Sophos Endpoint and Apple macOS 11 Big Sur

Our Endpoint Protection does not yet support macOS 11 (Big Sur). Please do not upgrade until we announce that we support it. We plan to have an Early Access Program (EAP) available soon so that you can test it on your own machines.
Apple will release macOS 11 on the 12th November, we plan to create an EAP in Central to test this release soon, but do not support it yet.

Central Device Encryption (CDE) for Mac version 1.5.3 does support macOS 11, this was rolled out recently but bear in mind that if you use both Endpoint and CDE you will still need to wait before upgrading to macOS 11.

On-premise customers will also get a version of endpoint protection that is supported on macOS 11 but will not have access to an EAP or Preview ahead of full support.

ARM-based CPUs are not currently supported. They require macOS 11 and additional testing and requirements. Sophos will support ARM-based CPUs, however, the details of that support will be provided at a later date.


Please check this KBA for up to date information: https://support.sophos.com/support/s/article/KB-000039501?language=en_US


Link to the Big Sur EAP on the Sophos Community



included info for Big Sur EAP
[edited by: FloSupport at 9:50 PM (GMT -8) on 2 Dec 2020]
Parents
  • I know software takes time to develop and for this type of software arguably greater testing needs to be done. However not only is it well known that Apple will release a new OS at roughly the same time each year, but Apple give advance access to betas to devs and ordinary users so that in theory developers like Sophos can be ready for the day it is officially released.

    Yes Apple might make changes at the last minute but in theory you should still be more ready even if this happens and therefore have less additional work to do and incur less delay.

    It is now nearly the end of January 2021 and little progress is visible since November 2020. Other anti-virus vendors have released official Big Sur compatible versions last year leaving Sophos looking very tardy in comparison.

    Sophos should be well aware that brand new Macs will be shipping only with Big Sur installed and whilst in theory all but M1 equipped models can still be downgraded to Catalina the fact these may (are) be being direct shipped to end users for deployment via DEP means end users are not going to be able to downgrade them.

    Enterprise customers therefore - like myself will have to start considering whether to stay with Sophos or abandon them for a provider who can be better relied on. Indeed not only is this already to us an issue for new starters, not only am I getting pressure from end-users over why cannot they be allowed to upgrade to Big Sur but I am also getting pressure from our Head of Security over the risks that Sophos' failure to deliver a solution is causing in that some machines are being left unprotected.

    I am now having no choice but to enrol production Macs in to the EAP otherwise they would be completely unprotected.

    Can we at least have an update from Sophos indicating an estimate for when a complete version for Intel and M1 Macs is likely. (I do appreciate and recognise that the known issues etc. articles have been updated recently.)

    Note: macOS updates happen annually, it is now three months and counting since Big Sur was released. If hypothetically it takes Sophos six months to issue a compatible version this could mean that for half of every year Sophos is unable to protect Macs. Clearly this is unacceptable and will result in customers leaving.

  • Hello John,

    We are of course aware that new Macs ship with Big Sur and also that our support is later than you (and indeed we) would have liked, we have just agreed to support M1 devices under Rosetta 2 until we get native support released (during CQ2) and will have GA support for Big Sur at the beginning of March.

    This is the first time we have missed being ready for GA for over 10 years but we realize how accustomed Apple users are to upgrading on day 1 for any macOS update and we also strive for that support.

    Apart from the visual and security improvements macOS 11 has radically changed the way 3rd party vendors such as Sophos interact with macOS. Specifically changing kernel-level access to API (system extensions) access meaning we have had to re-write much of our interfacing code to work with the new APIs.

    We have diligently worked with Apple since the first build of Big Sur, logging issues and preparing our products to support Big Sur. Our products need to work on macOS 10.x (where kernel access is allowed), macOS 11.x (where kernel access is no longer allowed) and at the quality that our customers expect and since we have multiple features that use kernel extensions to function that means that we have had a lot to develop and test.

    Changes to an OS of this nature are, fortunately, few and far between and so we ask for a little more patience whilst do our final work and complete testing before we release a GA supported version of our endpoint product.

    Regards,

    Darren.

  • Hi,

    Is there a rough availability time for the newer version of Intercept X (Sophos Endpoint) for Big Sur?
    Our organisation and our IT Manager are asking for a deadline.
    Currently we have a large amount of our Students who have BYOD Mac Devices who are not fully protected.
    Any update, schedule information, etc. would be greatly appreciated.

    Otherwise I am getting pressure to find other vendors who have a working Anti Virus for Big Sur.

    I have even tried to give some of our students the Sophos Home Version, but it is only a trial.
    I was under the assumption that Sophos Home was free, but this does not seam to be the case now.

  • ,

    I see that McAfee Security Software has supported Big Sur since October 2020, but I am waiting to hear back from them to find if their Enterprise-level solution also supports Big Sur. We have a long-term contract in place with Sophos (which we have used for nearly two decades), but I have managers here telling me that they would have no problem demanding a refund if we need to switch in order to get the protection we expect (without being beta testers).

    But... I will see if is able to get us an updated timeline that I can pass upstream to my people here.

  • Thank you.

    I will wait for an update.

    Hopefully Sophos will have a fix sooner rather than later.

  • We are looking to complete the rollout of Big Sur support during the first week of March.

  • That is great to hear. Thank you very much.

  • , Should we expect rollout sometime between now and Friday?

  • Yes, the rollout should be complete by Friday, look for version 10.0.4 to confirm you are on the GA release

  • Is there a way to check if the endpoint is running fine with 10.0.4 and all exceptions which are set by Jamf Pro? Just to be sure that all settings are correct and the protection is enabled.

  • If you open the endpoint UI, click "About" then "Run Diagnostic Tool" you will see a "Prerequisites" tab on the left, if you open this there should be no red! 

    If this is the case you should be fully working.

Reply Children