It’s been a busy month for Apple releases. We released new profiles and restrictions for iOS 13 in September. And today we support a number of new profiles and restrictions for macOS Catalina, with more on the way.
While our goal was to have all features synchronized with Apple’s release, we have identified a significant issue with our macOS Agent. macOS Catalina introduces new and important security controls which require the Agent to adapt accordingly. The issue affects Agent enrollment and Agent-based features such as command line execution and remote view. Profile enrollment and all non-agent functionality, including MDM profile delivery and App Store app management, are unaffected and function correctly today on Catalina.
As we work on preparing a new version of the Agent that will resolve this issue, we wanted to make sure the Meraki Community was kept up-to-date with our status. We’ll keep you posted as we make progress finishing the Catalina compatibility effort. Thank you for your patience.
Thank you for the heads up. It's always nice to see information like this as soon as possible.
One question though, can we now deploy the Education Profile through Meraki to Macs? I know this has been a problem in the past in trying to get Apple Classroom working on Macs.
So will the fixes to the SM Agent in macOS Catalina trickle down to Mojave too, in respect to Remote View/Desktop?
Because at this point I have had a case active since January of this year, with no resolution for Remote Desktop.
What worries me now is that Catalina out and we still have no resolution to an issue affecting a major tent-pole feature of SM.
Important security controls were introduced with Mojave too, in September 2018, so you can probably guess my concern…
I know it probably seems odds for us to tackle Catalina first and then get back to older Mojave issues, but that is indeed what we are going to do.
My apologies for the macOS Remote Desktop issues. We are indeed working on them but it is taking much longer than we would like to fix.
<rant> @Noah_Salzman The only issue I have with this is that we run a pretty typical production environment and the thought of upgrading to macOS Catalina is way in the future, especially with the dropped 32bit support and getting all app developers up to speed (mostly plug-ins). So what I have now are a bunch of Macs steadily upgraded to macOS Mojave from older OS's but no means to control them.
From what I understand the most pertinent issues with remote access require a signed application and explicit granting of access, these things were introduced in Mojave. Yes there have been even more changes in Catalina, but it seems before you can run you may wish to walk as the fixes for Catalina surely have some grounding in those for Mojave. A stop-gap solution would provide a modicum of relief.
I just find it frustrating that an advertised feature has not worked for the lifetime of an OS. </rant>
Does the "Support for brand new macOS Catalina Settings payloads" mentioned in the blog post include the ability to grant applications full disk access via MDM similar to what JAMF is doing? https://www.jamf.com/jamf-nation/articles/553/preparing-your-organization-for-user-data-protections-...