What's new for enterprise in macOS Tahoe 26

Learn about the enterprise content that Apple has released for macOS Tahoe 26.

macOS updates improve the stability, performance, or compatibility of your device and are recommended for all users. Device administrators can manage software updates using a device management service.

For information about general improvements, learn about updates to macOS Tahoe.

For details about the security content of these updates, see Apple security releases.

macOS Tahoe 26.0

macOS Tahoe includes new features such as device management migration, declarative app management, and enhancements for Platform Single Sign-on (SSO).

Device management

• Apple School Manager and Apple Business Manager now support migrating a device with iOS 26, iPadOS 26, or macOS 26 to a new device management service as well as enforcing enrollment deadlines on eligible devices.

• Organizations can deploy App Store apps, Custom Apps, and packages using declarative device management.

• Device management can activate and enforce Platform SSO during Setup Assistant with Automated Device Enrollment.

• Authenticated guest mode provides an expedited login experience for users who use a Mac for a short period of time with Platform SSO, including a Tap to Login option using compatible NFC accessories.

• New configurations for Safari allow organizations to customize the browsing experience for their users including bookmarks, start page, content summarization, and private browsing.

• When a Mac has the Restore skip key configured by a device management service and that service erases the Mac, the “Transfer Your Data to This Mac” pane is skipped during the next setup.

• If a FileVault recovery key escrow configuration is installed by device management on a Mac when a recovery key is already present, the key is automatically rotated prior to escrow if a bootstrap token is present.

• “Ready for Apple Intelligence” notifications and badges are not shown on devices where any Apple Intelligence features are restricted by device management.

• Software update management using mobile device management commands, restrictions, the com.apple.SoftwareUpdate payload, and queries is deprecated and will be removed next year. Going forward, software updates can be managed and enforced using only declarative software update management.

Bug fixes and other improvements

• Organizations can use a new Network Extension URL filtering API to provide a comprehensive and privacy-preserving URL filtering solution across the entire system.

• FileVault can now be unlocked over ssh after a restart if Remote Login is enabled and a network connection is available. More information is available on the apple_ssh_and_filevault manual page.

• Accessory security settings are now applied from macOS to macOS Recovery, including previously allowed accessories and the device management restriction allowUSBRestrictedMode to always allow accessories.

• Algorithms DES, 3DES, SHA1-96, and SHA1-160, as well as Diffie-Hellman groups less than 14, are no longer supported for IKEv2 VPNs.

• macOS now supports the Apple Sparse Image Format (ASIF).

• An error is not shown if a user attempts to use Talk to Siri when Siri is restricted by device management.

• Resolved an issue in Keychain Access where the selected keychain appeared empty.

• Stability is improved for AirPlay mirroring when viewing slides in a web browser.