Mac SEP clients are stuck in “Authentication Pending” state and do not enroll with EDR.
The self-signed or CA signed certificate used to encrypt authentication between SEP clients and EDR is missing required information required by Mac OS 10.15 and above.
Symantec EDR 4.6 and later.
If you use your own self-signed or CA signed certificate, the certificate meet the following requirements:
If the certificate does not meet the above requirements, Mac clients cannot authenticate with SEDR 4.6 or later and will remain in "Authentication Pending" state.