Edit

Share via

Global Secure Access client for macOS release notes

This article lists the released versions of the Global Secure Access client for macOS and describes the changes in each version.

Download the latest version

You can download the current version of the Global Secure Access client from the Microsoft Entra admin center.

  1. Sign in to the Microsoft Entra admin center as a Global Secure Access Administrator.
  2. Browse to Global Secure Access > Connect > Client download.
  3. Select the macOS tab.
  4. Select Download Client. Screenshot of the Client download screen with the Download Client button highlighted.

Version 1.1.25090800

Released for download on November 24, 2025.

Other changes

  • Bug fix: Better recovery of the connection to the Global Secure Access cloud service when a device switches between networks.
  • Bug fix: Mutual Transport Layer Security (mTLS) connections to the Global Secure Access cloud service use the correct certificate after renewal.
  • Bug fix: Web page translation in Microsoft Edge browser is fully functional.
  • Bug fix: DNS queries for service (SRV) records in public DNS servers are supported.
  • Enhanced telemetry for better supportability and monitoring.
  • Miscellaneous bug fixes and improvements.

Version 1.1.25070402

Released for download on August 19, 2025.

Other changes

  • Bug fix: Fixes a compatibility issue with macOS 26.

Important

To maintain functionality, deploy version 1.1.25070402 of the client before upgrading to macOS 26.

  • The installer now includes a stapled notarization ticket, so macOS can verify its integrity and avoid security warnings during offline installation.

Version 1.1.25070401

Released for download on July 29, 2025.

Functional changes

  • First version in general availability.
  • Bug fix: Provides better support for large forwarding profiles.
  • Supports log collection with a script.
  • Increases client's log file size to allow for more comprehensive logging.

Other changes

  • Bug fix: Implements a workaround for Dynamic Host Configuration Protocol (DHCP) failures seen in macOS 15.4 and later because of a change in macOS.
  • Bug fix: Avoids repeated, unnecessary certificate signing requests.
  • Enhanced telemetry for better supportability and monitoring.
  • Miscellaneous bug fixes and improvements.

Known issues

  • Client version 1.1.25070401 has a known compatibility issue with macOS 26 that causes the device to lose connectivity. To maintain compatibility with macOS 26, upgrade to and deploy client version 1.1.25070402 before upgrading to macOS 26.

Version 1.1.25060400

Released for download on June 24, 2025.

Important changes for deployment with Mobile Device Management (MDM)

  • The distribution profile identifiers changed:
    • Previous: com.microsoft.naas.globalsecure-df → New: com.microsoft.globalsecureaccess
    • Previous: com.microsoft.naas.globalsecure.tunnel-df → New: com.microsoft.globalsecureaccess.tunnel
  • Special upgrade instructions apply when moving from version 1.1.584.1 (or older) to version 1.1.25060400 (or newer):
    1. Exclude macOS devices you want to upgrade from MDM policies that distribute previous client versions to avoid side-by-side installations, which can break client behavior.
    2. Deploy MDM policies to automatically allow system extensions and allow transparent app proxy.
    3. Follow the updated instructions for the new identifiers:
      • com.microsoft.globalsecureaccess
      • com.microsoft.globalsecureaccess.tunnel
    4. Create a new policy to install the new client version.
    5. Remove any old policies that allow system extensions and filtering app proxy with deprecated identifiers.
  • Future versions keep the new distribution profile identifiers unless otherwise noted.
  • You don't need the special upgrade procedure when upgrading from a version newer than 1.1.584.1 because those versions already use the new identifiers.

Functional changes

  • Support for mTLS connections to Global Secure Access.

Note

The mTLS connection rolls out gradually to customers through the cloud service. Customers continue to use the Transport Layer Security (TLS) connection until they get mTLS.

  • Telemetry collection is enabled.
  • The new UI includes a link to Microsoft's privacy policy to comply with the telemetry collection policy.
  • An uninstaller application is added for easy removal of the Global Secure Access client as an alternative to the uninstall script.
  • Option to disable Private Access, letting users access private applications directly through the corporate network.
  • Client disable-state doesn't persist after a restart; the client automatically re-enables after a restart.
  • Support for Continuous Access Evaluation (CAE) in Global Secure Access client authentication.
  • Accessibility improvements for the Advanced Diagnostics tool and main window.
  • Bug fix: Canonical name (CNAME) records now resolve correctly (previously resolved as A records).
  • Bug fix: Resolved connectivity issues when resuming from sleep.

Other changes

  • The client version format now uses the build date. Older versions might have higher numerical values than newer ones, but future versions increment numerically.
  • Bug fix: Logging network trace is now disabled by default to optimize performance.
  • Improvements and bug fixes for Advanced diagnostics.
  • Miscellaneous bug fixes and improvements.

Version 1.1.584

Released for download on November 18, 2024.

Functional changes

  • First public preview version.

Related content

  • Last updated on