You are accessing this website with an out of date browser. Please update to enjoy an optimal experience.


We help businesses, creatives, educational institutions and public sector bodies to improve their performance through better sustainable technology and expert services, support and sales. Find out more about the people and organisations we’re proud to work with. Read more


We’re a bit different from your average IT reseller. Throughout our nearly 30-year history, we’ve developed a proud company culture rooted in delivering great customer service and treating people with the respect they deserve. Find out more about what makes us tick and how you could fit in with the team. Read more

Understanding Apple Security: What native security features do devices have?

Here at Jigsaw24, we spend a lot of time talking about how secure Apple devices are. But what is it that makes them so safe, how do your third party endpoint security tools work with devices to keep you safe? And how much of a factor should this be when you’re choosing a device? We asked Apple Enterprise Solutions Architect, Jack Hollister, to answer some key questions…

Liz Sunter

“Understanding the native features available within the Mac environment and how endpoint security products use and interface with them is a key part of assessing the different products on the market,” explained Jack. “When you’re deploying devices at scale, this combination of native protection and the ability to integrate with third parties is essential.”


Let’s talk about the difference between Apple models. What difference does the M1 chip make to Apple security?

In any device using a T2 or M1 chip, all files on the internal storage are encrypted with AES-256 by a dedicated engine, which protects how files are accessed and modified. As the encryption key is kept locally on the chip and not shared with the CPU, data protection is ensured.


Is this automatic, or do IT teams need to configure devices manually?

The devices are designed to be secure from the second they’re turned on. When a T2 or M1-chip enabled Apple device powers on, the ROM verifies that the bootloader is signed by Apple, then authenticates the kernel and UEFI firmware before loading the OS. The macOS bootloader’s signature is verified by the firmware. Once this is completed, native security policies such as System Integrity Protection (SIP) and Signed Kernel Extensions are applied, keeping users safe.


Is data stored on removeable media safe too?

Yes. Apple devices arrive encrypted at-rest, which means any data is kept encrypted when you’re not using it. When you set up your device, you’re given the option to associate a local user account password with unlocking the disk. Once this is in place, your device’s storage cannot be accessed without the associated chip – making it impossible for malicious actors to access your data if all they have is your storage media.


These are all security features of Apple hardware – what about their OS?

There are three key functions built into macOS that provide device security.

·      XProtect A signature-based anti-malware tool with a feature set similar to endpoint security tools like Sophos and Symantec.

·      Gatekeeper Ensures your device only executes trusted software.

·      Malware Removal Tool The function that XProtect utilises for the destruction of malicious files.


Let’s start with XProtect

XProtect provides protection against signature-based malware. Apple automatically provide signature updates to devices to ensure that Mac devices can defend against malware threats, independent of any system upgrades you may or may not wish to install. However, in macOS 10.15 and up, XProtect goes further, checking the contents of applications when they’re first launched, and again when they’re changed.

When a known malware threat is detected by XProtect, it is blocked from executing, and the user is shown a notification and given the option to move the software to the trash.


What role does Gatekeeper play?

Gatekeeper containerises and verifies applications as they are launched, which is a long-winded way of saying it ensures users only open trusted applications. When a user downloads and opens an app, plugin, or installer package from anywhere other than the App Store, Gatekeeper verifies the software is from an identified developerand has beennotarised by Apple as free of known malicious content.

The first time a user tries to open the app, Gatekeeper will ask them to approve the opening and launch of the app, which prevents any malicious executable code hidden within a data file from running. It also opens the application in a read-only location, which prevents any automatic loading of plugins that are contained within it. 


Where does the Malware Removal Tool (MRT) come in?

Malware Removal Tool is the function in macOS which issues XProtect updates. It also remediates against infections, monitors malware activity, and revokes Developer IDs from malicious applications.


Are these tools enough to offer end users the protection they need?

Apple’s built-in security tools are designed to give users a level of security protection out of the box. They’re designed to prevent everyday users from downloading unsafe applications. Although these tools are great, in a business environment they’re just the beginning. Any IT team will want to build on them in order to provide more protection against malware, audit against discoveries, remove viruses from their Mac estate and remedy security threats. To do this, we need a well-administer, Apple-focused MDM solution, in addition to third-party endpoint security software…

Coming up in part two of our Apple security series, how mobile device management solutions can help with security and compliance. To find out more about our Apple services, drop your details in the form below, call the team in 03332 400 888 or email


Want to know more about security?

Just drop your details in the form and one of the team will be in touch.

*We would like to send you information on our latest special offers as well as relevant news, articles and event invites. Click here for examples. We’ll always treat your details with respect and the information you provide will only be used to better target the communications you receive. You can read our full Privacy Notice here

Related Articles