Sophos Endpoint and Apple macOS 11 Big Sur

Our Endpoint Protection does not yet support macOS 11 (Big Sur). Please do not upgrade until we announce that we support it. We plan to have an Early Access Program (EAP) available soon so that you can test it on your own machines.
Apple will release macOS 11 on the 12th November, we plan to create an EAP in Central to test this release soon, but do not support it yet.

Central Device Encryption (CDE) for Mac version 1.5.3 does support macOS 11, this was rolled out recently but bear in mind that if you use both Endpoint and CDE you will still need to wait before upgrading to macOS 11.

On-premise customers will also get a version of endpoint protection that is supported on macOS 11 but will not have access to an EAP or Preview ahead of full support.

ARM-based CPUs are not currently supported. They require macOS 11 and additional testing and requirements. Sophos will support ARM-based CPUs, however, the details of that support will be provided at a later date.

Please check this KBA for up to date information:

Link to the Big Sur EAP on the Sophos Community

included info for Big Sur EAP
[edited by: FloSupport at 9:50 PM (GMT -8) on 2 Dec 2020]
  • Was expecting Sophos team to get their Test MAC devices upgraded to get Big Sur Beta/Developer version well ahead of public release.

    Not sure if this was done?

  • Krunal,

    We do realize how accustomed Apple users are to upgrading on Day 1 for any macOS/iOS update and strive for that support. Apart from the visual and security improvements Apple has touted on their website and announcements, macOS 11 radically changed the way 3rd party vendors interact with macOS. Specifically changing kernel-level access.

    Sophos has diligently worked with Apple since the first build of Big Sur, logging issues and preparing our products to support Big Sur. Our products need to work on macOS 10.x (where kernel access is allowed), macOS 11.x (where kernel access is no longer allowed) and at the quality that our customers expect.

    The Early Access Program (EAP) for Big Sur support will be available for testing next week (week commencing 23rd November) with an expected GA release in calendar Q1 2021.


  • Hello Sophos Team,

    as partners we find the way of communication disastrous. There is no information other than the login to a Central Admin account, neither on the homepage of the partner portal nor by email; even if a widespread operating system is not able to ensure the functionality of the Sophos software. Instead, a threat and a knowledgebase article will be communicated in the community with the promise of an EAP on 23.11.2020. Honestly? Really serious? To the customers who are affected by the non-transparent information policy, let's just say - take a vacation until maybe the EAP comes and works? Until then, please do not use your Mac?

    Simply insane.

  • Hello Alexander Reith,

    I'm "only" a customer, I did receive both an InfoSMS and an email (that started with Sehr geehrte Sophos-Kunden und -Partner) on 11th. You could argue that this was quite late - just the last day before release - but there was advance information.


  • Alexander, 

    There were several communications on this subject, a tech alert went out in October, a critical alert on the 11th November as well as a support SMS and the banner in Central itself. The emails went to customers and partners with active assets, as your company does not have any active assets you did not receive the alerts. 

    We are not happy or comfortable about the position we are putting our customers and partners in but we are doing what we can to get support out as quickly as possible without compromising protection.



  • I automatically upgraded to OS 11.0.1 before I discovered that Sophos doesn't support it. In the meantime you keep sending me the message: "You need to change your 'Security and Privacy' settings. Following that advice and changing my settings does absolutely nothing. So please fix the problem AND stop sending me these useless  and annoying messages until you do.

  • Hi, how do we get into the Early Access Program (EAP) for Big Sur support?

  • Hi Brian,

    should work like all other EAPs. But like @DarrenTeagles already mentioned the EAP for Big Sur will be available for testing next week (week commencing 23rd November) with an expected GA release in calendar Q1 2021.

    In general to join EA programs go to your Sophos Central Account:

    1. Click your account name (upper right of the user interface) and select Early Access Programs. On the Early Access Programs page, you'll see a list of the available programs. Some programs are "invite only", e.g. Betas or Alphas. If you want to join an “invitation only” program, you must add the program to the list first. Under Invitation only programs, enter your invitation code.
    2. Click the Join button next to a program.
    3. A description of the program is displayed. Click Continue.
    4. In the End User License Agreement & Privacy Policy dialog, view the agreement and then click Accept. If the program is for endpoint software, an Add devices button is displayed. You must continue to the next step.
    5. Click the Add devices button.
    6. On the Manage devices page, you see a list of the Eligible devices on which you can install the new feature. Use the picker to select the devices where you want to try the new feature. Click Save.
      You can add or remove devices at any time during the program. To do this, go to the Early Access Programs page again and click the Manage button beside the program.

    The software on the selected devices will be updated to include the new features.

    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 18.0.3 MR-3
    Intercept X Advanced (for Server) with EDR EAP latest
    If a post solves your question use the 'Verify Answer' link

  • Hello Intrusus,

    There might be an issue. When we're joining the EDR program, as you have shown above, we're only able to add Windows based devices. None of our MacOS based devices are 'Eligible' (they are simply not shown in the list). Have you guys tested this to work? If so, what can we do to get MacOS based devices in that list?

  • The EAP for Big Sur is not yet open, we plan to open it tomorrow before close of business (UK time)