Since macOS 14, accessing the current Wi-Fi SSID through CoreWLAN.framework requires both:
- Location Services to be enabled at the system level.
- Location permission to be granted to the application.
For enterprise security and device-management solutions, this creates a deployment challenge because enabling Location Services system-wide requires administrator privileges and user interaction.
Some enterprise use cases, such as Wi-Fi policy enforcement, network compliance, and location-aware security controls, depend on reliable access to the current SSID. On managed Macs, administrators currently have no MDM mechanism to enable Location Services system-wide or pre-authorize location access for specific applications. I reviewed the WWDC26 session "What's New in Managing Apple Devices" and the discussion of the new consolidated privacy consent experience. However, I did not find any new MDM capabilities that address Location Services management for specific apps.
Questions:
- Are there any current MDM payloads or APIs that allow administrators to enable Location Services on supervised/managed Macs?
- Are there any recommended alternatives for enterprise applications that need access to Wi-Fi SSID information on managed devices?
- Is Apple considering future MDM enhancements that would allow administrators to enable Location Services and/or grant location access to specific applications in managed enterprise environments?
Any guidance on Apple's direction in this area would be appreciated.
Hello!
The new privacy consent feature you mentioned is the recommended way to make sure your app has the needed access for privacy-sensitive functions like Location.
In addition to grouping multiple permissions into a single prompt, it also gives a custom Justification field so you can communicate to your users why granting the access is important. And while Standard users can't enable Location Services in System Settings, they can enable it during Setup Assistant as long as the Location Services pane is not skipped.
While there are no plans to allow device management services to automatically enable privacy-sensitive settings like this, if the new privacy consent feature doesn't meet the needs for policy enforcement and security compliance tools it would be great if you could share more details on these requirements using Feedback Assistant. Details on why the SSID is required and other kinds of network resource availability checks can't be used would be especially helpful. You can follow up with the Feedback ID here and we'll make sure it gets reviewed promptly.
Thanks! --Daniel
