Hi Paul, Thanks for the reply. I watched your video as well but as we don't push out WiFi protocols for BYO devices (users have their own username and password authenticated via radius) that doesn't help our situation. (Although I have enabled that in the WiFi profile we push to company owned and managed devices before they update to iOS 14) One small saving grace is that Systems Manager Sentry is not able to authorize a device with MAC randomisation enabled (since it can't correlate the WiFi and MDM MAC addresses) so a user can't get past the sentry until they manually disable MAC randomisation in their WiFi settings. Not very user friendly (they need to be informed out-of-band that they need to do this) but at least it prevents devices connecting and being able to use WiFi until this is done, and at that point all MAC based functionality will be working again. I agree that there needs to be a device wide MDM setting for this for enterprises to disable this feature on their managed devices, although even then they would still initially connect with a randomised MAC address until they had enrolled and received the profile, at which point the device would presumably reconnect with the correct MAC address, leaving behind a "ghost" device in the WiFi device list. A bit a of a mess really but this is typical of Apple introducing far reaching changes to how fundamental technology works without providing a way for enterprises to manage it properly.
... View more
