JumpCloud Webinar: How to Secure Identities and Devices Across a Remote Workforce Register today

How to Prepare for macOS Big Sur: Technical Tips from Apple Experts & Mac Admins




Organizations getting ready for the imminent release of macOS®  Big Sur joined JumpCloud®  friends Tom Bridge (MacAdmins Podcast Host and Founding Partner at Technolutionary) and Bradley Chambers (9to5Mac Writer & IT Director) in conversation about how to prepare for Big Sur.

Watch the video of the live webinar, and read on for a recap of the event’s highlights and key insights shared by Tom and Bradley. Spoiler alert: If you’re a Mac®  administrator, you should be getting ready for Big Sur now.

This event shared Apple® MDM and Mac device management information for any IT environment, but you can learn more about JumpCloud MDM by joining our Oct. 23 Office Hours

When Will macOS Big Sur Arrive? 

Unless you’re in the inner Big Sur circle at Apple, no one knows the day when macOS Big Sur will arrive. Not even Tom and Bradley know exactly when it’ll be here, but they guessed that it’ll be released sometime in October — potentially around or just after Apple’s Oct. 13 event “Hi, Speed”, but hopefully, as Tom said, with more than 24 hours’ notice.

Based on what Apple has shared, we can anticipate some of the OS changes and their impact on IT admins and Mac end users, like:

  • Users will notice Big Sur’s “huge visual difference,” according to Tom, including the floating bar dock and new iconography. 
  • Bradley suggests applying two lenses when thinking about the new look and feel: the components that your average end users are excited about, and the changes that will be more noticeable to Mac admins. “You really want to know your users are ready,” Bradley advised, because while end users on Macs certainly know how to do their day jobs on them, their workflows could be disrupted by the newness of macOS Big Sur. 
  • When Big Sur arrives, it may not be in its final state as a new, major OS version. Even though Apple will release it in the near future, expect some updates to be made after it becomes generally available. 

Highlights: Mandatory Apple MDM, Screen Recording Payloads, Auto-Enrollment, & More Big Sur Changes

Perhaps the biggest change coming along with macOS Big Sur is that Mac admins must use the Apple MDM protocol for device management.

“The MDM world has become so critical in such a short amount of time,” Bradley said. “MDM is the future of all device management, certainly on the Apple side, and it’s critical that you pick the right vendor.”

Tom and Bradley discussed various Apple MDMs on the market, and it’s important to find the right MDM for your needs. They agreed that unless you’re at a tiny two-person office, it’s recommended that you use an MDM in the workplace — but don’t be afraid to try out MDM options before you commit to one.

Tom brought up that Big Sur will introduce new payloads, such as for screen recording. In past macOS versions, admin and non-admin Mac users could allow screen recording to remotely screen share. For devices running Big Sur, by default non-admin users won’t be able to permit an application to allow screen recording.

That’s a pretty major change for the end user experience, and could require more admin involvement when screen sharing is needed in remote work setups. If you’re interested in learning more about this payload and others, admins with any Apple Business Manager or Apple School Manager ID can visit appleseed.apple.com to find more details.

Bradley brought up some positive auto-enrollment considerations, which he described as “one of the best parts of being an Apple admin.” This allows IT teams to use zero-touch deployment for user onboarding, meaning the ability for an end user to receive a pre-configured Mac device that’s ready for them to unbox and use right away. Tom added that auto-enrollment in Big Sur also provides auto-advance on Macs, previously just available on TV OS devices like AppleTV, which is exciting for admins because it makes device configuration processes easier than ever (and an example of iOS enhancements moving over to macOS, including encrypted DNS, with Big Sur).

Watch the full webinar on-demand to hear more of Tom and Bradley’s discussion which also covered lights out management, content caching enhancements like support for internet recovery, supervision profiles with user-approved MDM enrollment, and more Big Sur changes to know about ahead of Apple’s biggest OS upgrade in decades. 

Deploy on Day One, or Delay? 

A top question on many Mac admins’ minds is whether to deploy macOS Big Sur as soon as it’s available or delay it to avoid potential pitfalls.

While you might be capable of supporting macOS Big Sur the same day it’s released, understand that some critical pieces of software in your IT environment may or may not be ready.

“What are the showstoppers? Do you have a VPN that’s driven by a kernel extension? Do you have security software driven by a kernel extension? These are the kind of things you have to be aware of inside your organization as mission critical,” Tom advised. He wants you to know your showstoppers and start testing immediately, but ultimately deploy Big Sur when you and end users feel ready.

Alongside IT environment factors, Tom and Bradley emphasized that Big Sur will probably get updates after its first release. Tom advised admins to evaluate end users’ willingness to put up with “quirks” that might be encountered early on with macOS Big Sur, which could contain some buggy user experiences. Expecting at least one rapid bug fix upgrade following Big Sur’s release, Bradley plans at this time to delay Big Sur rollout by around three weeks, because: “If you do deploy, there are things that could break that aren’t your fault but will be your problem.” 

On the flipside, Tom plans to deploy macOS Big Sur at his organization when it arrives because it will be the most secure OS available: “The most secure operating system is the one that Apple releases on day one.” But for some clients, Tom will recommend delaying the upgrade for 90 days to allow for testing.

As always, there can be curveballs. Some organizations might not have a choice other than buying a Mac that is running Big Sur out of the box, shortly after macOS Big Sur is released. Some end users could have somehow ended up running Big Sur in beta on their Mac. These are cases that admins must deal with on a case by case basis, but the good news is that there are excellent resources including: 

Top Webinar Takeaway & Next Steps

Without a doubt, your top takeaway from the webinar should be this: Even though we don’t know when we’ll see macOS Big Sur, we know that an Apple MDM will be required for secure Mac management for Big Sur devices and the future of device management. Admins should be looking for an Apple MDM solution to implement at their organization and preparing end users for the upcoming transition.

You can try JumpCloud MDM for free with up to 10 users and 10 devices, along with premium chat support for your first 10 days in the directory platform. JumpCloud offers Apple MDM alongside comprehensive device management and security for Mac, Windows®, and Linux® OS from a single web console.


Recent Posts
PCI DSS requires that environmental event reports are readily available. JumpCloud provides deep holistic event reports at the ready.

Blog

PCI DSS Part 3: Monitoring & Reporting

PCI DSS requires that environmental event reports are readily available. JumpCloud provides deep holistic event reports at the ready.

Need more than Google Cloud Identity? Learn how to centrally manage identities not just for Google services but also for all IT resources.

Blog

Cloud IAM Feature — Google Cloud Identity

Need more than Google Cloud Identity? Learn how to centrally manage identities not just for Google services but also for all IT resources.

Traditional GPOs served IT admins well for a time, but now struggle with modern infrastructure, resources, and remote work. Find a hosted GPO option here.

Blog

Hosted Group Policy Objects (GPOs)

Traditional GPOs served IT admins well for a time, but now struggle with modern infrastructure, resources, and remote work. Find a hosted GPO option here.