This article helps network administrators understand how Apple devices use private Wi-Fi addresses in environments that use MAC addresses to control access.
The Private Address setting introduced in iOS 14, iPadOS 14, watchOS 7, visionOS and macOS 15 is turned on by default. Businesses and other organisations may need to take either of these actions:
Update Wi-Fi network security or management settings to work with private addresses.
Or use Wi-Fi MDM settings to turn off a device's Private Address setting for their Wi-Fi network.
When a device connects to a network that it remembers connecting to before upgrading to iOS 14 or later, iPadOS 14 or later, watchOS 7 or later, or macOS 15 or later:
It tries to connect using the private address.
If it's unable to connect because the organisation's Wi-Fi network won't allow devices to join using a private address, it will try to connect immediately using its hardware MAC address.
During this time, and until the device successfully connects using the private address:
The Private Address setting will remain off for that network in Settings.
The device continues to try to connect using the private address when rejoining the network. If it fails, it will continue to use the hardware MAC address.
After the device has connected using a private address successfully, that MAC address will be used for future connections to that Wi-Fi network. Exceptions:
If the device forgets the network, then it will also forget the private address used with that network unless it has been less than 24 hours since the network was last forgotten.
If Private Wi-Fi Address is set to Rotating, the device uses a private address that rotates to a different private address every two weeks.
In most cases, Apple devices use only the private address to join new Wi-Fi networks. If a device has an MDM profile with the Private Address setting turned off, it will use the hardware MAC address to join. If a device connects to a Wi-Fi network during Setup Assistant, it will first use the hardware MAC address to join and then treat that network as a previously known network.
When a private Wi-Fi Address is used, the device will use a generic hostname in DHCP (Dynamic Host Configuration Protocol) requests.