How to ensure devices auto-join specific corporate Wi-Fi connections?
With malware increasingly using unauthorized Wi-Fi connections as vectors to distribution, ensuring devices are consigned to authorized Wi-Fi connections has now become mandatory. MDM ensures managed devices automatically join only specific Wi-Fi connections and also ensure it doesn't join any other unauthorized Wi-Fi connections. This is supported only for iOS and Android devices.
- On the MDM Server, navigate to Device Mgmt and select Profiles, present under Manage from the left pane.
- Click on Create Profile and select iOS/Android from the dropdown.
- Select Wi-Fi from the left pane and configure the Wi-Fi profile as explained here, in case of iOS and here, in case of Android. Ensure Automatically Join Network is enabled, for the device to automatically connect to this Wi-Fi network, immediately on identification.
- Save and publish the profile. Now distribute the profile to groups/devices.
- Create another profile and navigate to Restrictions and select Network and Roaming. Enable the restriction Connect to Wi-Fi, only if distributed via MDM. Once enabled, save and publish the profile. Distribute it to the groups/devices, to whom the previous profile was associated.
- It is recommended to associate a Wi-Fi policy before associating the Restrictions policy, as this ensures the device is connected to the specified Wi-Fi before the restriction is applied.
- The devices to which this policy is associated, can be continuously managed by MDM only when connected to the specified Wi-Fi connection or through cellular data. Hence, it is recommended to associate this profile only to Corporate-owned devices.
- If the restriction and the wi-fi policy is configured in the same profile, the wi-fi policy will first be associated with the device before applying the restriction to ensure the device does not lose connection with the server.
- Ensure you configure and distribute additional wi-fi configurations before modifying or removing a wi-fi policy associated with a device which is restricted from connecting to untrusted or unauthorised wi-fi to prevent the device from losing connection with the server.