Workbrew 1.3 brings precision and visibility to IT teams at scale. This release strengthens device access controls, improves default software rollout, enhances policy notifications, and streamlines the Console experience.
Workbrew 1.3 enforces access mode boundaries precisely, alerting admins when devices no longer meet standards.
In this fix, devices in Standard mode cannot self-install casks. In 1.3 users can no longer install GUI apps via brew install --cask [app_name]
without admin involvement.
Workbrew flags devices whose actual permissions don’t match the expected access mode. If a device is behaving like it’s in Sudo mode when it shouldn’t be, you’ll be alerted of access mode violations in the dashboard, and weekly email reports.
Workbrew enables admins to assign access modes (Sudo, Standard, and Restricted) to different device groups. For example, your DevOps team might need Sudo access while all other developers remain restricted.
If a device in your fleet exhibits behavior that’s a deviation from policy, this new feature will alert admins in the console.
For Admins:
For Your Team:
Console Access Modes and Alerting is now available on all plans.
If teams within your company have different needs, Workbrew now enables multiple policies that apply to specific device groups or individual devices.
Whether you’re managing a small set of machines for internal tooling, or enforcing strict controls on production systems, you can now tailor policies to your exact use case.
For Admins:
For Your Team:
Dynamically-Targeted Policies are now available on Pro and Enterprise plans.
New features for Default Packages in the Workbrew Console eliminate duplication of effort and boost efficiency for admins and users.
If a device already has an app installed and it matches a Default Package, Workbrew converts it into a managed cask automatically. No duplicate installs, no disruption.
Casks installed via Default Packages now skip macOS quarantine warnings. End users won’t see “Are you sure you want to open this app?” for apps installed by IT.
For Admins:
For Your Team:
Brew Adopt & No Quarantine Prompts for Default Packages are now available on all plans.
These new features provide easy-to-parse information for admins in real-time.
Receive a daily summary of policy violations for forbidden packages. Each alert includes links to affected devices, contextual information on the package, and quick actions to resolve issues.
Notifications now use a clear noun + verb emoji pattern in email subject lines and slack/webhook notifications (like ‘🏃⛔’ for a run failure)-to help you triage at a glance. Use them to configure notification filters wherever you receive those.
You can now set multiple user emails or webhook destinations for alerts.
In the 1.3 release, CVE alerts include links to affected devices, public CVE records, package details, and one-click upgrade actions.
For Admins:
For Your Team:
Policy Violation Digests and More Actionable CVE alerts are now available on Pro and Enterprise plans.
Multi-destination Notifications and Emoji Notifications are available on all plans.
The Workbrew Console gets a glow up in 1.3-engineered for speed, clarity, and confidence.
Search for a category of packages and add all matching results to a policy or default packages list with one click.
It’s especially helpful when setting policies by type. For example, you could forbid all VPN tools in one go, rather than selecting each one manually.
Tailored Reporting, simplified. Pages for Packages, Taps, Licenses, Vulnerabilities, and Device Groups now support sorting and filtering across columns.
Quickly explore your data to answer questions like:
Apply filters, sort by what matters, and export exactly what you see-perfect for generating focused, custom reports without extra cleanup.
The Packages page now defaults to showing only explicitly-installed formulae in the ‘Formulae’ tab. This hides automatic dependencies for a cleaner, more actionable view. Or, switch to the ‘Formulae with Dependencies' tab if you want to see all formulae.
Workbrew warns you when you try to forbid a formula that other packages depend on. You’ll know what’s at risk before you break anything.
Package-level insights now include a detailed list of all devices where the package is installed.
From this view, you can take direct action-including setting uninstall policies across all listed devices with a single click.
For Admins:
For Your Team:
These Console UX Improvements are available on all plans.
Workbrew 1.3 gives teams greater control without slowing anyone down. From access mode enforcement to smart software adoption and faster admin workflows, this release helps you manage complexity at scale.
Have questions or ideas? Get in touch-we’d love to hear from you.
#!/bin/bash
# Check for Homebrew in supported installation paths.
if [[ -x "/opt/homebrew/bin/brew" ]] ||
[[ -x "/usr/local/bin/brew" ]] ||
[[ -x "/home/linuxbrew/.linuxbrew/bin/brew" ]]
then
echo "Homebrew is installed."
exit 0
else
echo "Homebrew is not installed."
exit 1
fi
Workbrew 1.3 brings precision and visibility to IT teams at scale. This release strengthens device access controls, improves default software rollout, enhances policy notifications, and streamlines the Console experience.
Workbrew 1.3 enforces access mode boundaries precisely, alerting admins when devices no longer meet standards.
In this fix, devices in Standard mode cannot self-install casks. In 1.3 users can no longer install GUI apps via brew install --cask [app_name]
without admin involvement.
Workbrew flags devices whose actual permissions don’t match the expected access mode. If a device is behaving like it’s in Sudo mode when it shouldn’t be, you’ll be alerted of access mode violations in the dashboard, and weekly email reports.
Workbrew enables admins to assign access modes (Sudo, Standard, and Restricted) to different device groups. For example, your DevOps team might need Sudo access while all other developers remain restricted.
If a device in your fleet exhibits behavior that’s a deviation from policy, this new feature will alert admins in the console.
For Admins:
For Your Team:
Console Access Modes and Alerting is now available on all plans.
If teams within your company have different needs, Workbrew now enables multiple policies that apply to specific device groups or individual devices.
Whether you’re managing a small set of machines for internal tooling, or enforcing strict controls on production systems, you can now tailor policies to your exact use case.
For Admins:
For Your Team:
Dynamically-Targeted Policies are now available on Pro and Enterprise plans.
New features for Default Packages in the Workbrew Console eliminate duplication of effort and boost efficiency for admins and users.
If a device already has an app installed and it matches a Default Package, Workbrew converts it into a managed cask automatically. No duplicate installs, no disruption.
Casks installed via Default Packages now skip macOS quarantine warnings. End users won’t see “Are you sure you want to open this app?” for apps installed by IT.
For Admins:
For Your Team:
Brew Adopt & No Quarantine Prompts for Default Packages are now available on all plans.
These new features provide easy-to-parse information for admins in real-time.
Receive a daily summary of policy violations for forbidden packages. Each alert includes links to affected devices, contextual information on the package, and quick actions to resolve issues.
Notifications now use a clear noun + verb emoji pattern in email subject lines and slack/webhook notifications (like ‘🏃⛔’ for a run failure)-to help you triage at a glance. Use them to configure notification filters wherever you receive those.
You can now set multiple user emails or webhook destinations for alerts.
In the 1.3 release, CVE alerts include links to affected devices, public CVE records, package details, and one-click upgrade actions.
For Admins:
For Your Team:
Policy Violation Digests and More Actionable CVE alerts are now available on Pro and Enterprise plans.
Multi-destination Notifications and Emoji Notifications are available on all plans.
The Workbrew Console gets a glow up in 1.3-engineered for speed, clarity, and confidence.
Search for a category of packages and add all matching results to a policy or default packages list with one click.
It’s especially helpful when setting policies by type. For example, you could forbid all VPN tools in one go, rather than selecting each one manually.
Tailored Reporting, simplified. Pages for Packages, Taps, Licenses, Vulnerabilities, and Device Groups now support sorting and filtering across columns.
Quickly explore your data to answer questions like:
Apply filters, sort by what matters, and export exactly what you see-perfect for generating focused, custom reports without extra cleanup.
The Packages page now defaults to showing only explicitly-installed formulae in the ‘Formulae’ tab. This hides automatic dependencies for a cleaner, more actionable view. Or, switch to the ‘Formulae with Dependencies' tab if you want to see all formulae.
Workbrew warns you when you try to forbid a formula that other packages depend on. You’ll know what’s at risk before you break anything.
Package-level insights now include a detailed list of all devices where the package is installed.
From this view, you can take direct action-including setting uninstall policies across all listed devices with a single click.
For Admins:
For Your Team:
These Console UX Improvements are available on all plans.
Workbrew 1.3 gives teams greater control without slowing anyone down. From access mode enforcement to smart software adoption and faster admin workflows, this release helps you manage complexity at scale.
Have questions or ideas? Get in touch-we’d love to hear from you.
3. IT Admins have questions. We weren’t sure what to expect, but so many folks had specific implementation queries. Others were curious about what Workbrew is up to. It was a non-stop flow of awesome conversations, and we ran out of Homebrew Cheat Sheets and Implementation Guides.
4. MacAd.UK has great bean bag chairs – the Chill-Out Zone was a super comfortable place to talk about CVEs.
5. The wonderful MacAdmins Foundation offers grants for folks who want to attend but aren’t in a position to fund the trip. For those looking to attend MacAdmins PSU, their applications are open.
A big thank you to the MacAD.UK team and we’re excited to be back next year.
If you missed it, check out Brandon’s talk on Balancing the Needs of IT, Security, & Engineering Teams at Scale
3. IT Admins have questions. We weren’t sure what to expect, but so many folks had specific implementation queries. Others were curious about what Workbrew is up to. It was a non-stop flow of awesome conversations, and we ran out of Homebrew Cheat Sheets and Implementation Guides.
4. MacAD.UK has great bean bag chairs – the Chill-Out Zone was a super comfortable place to talk about CVEs.
5. The wonderful MacAdmins Foundation offers grants for folks who want to attend but aren’t in a position to fund the trip. For those looking to attend MacAdmins PSU, their applications are open.
A big thank you to the MacAD.UK team and we’re excited to be back next year.
If you missed it, check out my talk on Balancing the Needs of IT, Security, & Engineering Teams at Scale
#!/bin/bash
# Check for Homebrew in supported installation paths.
if [[ -x "/opt/homebrew/bin/brew" ]] ||
[[ -x "/usr/local/bin/brew" ]] ||
[[ -x "/home/linuxbrew/.linuxbrew/bin/brew" ]]
then
echo "Homebrew is installed."
exit 0
else
echo "Homebrew is not installed."
exit 1
fi