What’s New in Parallels Mac Management 8.6?

The new Parallels® Mac Management for Microsoft System Center Configuration Manager (SCCM) version 8.6 keeps the only solution for managing Apple Mac devices on Microsoft SCCM in step with macOS’s latest major update, macOS version 11—Big Sur. In addition to providing support for Mac devices running Big Sur, Parallels Mac Management 8.6 also comes with some changes you might want to be aware of. 

Here’s an overview of the key changes that accompany the latest version of Parallels Mac Management. 

Support for macOS Big Sur 

macOS Big Sur is arguably the biggest update to Apple’s operating system for Mac devices in the past decade, as it reflects the gradual transition of the Mac lineup to Apple’s own in-house-designed processors. Since 2001, macOS versioning has been following the 10.x notation. The last of that breed, macOS Catalina was tagged version 10.15. macOS Big Sur is the first to bear version 11. 

As soon as your business decides to migrate your Mac devices to the next generation of macOS starting with Big Sur, rest assured you’ll already have the capability to manage them on Microsoft SCCM when you use Parallels Mac Management 8.6. 

Installation of Configuration Profiles 

Configuration profiles provide IT administrators an easy way to enforce compliance requirements as well as configure settings, accounts, restrictions and credentials automatically on a large number of Mac devices. A typical configuration profile may contain predefined settings for passcode policies, Exchange account configurations, network settings, credentials, keys and many others. 

In 8.6, configuration profiles can only be deployed to Mac devices running macOS Big Sur via mobile device management (MDM). This means those Mac devices should be enrolled in MDM first. You don’t need to change anything regarding configuration profiles for older macOS systems—they will continue working as usual. 

Automatic MDM Enrollment 

As with the installation of configuration profiles (see previous section), automatic MDM enrollment has likewise changed for Mac devices running macOS Big Sur. In the past, it was possible to enroll all Mac computers in MDM automatically without user interaction if they were already enrolled in SCCM. Now, in version 8.6, automatic MDM enrollment requires user approval.  

This user-approved MDM enrollment process is carried out in the following manner: 

  1. The administrator configures automatic MDM enrollment for Mac devices. 
  1. The Mac user gets notified that the Mac should be enrolled in MDM. 
  1. The user approves the enrollment. 

Again, this applies only for Mac devices running Big Sur. Older Mac devices may be enrolled using usual methods of enrollment. 

FileVault 2 Encryption for Mac Devices 

One more change that affects Mac devices running on Big Sur is the enforcement method of FileVault 2 encryption. In the previous version, as soon as a configuration baseline is deployed to a device collection, Mac computers in the collection are evaluated immediately for compliance. If FileVault 2 is found to be disabled in a Mac, the user will be prompted with a message indicating that the device is about to be encrypted. 

The user will then be given the option to proceed with the encryption or to postpone it. If the user chooses Encrypt, the encryption process will commence. On the other hand, if the user selects Postpone, the user will be prompted repeatedly (with gaps of a few minutes) until the user clicks Encrypt instead of Postpone. This can be very distracting if the user is still working on something. 

In version 8.6, FileVault 2 encryption enforcement is delayed until the user logs out, thereby minimizing unnecessary distractions. The FileVault 2 encryption enforcement process now involves the following steps: 

  1. The administrator configures FileVault 2 encryption. 
  1. The Mac user gets notified that the Mac device is due for FileVault 2 encryption. 
  1. Encryption starts on the next login or logout. 

Enforcement of TLS Version for PMM Components 

The Transport Layer Security (TLS) protocol secures communications among Parallels Mac Management components as well as between Parallels Mac Management components and Mac devices. This ensures establishment of an acceptable level of trust before any two points commence data exchanges and protects all communication from network-based threats through data-in-motion encryption. 

However, because lower versions of the TLS protocol have known vulnerabilities, TLS security can only be truly effective if those lower versions are avoided. In Parallels Mac Management version 8.6, it’s possible to manually control the minimum TLS version to be used in communications to ensure optimal security. 

All these new features are available in all SCCM versions up to SCCM 2006 as long as they have the Parallels Mac Management version 8.6 plugin. Should you wish to try them out, you may grab your free trial copy of Parallels Mac Management now