Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Blocking In House Public SSID's on iOS

Being able to block certain ssid's within our network. Some students and staff think they are going to gain so much more access with a public network. In our case, our public network has limited bandwidth, stronger filter and causes future problems when they are connected to the public network. If the JSS could add a feature that would block certain ssid's that would resolve a lot of headaches for tech staff.

Comment
Order by:

Posted: by bpavlov

Does Apple allow that on iOS though? I think JAMF can only implement what Apple allows. That would indeed be very neat to do though.

On the off chance you haven't considered it, one potential solution is the network team actively blocking wireless MAC Addresses of managed computers so they couldn't connect to the that specific wireless network. I imagine these computers are already managed by you so getting the wireless mac address shouldn't be too hard.

Like

Posted: by sandersonp

Apple does not provide a mechanism for blocking particular SSIDs, but here's a trick that's worked for me. Configure a WiFi payload that has the wrong config for that SSID. E.G. our public WiFi has no security, so I configured the payload for WEP and gave it a bum password. Once those settings are locked in, the user shouldn't be able to join that network, even after forgetting the network.

Like

Posted: by yonith

This bum password for an open SSID does not work. I am on the latest version of JSS as of 3/15/17 and I can say it didn't work for me. We have a visitor network at my workplace, so I configured a payload which applies a bad pw (any pw would be considered bad considering none is required) and set security for WEP. Upon receipt of the payload Wifi will disconnect, but all a user has to do on their IOS device is manually choose that SSID and it will successfully join and work properly anyway.

Like

Posted: by beth.lindner

@yonith @modaffb As of Jamf Pro 9.98 there is an iOS Restriction to "Allow connecting to unmanaged Wi-Fi networks (supervised only)" which prevents users from connecting to any Wi-Fi networks not deployed through Jamf Pro. Does this help solve the struggles presented in this Feature Request? Thanks for the feedback!

Like

Posted: by psd_martinb

Giving a bum password on an open network worked for us. For enrollment, we connect to our guest wifi, then a payload downloads the WPA password for the closed network. Auto switching works seldomly, but adding a wifi payload for the open network with a bad WPA password and unchecking "Auto Join" seems to do the trick. Not worried about blocking the network all together.

Like

Posted: by cdenesha

@beth.lindner We would still need the students to be able to join networks when not at school.

Like

Posted: by cboatwright

This is an important feature request in schools because of how Apple Classroom works - student and teacher devices must be on the same network. Students can hop onto an open, guest SSID to disengage their device from Classroom.

Sending a WiFi config profile with incorrect password does not work if there is no password required to join. Also, sending a bad password when a password is required does not work either - you just get an 'incorrect password' message and are then asked to enter a new one.

Completely blocking unmanaged networks is not a solution for devices that go home with students...

Like

Posted: by twall

I know this likely needs to come from Apple, but I'll second the comments made about needing to be able to blacklist a specific SSID or 2 without blacklisting everything. A whitelist doesn't work for student devices going home. Just preventing access to a campus guest network would eliminate MANY headaches.

Like