How Apple devices join Wi-Fi networks
Users can configure their Apple devices to join available Wi-Fi networks automatically. For Wi-Fi networks that require login credentials or other information, users can quickly access Wi-Fi settings and enter the credentials or use a configuration profile that contains the network name and login credentials. Any app on the device can access the networks seamlessly. With low power, persistent Wi-Fi connectivity, apps can use Wi-Fi networks to deliver push notifications. For example, by using configuration profiles that are pushed to a device through a mobile device management (MDM) solution, you can configure settings for wireless networks, security, proxy, Cisco Fastlane, app approval and authentication.
iOS and iPadOS support a default VoIP service configuration as an option. This option defines the default app for audio calls for Contacts, Microsoft Exchange ActiveSync, Google and LDAP payloads. For example, if Cisco Spark is defined as the default calling app for Exchange contacts, then any call from the user to another work contact defaults to using Cisco Spark, unless the user decided to change the default app.
Auto-join
For wireless LAN networks that are broadcast on 2.4 GHz, 5 GHz or 6 GHz bands, preference is given to either 5 GHz or 6 GHz when the received signal strength indicator is greater than -68 dBm for macOS, and greater than -65 dBm for iOS and iPadOS. The auto-join flag is enabled the first time the wireless LAN is connected to macOS 10.13 or later, iOS 11.0 or later, and iPadOS 13.1 or later.
Authentication and encryption support
Apple devices support various authentication and encryption methods, including WPA, WPA2 Personal, WPA2 Enterprise, WPA3 Personal and WPA3 Enterprise standards. With support for 802.1X, Apple devices can be integrated into a broad range of RADIUS authentication environments. Apple devices support 802.1X authentication protocols, including:
EAP-TLS
EAP-TTLS (MSCHAPv2)
EAP-FAST
EAP-AKA
EAP-SIM (network provider only)
PEAPv0 (EAP-MSCHAPv2, the most common form of PEAP)
PEAPv1 (EAP-GTC, less common and created by Cisco)
The macOS Setup Assistant supports 802.1X authentication with username and password credentials using TTLS or PEAP.
For more information, see the Apple Support article How iOS decides which wireless network to auto-join.
iOS 13 and iPadOS 13.1, or later, support WPA3 Enterprise 192-bit security — using Commercial National Security Algorithm (CNSA) Suite B algorithms — on all iPhone 11 or later models and all iPad models, starting with the iPad (7th generation). Consult your wireless network solution provider for details on necessary access point hardware, controller hardware and controller code versions to deploy WPA3 Enterprise.
Opportunistic Wireless Encryption
iOS 16, iPadOS 16.1 and macOS 13, or later, support a way to secure open Wi-Fi networks, using the standard Opportunistic Wireless Encryption. This standard is supported on the following devices:
iPhone 12 models or later
iPhone SE (3rd generation) or later
iPad Pro 13-inch (M4)
iPad Pro 12-inch (5th generation) or later
iPad Pro 11-inch (3rd generation) or later
iPad Air (4th generation) or later
iPad mini (6th generation) or later
All Mac models with the M3 series chip
All Mac models with the M2 series chip
Mac models with the M1 series chip:
Mac Studio (2022)
MacBook Pro (14-inch, 2021)
MacBook Pro (16-inch, 2021)
Important: Apple devices must have access to your wireless network and Internet services for setup and configuration. You may need to configure your web proxy or firewall ports to allow all network traffic from Apple devices to the Apple network 17.0.0.0/8. If Apple devices are still unable to access Apple activation servers, iCloud or the App Store, see the Apple Support articles If your Apple devices aren’t getting Apple push notifications, macOS wireless roaming for enterprise customers and Use Apple products on enterprise networks.