For those that are using Microsoft Intune to manage devices - and have a configuration profile that is pushing the SSID/Login information from Intune via MDM - there is now an option in the configuration that allows for "Disable MAC address Randomization" - or as was previously suggested, you can ask your users to set that on their devices as suggested by apple: https://support.apple.com/en-us/HT211227

Please be aware that the ability to disable MAC randomization via MDM profile may also be subject to an Apple side bug.

If the option to disable MAC randomization is selected, the user still has the ability to re-enable it within the UI. Meraki has also sent feedback for this issue as well.

This behavior is observable via profiles created directly within Apple Configurator which suggests that this may only be resolved through a future iOS update.

I dont think there is a way to limit the alerts on a per-scope or VLAN. I think that might end up being the Meraki work around though. Seems like Android is going to do a similar thing.

Hey everyone,

So we're clear here, you should not need to be implementing any workarounds for this based on what is expected behavior on Apple's (and hopefully Android's) part - we're trying to test a new release from Apple that should hopefully have this resolved.

I’m seeing this behaviour even when MAC randomisation (Private Address setting on the iOS device) is Disabled.

Hopefully Apple has a fix soon.

Same here

Very interested in a working solution... hope that Apple will supply an update to solve this issue...

Apple mentioned that iOS 14.2 beta 3 should have resolved this issue. We've been testing this build in the lab where we have no longer observed this behavior.

Which part is considered "The Issue"? Is it the problem in general with Apple swapping MAC addresses, or is it that even with randomization turned off, its still happening? We don't have MDM, and walking people though settings is not realistic.

For reference, this is the issue.

iOS devices on some iOS 14 builds will randomly reply with an ARP message sourced from the expected MAC address, however the ARP payload will contain a different source MAC address. The MX will detect this potential conflict (in this example, MAC ending in ad:e0) and send an email alert.

This issue seems to be reported regardless of whether MAC randomization AKA "private address" is enabled on the iOS device.

[edit]: Once we have updated the devices to iOS14 beta 3, we have not observed this behavior at all.

[edit 2]: Photo edited to clarify

Please interpret this as a newb-ish reply, especially because I have not been able to physically get my hands on any of our Apple devices due to COVID, so I have had to rely on our users to disable the feature on their own. But my anecdotal experience is that some of them had to disable the feature twice - they described it that the setting somehow did not save the first time. Other users did not seem to have that issue.

In addition to that, I think in many cases I saw one final IP conflict alert per device after a user had successfully disabled the feature. I assume that this was caused by the Apple device returning to using its factory MAC after it had been more recently using its randomized MAC. YMMV.