3 Replies Latest reply on Jun 10, 2020 10:42 AM by RogerDeane

    Randomized MAC android

    rbartholomeu Lurker

      Customer started rolling out Android devices in many sites and as they are running version 10 or above a randomized MAC address is used by default. Customer also uses AirWatch to control device enrollment/registration and this started to cause issues as now the updates AAA server (Aruba Clearpass) gets from Airwatch (through APIs) are based off of device's MAC and not randomized.

      There is no such thing in Airwatch to disable this setting on an Android device and we are looking for a workaround.

        • 1. Re: Randomized MAC android
          RogerDeane Enthusiast
          VMware Employees

          This has been an issue for a while.   Workspace ONE UEM (AirWatch) can get the correct MAC for a fully managed device (Work Managed) but for all other modes we can only get the randomized MAC.   This is a restriction created by Google.   I've heard that there are ways around this but I'm not aware of how they work.  We are always working with Cisco ISE and Aruba Clearpass to try and make the integration as good as possible.   Below is a link to a blog post that you may find helpful, I'm certainly going to read through it.

           

          Android Q for Enterprise: Wi-Fi MAC Randomizaion – Arsen Bandurian: Technical Blog

           

          Hope that helps!

           

          Roger

          • 2. Re: Randomized MAC android
            rbartholomeu Lurker

            Thank you,

             

            That means a feature request has to be raised.

            • 3. Re: Randomized MAC android
              RogerDeane Enthusiast
              VMware Employees

              There's nothing we can do from a Workspace ONE UEM standpoint.    Google has decided to not allow access to the actual WiFi MAC address for any mode other then Work Managed.   I have personally met with Google in Mountain View about this issue and they are very firm on their stance.   We have been working with Cisco and other NAC providers to try and find a way to solve this problem but at this point we don't have a solution.   The NAC knows the actual MAC from with WiFi networking hardware and not much else.   We know most everything else about the device except the actual MAC so there isn't anything in common.  

               

              If anyone else in the community has any other feedback or a solution I would love to hear it.

               

              Roger