VMware Workspace ONE Community
Adamfry
Enthusiast
Enthusiast
‎04-21-2020 07:47 AM
Jump to solution

iOS Wifi restrictions / Airwatch removal

Hi

I've not been able to find anything in Airwatch to do the following but would appreciate if anyone knows different:

Is it possible to restrict iOS devices from connecting to Open wifi networks or Wifi with a Captive portal ? Our devices are all supervised by Configurator 2 but we cannot use the Whitelist Wifi function as we have too many networks allowed. 

Also is it the case that devices have to be in DEP in order to prevent the removal of Airwatch MDM ?  I believe so.  I've removed the Unenrol option in Hub but they can remove the profile.

Thanks
Adam.

Labels (2)
1 Solution

Accepted Solutions
RogerDeane
VMware Employee
VMware Employee
‎04-22-2020 12:53 PM
Jump to solution

"Is it possible to restrict iOS devices from connecting to Open wifi networks or Wifi with a Captive portal ? Our devices are all supervised by Configurator 2 but we cannot use the Whitelist Wifi function as we have too many networks allowed. "

No, Apple does not allow a MDM to block a device from connecting to a WiFi network.   There is a trick however if you know the SSID's of the WiFi networks you want to block.   You can create WiFi profile in Workspace ONE UEM (AirWatch) for that SSID with a random authentication key that will not work.   The device will try and connect to the SSID, fail and then move on to one that will work.  Unfortunately there isn't a way to say "Don't allow this device to connect to an open WiFi network".

"Also is it the case that devices have to be in DEP in order to prevent the removal of Airwatch MDM ?  I believe so.  I've removed the Unenrol option in Hub but they can remove the profile."

That is correct.   Again this is a restriction from Apple.   The only way to prevent the removal of the MDM Profile is to have the device DEP enrolled and if I'm not mistaken it has to be supervised as well.

Hope that helps!

View solution in original post

2 Replies
RogerDeane
VMware Employee
VMware Employee
‎04-22-2020 12:53 PM
Jump to solution

"Is it possible to restrict iOS devices from connecting to Open wifi networks or Wifi with a Captive portal ? Our devices are all supervised by Configurator 2 but we cannot use the Whitelist Wifi function as we have too many networks allowed. "

No, Apple does not allow a MDM to block a device from connecting to a WiFi network.   There is a trick however if you know the SSID's of the WiFi networks you want to block.   You can create WiFi profile in Workspace ONE UEM (AirWatch) for that SSID with a random authentication key that will not work.   The device will try and connect to the SSID, fail and then move on to one that will work.  Unfortunately there isn't a way to say "Don't allow this device to connect to an open WiFi network".

"Also is it the case that devices have to be in DEP in order to prevent the removal of Airwatch MDM ?  I believe so.  I've removed the Unenrol option in Hub but they can remove the profile."

That is correct.   Again this is a restriction from Apple.   The only way to prevent the removal of the MDM Profile is to have the device DEP enrolled and if I'm not mistaken it has to be supervised as well.

Hope that helps!

Adamfry
Enthusiast
Enthusiast
‎04-23-2020 12:12 AM
Jump to solution

Thanks for confirmation Roger.


ATB

Adam.