EPM for Mac 26.2.1

🆕 New features

macOS: Multi-language support for messages

Adds multi-language/locale support for macOS messages in the Policy Editor, matching the existing Windows support.

macOS Messages are now configurable for multiple languages, allowing you to translate policy message strings to their native locale on the endpoint. The macOS QuickStart has been updated to parity to Windows QuickStart which include Dutch - Netherlands, French, German, Italian, and Spanish.

Issues resolved

Description	Resolution
A sudo allow rule configured with TouchID-only authentication could silently grant elevation without prompting for any credentials.	Sudo allow rules configured with TouchID-only authentication now block the command and display a clear error message indicating the configuration is unsupported.
EPM for Mac agents using mTLS authentication could not communicate with a BeyondInsight server that had TLS 1.3 enabled.	EPM for Mac agents using mTLS authentication now communicate correctly with BeyondInsight servers that have TLS 1.3 enabled.
On macOS Tahoe, the EPM menu bar dropdown displayed a persistent grey box artifact following a policy or adapter change.	The EPM menu bar dropdown on macOS Tahoe no longer displays a grey box artifact following a policy or adapter change.
IP addresses in ECS auditing files for the PMC Adapter were not anonymized when anonymous auditing was enabled in the policy or Rapid Deployment Tool.	IP addresses in ECS auditing files for the PMC Adapter are now correctly anonymized when anonymous auditing is enabled in the policy or Rapid Deployment Tool.
Standard users in a permissive policy could prevent audit events from being raised by deleting and recreating the audit directory with different ownership permissions.	Standard users in a permissive policy can no longer prevent audit events from being raised by manipulating audit directory ownership permissions.
EPM message strings for sudo commands used "Sudo" with an uppercase S.	EPM message strings for sudo commands now correctly use lowercase "sudo".
The pmfmdiag tool could be run with the `all` argument without sudo, causing some checks to incorrectly report as failed.	The pmfmdiag tool now advises users to run it with sudo when elevated permissions are required, preventing misleading check results.
The EPM message Reason drop-down did not announce items correctly with VoiceOver when keyboard focus moved through predefined reason options.	VoiceOver now correctly announces each item in the EPM message Reason drop-down as keyboard focus moves through the list. This applies to all policies configured with predefined reason options.
Mac devices failed to onboard into Password Safe assets when installing the Password Safe client if the `/Library/PrivilegedHelperTools` directory was not present.	The Password Safe postinstall script now creates the `/Library/PrivilegedHelperTools` directory if it is missing, allowing Mac devices to onboard correctly.
Standard users could exploit Apple Xcode's swift-frontend to silently obtain the `system.privilege.admin` authorization right, bypassing EPM policy enforcement.	EPM policy enforcement now correctly prevents standard users from obtaining the `system.privilege.admin` authorization right through Apple Xcode's swift-frontend.
EPM for Mac repeatedly attempted to resolve groups referenced in a policy that did not exist on the endpoint, which could cause performance degradation.	EPM for Mac no longer repeatedly attempts to resolve groups referenced in a policy that do not exist on the endpoint.
Packages could fail to install correctly due to EPM processes crashing when a deprecated API was called.	EPM processes no longer crash during package installation due to use of a deprecated API.
The EPM authorization plugin could steal focus from other applications.	EPM no longer controls the `system.install.app-store-software` and `system.install.app-store-software.standard-user` rights, which prevents the authorization plugin from stealing focus.