How to Block macOS Big Sur Installation

Written by Zach DeMeyer on August 27, 2020

Share This Article

With the upcoming release of macOS® 11 Big Sur® this fall, IT administrators may be stuck between a rock and a hard place. Apple® has mandated that its mobile device management (MDM) protocol and its associated APIs will be the sole method for deploying configuration profiles to manage Mac® devices.

These changes mean that IT organizations without a dedicated macOS MDM solution will no longer be able to manage Big Sur Macs. Besides the fact that unmanaged Macs may not meet organizational and end user requirements, they also present openings for bad actors. Zero-day vulnerabilities present additional challenges.

If you’re worried about Big Sur Macs in your organization, you can use JumpCloud® Directory-as-a-Service® to block installation of the macOS version update — even if your users work from home.

How it Works

JumpCloud Directory-as-a-Service® is an all-in-one access control and device management platform. Over one hundred thousand IT organizations worldwide use JumpCloud as their cloud directory platform to secure users and devices while promoting a zero trust security model. With JumpCloud, IT organizations can configure and deploy changes to remote Windows®, Mac, and Linux® devices at scale using a feature called Policies.

What are Policies?

Policies are JumpCloud’s analogue of Microsoft’s Group Policy Objects (GPOs), but they apply to all three major operating systems. Using Policies, IT admins can remotely configure the system settings on their end users’ devices, applying changes like lock screen, full disk encryption, and other security settings en masse across device fleets.

Another key use of Policies is controlling how devices update or patch themselves. Typically, an IT admin can use JumpCloud Policies to define when their device fleets push updates, even opting to defer those updates as necessary.

Blocking macOS Big Sur with Policies

For major updates, specifically macOS Big Sur, JumpCloud’s engineering team created a macOS policy designed to configure systems to refuse the update to Big Sur. Like all JumpCloud Policies, IT admins can apply the Policy to block macOS Big Sur to devices or groups of devices from their JumpCloud Admin Portal.

The process is as simple as selecting “Block macOS Big Sur” from the list of pre-configured Policies, choosing the device or device group from among those managed by JumpCloud, and then activating the Policy by clicking Save. Once activated, the Policy pushes remotely to all designated macOS devices through the JumpCloud System Agent, which then forces the machine(s) to refuse the major OS update until otherwise specified by the organization.

You can find step-by-step instructions on how to block Big Sur using the policy by reading this article.

Why Block Big Sur?

As previously mentioned, the release of macOS Big Sur spells big changes to the way IT admins manage Mac machines. Namely, following the release, the MDM protocol will be the sole method for managing Macs with Big Sur installed. Ultimately, this means that organizations will need to adopt a dedicated MDM solution to manage those machines.

For some organizations, the cost of adding yet another solution to their IT tech stack may be too great in terms of both the continual licensing costs involved, not to mention the amount of work required to integrate a new MDM provider into an environment. Additionally, depending on the MDM chosen, organizations may also need to pay additional costs upfront in order to implement on-premises infrastructure to support their MDM.

By blocking the installation of macOS Big Sur for now, IT admins can assess their stack to find ways to fit an MDM into the picture before having to deal with any potential fallout due to unmanaged Macs.

JumpCloud MDM

If you’re concerned about how to fit an MDM solution into your stack, consider giving JumpCloud’s Apple MDM offering a try. We’re an Apple-licensed MDM vendor with macOS MDM built right into our device management functionality.

What does that mean for you? It means you can manage Big Sur macOS devices from the same place you manage your other Mac, Windows, and Linux machines. Beyond that, you can also use JumpCloud to manage user identities and access rights, effectively consolidating much of your IT tech stack in a single solution.

The result? Less time spent setting up multiple products from multiple vendors with fewer subscription fees or capital expenditures affecting your bottom line.

Try JumpCloud Free

You can try JumpCloud MDM and the rest of the Directory-as-a-Service platform free. Sign up for a JumpCloud Free account, and you’ll receive 10 users and systems on us — no credit card required. We encourage you to take advantage of 10 days of premium, 24×7 live chat support — absolutely free — to help get you started. 

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter