Sophos UTM: Decommissioning of obsolete URL categorization services CFFS.Click here for important info.

Related
Recommended
RichardP

Sophos appreciates your assistance. Please make sure to read all the items in this post. Also, please report any issues on the Discussions forum - we need your feedback to help improve the product.

Overview

Support is now GA (Generally Available) for macOS 11 Big Sur in the Recommended subscription (available without joining the EAP. The EAP remains open for the time being to enable us to release further enhancements should we need to.

Signing up for the Big Sur EAP

The following steps will provide a short overview about how to setup the Sophos Endpoint Client. Please be aware that this setup is for the EAP and is supported through the Sophos Community only.

  1. Open a web browser and navigate to central.sophos.com
  2. Login with your SophosID
    Note: 
    1. [01 Dec 2020] Sophos Partner accounts (MSP) are now eligible for the EAP.
    2. The Sophos Enterprise dashboard is not compatible - you must log into a specific estate dashboard to access the EAP.
  3. You may receive a notification about joining the EAP. If not – navigate to the upper right corner, click on your username, and select “Early Access Programs” 
  4. Follow the instructions to sign up
  5. Once complete – you will see a “Manage” button

Registering Existing MacOS Endpoints into the EAP

Now that you have enrolled in the EAP you will need to go through a few steps to register your Mac Endpoints into the program.

Be aware that an endpoint will not get the EAP software until it is registered.

Note: This is an EAP and PRODUCTION devices should NOT be enrolled in it.

  1. Click on your Username in the upper right
  2. Select 'Early Access Programs'
  3. For the Big Sur EAP click on 'Manage'
  4. Add the desired endpoints into the 'Assigned Devices'

  5. Click Save

This will render the correct policy and endpoint software to the target devices.

Setting up a new device into the EAP

  1. Go to the Sophos Central Dashboard and select the option “Protect Devices” at the left tab
  2. Download the file and execute the “Sophos Installer” app
  3. Follow the instructions from setup and wait until the installation finished
  4. Once the Sophos Endpoint is installed, you might receive a notification about granting fulldiskaccess
    1. Disregard this as you will first install v10.0.1
  5. Once complete, assign your new client to the EAP to install v10.0.2 of Sophos Central for macOS
  6. After updating to v10.0.2, please follow the instructions to grant fulldiskaccess and to ensure that the new System Extensions are applied.
    1. macOS 11 Big Sur (previously known as 10.16)

Apple M1 based chip (ARM Device)

Note: the Big Sur EAP v10.0.2 is currently Intel code and will not run natively on Apple M1 hardware. Rosetta 2 will be required to run the EAP on Apple M1 hardware.

Users wanting to test the Big Sur EAP with Apple's new M1 hardware will first need to install Rosetta 2. This can be done interactively (https://support.apple.com/en-gb/HT211861) or using the instructions below. The use of Rosetta 2 is supported in this EAP.

How to install Rosetta 2

  1. Open the terminal.app at the macOS 11 (Big Sur) client
  2. Execute the following command – no sudo required 
    /usr/sbin/softwareupdate --install-rosetta --agree-to-license

Now you can install the EAP v10.0.2 by using Intel compatibility mode. For more details please see https://support.apple.com/en-us/HT211861 

What is Rosetta 2?
Rosetta 2 is a commonly used tool that enables a Mac with Apple silicon to use apps built for a Mac with an Intel processor.

Will there be a performance difference when using Rosetta 2?

Native support using the full power and performance of the Apple hardware will always be faster than using Rosetta 2. For normal business users there should not be any discernible difference. For heavy users of disk or CPU (for example: video editing, heavy photoshop usage, compiling) they will notice a difference in performance.

Will Apple M1 Hardware be supported when we release Big Sur support?

Yes, and this support will come in two stages. Stage 1 will be using Rosetta 2 and Stage 2 will be native support. 

When will M1 processors be natively supported?
An early access program for native Apple M1 processor support will begin in early April. Native support means that Rosetta 2 is no longer required for emulation.

Release information

Stay tuned for more information regarding an official release.

Recommended Reads

Please make sure to visit our Recommended Reads section and reference the various How-to's and important information related to this EAP.

Unfiltered HTML