Wi-Fi settings

To configure wireless network access, in the Admin Console, go to Policies & Configs > Configurations. Select Add New > Wi-Fi to create a new configuration. Wi-Fi settings are done based on the authentication type set by the administrator. See Wi-Fi authentication types.

Do not assign multiple Wi-Fi profiles to a device if the Network Name SSID (Service Set Identifier) differs only by case. For example, if one profile has an SSID value of "yourco" and another has an SSID of "YourCo," those two must not be assigned to the same device. Doing so will cause check-in problems, and full device details will not be properly recorded.

See additional information relating to specific Android versions:

Android 13 devices

MAC Address Randomization

On Android 13 devices or supported newer versions, upon installation or upgrade, the administrator can enable or disable the MAC Address Randomization for the Wi-Fi configuration. If the MAC Address Randomization is not selected (default setting state after Ivanti EPMM upgrade), the randomization type is not pushed; the Wi-Fi and Inventory MAC Address are the same for a device.

In the Device Details page > Inventory MAC Address field states the phone's MAC address. The same occurs in the Android device > MAC address type, it will also state the phone's MAC address.

Applicable to Wi-Fi configurations for all authentication types in:

  • Work Managed Device (DO) mode
  • Work Profile (PO) mode
  • Work Profile on Company Owned Device (EPO) mode
  • Work Managed Device Non-GMS (AOSP) mode

Procedure

  1. Go to Policies & Configs > Configurations.
  2. Add New > Wi-Fi Configuration. The New Wi-Fi Setting dialog box opens.
  3. Under Android Settings, the MAC Address Randomization check box is deselected by default. This means the Wi-Fi configuration will be used. Select the check box and then select from the drop-down:
    • Disabled (default) - Use the factory MAC address when connecting to this network.
    • Enabled - Auto - Let the Wi-Fi framework automatically decide the MAC randomization strategy.
    • Enabled - Non-persistent - Use a randomly-generated MAC address for connections to this network. This option does not persist the randomized MAC address.
    • Enabled - Persistent - Generate a randomized MAC address and reuse it for all connections to this network.
  4. Select Save.

When set, the information displays in the "Android MAC Address Randomization" field in the Wi-Fi configuration.

Android 10 devices

On Android 10 devices or supported newer versions, upon installation or upgrade, device users can configure Wi-Fi and location settings in specific modes.

Administrators are required to leave in all modes of deployment to enable Wi-Fi and MTD configurations to be successfully applied. This means having the Allow the user to turn on location sharing lockdown field selected (checked.)

The table below depicts the behavior changes in different configuration modes:

Table 43.  Wi-Fi changes in specific configuration modes

Item

Description

All modes

Disconnect Wi-Fi local action is disabled in all modes on Android 10 devices. For all modes of deployment, to enable Wi-Fi and MTD configurations to be successfully applied, the Allow the user to turn on location sharing lockdown field must be selected.

(Android Enterprise)

  • Work Profile mode

  • Work Profile on Company Owned devices (Android 11 or supported newer versions)

Device users are requested to activate location for the device and for the managed profile. In order for administrators to update Wi-Fi and to have Mobile Threat Defense detect Wi-Fi-based threats, device users must activate location. If the device user chooses No, the device will be flagged with an unblocking error for non-compliance and Ivanti EPMM will report a configuration error.

Administrators will not be able to disable Wi-Fi through UEM configurations in Work managed device mode on Android 10 devices.

(Android Enterprise)

  • Work Managed Device (COPE) mode

In the background, Ivanti EPMM will turn on the location services setting without device user intervention. Wi-Fi and MTD configurations should be successful with no errors. If there is no MTD configuration or a Wi-Fi configuration, the device user can switch location service on or off.

Device Administrator (DA) mode

Wi-Fi configurations will not be supported and will show as Sent on the server with config error. MTD configurations will be still accepted for non-network threats but the Wi-Fi related threats will not work for Device Administrators and MAM. Administrators will not be able to disable Wi-Fi through UEM configurations in Device Administrator mode on Android 10 devices.

Kiosk mode

Administrators wanting users to enable/disable Wi-Fi but not connect to any other Wi-Fi network settings are not supported. Options available to administrators are:

Scenario 1 - Administrators wanting users to enable/disable Wi-Fi and connect to any available Wi-Fi will need to have the following settings in Kiosk mode: Lockdown settings: Allow Wi-Fi (de-selected) and Allow Wi-Fi to be configured (de-selected). Kiosk Mode Settings: Allow users to Access Wi-Fi Settings (selected).

Scenario 2 - Administrators wanting to block users from any Wi-Fi controls will need to have the following Lockdown settings:

- Allow Wi-Fi (selected)
- Allow Wi-Fi to be configured (selected).