Mac randomization in itself should not be a big issue, unless you base authorization on MAC address. With Intune, the recommended authentication method is certificate based (TEAP or EAP-TLS in case of MACs) and authorization would be based on the certificate information, like Intune DeviceID and/or AAD_DeviceID.
For monitoring it is still annoying as it's harder to see client behavior across different sessions.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 27, 2024 02:44 AM
From: TRS-80
Subject: MacOS Sequoia - Private Wi-Fi Address on MDM managed networks
More annoying is that even when Intune (no capital T) adds it for macOS, it can't be deployed to a pre macOS 15 device in advance due to the way configuration profiles work.
Original Message:
Sent: Sep 25, 2024 09:18 AM
From: ahollifield
Subject: MacOS Sequoia - Private Wi-Fi Address on MDM managed networks
That's annoying. Sounds like a limitation on the InTune side.
Original Message:
Sent: Sep 24, 2024 07:48 PM
From: CBVista
Subject: MacOS Sequoia - Private Wi-Fi Address on MDM managed networks
Hi All,
Spent today being plagued with support requests from users unable to connect to WiFi after updating to MacOS Sequoia 15.
Turns out Apple have enabled MAC randomization by default, even for MDM managed WiFi profiles.
What's new for enterprise in macOS Sequoia - Apple Support
MDM can configure the use of the hardware MAC address instead of a private MAC address on a managed Wi-Fi network. A privacy warning is shown when using the hardware MAC address because it allows tracking by Wi-Fi networks and nearby Wi-Fi devices.
This was a problem for us because we have the Intune integration with Clearpass and perform Authorization on the devices MAC address matched to Intune.
Intune does not yet have a setting in the WiFi template to control the Private WiFi Address option (but does exist for iOS strangely)