Skip to main content

Apple @ Work: Apple’s Security Endpoint API lets security vendors provide enterprise-grade products while preserving the Mac experience

Apple @ Work is brought to you by Mosyle, the leader in modern mobile device management (MDM) and security for Apple enterprise and education customers. Over 22,000 organizations leverage Mosyle solutions to automate the management and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.

As we continue with our series on Apple’s enterprise security design, I want to look at the Endpoint Security framework. While it’s only a couple of years old, I believe it’s a crucial part of Apple’s enterprise “pitch” in the future.

About Apple @ Work: Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.


If you’ve ever used a Windows PC in the workplace, you know that some of the “management tools” that get installed end up causing significant problems for day-to-day usage. I still hear stories from friends of mine who are required to use PCs for their jobs, and they talk about how slow they are because of all the extra bloatware installed.

Honestly, I get both sides. I get the side of IT who is trying to protect company resources. But, I also get the side of the end-user who wants to get their job done. This scenario is why the Endpoint Security API is so important for Apple.

Endpoint Security is a C API for monitoring system events for potentially malicious activity. You can write your client in any language supporting native calls. Your client registers with Endpoint Security to authorize pending events or receive notifications of prior events that have already occurred. These events include process executions, mounting file systems, forking processes, and raising signals.

Learn more about Apple’s Endpoint Security API

If you want to watch a video to learn a bit more about it, check out this video from WWDC 2020. TL;DW: The Endpoint Security API is the modern replacement for apps that want to connect at the Kernal level. Any time a new version of macOS would be released, apps that ran at this level were always problematic. Because of this problem, organizations had to delay upgrading to the newest version of macOS, which would actually lead to potential security problems as their devices weren’t patched for the latest threats and vulnerabilities.

Jamf Protect

One of the first apps to be released using this new API released with Catalina was Jamf Protect. Jamf Protect extended the built-in macOS security tools like XProtect and Gatekeeper for improved reporting, compliance, and security posture while working off Apple’s API to provide a kextless security tool.

Going forward, any vendor making an enterprise security tool for Mac should be using Apple’s Security Endpoint API.

Why does Endpoint Security matter?

Apple’s endpoint security API shows that Apple recognizes that XProtect and Gatekeeper are not enough for enterprise IT departments. So instead of burying their head in the sand and letting security vendors built intrusive software that makes the Mac run worse, they went to work on the way to give enterprise security vendors a path to a reasonable solution. The Endpoint Security API lets them build their tools in a way that preserves the Mac experience for end-users using Apple at Work.

For security vendors, building around this API shows their customers that they care about the Mac experience, and they will also easily stay compatible with future macOS versions.

Photo by Patrick Ward on Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications