Highlighted
Contributor
Contributor

iOS disable MAC-address randomization

Running on cloud environment version 20.8.0.3 (2008).

When are functionality for disabling MAC-address randomization releasing?

Labels (2)
17 Replies
Highlighted
Enthusiast
Enthusiast

I'm in the same boat also - Right now we are delaying iOS updates until there is a setting.

0 Kudos
Highlighted
Expert
Expert

How does this setting affect iOS update?

0 Kudos
Highlighted
Enthusiast
Enthusiast

Getting Ready for Apple Fall 2020 Releases (79996)

https://kb.vmware.com/s/article/79996?lang=en_US

https://github.com/vmware-samples/euc-samples/blob/master/iOS-Samples/Fall-2020/iOS14-WiFi.md

iOS 14 WiFi

This payload includes:

• Disable MAC address randomization

Paste the entire XML snippet (<dict>...</dict>) into the Custom XML payload in Workspace ONE UEM.

<dict>

  <key>PayloadDescription</key>

  <string>Configures wireless connectivity settings.</string>

  <key>PayloadDisplayName</key>

  <string>WiFi (Example Wi-Fi)</string>

  <key>PayloadIdentifier</key>

  <string>195c2047-813f-423e-b8c6-56a47a721b6e.Wi-Fi</string>

  <key>PayloadOrganization</key>

  <string></string>

  <key>PayloadType</key>

  <string>com.apple.wifi.managed</string>

  <key>PayloadUUID</key>

  <string>36297c23-1c2f-43e9-8863-bea2c33ca318</string>

  <key>PayloadVersion</key>

  <integer>1</integer>

  <key>ProxyType</key>

  <string>None</string>

  <key>SSID_STR</key>

  <string>Example Wi-Fi</string>

  <key>DisableAssociationMACRandomization</key>

  <true/>

</dict>

Highlighted
Expert
Expert

Thanks for sharing.

I'm still unclear how this MAC-address randomization setting affects iOS updates. Can anyone help clarify?

0 Kudos
Highlighted
Enthusiast
Enthusiast

It doesn't affect iOS updates it affects devices that need to connect to a network that uses mac addresses to auth --- Like a NAC.

0 Kudos
Highlighted
Contributor
Contributor

So to use this XML do you have to modify any of the lines at all for your wifi profile? Do you just put it in the custom settings of the wifi profile or someplace else?

0 Kudos
Highlighted
Expert
Expert

You can copy the XML as is without any modification.

While you can add this to the existing WiFi profile, I would suggest pushing this setting via a separate profile for easier management and troubleshooting in the future.

0 Kudos
Highlighted
Contributor
Contributor

Have you been successful at getting it to work? I've tried pushing it once to some test devices. But the users of those devices said the setting was still on.

0 Kudos
Highlighted
Enthusiast
Enthusiast

You do have to edit it where says example wifi ... i believe

0 Kudos
Highlighted
Enthusiast
Enthusiast

With my testing it works, it turns off the setting but doesn't disable it - meaning the user could still toggle it back on.

0 Kudos
Highlighted
Contributor
Contributor

I was able to get it to work off my personal home wifi. But I'm having problems getting it to work off our corporate wifi which uses certificate based authentication. I had to set the PayloadDIsplayName to the name of the profile pushing the wifi package and the SSID_STR to the display name of the Wifi to get it to work on my home wifi with a separate profile package. Now we are trying to get it to work with the corporate wifi package but haven't had any success yet.

0 Kudos
Highlighted
Contributor
Contributor

Looks like the most recent patch allows disabling of it:

20.8.0.7 Patch Resolved Issues

  • AAPP-10836: HTTP proxy support for APNs.
  • AAPP-10934: iOS devices are checking in continuously while checking for available OS Updates.
  • AAPP-10946: Prevent MAC address randomization for Apple device Wi-Fi.
0 Kudos
Highlighted
Expert
Expert

Thank you all. Like others have said, we were able to turn off but not keep it disabled with the custom XML file (we are SaaS 20.05).

If the patch in 20.8 will keep this setting disabled, then it's a good excuse for us to either upgrade or request the same patch be backported to our current version.

0 Kudos
Highlighted
Contributor
Contributor

well...we just got some bad news today about the hotfix. They've informed us that this hotfix won't be available for 20.07 and we need to upgrade to 20.8. Considering we've only just upgraded last month to 20.07, and that support for this runs till January 2022, I don't understand why the hotfix can't be made available to an existing supported product.

0 Kudos
Highlighted
Expert
Expert

Here's a response from VMware support:

"I have tested the MAC-Access Randomization profile using custom XML. Yes, the behaviour is the same as you mentioned i.e it disables the private IP but doesn't grey it out.

On testing the same feature on console 2008 to 2011 with the built-in option in the wifi payload the result is the same as above, the private IP is disabled with the profile but the user can turn it ON if they want."

So I guess that means there's no fix in sight unless anyone else heard differently?

0 Kudos
Highlighted
Enthusiast
Enthusiast

Apple included this in iOS 14.2 BETA 4 where the MDM profile will be disabled.  We have tested the custom XML with iOS 14.2 BETA 4 to confirm.

Highlighted
Expert
Expert

That's great news!

Although I don't see any reference to this in the release note.

https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-14_2-beta-release-note...

0 Kudos