Endpoint Services, macOS 11 (Big Sur) or higher, Configuration Profiles
Systems
Workspace ONE Unified Endpoint Management (UEM)
Munki Mac Endpoint Management
Intended Audience
University of Illinois IT Pros managing macOS endpoints with Endpoint Services Multi-Tenant Munki and Workspace ONE UEM.
General Information
With the fall 2020 release of macOS 11 (Big Sur), Apple removed the ability to install configuration profiles using command-line tools, the method used by Munki to install profiles. This change affects a variety of profile packages in the Multi-Tenant Munki service, including unit-level Workspace ONE (WS1) auto-enroll profiles, which are used to enroll non-Device Enrollment Program (DEP)-eligible Macs into WS1.
Workspace ONE Auto-Enroll Profiles
Using Munki to install Workspace ONE (WS1) auto-enroll profiles on non-DEP-eligible Macs running macOS 11 (Big Sur) and higher, is no longer possible. Instead, use manual enrollment methods for these enrollments.
Other Configuration Profiles
The following table contains MTM configurations that can't be installed on macOS 11 and up via Munki, and the corresponding Workspace ONE profiles available for all versions of macOS. We encourage units to begin transitioning from Munki profiles to Workspace ONE profiles as soon as possible. If you would like assistance with the transition, please contact the Endpoint Services team.
Munki Manifest Conditions
You can add conditions to your unit Munki manifests to prevent Munki from evaluating profiles for installation on Big Sur and higher clients. This will prevent warnings from being logged to your MunkiReport dashboard. Learn how to create and apply conditions to your unit-level Munki manifests.
| Munki Package | Workspace ONE Profile(s) | Purpose |
| enterprise_connect_uiuc_settings | Enterprise Connect UIUC Settings | Pre-populates the AD domain in the Enterprise Connect dialogue. Big Sur is the last macOS version to support Enterprise Connect. |
| illinoisnet_wireless_system_auth | IllinoisNet_Wireless_System_Auth | Uses AD Computer Object credentials to automatically log on to IllinoisNet. For AD-bound machines only. |
| mobileconfig_com.microsoft_disableupdatesandfirstrun | ms.disable.autoupdates, ms.first.run.complete | For Office 365/2019, disables automatic updates and suppresses initial setup dialogues. |
| munkitimewindow_9pmto4am | MunkiTimeWindow-9pm-4am | Changes the default MunkiTimeWindow schedule to 9pm - 4am. Requires base munkitimewindow installation via Munki. |
| munkitimewindow_12amto2am | MunkiTimeWindow-12am-2am | Changes the default MunkiTimeWindow schedule to 12am - 2am. Requires base munkitimewindow installation via Munki. |
| munkitimewindow_12amto6am | MunkiTimeWindow-12am-6am | Changes the default MunkiTimeWindow schedule to 12am - 6am. Requires base munkitimewindow installation via Munki. |
| secure_token_bypass | SecureTokenBypass | Bypasses the SecureToken dialogue for all logins. |