← Back to context

Comment by zamadatix

5 hours ago

The roadmap description is not really specific enough to either back up what the article is saying or describe if this approach would/wouldn't do anything, so I'm wondering the same kinds of things.

If I were to try to implement the given task description, I'd start with assuming this would need to be "Enterprise gives an exports of BSSIDs and locations, Teams uses that table to set the location when you connect to your organization's AP". I'm not even sure how else to make this really work right.

If it really is SSID based, the feature would be relatively useless for most organizations even before discussion trying to spoof it. E.g. the last place I worked had ~3,500 physical addresses with APs (and many more individual buildings/"office" names), all with the same "Corp_Name_Employee" SSID because otherwise it's way more work to have unique SSIDs. So how would this feature even do what it's supposed to do based on SSID?

3 comments

zamadatix

Reply
palmotea  5 hours ago

> If it really is SSID based, the feature would be relatively useless for most organizations even before discussion trying to spoof it. E.g. the last place I worked had ~3,500 physical addresses with APs (and many more individual buildings/"office" names), all with the same "Corp_Name_Employee" SSID because otherwise it's way more work to have unique SSIDs. So how would this feature even do what it's supposed to do based on SSID?

Maybe the enterprise exports a table of AP MAC addresses, mapped to locations. It could be the SSID stuff is just a way to spy on what non-office location you were at.

  • zamadatix  5 hours ago

    That's what I'm thinking. BSSID ~= "AP MAC Address" it's just each (SSID, frequency) tuple the AP advertises has a different BSSID/MAC rather than a single shared one per AP.

    E.g. in the above deployment each Aruba AP could have up to 16 BSSIDs/MACs per radio, but we really had an average of ~5 in use per band at any given site. So a single 2.4 GHz + 5 GHz AP would have 10ish BSSIDs/MACs associated with it in the export (which would then roll up to be BSSIDs/MACs at that office).

    Then any of the SSID stuff seems to be more pure speculation (at least from what I've been able to find sourced from Microsoft so far, they are very light on details). Maybe tEAMS does something with SSID, maybe it doesn't - but the roadmap item doesn't even mention that half of the behavior at all, the Neowin article at least looks to be just inserting stuff about SSIDs without any source (and this site doesn't seem to source much at all). It certainly could use SSID as a fallback when there is no location, but where are the articles finding the plan actually has anything about doing that and why would it help more than setting the status to "Remote".

    At the end of the day BSSID isn't unspoofable either (companies that care that much probably just want mobile device management or to look at the wireless controller itself), but it at least enables the actual goal of saying which office to be achieved.