Controlling WLAN
================

Policy Server communicates with the Agent to collect SSID information.
In macOS Sonoma 14.5 or later, location services permission is required to retrieve SSID information for wireless networks. Without this permission, the app cannot collect network information or perform network management functions.

#. Go to **Policy** in the top panel.
#. Go to **Policy > Node Policy > Agent Action** in the left Policy panel.
#. Find and click **Control WLAN** in the Agent Action window.

Under **General** section:

#. For **CWP Message**, add message to be displayed in accordance with the
   Policy.
#. For **Label**, add labels to help categorize your plugins with custom labels
   that appear in the "Description" field.

Under **Agent Actions** section:

#. For **Boolean Operator**, choose **AND** or **OR** to add optional
   conditions.
#. For **Settings**, click **Add** and select your optional conditions.
   **Criteria/Operator/Value**

Under **Plugin Settings** section:

#. For **SSID Information Scope**, choose to collect information about all
   **Detected** SSID or only those that are **Connected**.

   - For **Detected SSIDs** define a time value for:

      - **Update Interval** - Specify the time interval to update the SSID
        information.

      - **SSID Time-based Threshold** - Specify the minimum time duration to start
        collecting SSID information.


#. For **Disabling Wireless Connection**, choose **On** or **Off** to prohibit
   connection to certain SSIDs.

   - For **On** choose how allowed SSIDs will be defined, and configure
     enforcement options:

      - **How to Define Allowed SSID(s)** - Choose From **WLAN Group**, **SSID Name**, or **regular expression**,
        and fill in the prompt or menu.

      - **Control Cycle** - Enter a number of **seconds**, or
        **minutes** to specify the cycle for Checking whether the connected AP is an allowed AP.

      - **Delay Enforcement Policy** - Enter a number of **seconds**, or
        **minutes** to wait before disconnecting a prohibited connection.

      - **Disabled Connection Notification and Resolution** - Choose From **No Notifications**, **Slide-Out Notification**, or **Allow connection using an agent Authentication Code**

         - For **Agent Authentication Code**, enter a **Connection Time Limit**, and a Custom **HTML Message** to the end-user.

#. For **Private Wi-Fi Address Control**, the private Wi-Fi address option is disabled in macOS Sequoia or later, ensuring that the device's MAC address remains unchanged during network connections.

    - **Operation Mode** - Selecting 'Set Value Only' will only update the settings, and a reboot is required for the changes to take effect. Selecting 'Apply Immediately' will restart the network interface, which may disconnect the wireless network temporarily.
    
    - **Notify Option** - Specify the notification behavior according to the selected 'Operation Mode.' When 'Apply Immediately' is chosen and 'None' is selected, the network interface will restart immediately after the setting is changed.
    
    - **Notify Time** - When 'User Notification' is selected with the 'Apply Immediately' option, you can configure the delay time to display a notification before applying the changes.

#. For **Location Services Permission Prompt Message**, enter the notification message to be displayed when requesting location services permission from the user.

#. Click **Update.**
#. Go to **Node Policy** in the left Policy panel.
#. Click the **Default Policy** in Node Policy window.
#. Find **Agent Action**. Click **Assign.**
#. Find **Control WLAN** in the **Available** section. Select and drag it into
   the **Selected** section.
#. Click **Add.**
#. Click **Update.**