Contributor

Thank you for listing these sources. Looks like this is currently how Apple are wanting the private IP address settings to be laid out. We still have a hybrid system in place that causes some issues with mac randomisation.

jeetendragupta
New Contributor II

 Here are the steps to do this:

 

 Create a Configuration Profile:

  - In the Jamf Pro dashboard, go to Devices > Configuration Profiles.
  - Click on the New button to create a new configuration profile.

 Configure the Wi-Fi Settings:

  - In the configuration profile settings, go to the Wi-Fi payload.
  - Click on the Configure button to add a new Wi-Fi configuration.

 Disable Private Wi-Fi Address:

  - In the Wi-Fi configuration settings, you will see an option for Disable MAC Address Randomization or Disable Private Wi-Fi Address. Ensure this option is checked.
  - Enter the SSID of your office Wi-Fi network to apply this setting specifically to your network.

Scope the Configuration Profile:

  - Go to the Scope tab.
  - Add the devices or device groups that need this configuration profile.

Save and Distribute the Profile:

  - Click on the Save button to save the configuration profile.
- The profile will be distributed to the scoped devices, and the Private Wi-Fi Address feature will be disabled for your office Wi-Fi network.

Before deploying the configuration profile to all devices, test it on a small group of devices to ensure it works as expected.