We are using a UDM PRO with 1.8.5 firmware and Unifi Network 6.0.43.
We are using a MAC address whitelist along with Radius auth, but we have a user with an iPhone 11 and iPhone 12 that cannot authenticate, they can on the PC/Mac without issue and on older iPhones and iPads.
Yes, this is a pain. You’ll probably want to have them authenticate in a different way.
The private address setting is PER AP, so even if you have 100 APs with the same SSID, the iPhone will keep turning back to the private address for each of them, even if you turn it off. You would need to individually connect to each of the 100 APs independently and turn off private network while connected to each one. Once you turn off the private address for an individual AP, it will be remembered for that AP in the future. Not ideal.
Just going to chime in here that Android is now doing this as well in the newer versions. Drill down into the “Privacy” setting in Network Details of each WiFi connection and turn off “Randomized MAC.”