For an iOS MDM device to automatically connect to an available Wi-Fi network and protect data during the connection, you should configure the connection settings.
To configure the connection of an iOS MDM device to a Wi-Fi network:
In the console tree, in the Managed devices folder, select the administration group to which the iOS MDM devices belong.
In the workspace of the group, select the Policies tab.
Open the policy properties window by double-clicking any column.
Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.
In the policy Properties window, select the Wi-Fi section.
Click the Add button in the Wi-Fi networks section.
This opens the Wi-Fi network window.
In the Service set identifier (SSID) field, enter the name of the Wi-Fi network that includes the access point (SSID).
If you want the iOS MDM device to connect to the Wi-Fi network automatically, select the Automatic connection check box.
To make it impossible to connect iOS MDM devices to a Wi-Fi network requiring preliminary authentication (captive network), select the Bypass captive portal check box.
To use a captive network, you must subscribe, accept an agreement, or make a payment. Captive networks may be deployed in cafes and hotels, for example.
If you want the Wi-Fi network to be hidden in the list of available networks on the iOS MDM device, select the Hidden Network check box.
In this case, to connect to the network the user needs to manually enter the Service set identifier (SSID) specified in the settings of the Wi-Fi router on the mobile device.
In the Network protection drop-down list, select the type of protection of the Wi-Fi network connection:
Disabled. User authentication is not required.
WEP. The network is protected using Wireless Encryption Protocol (WEP).
WPA/WPA2 (Personal). The network is protected using WPA / WPA2 protocol (Wi-Fi Protected Access).
WPA2 (Personal). The network is protected using WPA2 protocol (Wi-Fi Protected Access 2.0). WPA2 protection is available on devices running iOS version 8 or later. WPA2 is not available on Apple TV devices.
Any (Personal). The network is protected using the WEP, WPA or WPA2 encryption protocol depending on the type of Wi-Fi router. An encryption key unique to each user is used for authentication.
WEP (Dynamic). The network is protected using the WEP protocol with the use of a dynamic key.
WPA/WPA2 (Enterprise). The network is protected using the WPA/WPA2 encryption protocol with use of the 802.1X protocol.
WPA2 (Enterprise). The network is protected using the WPA2 encryption protocol with the use of one key shared by all users (802.1X). WPA2 protection is available on devices running iOS version 8 or later. WPA2 is not available on Apple TV devices.
Any (Enterprise). The network is protected using WEP or WPA / WPA2 protocol depending on the type of Wi-Fi router. One encryption key shared by all users is used for authentication.
If you have selected WEP (Dynamic), WPA/WPA2 (Enterprise), WPA2 (Enterprise) or Any (Enterprise) in the Network protection list, in the Protocols section you can select the types of EAP protocols (Extensible Authentication Protocol) for user identification on the Wi-Fi network.
In the Trusted certificates section, you can also create a list of trusted certificates for authentication of the iOS MDM device user on trusted servers.
Configure the settings of the account for user authentication upon connection of the iOS MDM device to the Wi-Fi network:
In the Authentication section, click the Configure button.
The Authentication window opens.
In the User name field, enter the account name for user authentication upon connection to the Wi-Fi network.
To require the user to enter the password manually upon every connection to the Wi-Fi network, select the Prompt for password at each connection check box.
In the Password field, enter the password of the account for authentication on the Wi-Fi network.
In the Authentication certificate drop-down list, select a certificate for user authentication on the Wi-Fi network. If the list does not contain any certificates, you can add them in the Certificates section.
In the User ID field, enter the user ID displayed during data transmission upon authentication instead of the user's real name.
The user ID is designed to make the authentication process more secure, as the user name is not displayed openly, but transmitted via an encrypted TLS tunnel.
Click OK.
As a result, the settings of the account for user authentication upon connection to the Wi-Fi network will be configured on the iOS MDM device.
If necessary, configure the settings of the Wi-Fi network connection via a proxy server:
In the Proxy server section, click the Configure button.
In the Proxy server window that opens, select the proxy server configuration mode and specify the connection settings.
Click OK.
As a result, the settings of the device connection to the Wi-Fi network via a proxy server are configured on the iOS MDM device.
Click OK.
The new Wi-Fi network is displayed in the list.
Click the Apply button to save the changes you have made.
As a result, a Wi-Fi network connection will be configured on the user's iOS MDM device once the policy is applied. The user's mobile device will automatically connect to available Wi-Fi networks. Data security during a Wi-Fi network connection is ensured by the authentication technology.