Category filter

How to Set Up Wi-Fi Network for Apple TV?

Wi-Fi is rapidly becoming the primary mode of network access for tvOS devices. However, network security is a concern for businesses of all kinds. Hexnode enables organizations to remotely set up Wi-Fi networks for their Apple TVs to connect to them automatically. There is no need for users to tap on the Apple TV remote and connect to the network manually. Besides, users can connect the Apple TV to the corporate network without knowing its password.

Note:

Wi-Fi can be configured on Enterprise and higher pricing plans.

Set up Wi-Fi networks for Apple TV

  1. Go to Policies on the Hexnode MDM console.
  2. Select an existing policy or create a new one by clicking on New Policy.
  3. Select Apple TV and select Wi-Fi.
Wi-Fi Settings Description
Service Set Identifier Service Set Identifier (SSID) is the name of the Wi-Fi network.
Auto join Apple TVs will automatically connect to this Wi-Fi network if in the network’s service area. Enabled by default.
Hidden network Enable this setting if your Wi-Fi network is hidden. A hidden network does not broadcast its SSID and hence, will not appear in the list of available wireless networks.
Security type Select an encryption method to secure the wireless network. The available security types are None, WEP, WPA/WPA2, Any (Personal), WEP Enterprise, WPA/WPA2 Enterprise, Any (Enterprise)
Password

(if Security Type is WEP, WPA/WPA2, Any (Personal))

Provide a password that is used to connect to the Wi-Fi network.

Set up Apple TV Wi-Fi network settings on tvOS remotely using MDM configuration

If the security type is WEP Enterprise, WPA/WPA2 Enterprise or Any (Enterprise), you can configure additional settings for your enterprise network. If you select None, you will have no security type set up for your Wi-Fi, leaving your device out in the open.

Configurations for WEP Enterprise, WPA/WPA2 Enterprise and Any (Enterprise) Network Security Types

Configure Protocols

Settings Description
Accepted EAP types Select the authentication framework for your enterprise network. The available options are TLS, LEAP, EAP-FAST, TTLS, PEAP and EAP-SIM. TTLS is enabled by default.
Use PAC

(Applicable only if EAP-FAST is selected)

Protected Access Credentials (PAC) can be used for Wi-Fi network connections.
Provision PAC

(If PAC is used)

The server creates a PAC file for a specific user by authenticating by using the user’s password. The PAC file can be used to make a connection with the network.
Provision PAC Anonymously

(If PAC is provisioned)

PAC is provisioned without authenticating with the server.
Inner identity

(If TTLS is selected)

The available options are PAP (default), CHAP, MSCHAP and MSCHAPv2. PAP is the least secure one, which sends the password as a plain text. CHAP is secure than PAP. Instead of a plain text, a random number and the result of a hash function (which is performed on the password) are sent. MSCHAP is another variant of CHAP and is introduced by Microsoft. MSCHAP requires mutual authentication, and data are sent between the device and the server only after the device proves its identity to the server and the server proves its identity back to the device. MSCHAP v2 authentication is an updated version of MSCHAP that is similar to but incompatible with MSCHAP v1.

Configure Authentication

Settings Description
Username The account name of the user. Use %username% to fetch the data automatically from the MDM console.
Use per connection password The device will prompt for a password every time the user tries to connect to the network.
Password

(If Per connection password is not used)

If a password is not required for every connection, then a one-time password can be provided here.
Identity Certificate If you are using a certificate to authenticate to the network, choose the certificate from the Identity Certificate pop-up menu.
Outer identity The username of the secure tunnel which transfers the authentication credentials.

tvOS Proxy Settings

A proxy server serves as an intermediary between the devices and the internet. It can hide the IP of the client system, which enhances security. There are three options available, None, Manual and Automatic.
To skip setting up a proxy server, choose None. To set up a proxy, choose any of the other two options.

  1. None: If you don’t want to use a proxy server, then select this option.
  2. Manual: To set up proxy manually, provide the below details:
    • Server – The server name or IP address of the proxy server.
    • Port – Port number of the proxy server.
    • Authentication – Username to get authenticated with the proxy server.
    • Password – Password required to authenticate to the proxy server.
  3. Automatic: If you are using a proxy server but don’t prefer to set it up manually, just provide the proxy server URL, and Hexnode UEM will configure the rest for you.

Push Wi-Fi Settings to Apple TV

Well, it’s quite simple.

  1. Go to Policy Targets.
  2. Click on + Add Devices.
  3. Find and select the devices.

From the same tab, the policy can be associated with device groups, users, user groups, or domains instead of devices.
If you are on a page that lists the policies,

  1. Check a policy.
  2. From Manage, select Associate Targets.
  3. Select all devices that apply.

What happens at the device end?

Once the policy reaches the Apple TV, the configured Wi-Fi network will be listed among available networks on the device. Hexnode will block the user from removing the MDM deployed Wi-Fi configurations.

The device will automatically connect itself to the network when it enters the range of the Wi-Fi, provided Auto join is enabled in the Wi-Fi policy configurations in Hexnode.

If Auto join is disabled, the users can manually connect to the network if required. In such a case, they will not be prompted to enter the network password. Instead, the connection will be automatically established by clicking the network name from the available Wi-Fi networks on the device.

If a proxy server is specified, the device uses that proxy server to connect to the internet while using the configured Wi-Fi network.

If the policy is removed, the Wi-Fi configurations will be automatically removed from the device.

  • Managing tvOS Devices