What's new for enterprise in macOS Sequoia

Learn about the enterprise content that Apple has released for macOS Sequoia.

macOS updates improve the stability, performance, or compatibility of your device and are recommended for all users. Device administrators can manage software updates using a Mobile Device Management (MDM) solution.

For information about general improvements, learn about updates to macOS Sequoia.

For details about the security content of these updates, see Apple security releases.

macOS Sequoia 15.3

  • Apple Intelligence is turned on automatically after updating to macOS 15.3 or during device setup unless MDM skips the Apple Intelligence setup pane.

  • MDM can require sign-in from a specified Workspace ID for requests to external intelligence integrations such as ChatGPT.

  • MDM can disable transcription summarization in Notes.

  • AirPlay connects successfully when using the built-in firewall and a content filter extension.

  • Improves stability for apps over VPN connections when using the built-in firewall and a content filter extension.

macOS Sequoia 15.2

  • MDM can manage Apple Intelligence Integrations including ChatGPT.

  • MDM can restrict Apple Intelligence image generation in Image Playgrounds and other apps.

  • AirPlay MDM payloads can be installed containing a password item with both the DeviceName string required for tvOS 18 and the deprecated DeviceID string used in earlier versions.

  • A new option is available to reset the OpenSSH configuration. Open man apple_ssh_and_fips in Terminal for details.

  • Multi-factor authentication in Safari reliably accepts the PIN for hardware security keys.

  • Improves stability for video conferencing apps and DNS resolution when using the built-in firewall and a content filter extension.

  • Service discovery as part of account-driven enrollment can request the well-known resource from an alternative location specified by the MDM solution linked to Apple School Manager or Apple Business Manager.

macOS Sequoia 15.1

  • MDM can manage Writing Tools and Mail summarization.

  • MDM can prevent prompts triggered by apps using deprecated content capture technologies.

  • MDM can prevent users from enabling Media Sharing in System Settings.

  • Login and unlock complete without delay when a passcode policy is configured by MDM.

  • Upgrading to macOS 15 Sequoia completes successfully when a local user account is present without a valid home directory.

  • Improves network stability when using content filter extensions.

  • Improves APNs compatibility with legacy VPN products.

macOS Sequoia 15.0.1

  • Improves compatibility with third-party security software

  • Improves reliability for single sign-on authentication in Safari

macOS Sequoia 15.0

macOS Sequoia includes new features such as Safari extensions management, a new disk management configuration for external and network storage, and enhancements for software update management.

Device Management

  • MDM can manage which Safari extensions are allowed, always on or always off, and what websites they can access.

  • The new disk management configuration can be used to choose whether external or network storage is allowed or disallowed, or limit mounting to read-only volumes.

  • Software updates can now be managed entirely with declarative device management, replacing the MDM profiles for software update restrictions, settings, and software update commands and queries.

  • Executables, scripts, and launchd configuration files can be installed using MDM and stored in a secure and tamper-resistant location.

  • The Profiles section of System Settings is renamed to Device Management and now appears in the General section.

  • profiles renew -type enrollment no longer requires admin credentials if you are not already enrolled in MDM.

  • New authentication options are available for Platform Single Sign-on.

  • New configuration keys are available for the Kerberos SSO payload.

  • MDM can prevent a Mac from mirroring any iPhone.

  • MDM can prevent system extensions from being disabled in System Settings.

  • The new Welcome to Mac screen can be skipped when using auto-advance or by using the Welcome skip key.

  • MDM can configure the use of the hardware MAC address instead of a private MAC address on a managed Wi-Fi network. A privacy warning is shown when using the hardware MAC address because it allows tracking by Wi-Fi networks and nearby Wi-Fi devices.

  • The EnableLogging and LoggingOption keys in the Firewall payload are deprecated and no longer necessary. Application Firewall logging is increased by default for the socketfilterfw process.

  • Profile-based User Enrollment is no longer supported in macOS 15. For User Enrollment, sign in to a Managed Apple Account in Settings.

Bug fixes and other improvements

  • A third-party app or launch agent that wants to interact with devices on a user’s local network must ask for permission the first time that it tries to browse the local network. This does not apply to launch daemons running as root. Similar to iOS and iPadOS, the user can go to System Settings > Privacy > Local Network to allow or deny this access giving users control over their privacy.

  • dscl and dsimport will trigger privacy prompts when attempting to change home directory of a user. Previously this did not happen when a device was under MDM management. Apps can be pre-approved for SystemPolicySysAdminFiles access using MDM with a PrivacyPreferencesPolicyControl payload.

  • Application Firewall settings are no longer contained in a property list. If your app or workflow relies on changing Application Firewall settings by modifying /Library/Preferences/com.apple.alf.plist, then you need to make changes to use the socketfilterfw command line tool instead.

  • The new xprotect command can be used by administrators or users to manually invoke XProtect functionality.

  • The Security Framework can now import PKCS12 files created with AES-256-CBC encryption.

  • spctl can no longer be used to disable Gatekeeper.

  • By default, the sudo command in macOS 15 does not have logging enabled. To enable logging for sudo, remove the line Defaults !log_allowed from the sudoers configuration file.

  • DirectoryService plug-in support has been removed for third-party party plug-ins. Developers should migrate to Platform SSO.

  • Performance is improved when running endpoint security extensions that use live detection.

  • Automatic login is successfully enabled when using the LoginWindow payload to configure AutologinUsername and AutologinPassword for an existing user.

  • When the RequireAdminForAirPortNetworkChange key is set to false in an MCX payload, "Require Administrator Authorization to Change Networks" is no longer enabled.

  • Devices reconnect more reliably to managed hidden Wi-Fi networks.

Published Date: