What's new for enterprise in macOS Sonoma

Learn about the enterprise content that Apple has released for macOS Sonoma.

macOS updates improve the stability, performance, or compatibility of your device and are recommended for all users. Device administrators can manage software updates using a Mobile Device Management (MDM) solution.

For information about general improvements, learn about updates to macOS Sonoma.

For details about the security content of these updates, see Apple security releases.

macOS Sonoma 14.7.1

Login and unlock complete without delay when a passcode policy is configured by MDM.

macOS Sonoma 14.6

  • The login keychain is correctly created the first time a mobile user logs in.

  • Enforcing a specific software update version no longer fails if it's not the most recent available update.

  • The FileVault recovery key is no longer shown after updating when configured by MDM to not show the key.

  • Users can successfully be added to the access list for Remote Management in System Settings.

  • The allowAssistant restriction correctly prevents the Siri app from being opened.

macOS Sonoma 14.5

  • MDM can now enforce a specific beta version at Setup Assistant when using Automated Device Enrollment.

  • The Lock Screen now has a Switch User option when configured to show name and password and network accounts are available.

  • Reliability of declarative software update notifications is improved.

  • Resolved an issue where configured printers may be removed after updating.

  • Apps no longer incorrectly prompt for Desktop and Documents access when both iCloud Drive and Microsoft OneDrive are enabled.

  • The uptime command no longer reports inaccurate information.

macOS Sonoma 14.4

  • MDM can now enforce FileVault for standard users at Setup Assistant.

  • MDM can now report on the battery health of Mac computers with Apple silicon.

  • Users are no longer prompted a second time for certificate trust after joining an 802.1X network during Setup Assistant.

  • Installing a software update declaration now overwrites previously installed declarations for the same OS version.

  • Registration for Platform SSO is now performed without user interaction after creating a new user at login.

  • Resolved an issue where installation of device-assigned apps may not use an available content caching service.

  • Values set in sysctl.conf are correctly applied for Mac computers with Apple silicon.

  • Resolved an issue where viewing a shared screen from Apple Remote Desktop failed.

macOS Sonoma 14.3.1

Encrypted email messages can be successfully decrypted using smart cards.

macOS Sonoma 14.3

  • Xsan volumes no longer fail to mount automatically.

  • Passwords can be changed successfully at the login window.

  • Improves reliability authenticating to an SMB print server.

  • Improves reliability using single sign-on when using a proxy for associated domains traffic.

macOS Sonoma 14.2

  • The login password is correctly accepted at the Lock Screen when MDM has configured the login window to hide admin users.

  • Devices no longer fail to complete extensible SSO authentication that requires multiple steps.

  • Declarative software updates install by the enforced date when a Mac computer is asleep.

  • An exclamation point is no longer shown under managed Login Items in System Settings.

  • Home no longer prompts for location access after updating.

macOS Sonoma 14.1

  • Continuity features can be used with Managed Apple IDs.

  • The new Lockdown Mode and macOS Sonoma wallpaper setup panes can be skipped using MDM.

  • SMB share contents are correctly shown when using Distributed File System (DFS).

  • MDM no longer fails to install enterprise apps after installing an App Store app.

  • Software Update no longer displays a “required managed update” notification when no updates are available.

macOS Sonoma 14.0

macOS Sonoma includes new features such as declarative device management for software updates, account-driven enrollment, and enhancements to Managed Apple IDs.

Device Management

  • MDM can enforce software updates by a certain date and time and users get additional information in System Settings when an update is requested and when it's enforced.

  • Automated Device Enrollment can be enforced after Setup Assistant.

  • MDM can enable account-driven User Enrollment and account-driven Device Enrollment to allow users to enroll their Mac using their Organization ID in System Settings. Profile-based User Enrollment is deprecated and will be removed in a future release.

  • The notification that requests the user enroll in MDM is replaced with a full-screen Setup Assistant experience for a Mac using Automated Device Enrollment.

  • New features in platform single sign-on.

  • Enhancements to password requirement enforcement.

  • MDM can granularly restrict more individual settings in System Settings.

  • MDM can require admin users to turn on FileVault during Setup Assistant.

  • macOS now supports Managed Device Attestation.

  • Declarative device management can manage a set of configurations for some built-in services.

  • New declarations support the deployment of certificates and identities.

  • A new built-in network relay supports secure and transparent tunneling of traffic as an alternative to using VPN when accessing internal resources.

  • MDM can set the order in which transparent proxy extensions handle network traffic.

  • macOS now supports the creation of hardware-bound private keys for certificates issued using the ACME protocol.

  • Screen sharing capabilities are improved between Mac computers with Apple silicon over high-bandwidth connections.

Bug fixes and other improvements

  • Apple devices now support connection to your organization's 802.1X networks using EAP-TLS with TLS 1.3.

  • A Mac running macOS Sonoma can revive or restore a USB-tethered Mac in DFU mode using Finder.

  • Removing /private/var/db/.AppleSetupDone no longer relaunches Setup Assistant if a local user already exists on the Mac. Erase All Contents and Settings can reset the device and launch Setup Assistant.

  • The deprecated audit subsystem is disabled by default in macOS Sonoma. See the auditd manual page for details.

  • Touch ID can be allowed for sudo with a configuration that persists across software updates using /etc/pam.d/sudo_local. See /etc/pam.d/sudo_local.template for details.

  • Resolved an issue where Exchange events failed to sync in Calendar for some users.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: