Apple seldom gives advanced notice of significant changes coming in the next major version of macOS, before its first beta-release at WWDC. One significant exception to this are changes to networking that could impact enterprise users. This year, with just over six weeks to go before that first beta of macOS 27, we already have two warnings of what might be coming.

AFP and network storage

Apple made SMB its primary file-sharing protocol in OS X 10.9 Mavericks, over 12 years ago, and has repeatedly told us that support for its predecessor AFP will be removed in the future. It repeated those warnings with macOS Sequoia 15.5, but still hasn’t confirmed when AFP will be lost.

Those who are most likely to be affected by this are still using Time Capsules, or elderly NAS systems that don’t support SMB3. As removal of AFP support won’t be retrospective, provided that none of your Macs will be upgraded to macOS 27, you’ll still be able to use AFP for your file shares and Time Machine backups. But if you have an Apple silicon Mac and AFP support is dropped from macOS 27, that would leave you unable to upgrade without replacing your network storage.

TLS and servers

Most recently, Apple has warned that a future version of macOS, and its device OSes, will require connections to certain servers to be made using at least TLS 1.2, with additional requirements. I’m grateful to Rich Trouton’s Der Flounder blog for drawing attention to this.

Although Apple carefully avoids being too specific, it warns that this change could come “as early as the next major software release”, although one of the purposes behind its support article is to gauge the impact the change might have on its enterprise customers. If there would be major problems, it may decide to delay its introduction.

This change is more technical, and largely applies to servers involved in supporting MDM, DDM, Automated Device Enrolment, app distribution and installation, and Apple software updates. Fortunately, if you run a local Content Caching server, that won’t be affected.

Unlike the removal of AFP, it’s far harder to tell whether a connection to a server complies with the new rules, which require:

• support for TLS 1.2 or later, with TLS 1.3 recommended,
• use of ATS-compliant ciphersuites,
• presentation of valid certificates meeting ATS standards.

The most reliable way to check is to audit connections made to each server, by screening log entries from the Mac or device. That’s further complicated by the fact that the log doesn’t normally gather the information that’s required. So the first step is to install a network diagnostics logging profile available from Apple. The support article explains how to collect a logarchive using sysdiagnose, and provides a monster predicate to extract relevant entries:
"p=appstoreagent|appstored|managedappdistributionagent|managedappdistributiond|ManagedClient|ManagedClientAgent|
mdmclient|mdmd|mdmuserd|MuseBuddyApp|NanoSettings|Preferences|profiled|profiles|RemoteManagementAgent|
remotemanagementd|Setup|'Setup Assistant'|'System Settings'|teslad|TVSettings|TVSetup|XPCAcmeService AND s=com.apple.network AND m:'ATS Violation'|'ATS FCPv2.1 violation'"

And yes, Apple is encouraging system administrators to copy and paste a command into Terminal, because there’s no GUI app in macOS that could be used to do that, although you can use it in Ulbow, and I suspect in LogUI with a little modification.

If you’re within the scope of this proposed change, you’ll need to read Rich Trouton’s account, and Apple’s full article. I wish you the best of luck. As with AFP, this change shouldn’t apply retrospectively.

Timescale

• 27.0 developer beta due on 8 June 2026
• 27.0 public beta due around 8 July 2026
• 27.0 release most probably in mid-September 2026, only five months away.

With macOS Tahoe already more than half way through its cycle, and Apple’s WWDC announced, now is a good time to plan your Mac’s calendar. This article peeks at what lies ahead for macOS over the next six months.

Since the pandemic disruption settled, minor version updates to macOS have become more regular. Looking across Sonoma, Sequoia and Tahoe, greatest variation in their timing has been in their x.3 and x.4 releases, that have varied between 22 Jan – 11 Feb, and 7 – 31 March, respectively. x.5 to x.7 have been more consistent, as they’re more tightly constrained by events including WWDC, the subsequent new beta season, and for some maybe even a vacation.

Those are summarised in the chart above, together with my predictions for the dates we should expect the remaining minor versions of Tahoe. Those should bring its cycle to look like:

• 26.0 – 15 September 2025
• 26.1 – 3 November 2025
• 26.2 – 12 December 2025
• 26.3 – 11 February 2026
• 26.4 – 24 March 2026
• 26.5 – 11 May 2026
• 26.6 – 27 July 2026
• 26.7 – 14 September 2026.

Where my forecasts are given in italics. Patch releases, such as 26.3.1, and BSIs occur outside that schedule. While we’re on the topic of BSIs, all indications are that Apple only intends to provide them for the current release of macOS, as it did with RSRs, which means that those Macs staying with Tahoe from 26.7 will no longer get them. It’s unclear how significant a loss that might prove.

WWDC this year is being held between 8-12 June, and will almost certainly bring the first developer beta release of macOS 27.0 (and all Apple’s other OSes). That’s likely to be made available to public beta-testers in early July. This is particularly significant this year, as it will be the first version of macOS to run exclusively on Apple silicon Macs.

For those with Intel Macs, or intending to remain with older versions of macOS, likely dates of release for scheduled security updates to Sonoma and Sequoia are:

• 15.7.6, 14.8.6 – 11 May 2026
• 15.7.7, 14.8.7 – 27 July 2026
• 15.7.8, 14.8.8 – 25 August 2026
• 15.8 – 14 September 2026.

The date at the end of August is possible, but less likely than the previous two. So far this year, security updates for Sonoma and Sequoia have been keeping reasonably close to those for Tahoe, in terms of vulnerabilities addressed, so the security gap between them has been rather less than in previous cycles.

However, the important message here is that it’s unlikely that Sonoma will receive any further security updates after the end of August this year. If your Mac is capable of being upgraded to Sequoia, now is the time to plan that, or it’ll all too quickly be September and your macOS will have lost its last support.

Similarly, if you’ve been holding back from upgrading to Tahoe in the hope that it will undergo interface improvements, I’m afraid that’s now looking increasingly unlikely. If it’s an Intel Mac capable of running Tahoe, there’s little point in avoiding making that decision any longer. There’s only limited time and scope left for improvement in macOS 26, with most engineers now more focussed on getting macOS 27 ready for WWDC.

Key forecasts

• 26.5, 15.7.6, 14.8.6 – 11 May 2026
• 27.0 developer beta – 8 June 2026
• 27.0 public beta – 8 July 2026
• 26.6, 15.7.7, 14.8.7 – 27 July 2026
• 27.0, 26.7, 15.8 – 14 September 2026.