You have restrict exact process name checked. You'd need to run the installer and grab the process name from Activity Monitor to use that. If it's unchecked it will use the file name which could be renamed if you have intrepid users who want some Monterey action.

@Fardoomz You can block the GUI for all macOS installers by blocking the process named "InstallAssistant" and specifying "Restrict exact process name". This does not block the `startosinstall` tool however so depending on how persistent your users are you may want to block that process as well.

When I've setup my restrictions, I don't believe I have ever used quotes in the field. Not sure if that may affect it. Also I had to create an Install macOS 12 Beta.app when they first released, but think that was corrected and they all comedown as Install macOS 12 Beta.app.

Also we are still playing around with these and ensuring that they behave the way we want them to.

@Ken_Bailey are you using JAMF Cloud ?   We are still JAMF on prem, running JAMF 10.27, and not seeing the same options within Defer updates as you have above.    Putting it down to a later release of JAMF which incorporates that granular level of control.  More reason for us to upgrade to latest JAMF release I guess, and all the work that involves  😞

We just migrated to the cloud last week. We were on prem when I posted this and running the latest version of Jamf Pro at the time.

Based on the release notes for Jamf 10.32 the deferral options are only compatible with macOS 11.3+ (unless I'm reading that wrong). 

I'm also seeing the behaviour that Fardoomz outlined, though in this case with an inexact match to Install macOS Monterey*

I'd like to know this too. We still have a lot of macOS 10.15 Catalina Macs in production and we want to prevent them from seeing Monterey in the Software Update pref pane (Defer).

@Ken_Bailey I'm struggling to figure out how to set the above so that Monterey is deferred for 90 days but allow things like the Big Sur 11.6.1 update released today.

Would Big Sur 11.6.1 be considered a "minor software update" ? 

I'm waiting for the 11.6.1 Big Sur Update to start showing as available here so I can play around with the settings to try and figure it out.

We want to ensure people are still getting any Big Sur updates that Apple releases, but not Monterey. 

@johnsz_tu we ended up pushing the configuration profile with just Defer updates of Only major software updates for 90 Days. We have a number of users who have upgraded to 11.6.1. None have been able to update to Monterey yet. So the Big Sur updates should be minor software updates, based on what I am seeing in our environment. The major update should only be a new OS like Big Sur to Monterey.

Its seems like we can add this to the list of broken functions within Jamf relating to software updates. Software update policies have been broken since Big Sur and now the config profiles. I have Only Major software updates deferred for 60 days, and so far I've tested on a device running 11.2.3 > Allows Monterey install. Device running 11.5.2 > shows only 11.6.1 available for install. Device running 11.6 > Shows on latest allowed by organization and no option to install 11.6.1. It looks like the payload is just broken. Have a case open with Jamf and waiting to hear back

For what it's worth, based on the notes here it looks like that feature is only compatible with 11.3+

Apple documentation states that here  as well. 

EDIT: Link fixed. Sorry about that.

That's unfortunate, so for devices running Catalina, or anything lower than 11.3, we would have to block all OS updates, or update to Monteray? That seems like a massive oversite

That's par for the course especially with a two year old OS to not have the latest and greatest MDM capabilities. I think you answered your own question here as well. Apple's biggest desire is to have its user base on the latest OS release if the hardware supports it. 

Agreed, but they also make it impossible for us to easily manage OS updates by making framework changes and breaking MDM functionality (which Jamf still has not resolved). It's unfortunate Apple still cannot recognize the needs of enterprise are different than consumers

Also to state we are also still leveraging the Software Restrictions for Monterey, on top of this Defer updates.

@mainelysteve broken LINK there ?   "

This page isn’t working"

@Ryan_A_GDX For Catalina - putting aside the config profile inconsistencies- my testing has shown that you CAN still block Monterey using the "softwareupdates --ignore "macOS Monterey".   This method is deprecated/no longer works for Big Sur 11.x onwards, BUT if you are fortunate/unfortunate enough to still have mac devices in your fleet running Catalina, this method will work. 

Link is fixed now. Appears that the previous link contained a bunch of text from an aborted earlier reply.

Thanks @Ken_Bailey i'll give this a go! 

---

@Ken_Bailey wrote:

We have a number of users who have upgraded to 11.6.1. None have been able to update to Monterey yet 

---

Perfect this is exactly what we are after. Much appreciated. 

That link didn't work for me either. Is it this? https://support.apple.com/en-gb/guide/mdm/mdm02df57e2a/web 

Hrrmmm... I just looked at it again and just had to clear out the entire post and retype it. The link html kept including saved text from an earlier reply. Hopefully it works and doesn't make me look at ID10T.

Yep, that's the page I was referring to.

What version of JAMF pro are you running? We are on 10.30.3 and don’t have the same deferral options. 

We migrated to the cloud recently. Currently on 10.32.2