About private Wi-Fi addresses and enterprise networks

This article helps network administrators understand how Apple devices use private Wi-Fi addresses in environments that use MAC addresses to control access.

Private Wi-Fi addresses and MDM

The Private Address setting introduced in iOS 14, iPadOS 14 and watchOS 7 is turned on by default. Businesses and other organisations may need to take either of these actions:

  • Update Wi-Fi network security or management settings to work with private addresses.

  • Or use Wi-Fi MDM settings to turn off a device's Private Address setting for their Wi-Fi network. This setting can be turned on or off at any time by the device's user, unless the device is enrolled in MDM and the setting is turned off with a network profile.*

Connecting to a previously known network

When a device connects to a network it remembers connecting to before upgrading to iOS 14 or later, iPadOS 14 or later, or watchOS 7 or later:

  • It tries to connect using the private address.

  • If it's unable to connect because the organisation's Wi-Fi network won't allow devices to join using a private address, it will try to connect immediately using its hardware MAC address.

During this time, and until the device has connected using the private address successfully:

  • The Private Address setting will remain off for that network in Settings.

  • The device will continue to try to connect using the private address. If it fails, it will continue to use the hardware MAC address.

After the device has connected using a private address successfully, that MAC address will be used for future connections to that Wi-Fi network. Exceptions:

  • Starting with iOS 15, iPadOS 15 and watchOS 8, if the device hasn't joined the network in six weeks, it will use a different private address the next time it joins the network.

  • If you make the device forget the network, it will also forget the private address it used with that network, unless it's been less than two weeks since the last time it was made to forget that network.

Connecting to a new network

In most cases, devices with iOS 14 or later, iPadOS 14 or later and watchOS 7 or later will only use the private address to join new Wi-Fi networks. If a device has an MDM profile with the Private Address setting turned off, it will use the hardware MAC address to join. If a device connects to a Wi-Fi network during Setup Assistant, it will first use the hardware MAC address to join and then treat that network as a previously known network.

* Prior to iOS 14.2, iPadOS 14.2 and watchOS 7.1, the Private Address setting can be turned off by the device's user, regardless of MDM-defined network settings.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: