Elastic Defend now supports macOS Tahoe 26

Many security teams face a gap in endpoint visibility when employees upgrade to the newest version of macOS. If their extended endpoint detection and response (XDR) solution isn’t compatible, analysts lose critical telemetry — risking delayed detections and giving attackers a window of opportunity.

Elastic is committed to eliminating that gap. By ensuring Elastic Defend is validated for macOS Tahoe 26 before release, we help security teams maintain full coverage without interruptions as their organizations adopt Apple’s latest OS.

• Full compatibility with macOS Tahoe 26: Elastic Defend covers everything from system extension approval to system integrity monitoring.

• Consistent coverage across environments: Elastic provides security operations center (SOC) teams with a unified view of endpoint activity across Windows, Linux, and macOS, guaranteeing comprehensive operating system coverage.

• Streamlined permissions setup: Installing Elastic Defend on macOS Tahoe 26 now seamlessly supports the permissions workflow.

  • Approve the system extension to monitor process, file, and network-level visibility.

  • Enable network content filtering for host isolation.

  • Grant full disk access essential for deep system event monitoring.

• Enterprise-friendly deployment via mobile device management (MDM): Deploying Elastic Defend at scale is easier than ever. macOS Tahoe 26 is fully supported through standard MDM workflows, enabling silent installation with preapproved system extensions and full disk access rules defined in configuration profiles.  Learn more about how to deploy Elastic Defend using Jamf.

• Out-of-the-box detections: Built-in macOS rules, machine learning jobs, and threat intelligence integrations continue to work seamlessly on macOS Tahoe 26.

1. Update Elastic Stack: Ensure you are on the latest Elastic Stack and Elastic Agent version to leverage full macOS compatibility.*

2. Deploy via MDM: Set up system extension approvals, network content filtering, and full disk access in your MDM profile.

3. Monitor via Fleet: Use Kibana’s Fleet UI to track endpoint enrollment and ensure agents on macOS are functioning correctly.

4. Test for alerts: Confirm visibility by triggering detection rules like “Attempt to Unload Kernel Extensions” and validating event ingestion in Elastic Security.

5. Review logs and alerts: Go to the endpoints page in Elastic Security to make sure macOS clients show up and logs are arriving as expected.

*macOS Tahoe 26 support was added for version 8.18.6, 8.19.3, and version 9.0.7 or higher as listed in the support matrix.

Our goal is to make sure security never lags behind innovation. Elastic Defend’s support for macOS Tahoe 26 is part of a broader commitment: delivering day-one compatibility with new operating systems so that your defenses stay strong as your technology evolves.

Elastic’s proactive support for macOS Tahoe 26 ensures that security teams can upgrade endpoints without sacrificing visibility or protection. Whether you're managing a fleet of developer laptops or securing executive devices, Elastic Defend is ready on day one.

Join the growing number of businesses that trust Elastic Security to protect their organization against attacks. Experience the peace of mind that comes with knowing that your endpoints and organization as a whole are secure against the latest threats. Start your Elastic Security free trial, and discover the difference that our protection can make. Visit elastic.co/security to learn more.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.