Sophos Mac M1

Posted on  by admin

Can users with macOS 11 and the new Apple M1 hardware run Sophos Mac Endpoint Protection with the Big Sur EAP?
Yes. M1 users with Big Sur need to follow three steps:

  1. Install Rosetta 2
  2. Join the Big Sur EAP
  3. Run Sophos using Rosetta 2

What is Rosetta 2?
Rosetta 2 is a commonly used tool that enables a Mac with Apple silicon to use apps built for a Mac with an Intel processor. For instructions on installation, please refer to

‎Sophos Authenticator is a simple and intuitive application that provides multi-factor authentication on your mobile device. It generates both time-based and event-based one-time passwords (OTP) according to RFC 6238 and RFC 4226. Once configured, 2-step authentication protects your account by requi. Apple has released the new M1 Chip (ARM) equipped computers, which bring significant architecture changes (known as Apple Silicon). Among them, these devices will run (at minimum) macOS11 Big Sur, and handle tasks differently than previous Apple systems. Those hardware and OS changes also modify how software works on these devices, which requires developers to transition their apps to “Universal. This article lists the recommended system requirements for Sophos Anti-Virus for Mac. On Premise (SEC): Sophos Anti-virus for MacOS version 9.10.2 has full support for Big Sur, and support for M1 processors via emulation (Rosetta 2). Roll-out of version 10.0.4 (Central) and 9.10.2 (SEC) is scheduled to start on Feb 23, 2021 and complete by March 4th, 2021. Applies to the following Sophos product (s) and version (s). Since an M1 Mac's SSD is soldered to the logic board (and paired with the M1), having your SSD fail means replacing the logic board anyway. Both are kept as current as the most recent version of macOS that you have installed on your Mac and automatically.

Will there be a performance difference when using Rosetta 2?
Native support using the full power and performance of the Apple hardware will always be faster than using Rosetta 2. For normal business users there should not be any discernable difference. For heavy users of disk or CPU (for example: video editing, heavy photoshop usage, compiling) they will notice a difference in performance.

When is macOS 11 support coming?
The goal is to have macOS 11 support available to all customers by early March 2021. This includes support for both Sophos Central and Sophos Enterprise Console (SEC) managed devices. Brand new customers will have support from mid-February 2021. We will be upgrading all existing customers in stages, between mid-February and early March as per our normal release process.

Will Apple M1 Hardware be supported when we release Big Sur support?
Yes and this support will come in two stages. Stage 1 will be using Rosetta 2 and Stage 2 will be native support.

When will M1 processors be natively supported?
An early access program for native Apple M1 processor support will begin in early April. Planned GA is before the end of CYQ2. Native support means that Rosetta 2 is no longer required for emulation.

Will customers need to take any action when we support macOS 11 or the Apple M1 hardware?
When we release GA support for macOS 11 we will move all EAP devices to recommended. Customers do not need to take any action. The same will be true when we GA native support for the Apple M1 hardware. All devices that were running using Rosetta 2 will automatically use the native implementation.

Sophos Endpoint Mac M1

Key links

The latest operating system from Apple, macOS11 Big Sur, has arrived and it brings with it a few significant architecture modifications. In this article, we will take a look at these changes, as well as some of the things you might consider doing to automate much of the deployment of Intercept X on macOS.

These changes started to appear with macOS Catalina (10.15) – Apple is beginning to deprecate the use of system wide kernel extensions in favour of user space system extension APIs. This allows software like network extensions and endpoint security solutions to extend the functionality of macOS without requiring kernel-level access.

An interesting third party review of some of the most significant changes in the last decade Apple have recently introduced can be found here.

Unfortunately, we didn’t have a GA version of Intercept X for Mac available on the first day of release. The good news is that we now have an Early Access Program (EAP) available in Central, whereby customers can nroll devices running macOS11 in order to receive a pre-release version of Sophos Endpoint v10.0.2.

TIP: As you can appreciate, we don’t typically recommend using EAP (pre-release) software on a production system. If you would like to prevent users from upgrading to BigSur AND if you or your customer are using Sophos Endpoint, then it’s worth noting that the SophosLabs have added an Application Control detection for the Big Sur installer. This means that you can control its rollout by blocking the application – the installer is classified as a “System Tool”.

Most of you are probably aware of the process on how to join an EAP and then enroll devices, however if you would like some info on this process click here. Typically, we don’t make EAPs available to Sophos Central MSP accounts, however given that some customers may be purchasing new Apple hardware that comes pre-shipped running Big Sur, we have extended the EAP to MSP customers too.

Sophos Mac M11

About new hardware, the following Macintosh models (at the time of writing) use the new Apple M1 ARM-based system chipset:

  • MacBook Air (M1, 2020)
  • Mac mini (M1, 2020)
  • MacBook Pro (13-inch, M1, 2020)
Sophos mac m1 free

Sophos Intercept X for Mac does not natively support this new chipset; however, it can be made to work using a piece of backwards compatibility software called Rosetta 2. This software needs to be installed on the Mac before joining it to the EAP and it updating to 10.0.2. More info on this process is also covered in the EAP community post above.

On testing the deployment of Intercept X on a brand new macOS11 device, I found the installation routine quite user intensive with several prompts required to allow permissions etc. before a complete protected state could be achieved.

Bitdefender Mac


There are several things that can be done to reduce these prompts, specifically using an MDM provider (such as Sophos Mobile or JAMF) to essentially pre-trust extensions using the Sophos ‘Teams ID’ of 2H5GFH3774. This is a trusted ID that is used in the development of Sophos code, to automatically whitelist our software:

I found that this configuration made the deployment of Intercept X for Mac on macOS Catalina and older, virtually ‘silent’. There were still some prompts that required user interaction when deploying on Big Sur, however this will still down on the amount of interaction required without any applied MDM settings.

Our wonderful professional services team have also created a number of scripts to use with JAMF to automate deployment on Macs. Info on this can be found here.

Expect to see some more information in the new year, once a GA version of 10.0.2 for Mac is available, on how to automate the deployment further.