SOTI Pulse Logo

Disable MAC Randomization - Samsung devices Android ≥ 14 - Knox ≥ 3.10 - Mobicontrol 2024.1.2.1046

GC
Giacomo Castelletti

Hi, as per the subject:

We are using version 2024.1.2.1046 of Mobicontrol.
I created a profile to add a pre-configured corporate Wi-Fi network to be assigned to two classes of devices.

  • In the first class, the user cannot see the Wi-Fi settings; the device connects exclusively to the corporate Wi-Fi network.
  • In the second class, the user can connect the device to any Wi-Fi network, but the corporate network is also listed and cannot be modified or viewed in terms of parameters.

On Samsung Knox devices running Android versions older than 14, I have no issues using OEMConfig → Samsung.
On newer devices, however, the profile is not applied.

I install the latest "Knox Service Plugin" on all devices, currently version 1.5.37 (25.09).

I still find it strange that under Profiles → Configurations → Connectivity → Wi-Fi, there is no "Skip Mac Randomization" option like in the Samsung plugin.

How can I resolve this issue?

a month ago
SOTI MobiControl
ANSWERS
BI
Bradley Inglesant
a month ago

Hi Giacomo,

I've also found that the OEMConfig profile can be a bit iffy since it was added in 2024.

You can still use the Knox Service Plugin capabilities if you push the application using an app policy, and apply a managed configuration, that way you can push it out to all devices indiscriminate of which Android version they're running.

Thanks,

Bradley

A
ASMOD@SOTI
a month ago

 Dear Giacomo Castelletti

Thank you for posting on SOTI Pulse.  

Bradely we truly admire your expertise and willingness to help is greatly appreciated!

 For Disabling  Mac Address Randomization Using Knox Service Plug-in for Samsung Devices follow the below link.

 https://pulse.soti.net/support/soti-mobicontrol/articles/ka2OF0000001nOvYAI 

If you have any additional questions or concerns, please don't hesitate to reach out or you can contact us at  support@soti.net  

We're dedicated to providing assistance and support Also, if this post has helped you in solving your inquiry, I would request you to mark the particular comment as "is solution", so others may benefit from this information.

 Kind regards,

     SOTI

GC
Giacomo Castelletti
a month ago

Hi, the solution you suggested has already been tried, but it doesn't work. Or rather, it works on devices with Android up to version 14, such as the SM-T590 and SM-A546B. It doesn't work on devices with Android 15 or later, such as the SM-X200 and SM-A546B.

The tests were performed with new, ad hoc policies (we recently upgraded from version 15.60.1018 to 2024.1.2.1046).

Reading the changelog, I suspect we need to upgrade to at least version 2025. Is that clear?

A
ASMOD@SOTI
a month ago

Dear Giacomo Castelletti

Yes you would require below Key requirements in order to disable MAC randomization on an Newer Android device managed by SOTI Mobicintrol.

SOTI MobiControl version: The profile configuration requires SOTI MobiControl version 2025.0 or newer.

Android version: The feature is supported on devices running Android 13 or later.   

First you must create a Wi-Fi configuration profile and set it to use the device's original MAC address. This profile can be deployed to your devices through the SOTI console. 

How to disable MAC randomization in SOTI Log in to your SOTI MobiControl console.

Create a Wi-Fi Profile: Navigate to the Profiles tab, select the relevant Android Enterprise device group, and click New.

Choose Wi-Fi from the configuration options. Enter network details:      

1. SSID: Enter the exact name (Service Set Identifier) of the Wi-Fi network.    

2. Security: Select the appropriate security type for your network (e.g., WPA/WPA2, WPA3).    

3. Password/Credentials: Provide the necessary credentials for the network.

4. Disable MAC randomization: Within the Wi-Fi profile settings, find the Disable MAC Address Randomization option and enable it.

5. Assign the profile: Save the Wi-Fi profile and assign it to the Android  devices or device groups where you want the setting to be enforced.

6. Profile deployment: The SOTI agent on your devices will apply the new Wi-Fi profile, which will force the devices to use their original factory MAC address for the specified network.

 

 Important considerations

Overrides: Deploying a new Wi-Fi profile with this option enabled will overwrite any previous Wi-Fi configurations for that network.

Device-specific behavior: If you are using devices from a specific Original Equipment Manufacturer (OEM), such as Zebra or Samsung, they may have custom OEMConfig applications that offer more granular control over MAC randomization. While SOTI supports the standard Android Enterprise policy, consulting OEM-specific documentation can provide additional options. 

MAC address changes: On Android 10 and higher, MAC randomization is the default behavior for privacy. Disabling this feature should only be done for enterprise networks that rely on a static MAC address for security or network filtering.

If you have any additional questions or concerns, please don't hesitate to reach out or you can contact us at  support@soti.net  

 We're dedicated to providing assistance and support .

Also, if this post has helped you in solving your inquiry, I would request you to mark the particular comment as "is solution", so others may benefit from this information.

 Kind Regards

    SOTI

Similar Discussions