WPA2 / WPA3 Personal authentication

WPA2 is currently the most secure standard utilizing AES (Advanced Encryption Standard) and a pre-shared key for authentication. WPA2 is backwards compatible with TKIP to allow interoperability with legacy devices. WPA3 Personal is available as a setting in the local browser user interface (UI). This personal authentication option is a more secure option than WPA2.

Use the following guidelines to configure WPA2 or WPA3 Personal authentication.

WPA3 Personal is applicable to iOS 13.0 or supported newer versions.

Table 48.   Wi-Fi WPA2 / WPA3 personal authentication field descriptions

Item

Description

Name

Enter the name to use to reference this configuration in Ivanti EPMM.

Network Name (SSID)

Enter the name (i.e., service set identifier) of the Wi-Fi network these settings apply to. This field is case sensitive.

 

Description

Enter additional text to clarify the purpose of this group of Wi-Fi settings.

Hidden Network

Select this option if the SSID is not broadcast.

Authentication

Select one:

WPA2 Personal

WPA3 Personal (iOS 13 or later)

Data Encryption

This feature is not supported for iOS devices.

 

Network Key

This feature is not supported for iOS devices.

 

Confirm Network Key

This feature is not supported for iOS devices.

 

EAP Type

Not applicable.

Connects To

Select Internet or Work.

Apple Settings

Channel

For macOS only. Select one of the following distribution options:

  • Device channel - the configuration is effective for all users on a device. This is the typical option.
  • User channel - the configuration is effective only for the currently registered user on a device.

Auto Join

Specifies whether devices should automatically join the corresponding Wi-Fi network. If this option is not selected, device users must tap the network name on the device to join the network.

Disable Captive Network Detection

Select to disable Apple's Captive Network Assistant, which automatically detects captive networks. When this option is selected, device users must manually open a web browser to trigger the portal login for the captive network.

This feature is supported on devices running iOS 10 and macOS 10 or supported newer versions.

Disable MAC address randomization

Select to disable MAC address randomization for that Wi-Fi network while associated with the network. Device users will see a "Privacy Warning" message on their Wi-Fi settings indicating that the network has reduced privacy protections. Changing this option will disable the Private Address.

The device user will still have the ability to set the device to report a random address for new connections instead of the device's actual Wi-Fi MAC address.

Applicable to iOS 14.0 or supported newer versions.

Proxy Type

Specifies whether a proxy is configured, and which type. Available types are Manual and Auto.

Proxy PAC URL

Specifies the URL for the proxy auto-configuration (PAC) file.

Proxy Server

Specifies the proxy server’s IP address.

Priority

Enter a number between 1 and 100 to set the priority for the Wi-Fi setting, or leave the field blank.

If multiple Wi-Fi settings are applied, the device selects the Wi-Fi setting with the higher priority. Higher numbers signify higher priority.

Cisco QoS fast lane

Supported on devices running iOS 10 or supported newer versions.

Restrict QoS marking

Select to restrict Cisco Quality of Service (QoS) "fast lane" prioritization to particular whitelisted iOS apps. Disabled by default, such that any iOS app may benefit from fast lane prioritization.

Disable L3 marking and only allow L2 marking for traffic sent to the Wi-Fi network

Select to mark traffic sent to the Wi-Fi network as L2 only.

Whitelist audio and video calls for L2 and L3 marking

Select to allow all voice and video calls to be marked as L2 and L3 traffic.

If you disable L3 marking and whitelist audio and video for L2 and L3 marking, then audio and video calls will be marked as L2 only.

Apps that will be whitelisted for L2 and L3 marking for traffic

Mark the check box to select specific apps you want to whitelist for L2 and L3 traffic marking.

Select the Add (+) button to add a row to the table of apps. A new row is added to the table. In the App Name column, select the drop-down list to select an App Catalog app.

Repeat for any other apps you want to whitelist for L2 and L3 traffic marking.

Android Settings

These settings apply only to Android devices.

Windows Settings

These settings apply only to Windows devices.