Prepare For Changes To Macos Server

Posted on by admin

macOS Server discontinues calendar and contacts services.

Prepare for changes to macOS Server 5.7.1

Jan 30, 2018  Apple is deprecating a significant portion of essential network services included in macOS Server this year, as outlined in a published support statement titled 'Prepare for changes to macOS.

As hosted services have become widespread—and the need to keep software up to date is more important than ever—Apple is making some changes to macOS Server.

Learn about current and future support

Apple continues to develop and support macOS Server, which includes Open Directory, Profile Manager, and Xsan management. The most popular server features—Caching Server, File Sharing Server, and Time Machine Server—have been bundled with every installation of macOS High Sierra since its release in fall 2017, so that even more customers have access to these essential services at no extra cost.

Starting with macOS Server 5.7.1, Apple no longer bundles open source services such as Calendar Server, Contacts Server, the Mail Server, DNS, DHCP, VPN Server, and Websites with macOS Server. Customers can get these same services directly from open-source providers. This way, macOS Server customers can install the most secure and up-to-date services as soon as they’re available.

Apple has published documentation to help with this transition.

-->

Note

macOS kernel extensions are being replaced with system extensions. For more information, see Support Tip: Using system extensions instead of kernel extensions for macOS Catalina 10.15 in Intune.

On macOS devices, you can add kernel extensions and system extensions. Both kernel extensions and system extensions allow users to install app extensions that extend the native capabilities of the operating system. Kernel extensions execute their code at the kernel level. System extensions run in a tightly controlled user-space.

Macos server app

To add extensions that are always allowed to load on your devices, use Microsoft Intune. Intune uses 'configuration profiles' to create and customize these settings for your organization's needs. After you add these features in a profile, you then push or deploy the profile to macOS devices in your organization.

This article describes system extensions and kernel extensions. It also shows you how to create a device configuration profile using extensions in Intune.

System extensions

System extensions run in the user space, and don’t access the kernel. The goal is to increase security, provide more end user control, and limit kernel level attacks. These extensions can be:

  • Driver extensions, including drivers to USB, network interface cards (NIC), serial controllers, and human interface devices (HID)
  • Network extensions, including content filters, DNS proxies, and VPN clients
  • Endpoint security extensions, including endpoint detection, endpoint response, and antivirus

System extensions are included in an app's bundle, and installed from the app.

For more information on system extensions, see system extensions (opens Apple's web site).

Prepare for changes to macos servers

Macos Server 5.7

Kernel extensions

Kernel extensions add features at the kernel-level. These features access parts of the OS that regular programs can't access. Your organization may have specific needs or requirements that aren't available in an app, a device feature, and so on.

For example, you have a virus scanning program that scans your device for malicious content. You can add this virus scanning program's kernel extension as an allowed kernel extension in Intune. Then, 'assign' the extension to your macOS devices.

With this feature, administrators can allow users to override kernel extensions, add team identifiers, and add specific kernel extensions in Intune.

Macos Server End Of Life

For more information on kernel extensions, see kernel extensions (opens Apple's web site).

Prerequisites

  • This feature applies to:

    • macOS 10.13.2 and newer (kernel extensions)
    • macOS 10.15 and newer (system extensions)

    From macOS 10.15 to 10.15.4, kernel extensions and system extensions can run side by side.

  • To use this feature, devices must be:

    • Enrolled in Intune using Apple's Device Enrollment Program (DEP). Automatically enroll macOS devices has more information.

      OR

    • Enrolled in Intune with 'user approved enrollment' (Apple's term). Prepare for changes to kernel extensions in macOS High Sierra (opens Apple's web site) has more information.

What you need to know

  • Unsigned legacy kernel extensions and system extensions can be added.
  • Be sure to enter the correct team identifier and bundle ID of the extension. Intune doesn't validate the values you enter. If you enter wrong information, the extension won't work on the device. A team identifier is exactly 10 alphanumeric characters long.

Note

Apple released information regarding signing and notarization for all software. On macOS 10.14.5 and newer, kernel extensions deployed through Intune don't have to meet Apple's notarization policy.

For information on this notarization policy, and any updates or changes, see the following resources:

  • Notarizing your app before distribution (opens Apple's web site)
  • Prepare for changes to kernel extensions in macOS High Sierra (opens Apple's web site)

Create the profile

Prepare For Changes To Macos Server

  1. Sign in to the Microsoft Endpoint Manager admin center.

  2. Select Devices > Configuration profiles > Create profile.

  3. Enter the following properties:

    • Platform: Select macOS
    • Profile: Select Extensions.

  4. Select Create.

  5. In Basics, enter the following properties:

    • Name: Enter a descriptive name for the policy. Name your policies so you can easily identify them later. For example, a good policy name is macOS: Add antivirus scanning to kernel extensions on devices.
    • Description: Enter a description for the policy. This setting is optional, but recommended.

  6. Select Next.

  7. In Configuration settings, configure your settings:

  8. Select Next.

  9. In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as US-NC IT Team or JohnGlenn_ITDepartment. For more information about scope tags, see Use RBAC and scope tags for distributed IT.

    Select Next.

  10. In Assignments, select the users or groups that will receive your profile. For more information on assigning profiles, see Assign user and device profiles.

    Select Next.

  11. In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.

Next steps

Prepare For Changes To Macos Server List

After the profile is created, it's ready to be assigned. Next, assign the profile and monitor its status.