What's new for enterprise in macOS Big Sur

Learn about the enterprise content that Apple has released for macOS Big Sur.

macOS updates improve the stability, performance or compatibility of your device and are recommended for all users. Device administrators can manage software updates using a Mobile Device Management (MDM) solution. 

For information about general improvements, learn about updates to macOS Big Sur.

For details about the security content of these updates, see Apple Security Updates.

macOS Big Sur 11.5

  • MDM administrators can use the new SetRecoveryLock command to set a password on a Mac with Apple silicon that will be required to enter macOS Recovery.
  • MDM administrators can now use the DeviceLock command to lock a Mac with Apple silicon with a six-digit PIN and an optional message.
  • Resolves an issue where network extensions that require Rosetta 2 fail to load on first startup after a software update.
  • Resolves an issue where System Profiler becomes unresponsive when collecting hardware data.
  • SmartCard login no longer fails on Mac computers with Apple silicon when using the checkCertificateTrust key.
  • Resolves an issue where MDM app installations may fail when using a proxy configured with a PAC file.
  • Resolves an issue where Mac computers with Apple silicon boot to recoveryOS after using startosinstall — eraseinstall.

macOS Big Sur 11.4

  • Using MDM to install software updates works more reliably on Mac computers with Apple silicon.
  • Resolves an issue where the first login with a mobile account does not create a login keychain.
  • Setup Assistant no longer skips Location Services when account creation is skipped by MDM.
  • App installations from MDM are no longer cancelled during the setup process when the country is changed.
  • Resolves an issue where DNS lookups may fail when using an authenticated proxy or a proxy configured with a PAC file.
  • Resolves an issue where the Kerberos SSO extension may fail to renew credentials.
  • Resolves an issue where iCloud Keychain sync could not be restricted by MDM.
  • Resolves an issue where StorNext volumes from fsforeignservers file would not mount automatically.

macOS Big Sur 11.3

  • MDM can now defer major and minor software releases separately.
  • SMB Multichannel is now supported and enabled by default. Learn more
  • When using MDM to restart a macOS device, you can allow user interaction optionally before restarting.
  • MDM can now install and manage iOS apps on Mac computers with Apple silicon.
  • Resolves an issue where system extensions already awaiting user approval could not be approved by MDM.
  • Resolves an issue where using MDM to remove approval for system extensions did not deactivate the extensions.
  • Resolves an issue with content filtering rules when using multiple network extensions simultaneously. 
  • Resolves an issue where mobile account creation fails on the first login.
  • Updating a Wi-Fi payload that includes a certificate identity no longer creates a duplicate identity.
  • Safari now respects user-defined “Always Allow” access settings for SSO certificates.
  • Resolves an issue with browsing network file servers hosting a large number of SMB shares.
  • Resolves an issue that prevents software updates from initiating at the login window.
  • Resolves an issue where app installation may fail if MDM reissues the install command.

macOS Big Sur 11.2

  • On Mac computers with an Intel processor, you can now use the startosinstall command inside the macOS installer app located on a non-boot volume while booted to Recovery.
  • Setting a custom umask now works as expected.
  • MDM can now push a Kernel Extension Policy payload to a Mac with the Apple M1 chip and update boot security settings automatically.
  • Resolves an issue where Mac computers managed by MDM were sometimes unable to retrieve software updates using System Preferences.
  • Network Extension Content Filters can now monitor traffic from built-in binaries.
  • Resolves an issue where users were unable to unlock System Preferences panes after upgrading to macOS Big Sur from macOS Catalina.

macOS Big Sur 11.1

  • You can now install macOS on a Mac with Apple silicon while logged in with a mobile account.
  • Addresses an issue where the PIN would not be accepted when attempting to authenticate with a smart card.
  • The software update — fetch-full-installer command — now downloads the latest macOS installer as expected.

macOS Big Sur 11

  • Provides MDM support for allowing standard users to complete the installation of legacy kernel extensions by restarting their Mac from within System Preferences > Security & Privacy without having to provide administrator credentials.
  • Supports the RebuildKernelCache and KextPaths keys in the RestartDevice MDM command dictionary.
  • Provides MDM support for allowing standard users to permit Screen Recording or Input Monitoring in the Privacy pane of Security & Privacy preferences.
  • Apple Push Notification service (APNs) traffic will correctly fall back to using a proxy if a direct connection is blocked by a firewall which doesn't send a TCP reset to clients.
  • Hyperlinks in PDFs containing percent-encoded characters now open properly.
  • Fixes an issue where attempting to change a password using the Kerberos SSO Extension would fail with an error message saying: "Password Change Failed. Configuration file does not specify default realm."
  • Addresses an issue where after allowing a user to unlock a FileVault-protected startup volume, the user would not always appear in the list of users in the login window.
  • Resolves an issue where in certain cases, the Relocated Items folder could not be deleted.
  • Addresses an issue where "Password requirements" in System Preferences didn't show when a password had met the requirements when multiple local policies were used.
Published Date: