Personal Device MAC address registration

Question

Created Jun ’20

Replies 3

Boosts 0

Views 1.2k

Participants 4

In the session, "What's new in managing Apple devices" we learned about the new MAC address randomization. This appears to be the default setting. How will this impact personal devices on enterprise networks that use tools like Fortinet for MAC address filtering? How often is the MAC address randomized (if it happens too frequently our per device license count will sky rocket), will this allow devices to randomize to someone else's MAC address and gain privileges that specific device shouldn't have access to? Where would I find more documentation on how this works?

Thank you so much!!!

Boost

Answer 1

Engineer OP

Apple

Jun ’20

Hi there, from the MDM side the recommendation would be to deploy a WiFi profile for the network in question with the DisableAssociationMACRandomization key set to true. That way when devices associate with that network they will use their true MAC address. You can see the documentation for the payload here. Someone else might be able to jump in with some more specifics on how often the random address changes, etc.

0

Answer 2

Device Management Engineer OP

Apple

Jun ’20

If you're concerned about MAC address collisions introducing security issues, you already have a security problem. There are many devices that allow users to set the MAC address. It's also straightforward to discover the MAC addresses of nearby connected devices. Together, that allows a user with only moderate skill to spoof the MAC address of another device that has higher privileges. Permissions and license counts should use some other form of authentication such as a captive portal or WPA credentials rather than MAC addresses.

0

Answer 3

Systems Engineer OP

Apple

Jun ’20

Also see the "Build trust through better privacy" session, starting at around 21 minutes in, for additional details on the Private Wi-Fi Address feature: https://developer.apple.com/wwdc20/10676

0