About private Wi-Fi addresses and enterprise networks
This article helps network administrators understand how Apple devices use private Wi-Fi addresses in environments that use MAC addresses to control access.
Private Wi-Fi addresses and MDM
The Private Address setting introduced in iOS 14, iPadOS 14, watchOS 7, visionOS, and macOS 15 is turned on by default. Businesses and other organizations might need to take either of these actions:
Update Wi-Fi network security or management settings to work with private addresses.
Or use Wi-Fi MDM settings to turn off a device's Private Address setting for their Wi-Fi network. On macOS, this setting can be turned on or off at any time by the device's user.
Connecting to a previously known network
When a device connects to a network that it remembers connecting to before upgrading to iOS 14 or later, iPadOS 14 or later, watchOS 7 or later, or macOS 15 or later:
It tries to connect using the private address.
If it can't connect because the organization's Wi-Fi network doesn't allow a device to join using a private address, it immediately tries to connect using its hardware MAC address.
During this time, and until the device successfully connects using the private address:
The Private Address setting remains off for that network in Settings.
The device continues to try to connect using the private address when rejoining the network. If it fails, it continues to use the hardware MAC address.
After the device successfully connects using a private address, that MAC address is used for future connections to that Wi-Fi network. Exceptions:
If the device forgets the network, then it will also forget the private address used with that network unless it has been less than 24 hours since the network was last forgotten.
If Private Wi-Fi Address is set to Rotating, the device uses a private address that rotates to a different private address every 2 weeks.
Connecting to a new network
In most cases, Apple devices use only the private address to join new Wi-Fi networks. If a device has an MDM profile with the Private Address setting turned off, it uses the hardware MAC address to join. If a device connects to a Wi-Fi network during Setup Assistant, it first uses the hardware MAC address to join and then treats that network as a previously known network.
When a private Wi-Fi Address is used, the device will use a generic hostname in DHCP (Dynamic Host Configuration Protocol) requests.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
