Overcoming the effects of MAC address randomization on enterprises

Hector Barnes

Apr 27, 2022

5 min read

You want to check something online so badly. You see a familiar wi-fi network, try to connect to it, and it asks for authentication. How annoying would it be, right? Thankfully it doesn’t usually happen to familiar networks. And for that, MAC address is the reason. The network recognizes your device using it’s MAC address to provide a smooth connection process.

What is MAC address?

Media access control address or MAC address, also known as physical address, is an identification address unique to a device in a network. We can think of it as similar to our residential address, but for network devices.

MAC addresses are 12 characters long, consisting of letters and numbers, and are embedded into the network card of the device. It is assigned during the time of manufacturing. Devices in a network recognize and communicate with each other using MAC address.

When data packets are sent from one device reaches another, the receiving device checks the destination MAC address mentioned in it with itself. If it matches, it is processed.

Now, let’s not expound further on MAC addresses and go off topic. We’re here to talk about MAC randomization. So, let’s get started right away.

What is MAC randomization?

MAC randomization is the process of choosing a random MAC address to connect to a network, and hiding the device’s original MAC address, to maintain anonymity.

That is, when a device connects to a network, a random MAC address will be passed on to other devices in the network, and connection will be established with this address.

Now how effective is this? Even though the scope of a MAC address is limited to within a network, MAC randomization could help alleviate some privacy concerns posed within a network. A device’s MAC address could be used to track its activity, behavior and location data while being connected to a network.

With iOS 14 and iPadOS 14, Apple took MAC address randomization to a tad higher level. Whereas earlier the randomization was done only during network scan, with iOS and iPadOS 14, devices have a random MAC address for each SSID. This means there will be a different MAC address for each network. This is enabled by default.

How to turn it off?

First off, there is no one tap solution to turn off MAC address randomization on devices with iOS 14 and iPadOS 14 or higher. Users will have to turn off randomization for each network separately. To do this, go to Settings > WiFi and tap on the network you want to connect to, and turn the Private Address option off.

How does it affect enterprises?

It can affect two classes of enterprises. One being enterprises with a lot of company owned/managed devices used by its employees, and the other being enterprises having a lot of guest users.

The latter could be a restaurant, clothing store or any enterprise with a lot of customers that connect to their Wi-Fi. They use MAC addresses of devices connected to their network to recognize and identify their loyal customers, to provide an easy connection when they visit in the future.

Also, this could be useful to learn customer/guest behavior while they are in the company premises. It can then be used to provide a bespoke experience for their favorite customers.

But even adversely affected would be the former ones. Enterprises have hundreds of company-owned devices distributed to employees. Most of the time, these devices share a common network. MAC addresses could be used to identify user behavior, device history, and more. MAC address randomization could stand in the way of effectively analyzing these data.

Also, some MDM solutions use MAC address to uniquely identify their devices. When MAC address randomization is on, these MDMs fail to communicate with the devices. It may fail to recognize the devices and show that the devices are not connected.

Is there a way round?

Even though users can turn off MAC address randomization for networks on their devices, from an enterprise point of view, one will be looking for a more complete and holistic solution for this.

Hexnode’s Disable MAC address randomization option solves this issue with a single click.

You can turn off your devices’ MAC address randomization under Policies > iOS > Networks > Wi-Fi > Disable MAC address randomization.

Within the Wi-Fi policy, you can set up a preferred network for all your managed devices. This helps devices connect to the network automatically without requiring them to enter the password.

Also, you have the option to set up a proxy server along with a number of other configurations. All these comprehensive policies used along with disabling MAC address randomization, ensure a secure and healthy network connectivity for the managed devices.

Comprehensive device management made simple. Find out more!

Summing up

Speaking from a privacy point of view, MAC address randomization could be worth its weight in gold. But on the other hand, enterprises might not be huge fans of this feature.

As we saw, this could affect enterprises in quite a few ways. But luckily there is a way to overcome some challenges faced, especially for enterprises having company owned or managed devices.

Hexnode’s Wi-Fi policy for iOS devices solves the fuss caused by MAC address randomization and much more, and helps businesses build a trusted and secure network for all its devices.

Featured resource

Download the Hexnode iOS management datasheet

Learn more about Hexnode's advanced iOS management features with this datasheet


Hector Barnes

Changing perspectives one word at a time.

Share your thoughts