Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Disable Captive Network Detection for macOS

I've been working with Apple support trying to suppress the Captive Network Detection for one specific 802.1x that we use.

Apple Engineering says that the “disable captive network detection” checkbox is honoured on macOS as it is on iOS.

I can see the option to disable captive network detection within the wifi payload in Mobile Device Configuration Profiles but not for Computers.

Would be great if jamf could add the option to “disable captive network detection” for computer configuration profiles as well.

Comment
Order by:

Posted: by sshort

Wow, Apple definitely needs to provide more guidance/clarity on this feature. Both Profile Manager in macOS Server and the ProfileCreator app label "Disable Captive Network Detection" as iOS-only.


Like

Posted: by JayDuff

From what I'm seeing, this IS disabled on macOS, by default, and I don't see a way to ALLOW captive networks. It's actually causing a problem for us, that I just opened a ticket on. We have MacBook Airs assigned to teachers, who leave the district for conferences, and whatnot. We want them to continue to use our content filter, so I've deployed a global proxy PAC via configuration profile. If they try to connect to a Captive Portal WiFi, it fails, because the proxy can't be reached until the captive portal is satisfied.

Like

Posted: by TK-421

Just wondering if anyone has seen anything else regarding this issue.

We have the same problem with regards to our web content filter, similar to @JayDuff. Because of the proxy, the Captive Portal fails.

Any ideas here?

Like

Posted: by JayDuff

@TK-421 I opened a case with Jamf, and finally resolved it just yesterday. It turns out that this is a known bug with macOS: Jamf has it logged under PI-002873 and the Apple RADAR number is 28061321.

Jamf recommended I use a script, to make it work, which can be found here. However, the script method can be easily undone by the user, so it doesn't help very much with content filter enforcement.

Fortunately, for us, this is not a major issue. District-owned devices don't really belong on a Bring-Your-Own-Device network anyway. When district-owned devices are off-campus, the Configuration Profile works great. The only time I see this being an issue is if/when district-owned devices are taken to another network, that uses BYOD. I anticipate they'll have issues getting into that network. However, even with the issues we're seeing, we've found that dismissing the error dialog, opening Chrome or Firefox (not Safari), then trying to surf, will result in the captive portal authentication screen coming up, within the browser, and users are able to authenticate.

It's ugly, but an effective workaround is available.

Like