Updated November 9th, 2022 - Customer looking to migrate to macOS 13 Ventura should review this KBA for details on known compatibility issues.  Based on customer feedback we are now providing separate configuration profiles for each major supported macOS version.  This change was made with the Configuration Profile 1.2.

In the macOS 13 Ventura release, Apple has introduced a new System Settings app to manage system configuration and this will replace the older System Preferences app.  In addition to a new look and feel that is more consistent with the Apple experience, there is a new Login Items panel that allows management of background applications or services that either start automatically at system boot or open automatically when users log in.

Local administrative users will have the ability to turn off background applications and services and therefore could disable the Sophos Endpoint protection features as well as block communications with Sophos Central and software updates.

New management features are available via MDM solutions and using Configuration Profiles to prevent users from disabling critical services:

The latest Sophos Central Installer for macOS includes separate Configuration Profiles for each major macOS versions we currently support, namely:

  • Sophos Endpoint Big Sur v1.2.mobileconfig

  • Sophos Endpoint Monterey v1.2.mobileconfig

  • Sophos Endpoint Ventura v1.2.mobileconfig

Sophos Endpoint Ventura v1.2.mobileconfig contains the required settings needed to prevent local administrative users from disabling the Sophos Endpoint via the Login Items.  To acquire the new Configuration Profile file (Sophos Endpoint Ventura v1.2.mobileconfig), download the latest installer from your Sophos Central account and look in the “Deployment Tools” folder to find the updated profile. When imported into your MDM solution you will see the new profile is labeled as “Sophos Endpoint Ventura v1.2”.

After upgrading to macOS Ventura, deploy “Sophos Endpoint Ventura v1.2” Configuration Profile to all endpoints to keep the Sophos Endpoint protection services running. Once the updated Configuration Profile is applied, Sophos will still be visible under Login Items System Settings but users will not be able to disable it.

Sophos Endpoint Ventura v1.2 Configuration Profile also supports the same features that were supported in the previous version of the Configuration Profile as well as features supported in Sophos Endpoint Big Sur v1.2.mobileconfig and Sophos Endpoint Monterey v1.2.mobileconfig. We would suggest to deploy the relevant configuration profile to a given macOS version.

Please refer to the ReadMeFirst file located under the “Deployment Tools” folder for change log for each Configuration Profile. You can also refer to these detailed instructions on using Jamf Pro to deploy the Sophos Endpoint to your Mac devices.

Thanks,

Kevin