The Apple Wi-Fi Policy allows administrators to configure Wi-Fi networks on managed macOS, iOS, and iPadOS devices.
This policy ensures that devices automatically connect to the correct corporate or secure network without requiring users to manually enter Wi-Fi settings or passwords.
This is ideal for onboarding, zero-touch deployment, and enforcing secure wireless connectivity across all managed Apple devices.
Requirements
macOS 10.7+
iOS 4.0+
iPadOS 4.0+
Overview
Using the Apple Wi-Fi Policy, administrators can:
Automatically configure Wi-Fi credentials
Ensure devices connect only to authorized wireless networks
Deploy hidden or secure networks
Enforce advanced network settings
Reduce user setup steps and onboarding time
Once applied, the Wi-Fi configuration is silently pushed to devices via MDM, ensuring consistent connectivity and compliance.
Configurable Settings
Service Set Identifier (SSID)
The Wi-Fi network name that devices should join.
Required
Example:
Company-WiFi,CorpSecure,GuestNetwork
On iOS 7.0+ and later, SSID becomes optional if a DomainName is provided (not visible in the UI but supported by the payload).
Password
The passphrase for the Wi-Fi network.
Required for secured networks
Leave blank for open networks
Example:
SuperSecurePassword123!
Encryption Type
Specifies the Wi-Fi security protocol.
Options include:
Encryption Type | Description | Supported On |
None | Open network | All devices |
WEP | Legacy insecure encryption | Deprecated on modern OS versions |
WPA / WPA2 Personal | Most common home/office Wi-Fi | macOS 10.7+, iOS 4.0+ |
WPA2 Enterprise | Uses RADIUS / 802.1X | macOS 10.7+, iOS 4.0+ |
WPA3 Personal / Enterprise | Modern, secure networks | Newer macOS/iOS versions |
When selecting Enterprise types, additional fields (identity, certificates, EAP types) are required—these are supported by the underlying payload but not visible in this simplified version.
Hidden Network
Setting | Description |
True | Treats the network as hidden (SSID not broadcast). |
False | Standard visible network. |
Hidden networks require additional probe behavior to locate the SSID.
Minimum requirements: macOS 10.7+, iOS 4.0+, iPadOS 4.0+
Auto Join
Controls whether the device automatically connects when the network is in range.
Setting | Description |
True | Device joins the network automatically. |
False | User must manually select the network. |
Recommended: True for corporate networks.
Minimum requirements: macOS 10.7+, iOS 4.0+, iPadOS 4.0+
Advanced Network Configurations
Allows configuration of advanced Wi-Fi options such as:
Captive network bypass
QoS marking
Fast lane prioritization
Proxy settings
Network roaming behaviors
Setting | Description |
True | Enables advanced network configuration fields. |
False | Uses basic Wi-Fi settings only. |
Minimum requirements: macOS 10.7+, iOS 4.0+, iPadOS 4.0+
Note: Advanced fields may vary depending on OS support and network type.
Best Practices
Use WPA2 Enterprise or WPA3 Enterprise for maximum security.
Enable Auto Join on corporate networks to streamline user experience.
Avoid using WEP or open networks unless required for onboarding.
Use Hidden Network only if your network architecture requires it (hidden SSIDs don’t add security).
Consider pairing this with:
Apple VPN Policy
Apple Security Policy
Apple Firewall Policy
How to Configure
Open the Swif Admin Console
Go to Policies → Create New Policy
Choose Apple Wi-Fi Policy
Enter the SSID and password
Select encryption type
Configure additional options (Auto Join, Hidden, Advanced options)
Assign the policy to devices or groups
Save and push the policy
Devices will automatically join the configured Wi-Fi network on next sync.
Troubleshooting
Devices are not joining the network
Confirm SSID spelling and case (must match exactly)
Ensure password is correct
Check encryption type compatibility
Verify network visibility for hidden SSIDs
Enterprise Wi-Fi not connecting
Ensure necessary certificates are installed via MDM
Check RADIUS/EAP server configuration
Auto Join not working
Confirm the device is supervised on iOS/iPadOS (for certain Wi-Fi restrictions)
Ensure no conflicting Wi-Fi policies exist