macOS 11.0 Big Sur, the successor to macOS 10.15 Catalina showcases some big changes. Unveiled at Apple WWDC 2020, Big Sur comes with major upgrades in design, Maps, Messages, Control Center, and many more. The IT admins have also a lot to look forward to with the extended management capabilities of Big Sur.
Apple has announced a transition from Intel processors to its own ARM-based Apple silicon processors. macOS Big Sur will be the first OS that is compatible with the new processors. On the new MacBooks with Apple silicon processors, Big Sur will also support running iOS and iPadOS apps.
Mac OS X 10.0, codenamed Cheetah, released in April 2001, introduced the trademark feature Dock that is used to this day. However, the initial version was slow and incomplete. The evolution of macOS in these two decades has been been humongous. Since the release of Mac OS X Public Beta in 2000, macOS 11.0 Big Sur marks the first increment in the primary version number.
Touted as the biggest macOS update yet, how is Big Sur different from the previous macOS updates? What does the update mean for the IT Admins looking to manage the Macs? These are some of the questions that we attempt to address in this blog.
System requirements for macOS 11.0 Big Sur
- Macbook Air and Mac Pro — 2013 or later
- Macbook Pro — Late 2013 or later
- iMac and Mac mini — 2014 or later
- Macbook — 2015 or later
- iMac Pro — 2017 or later
macOS 11.0 Big Sur Features
There are considerable changes in the user interface of macOS Big Sur. Attractive features like floating dock and new app icons have been introduced. However, points for originality in design is reduced as it is very clear that the macOS is heavily borrowing from iOS, the iPhone counterpart.
Control Centre and Notification Centre
An obvious influence of iOS, Control Centre is an addition to the existing Notification Centre and Launchpad in Mac. Just as in iOS, Control Centre is a drop-down menu providing easy and quick access to settings.
With interactive notifications and a transparent user interface, the Notification Centre has also been reinvented in macOS Big Sur.
The Messages app has been reinvented to have feature parity with its iOS counterpart. It now supports features like conversation pinning, message searching, name and photo sharing, replying inline, and many more.
Big Sur includes Safari 14, the biggest update that Safari has gotten to date. With enhanced privacy and efficient battery usage, Safari will be faster than ever. Safari 14 includes a customizable start page, improved tab design, password monitoring, built-in web page translation, extension support for WebExtensions API, and many more attractive enhancements.
The new Mac App Store includes a section that provides the privacy information of an app, increasing user awareness before installing any given app. Other useful features such as family sharing of app subscriptions and third-party widgets for the Notification Centre have also been introduced.
The world is now literally at your fingertips with the newest Maps. First introduced in iOS 13, the Look Around feature is now available in the Maps for Big Sur to give the user a 360-degree panoramic view of the destination. It also supports electric vehicle routing and gives detailed directions for cyclists.
Managing Big Sur Macs
For Mac device management, things are looking up with the many noteworthy enterprise-oriented features for Big Sur.
Managed Software Updates
Using an MDM, the IT admins can now manage the software updates in the enrolled Mac devices. The IT admin can force the managed Macs to accept the software update. Major OS and non-OS updates can be deferred for a maximum of 90 days.
Supervision for User Approved MDM
The announcement of supervision for User Approved MDM has revolutionized the face of Apple Device Management. Now, the admins have the same control over the user-enrolled devices as they had on the devices enrolled with Apple Business/School Manager. The admins would be able to query, list, and delete local users, control Activation Lock Bypass, install supervised restrictions profile using MDM, or even schedule software updates.
Lights Out Management
Lights Out Management (LOM) allows the admins to remotely startup, reboot, or shutdown one or more Macs even if they are unresponsive. The task is accomplished by sending a command from the MDM server to the MDM enrolled controller on the Mac network. Lights Out Management would not be supported for the older versions of macOS. It requires:
- macOS Big Sur
- Macbook Pros to be on the same subnet
- Lights Out Management Payload to be installed
One of the enrolled Mac devices in the local network acts as the LOM Controller. All the other enrolled Macbook Pros act as the LOM devices. All these LOM devices are connected to the LOM Controller. A command is sent to the MDM server which is received by the LOM controller which in turn distributes it to the other enrolled Macs in the network.
Managed Mac Apps
Managed Apps have been around for a long while for iOS devices. For Mac devices, managed apps are a welcome addition. The Managed Mac apps can be removed from the Macs by MDM command or on disenrollment of the devices. Similar to the managed apps on the iOS, app configurations and feedback are supported for the Managed Mac Apps. The unmanaged apps can be converted to managed apps using the MDM solution if the devices are enrolled using the automated device enrollment.
Content caching is a macOS service that speeds up software installation and helps to reduce internet data usage for the Macs in the same network. This is achieved by saving the content already downloaded by the local Macs in a content cache so that the other devices can retrieve this information without browsing the Internet.
The Content Caching Information command helps the IT admin to determine whether the content caching is turned on and working properly for the users. It gives crucial information such as registration state, cache pressure, bytes served, and many more.
Bootstrap tokens are encryption keys provided by the MDM server used to create admin accounts in the macOS devices without using a password for authentication. Instead of using complicated workflows for creating the admin account and user accounts, the bootstrap token enables users to get a secure token and boot a Mac that uses FileVault. This is a coveted feature for network accounts. The admins can take advantage of authorized software updates and kernel extensions once this is implemented. Bootstrap tokens are supported on all the latest Macs with Apple T2 Security Chip.
Unlike the prior versions of macOS, Big Sur supports file-level encryption in contrast to volume-level encryption. This feature is compatible with Mac with Apple silicon processors. Currently, it is unclear if the older Intel-based Macs would support this feature.
- For iOS devices, the downloaded profiles have to be manually installed from the device settings to prevent the accidental installation of potentially harmful profiles. The feature is now implemented for Mac devices too. To install the downloaded profile, the user has to go to the device System Preferences > Profiles > Downloaded Profiles and install the profile using the user password after previewing it.
- For enhanced security, complete silent installation of profile using the terminal would no longer be supported from macOS Big Sur. The profiles to be installed using the terminal would be treated as a downloaded profile. The user would have to go manually to the System Preferences and install the profile just like with a downloaded profile.
- networksetup command line tool now requires administrator rights for making any changes to the settings.
- There are also enhancements for automated device deployment. Auto Advance for Mac skips all the setup steps and boot the Mac to land right at the login page within seconds. All you have to do to use this feature is to plug-in power and the ethernet cable. A prerequisite for availing this feature is that the network must support DHCP. If encrypted disks are used, the password is necessary to gain access to the device.
Enterprise Connect is an application developed by Apple for connecting securely to the enterprise services. It enhances Active Directory integration for Macs. For non-domain bound Macs, it helps the Mac users to access the enterprise resources and provides features such as password management, Kerberos support and account management. macOS Big Sur will be the last macOS release to support Enterprise Connect. The users are of Enterprise Connect should migrate to the Kerberos SSO Extension, which is meant to be a replacement for Enterprise Connect. The Kerberos SSO Extension gives better support for Per-App VPN and allows more control over the initial login experience.
For the end user and the IT admin managing the devices, macOS 11.0 Big Sur is a considerable change from what we are used to until now. From a personal point of view, I am not yet comfortable with the iOS-like icons for apps. macOS is certainly evolving at a fast pace and new features are always a treat for a tech junkie. It is my sincere hope that future updates of macOS refrain from relying too much on the iOS operating system and maintains its individuality.