Security

 View Only

  • 1.  MacOS Sequoia - Private Wi-Fi Address on MDM managed networks

    Posted Sep 24, 2024 07:48 PM

    Hi All, 

    Spent today being plagued with support requests from users unable to connect to WiFi after updating to MacOS Sequoia 15.

    Turns out Apple have enabled MAC randomization by default, even for MDM managed WiFi profiles.

    What's new for enterprise in macOS Sequoia - Apple Support

    MDM can configure the use of the hardware MAC address instead of a private MAC address on a managed Wi-Fi network. A privacy warning is shown when using the hardware MAC address because it allows tracking by Wi-Fi networks and nearby Wi-Fi devices.

    This was a problem for us because we have the Intune integration with Clearpass and perform Authorization on the devices MAC address matched to Intune.

    Intune does not yet have a setting in the WiFi template to control the Private WiFi Address option (but does exist for iOS strangely)



  • 2.  RE: MacOS Sequoia - Private Wi-Fi Address on MDM managed networks

    Posted Sep 25, 2024 10:14 AM

    That's annoying. Sounds like a limitation on the InTune side.




  • 3.  RE: MacOS Sequoia - Private Wi-Fi Address on MDM managed networks

    Posted Sep 27, 2024 02:45 AM

    More annoying is that even when Intune (no capital T) adds it for macOS, it can't be deployed to a pre macOS 15 device in advance due to the way configuration profiles work.


    Original Message


  • 4.  RE: MacOS Sequoia - Private Wi-Fi Address on MDM managed networks

    Posted Oct 14, 2024 03:22 AM

    Mac randomization in itself should not be a big issue, unless you base authorization on MAC address. With Intune, the recommended authentication method is certificate based (TEAP or EAP-TLS in case of MACs) and authorization would be based on the certificate information, like Intune DeviceID and/or AAD_DeviceID.

    For monitoring it is still annoying as it's harder to see client behavior across different sessions.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


Related Content