Apple @ Work: How Apple Protects Macs From Mass Business Disruptions

Apple @ Work: How Apple Protects Macs From Mass Business Disruptions

Apple @ Work is brought to you exclusively by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that seamlessly and automatically integrates all the solutions needed to deploy, manage, and protect Apple devices at work into a single enterprise platform. More than 45,000 organizations trust Mosyle to get millions of Apple devices up and running effortlessly and affordably. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


Yesterday we saw one of the largest IT outages in history, and it looked a lot like what many people predicted when the year 2000 came along and the Y2K bug hit. Yesterday, people all over the world began seeing the “blue screen of death” as they began their workdays. This glitch caused delays for banks, airlines, railroads, mobile carriers, TV and radio broadcasters, and grocery stores. only Windows did suffer from this.

A bug in a CrowdStrike security update caused the error. You can read their blog for more information. CrowdStrike is a fantastic company and they make incredible products. Their products are simply some of the best security tools in the industry, but unfortunately accidents can happen.

Macs weren’t affected, however, and for good reason. That’s Apple’s way of protecting itself from the mass Mac outages the world experienced on Friday.


About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Drawing on his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, thousands of Macs, and thousands of iPads, Bradley will discuss how Apple IT managers deploy Apple devices, build networks to support them, train users, real-world stories from IT management, and ways Apple can improve its products for IT departments.


Apple’s Endpoint Security framework

The core of the problem is that CrowdStrike’s tools run at very deep levels on Windows. On Mac, they can’t run at those levels – more. Apple’s Endpoint Security Framework is a modern API toolkit designed to help security vendors build security solutions for the Mac. It was introduced in macOS 10.15 Catalina and provides a comprehensive set of tools and services to monitor and secure endpoints.

The framework allows developers to monitor various security-related events, such as file system access, process creation, and network connections. This allows for real-time monitoring of activity on a Mac, but it does so in a way that protects user privacy and also limits how low-level the activity can go. Apple designed the framework to respect user privacy and provide transparency. Applications using the Endpoint Security Framework must obtain explicit user consent to monitor and block activity, so that users know what security measures have been applied to their devices.

Apple’s Endpoint Security framework replaced the Kernel Extension (kext) based security mechanisms. These Kernel Extensions had deep access to the system and ran in kernel space. This level of access posed significant security risks and potential stability issues, as a malformed kext could crash the entire system.

Get it now? Apple’s Endpoint Security framework was created to modernize the way enterprises interact with macOS from a security perspective. Apple realized that as it became one of the most widely used endpoints in the enterprise, it needed a modern way to manage endpoint monitoring for the enterprise’s IT and security teams. When Apple made this change, it was a major transition for security vendors. They had to change the way their tools worked to be compatible with future macOS versions.

9to5Mac’s Opinion

Apple was right. Building a modern enterprise API for endpoint detection wasn’t easy, and the entire industry had to follow suit. Apple’s framework is how it should be done. An endpoint security tool shouldn’t crash a system to the point where it’s unusable.

This is one way Mac users can protect themselves from things like the CrowdStrike outage. When Windows PCs went offline on Friday, customers and businesses could rely on their Macs.

Thanks to Apple’s ecosystem and things like the Endpoint Security Framework, the company is much less vulnerable to third-party vulnerabilities like we saw with CrowdStrike and Windows PCs.

While IT admins scrambled to save the day on Friday, businesses that rely on Macs (and iPads) were left out in the cold. In fact, in many cases, Macs were what kept the lights on—from hospitals to small businesses and beyond. It’s the perfect example of the Apple ecosystem doing what it does best: putting users, privacy, and security first.


Apple @ Work is brought to you exclusively by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that seamlessly and automatically integrates all the solutions needed to deploy, manage, and protect Apple devices at work into a single enterprise platform. More than 45,000 organizations trust Mosyle to get millions of Apple devices up and running effortlessly and affordably. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

FTC: We use income generating automatic affiliate links. More.