I'm working with a school district where primarily Apple devices are used. As a result of using iPads and MacBooks at school, staff and students tend to have iPhones as their personal devices. There is no BYOD network for students, they are allowed to use only school-owned devices which are governed by policies to maintain CIPA compliance. Anyone reading this knows however, that end-users want to use their own devices for social media, games, etc. so it is virtually impossible to entirely prevent students from using their phones. Staff are allowed to use their personal phones on the Staff SSID, but that network is not CIPA compliant so no students are to be using that SSID. However... Because of this iOS feature (https://support.apple.com/en-us/HT209368), the Staff credentials have been shared. Eventually it got to a student device resulting in students connecting to the Staff SSID and sharing it with their friends. To summarize the page linked, once an Apple device has a Wi-Fi connection set up, that device can share Wi-Fi credentials with another device, as long as 1) Wi-Fi and Bluetooth are enabled on both devices, 2) the device owner permits it (tapping "Share Password" on screen), and 3) the new-person is in the first user's contact list. We would love to be able to disable this "Wi-Fi password sharing" feature on school and staff-owned devices, but Apple does not provide that option. We believe that creating a new hidden SSID with a new PSK may stop this behavior, and are preparing to test the theory. Our logic is, if new-person's device can't see the SSID, it won't try to associate, if it can't associate, the Apple "feature" won't reach out to nearby devices looking for credentials. Has anyone in the Community 'tackled' this scenario before and if so, what was your solution? Thanks!
... View more