# MDM Mac Wifi Last Updated On: 08 Jul 2026 4 minutes read You can configure the Wi-Fi settings and configure protocol settings for Mac, [Apple TV](https://www.manageengine.com/mobile-device-management/help/profile_management/tvos/mdm_tvos_wifi.html) and [iOS devices](https://www.manageengine.com/mobile-device-management/help/profile_management/ios/mdm_wifi.html). To ease the Wi-Fi configuration process, you can add all the required Wi-Fi configurations to a single profile. This will ensure the device connects to any of the specified Wi-Fi networks when in it's vicinity. It also reduces the chances of the device being unmanaged, in case connection to Wi-Fi networks not distributed by MDM, is restricted. **Note:** Wi-Fi networks deployed through MDM on Apple devices cannot be removed or forgotten by end users. ## Profile Description | Profile Specification | Description | |---|---| | Wireless Network identification | Network identification | | Connect to this Wi-Fi automatically | Automatically join this Wi-Fi network, on detection | | Hidden network | Enable if target network is not broadcasting | | Security type | Wireless network encryption while connecting | | Password | Password authentication to connect the Wi-Fi. | | Disable MAC address randomization | Disabling this ensures devices use their actual hardware MAC address when connecting to Wi-Fi networks, which may be required for network policies or device tracking. | | Configure Protocol (Can be configured only if Security Type is one amongst WEP Enterprise, WPA/WPA2 Enterprise and Any(Enterprise)) | | |---|---| | Protocols Supported | Choose the type of protocol. Supported protocols include **TLS, LEAP, EAP-FAST, TTLS, PEAP, EAP-SIM** and **EAP-AKA**. | | Use Protected Access Credential | Enabling protected access | | Provision Protected Access Credential | Allow protected access | | Provision PAC anonymously | Enabling PAC anonymously | | Authentication Protocol (Can be configured only if Protocol Supported is TTLS) | Select the Authentication Protocol to be used | | Configure Authentication (Can be configured only if Security Type is one amongst WEP Enterprise, WPA/WPA2 Enterprise and Any(Enterprise)) | | |---|---| | User Name | User Name of the device, (%username%) will get the appropriate User Name, mapped to the device | | Use per connection Password | User password for initial connection | | Identity Certificate (Can be configured only if Protocol Supported is TLS/EAP-FAST/TTLS/PEAP | Specify the certificate to be used for Client-based authentication. [SCEP](https://www.manageengine.com/mobile-device-management-msp/help/profile_management/mac/mdm_mac_scep.html) certificates can also be utilized for this. | | Externally Visible Identification | Visible identification | | Certificate | Specify the CA certificate to be used. | | Trusted Certificate (Can be configured only if Security Type is one amongst WEP Enterprise, WPA/WPA2 Enterprise and Any(Enterprise)) | | |---|---| | Configure Proxy | | | Proxy Settings | Manual or Automatic | |---|---| ## Dynamic Variables The below mentioned dynamic variables are retrieved from the data provided while enrolling the device. - %username% - will get the appropriate user name, mapped to the device