Ensuring managed devices connect cleanly and automatically to institutional wireless infrastructure is a core requirement for any MDM deployment. By utilising the Wi-Fi Settings Payload under Mobile Guardian profiles, administrators can push pre-configured wireless network parameters over-the-air.
This guarantees endpoints instantly join your secure campus or corporate networks without users needing to select the network or manually enter complex security keys.
Field-by-Field Configuration Guide
To deploy wireless configurations, log into Mobile Guardian, navigate to Profiles, select your target profile, click on Networks, and select WiFi & Proxy > Add New.
1. Basic Network Identification
- Wi-Fi Description (*): Required. A user-friendly, administrative descriptor for the profile payload (e.g., Campus Main Wi-Fi or Library Lounge).
- Service Set Identifier (SSID): The exact broadcast name of your wireless network (e.g., School_Global_5G).
[!IMPORTANT] The SSID is highly case-sensitive. It must match your wireless access point configuration exactly or devices will fail to discover the network.
2. Connection Behaviour & Privacy Toggles
- Hidden Network: Check this box only if your network is configured to suppress its SSID broadcast. This forces the device to actively scan for the hidden network name.
- Auto Join: Enforces seamless connectivity. When checked, the device will immediately and silently authenticate and log into this specific network whenever it is within physical broadcasting range.
- Disable Captive Network Detection: If your network relies on an open splash page or sign-in web portal, checking this will prevent the operating system from forcing a pop-up window or intercepting the raw connection before authentication.
- Disable Association MAC Randomisation: > [!WARNING]
Network Infrastructure Dependency: Turning this feature ON stops the device from masking its unique hardware identity behind rotated MAC addresses. This is critical if your campus uses MAC filtering, IP address binding, or network access controls (NAC) to identify hardware.
Note: Disabling this will cause iOS 14+ / watchOS 7+ devices to show a "Reduced Privacy" warning indicator inside their native local Wi-Fi menus.
3. Proxy Configuration
If your enterprise routing paths require web traffic to tunnel through an internal filtering proxy server, select the appropriate configuration type:
- None: Traffic routes directly out to the gateway without local proxy tracking.
- Manual: Prompts you to define explicit static Proxy Server IP hosts, Port numbers, and authentication passwords.
- Auto: Enables proxy autoconfiguration (PAC) protocols. You will be required to input a target URL pointing directly to the network's hosted configuration script (e.g., http://proxy.domain.com/proxy.pac).
4. Security Framework Selection
Select the encryption framework enforced by your infrastructure routers. Choosing a security framework will prompt you to enter the matching pre-shared key (PSK) or configure certificate paths.
Personal / Common Security
- None: An unencrypted, open network setup.
- WEP / Dynamic WEP: Legacy, insecure protocols. (Avoid unless managing deprecated hardware nodes).
- WPA / WPA2 Personal: Standard password-protected network security framework.
- WPA2 Personal (iOS 8 or later): Targeted deployment optimising secure connections for modern Apple endpoints.
- Any Personal: A flexible option letting the device negotiate legacy WPA or modern WPA2 endpoints seamlessly, depending on structural availability.
Enterprise Network Security (802.1X)
Enterprise modes rely on external RADIUS or Active Directory infrastructure authentication schemes, where users log in with unique network profiles or digital SCEP certificates.
- WPA / WPA2 Enterprise
- WPA2 Enterprise (iOS 8 or later)
- Any Enterprise
5. Fast Lane QoS Marking
Optimises voice, audio, and heavy media payloads across dense physical locations using Cisco-supported wireless setups.
- Do not restrict: Allows all applications equal access to standard network resource pipelines.
- Restrict: Restricts priority tags to pre-approved application contexts, ensuring core enterprise/testing applications receive bandwidth priority over unapproved streams.