About private Wi-Fi addresses and enterprise networks
- June 7, 2024
- Apple
Table of Contents
About private Wi-Fi addresses and enterprise networks
This article helps network administrators understand how Apple devices use private Wi-Fi addresses in environments that use MAC addresses to control access.
Private Wi-Fi addresses and Mobile Device Management (MDM)
The Private Address setting is on by default in iOS 14, iPadOS 14, and watchOS 7. Businesses and other organizations may need to update Wi-Fi network security or management settings to work with private addresses. Or they may choose to turn off a device’s private address setting for their Wi-Fi network via an MDM-defined network profile.
The Private Address setting can be turned on or off at any time by the device end-user, unless the device is enrolled in MDM and the setting turned off via a network profile.*
Connecting to a previously-known network using a hardware MAC address
A “previously-known network” is any Wi-Fi network that a device has connected to and remembers prior to upgrading to iOS 14, iPadOS 14, or watchOS 7.
When a device connects to a previously-known network:
- It tries to connect using the private address.
- If that attempt fails because the organization’s Wi-Fi network doesn’t allow a device to join using a private address, it immediately tries to connect using the device’s hardware MAC address.
During this time, and until the device successfully connects using the private address:
- The Private Address option remains off for that network in Settings.
- The device continues to try to connect using the private address. If it fails, it will continue to use the hardware MAC address.
After the device successfully connects using the private address, only the private address will be used for future connections to that particular Wi-Fi network.
Connecting to a new network
In most cases, devices with iOS 14, iPadOS 14, and watchOS 7 use only the private address to join new Wi-Fi networks. If a device has an MDM profile with the Private Address setting turned off, it will use the hardware MAC address to join. If a device connects to a Wi-Fi network during Setup Assistant, it first uses the hardware MAC address to join and then treats that network as a previously-known network.
*Prior to iOS 14.2, iPadOS 14.2, and watchOS 7.1, the Private Address option can be turned off by the device end-user, regardless of MDM-defined network settings.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
Published Date: November 05, 2020