What is new with macOS Ventura and security
We are all looking forward to the new features and stability of the new macOS, but with it usually come new challenges for Mac admins.
Let’s just examine two of them.
- Login Items
- Software Updates
It is an essential part of many software packages to be able to start services behind the scenes. Most of these are necessary and benign. But, as always, this can be abused by malware and other unwanted apps. With the introduction of Login Items and their related notifications, any time such a background service is started the user is notified. The option also exists to allow the user to toggle these items on and off.
This of course is a great addition, but it presents some challenges for macOS Admins in the Enterprise. There are some applications and services that are provisioned for devices that should not be modified by the end user. Security or Management apps are such an example, and allowing the end-user to disable them could result in compliance violations and other risks.
After much feedback from the macOS Admin community, Apple provided a way to manage these login settings and even silence most of the notifications during the provisioning process.
Reach out to your Apple team for additional information.
There are many other blogs from fellow mac admins that detail the profiles needed to manage these new settings, so I won’t go into that here. I do want to highlight one thing that as admins sometimes we tend to overlook: the user experience.
I have seen some colleagues opt for completely disabling the notification functionality. This, while certainly reducing the amount of notifications, could backfire. Imagine the one case where an end-user installs an application that turns out to be malware. The OS would have notified them, they may have noticed and reported it, but we silenced it. This might lead to an interesting conversation with InfoSec.
It will be interesting to see how this new form of rapid software update develops, and what functionality the MDM vendors incorporate in their software. For now it looks promising.