Apple @ Work is brought to you exclusively by Mosyle, Apple’s only unified platform. Mosyle is the only solution that brings together in one professional platform all the solutions you need to seamlessly and automatically deploy, manage, and secure Apple devices at work. More than 45,000 organizations trust Mosyle to provision millions of Apple devices effortlessly and affordably. Request an EXTENDED TRIAL today and see why Mosyle is all you need to work with Apple.
Summary: macOS Sequoia provides more control for IT departments, but they need time to review their current system extension policies and settings.
macOS Sequoia makes some important changes to system extensions that affect how IT administrators manage and secure Apple devices. These changes are part of Apple’s ongoing efforts to improve device security and improve control over system features, especially in enterprise environments.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Using his experience deploying and managing firewalls, switches, mobile device management, enterprise Wi-Fi, thousands of Macs, and thousands of iPads, Bradley will cover the ways Apple IT managers deploy Apple devices, build the networks to support them, train users, share stories from the IT management front lines, and discuss how Apple can improve its products for IT departments.
System Extensions in macOS Sequoia
System extensions allow software to extend the functionality of macOS without relying on legacy kernel extensions (kexts), which Apple has begun to phase out due to security risks. This was especially important when macOS was protected from a faulty update from a popular security vendor. Instead, system extensions run in user space, offering better stability and security. With macOS Sequoia, Apple is improving how these extensions are handled, introducing new capabilities that administrators should be aware of.
Previously, system extensions were installed without much visibility to the end user, which made deployment easier but limited flexibility in terms of control. However, with macOS Sequoia, system extensions have become more accessible to IT administrators, who now have expanded options for managing them. These changes provide a more transparent, secure, and customizable environment for enterprise-level device management while prioritizing the security and protection of macOS.
Changes to Management and Control
A significant update in macOS Sequoia is the ability for administrators to control system extensions through their device management system. This includes the introduction of new keys in configuration profiles that can be used to control these extensions. Specifically, IT administrators can now ensure that critical system extensions are always enabled, preventing users from disabling them.
New configuration profile keys allow administrators to lock down specific extensions in place, ensuring that they remain active on the computer. This is especially important for maintaining security, as disabling important system extensions can leave the system vulnerable to attack or compromise. The macOS Sequoia improvements are part of Apple’s broader move to tighten security and give IT more control while maintaining the great macOS user experience.
These configuration profile improvements streamline workflows because IT administrators can now determine which system extensions are critical and which can be left to the user’s discretion. This level of control enhances IT’s ability to enforce security policies, especially in highly regulated industries like finance, travel, and healthcare, where system integrity is critical.
Enhanced user visibility and security
Another important change in macOS Sequoia is improved transparency around system extensions. In earlier versions of macOS, users had little or no idea about the system extensions running on their devices. With Sequoia, users with administrative privileges can now see these extensions and, if allowed by IT policies, disable them. This increases user awareness and puts more responsibility on IT departments to set permissions and policies correctly.
This dual approach—greater transparency for users but tighter control for IT—strikes a balance between usability and security. It allows organizations to customize device management on company-owned devices, ensuring that important extensions remain in place even as end users gain greater visibility.
What are the implications for IT?
For IT departments managing large fleets of Apple devices, the changes in Sequoia offer new tools for increased security and control. However, they also require updated management strategies. Administrators will need to review existing system extension policies and update configuration profiles to take advantage of the new capabilities offered by macOS Sequoia.
Ensuring that critical extensions are locked down and inaccessible to unauthorized users will be a priority, along with guidance for end users on how system extensions work in this new environment. IT departments will benefit from the greater control that macOS Sequoia provides, but they must also be proactive in understanding and implementing these changes to avoid disruptions and security gaps.
Apple@Work is brought to you exclusively by Mosyle, Apple’s only unified platform. Mosyle is the only solution that brings together in one professional platform all the solutions you need to seamlessly and automatically deploy, manage, and secure Apple devices at work. More than 45,000 organizations trust Mosyle to provision millions of Apple devices effortlessly and affordably. Request an EXTENDED TRIAL today and see why Mosyle is everything you need for your Apple experience.
