Under VMware AirWatch console version 9.1, I could not easily lock down WiFi connectivity to specific SSID(s) without the use of the custom profile. With the newer version of the web console, we no longer need to rely on a custom profile which is a plus.
Within the iOS profile, you can still create one or more SSID based on your needs.
What’s different now is the ability to restrict Wi-Fi access only to the SSIDs pre-configured within the Wi-Fi profile. The setting can be found under Restrictions -> Security & Privacy.
Per the warning message within this setting, make sure the Wi-Fi profile is already published to your user devices before applying this restriction profile especially on Wi-Fi only devices.
“If Force Wi-Fi Whitelisting is enabled, devices drop off the Wi-Fi network that they are connected to if there isn’t a configuration profile for that network already installed. It is advised to use this restriction in addition to an existing Wi-Fi profile payload that the device can connect to at the time of profile installation. Once the restriction is installed, subsequent Wi-Fi configuration profiles are automatically whitelisted.”
For security, you may also consider un-checking the box Allow sharing of Wi-Fi passwords.