cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Endpoint Support for High Sierra/Mojave

Jump to solution

Hi,

I'm just wondering what the latest is on Endpoint support for MacOS 10.13 and the upcoming 10.14.  I realise that E80.71 has limited support, and even then only using local accounts.  This won't work for our envrionment as we use Centrify to bind our Macs to our Windows domain.

At the moment we can get away with downgrading machines to 10.12 and install E80.64 but inevitably at some point this will no longer be possible and we will be forced to use Filevault instead.

Has CP made any progress in working around Apple's new AFS?

Howard

1 Solution

Accepted Solutions

Re: Endpoint Support for High Sierra/Mojave

Jump to solution

Hi Howard, 

We are currently working with Apple on the issue, chasing a missing secure token on Mobile Accounts. This is an OS issue, not an application one.  Apple (according to their policy) doesn’t provide any ETA’s for a resolution of the problem on their side, and we are closely monitoring the progress they are doing in the AppleSeed program. 

As of today, the issue is not yet resolved. We will let you know when it is fixed.

Thanks a lot for your understanding.

6 Replies
Admin
Admin

Re: Endpoint Support for High Sierra/Mojave

Jump to solution

As far as I know, the newer AFS does not allow for third party FDE solutions to operate.

As for when we'll resolve the issues, I am not familiar with the timelines for this, but I'll see if we have an update.

Re: Endpoint Support for High Sierra/Mojave

Jump to solution

Hi Howard, 

We are currently working with Apple on the issue, chasing a missing secure token on Mobile Accounts. This is an OS issue, not an application one.  Apple (according to their policy) doesn’t provide any ETA’s for a resolution of the problem on their side, and we are closely monitoring the progress they are doing in the AppleSeed program. 

As of today, the issue is not yet resolved. We will let you know when it is fixed.

Thanks a lot for your understanding.

Re: Endpoint Support for High Sierra/Mojave

Jump to solution

Valeri/Dameon,

Thank you both for your responses.  We look forward to any updates.

Howard

Re: Endpoint Support for High Sierra/Mojave

Jump to solution

Just wanted to add a quick update.

We've just had our first Apple Macbook Pro model that will not allow me to downgrade to 10.12.6.  It won't even allow me to boot from exrternal media as it prompts you to upgrade the boot disk, which never completes successfully.

Annoyingly, you cannot install an exported E80.64 package with FDE absent, only ME,FW,Comp and VPN.  It rejects the package based on the vendor even after you set that vendor to "Allow" via the "Security and Privacy" tab.

Hopefully Apple will be forthcoming soon.

0 Kudos
C_A
Ivory

Re: Endpoint Support for High Sierra/Mojave

Jump to solution

I can confirm that after upgrading to Mac OS 10.14 (Mojave), Endpoint fails to connect: "No valid certificate with acceptable DN found in the Keychain". In downloads section, there is no compatible option yet, latest one is still E80.71

0 Kudos
Highlighted

Re: Endpoint Support for High Sierra/Mojave

Jump to solution

Thanks for that.

We've been playing around with E80.71 on 10.13.x, and in conjunction with Centrify for AD bind we had to settle for the following:

Filevault for FDE

E80.71 without FDE blade

Logging in with local accounts only

If you log in with a Centrify network managed account, for some reason the VPN blade software does not work at all.  The configured site is not visible, and none of the buttons on that blades GUI work.  Log in with a local account and the site is visible and the buttons work.

In the configuration above we can still use  Centrify to enforce settings for the machine account but not the user accounts, which is not ideal and we must also manage FDE separately as well....but we can deploy machines.

So having made this small step its a litle disappointing to hear that 10.14 may break all that again but I have not had the chance to confirm this yet.