Original Message:
Sent: Apr 05, 2023 12:14 PM
From: cbjohns
Subject: AirGroup Apple Screen Mirror Restrictions
Would that be 8.9 or 8.10? AirGroup Version 2 was introduced as optional in 8.9 [have to enable it via CLI - can check active version by logging into MM/MC and running
show airgroup status
AirGroup version: ver2
and then made full on production in 8.10 There was some behavioral changes with Version 2 - such as association by "AP-NAME" being default - but learned personal devices would now show up to clients that were neighbors of the AP - unless the shared list was set specifically to the device owner. We worked with TAC/product team [they reproduced the changed behavior and were very helpful during our discussions) - and the behavior is being corrected in 8.10.0.7 to reflect that of AirGroup Version 1.
Original Message:
Sent: Mar 27, 2023 06:51 PM
From: Varun Vajpeyi
Subject: AirGroup Apple Screen Mirror Restrictions
Hello, AOS 8
Thank you
Original Message:
Sent: Mar 22, 2023 11:06 PM
From: cbjohns
Subject: AirGroup Apple Screen Mirror Restrictions
Quick question, what version of ArubaOS are you running?
Original Message:
Sent: Mar 22, 2023 10:58 AM
From: vvajpeyi
Subject: AirGroup Apple Screen Mirror Restrictions
Hello, thank you for the response. The devices cannot be managed by MDM. But I suspected all along Apple's verification code process exists precisely because AirGroup or any wireless management platform can't really stop Apple devices from seeing each other. With the whole AirTag thing I suspected Apple has done two things: One - is make every Apple device visible to other devices, 2nd - the verification code is the solution to solve the security problem thanks to first "feature"
Original Message:
Sent: Mar 22, 2023 02:13 AM
From: TRS-80
Subject: AirGroup Apple Screen Mirror Restrictions
AirPlay discovery and sharing occurs over AWDL, Apple's peer-to-peer protocol that runs on 802.11, so disabling bluetooth doesn't stop it, and AirGroup won't help either. What you need to do is set a configuration profile on the Apple TV, AirPlay Security/Access to only let devices on the same wifi network connect. I think this can be done in the settings menu on the device directly as well. Then you could use AirGroup on top to restrict visibility.
https://support.apple.com/en-au/guide/deployment/dep09c789dce/1/web/1.0
Original Message:
Sent: Mar 21, 2023 07:13 PM
From: vvajpeyi
Subject: AirGroup Apple Screen Mirror Restrictions
Hello, thank you. I have disabled bluetooth on the surrounding iOS devices but the tvOS is still an option on their screen mirror menu. We have several SSIDs with different VLANs. Apple devices on one SSID are able to see the tvOS which is connected to a different SSID on a different VLAN.
Person # 1 has at tvOS and a iOS device. Other Users in the same building or surrounding office who have iOS devices are able to view the tvOS in the screen mirror menu but of course can't join without the verification code.
People in my organization are convinced AirGroup is supposed to be able to hide a Screen Mirror capable device from all users except the owner's own iOS device, provided the user is signed into both devices with their Apple ID and has registered the devices under their own name in ClearPass device registration with the AirGroup "Personal or Shared" options
Thank you
Original Message:
Sent: Mar 21, 2023 06:40 PM
From: su_A_ve
Subject: AirGroup Apple Screen Mirror Restrictions
If I read your question correctly, I think you are asking about the restrictions of the actual devices in question. With regards to Apple TVs, if these are corporate devices, you should be managing them with an MDM solution to prevent, or allow this access.
End user devices, it's up to them to restrict or allow who can access them. Apple TVs have settings to allow AirPlay by devices on the same network or anyone, or anyone with a code. Airgroups and registration of the device can prevent sharing from other users on the network, but the end user needs to prevent bluetooth connections for example.
Hope this helps...
--
°(((=((===°°°(((================================================
Original Message:
Sent: 3/21/2023 3:27:00 PM
From: vvajpeyi
Subject: AirGroup Apple Screen Mirror Restrictions
Hello, we have Aruba Mobility and ClearPass deployed on a campus. We use Mobility for Wireless Management and ClearPass for all our authentication services. I have security concern in regards to the Screen mirror function on Apple devices. The concern is Apple devices will be visible to other Apple devices which would in turn create a situation where Apple devices try to attempt unauthorized connections to other Apple devices through screen mirror function. AirGroup is enabled on ClearPass Guest device registration and I have the option to choose personal or shared. I have logged into two Apple devices with an Apple ID and I registered both through my guest device registration portal. The problem is everyone with an Apple iOS is able to see a screen mirror capable Apple device such as tvOS. I have tried disabling Bluetooth, but the screen mirror still is visible. I work with other people who are on different SSID's and VLAN but the Apple devices are still able to see the tvOS in the screen mirror menu. Is it actually possible with AirGroup and Mobility or ClearPass to restrict visibility of two Apple devices to a registered user?
Thank you
Best.