How to ensure devices auto-join specific corporate Wi-Fi connections? 

Description

With malware increasingly using unauthorized Wi-Fi connections as vectors to distribution, ensuring devices are consigned to authorized Wi-Fi connections has now become mandatory. MDM ensures managed devices automatically join only specific Wi-Fi connections and also ensure it doesn't join any other unauthorized Wi-Fi connections. This is supported only for iOS and Android devices.

Steps

  • On the MDM Server, navigate to Device Mgmt and select Profiles, present under Manage from the left pane.
  • Click on Create Profile and select iOS/Android from the dropdown.
  • Select Wi-Fi from the left pane and configure the Wi-Fi profile as explained here, in case of iOS and here, in case of Android. Ensure Automatically Join Network is enabled, for the device to automatically connect to this Wi-Fi network, immediately on identification.
  • Save and publish the profile. Now distribute the profile to groups/devices.
  • Create another profile and navigate to Restrictions and select Network and Roaming. Enable the restriction Connect to Wi-Fi, only if distributed via MDM. Once enabled, save and publish the profile. Distribute it to the groups/devices, to whom the previous profile was associated.

NOTE:

  1. It is recommended to associate a Wi-Fi policy before associating the Restrictions policy, as this ensures the device is connected to the specified Wi-Fi before the restriction is applied.
  2. The devices to which this policy is associated, can be continuously managed by MDM only when connected to the specified Wi-Fi connection or through cellular data. Hence, it is recommended to associate this profile only to Corporate-owned devices.
  3. If the restriction and the wi-fi policy is configured in the same profile, the wi-fi policy will first be associated with the device before applying the restriction to ensure the device does not lose connection with the server.
  4. Ensure you configure and distribute additional wi-fi configurations before modifying or removing a wi-fi policy associated with a device which is restricted from connecting to untrusted or unauthorised wi-fi to prevent the device from losing connection with the server.