Introduction

Ever since Windows 10 1903, the MAC Address Randomization feature has not worked on Microsoft Surface devices. This worked on Windows 10 1809 and earlier.

Why should you care?

Privacy.

By enabling the feature, it is more difficult to uniquely identify your machine across networks and target you with advertising and spyware. More info.

The capability never left our beloved Surface devices or Windows. It was just disabled by default in firmware and the Marvell drivers deployed via Windows Update changed from having the feature enabled regardless of firmware settings to honoring the firmware default. The fix is to change the following regkey:

;Re-enable MAC Address Randomization for Marvell Wi-Fi - dancharblog ; ; -----Instructions: ----- ;- copy this text into notepad ;- save as random.reg ;- double-click the random.reg file and follow the prompts to import changes to your system ; Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrvlpcie8897] "MACRandomization"=dword:00000001

Setting the regkey then rebooting will reveal the feature in the Settings app. You’ll have to manually enable randomization in the settings app and reboot again for the change to be effective. You can enable or disable the feature for individual saved Wi-Fi access points:

Applies to

Any laptop with Marvell AVASTAR Wi-Fi where MAC address randomization is disabled including:

Surface Pro 3/4/2017/6

Surface 3

Surface Laptop 1/2

Surface Book 1/2

Automated Script

If you don’t want to mess with manually editing the registry, settings app, and rebooting. I whipped up a quick Powershell script to do it all:

# Enable MAC Address Randomization for Marvell WiFi script v1.01 - https://dancharblog.wordpress.com # auto-elevate to admin privileges Write-Host "Requesting administrator rights" $myWindowsID = [System.Security.Principal.WindowsIdentity]::GetCurrent() $myWindowsPrincipal = New-Object System.Security.Principal.WindowsPrincipal($myWindowsID) $adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator If ($myWindowsPrincipal.IsInRole($adminRole)) { $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)" } Else { $newProcess = New-Object System.Diagnostics.ProcessStartInfo "PowerShell" $newProcess.Arguments = $myInvocation.MyCommand.Definition $newProcess.Verb = "runas" [System.Diagnostics.Process]::Start($newProcess) Exit } Write-Host "Attempting to enable MAC Address Randomization for Marvell Wi-Fi" $Wifi = (Get-NetAdapter -InterfaceDescription *Marvell*).InterfaceDescription If ($Wifi) { Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\mrvlpcie8897' -name MacRandomization -value 1 -verbose Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\WlanSvc\Interfaces' | where {$_.Property -eq "RandomMacState"} | Set-ItemProperty -name RandomMacState -value ([byte[]](0x01,0x00,0x00,0x00)) -verbose Disable-NetAdapter -InterfaceDescription $Wifi -confirm:$false -verbose Enable-NetAdapter -InterfaceDescription $Wifi -confirm:$false -verbose } Else { Write-Host "Unable to find Marvell Wi-Fi device" }

References