If I go into an individual wifi setting on a student iPad, I can change the 'Private Wi-Fi Address' to 'Fixed'; this means I can reserve the ip through our DHCP server and any reports I run on wifi activity I can safely attribute to one particular device. However I am worried about security and two seemingly conflicting statements by Apple.
Firstly, when changing the private wifi address to fixed, the narrative below the setting says that 'a fixed private address reduces cross-network tracking by using unique wifi address on this network' I would then turn off 'limit ip address tracking' thus providing me with info on a specific, static ip attributed to one iPad. Currently though I can't see any way of achieving this through MDM and would be faced with manually changing the setting on each device.
Alternatively, the Apple setting rolled out after iOS 14 ish, is to
"Disable MAC address randomization (iOS 14+ or macOS 15+)" and states underneath that
"If enabled, MAC address randomization is turned off while joining this wireless network. A warning will appear in the device's settings indicating that the network has reduced privacy, is available in Meraki but suggests it is the wrong thing to do.
These two statements seem directly in conflict with one another - give static and make it safer or turn off randomisation (so implicitly infers the Mac and ip would remain the same) and this gives reduced privacy.
I'm looking for an option for these devices (that remain in school 100% of the time )can keep an ip and their browsing to be traceable by me. Am I safe to fix the private wifi address and give them static ip's or am I making it easier for someone outside the organisation/network to trace them?
Apologies if this is a simplistic question, just trying to do my best re: filtering, monitoring and safeguarding - the watch words of IT in schools these days. Any advise welcome. Thank you.
