The Breaking Change in macOS Big Sur: an MDM is Now Required

macOS^® Big Sur is the first major OS release from Apple^® since Y2K.

macOS Big Sur’s release will be the first time since the year 2000 that Apple is incrementing a major version number of macOS, jumping from macOS Catalina version 10.15 to macOS Big Sur version 11. 

Based on the semantic versioning scheme, which is a broadly accepted simple set of rules and requirements that define how software version numbers are assigned and incremented, a major version update must be incremented if any backwards-incompatible changes are introduced in the release. 

Backwards incompatibility, required for a major change, implies that something is changing in this year’s macOS release that is a breaking change which vendors and administrators will need to address.

So, what is the breaking change in macOS Big Sur? The macOS version history on Wikipedia calls out ARM support, new icons, and GUI changes for macOS Big Sur, but this doesn’t tell the entire story. 

Although Apple hasn’t released a definitive answer, testing with macOS Big Sur betas uncovers another major version change under the hood of macOS that very well may be the reason Apple is upgrading from macOS 10.15 to macOS 11.

The Real Reason for the Major Upgrade? 

In macOS Big Sur, the command line Profiles Tool is getting a major version update, jumping to Version 8 from Version 7 which shipped with macOS Catalina.

The Apple man pages give insight into what is changing in this major version upgrade.

Figure 1: Screenshot of the man page for the profiles command version 7.17 running on macOS Catalina

Figure 2: Screenshot of the man page for the profiles command version 8.04 running on macOS Big Sur beta. It can be seen in this screenshot that the man pages reference macOS Big Sur as 10.16 not as 11.0. It seems like a team at Apple may have missed the memo about the major version change. 

As seen in Figure 2, the man page reveals a drastic change to the profiles command in macOS Big Sur stating that the ability to install configuration profiles is no longer supported.

Figure 1 shows that installing configuration profiles is the first use case used in the description of the current profiles command running on macOS Catalina, so removing this functionality is a big deal. 

Deprecating the ability to install configuration profiles using the profiles command very well may be the reason for the major version change. Removing this ability in macOS Big Sur makes implementing an MDM a requirement for admins managing Mac devices.

Why an MDM is Required to Manage macOS Big Sur

Configuration profiles are the technical, behind-the-scenes “how” for macOS device management. 

In order to satisfy security and compliance requirements, IT administrators use configuration profiles to put their devices into a desired state. Examples for using configuration profiles include enforcing a screen lock, disk encryption, or deploying a certificate to secure a device. 

As the new work norms of 2020 and beyond include supporting a distributed workforce, IT administrators need the ability to remotely manage and deploy configuration profiles to machines. With the deprecation of the installation feature of the profiles command in macOS Big Sur, Apple has now made it clear that the Apple Mobile Device Management (MDM) protocol is now the only way to silently install configuration profiles on remote macOS machines.

This protocol is an open protocol that offers administrators a number of options to implement. Open source solutions that require infrastructure setup and maintenance exist as well as a landscape of vendors with push button solutions in the device management space. 

Don’t wait: Find an MDM

Having an MDM in place prior to devices upgrading to Big Sur will save administrators time and headaches. Another side effect of the depreciation of the profiles command is that admins will lose the ability to silently enroll end user devices that are not currently enrolled into an MDM. Devices that are not enrolled into a MDM vendor prior to upgrading to Big Sur will require end user interaction, with administrative permissions, to enroll into an MDM.

JumpCloud offers a unique spin on device management with its unified identity and device management platform for Mac^®, Windows^®, and Linux^® which includes Apple MDM support. In addition to cross-platform OS management, administrators can use the JumpCloud MDM Enrollment Policy to enroll end users systems in bulk into JumpCloud MDM and be prepared for the breaking change of macOS 11 Big Sur. Check out our MDM simulation for a walkthrough on our configuration settings.

Want to know more about getting your organization ready for macOS Big Sur? Join us on October 7th as we talk with Apple experts Bradley Chambers, EDU IT director and writer at 9to5Mac, and Tom Bridge, MacAdmins podcast host and founding partner at Technolutionary, in a webinar that’ll cover what’s new in macOS Big Sur, using MDM, and the outlook for device management.