During our testing of Big Sur, we're finding many apps are relying on System Extensions (ie Carbon Black, osquery, Google Drive Stream, etc.)
It seems like each and every one of these prompts the user to accept and reboot.
Has anyone had any success in automating this process or at least chaining them together for a single reboot.
This is going to kill the Zero-Touch with a single reboot experience.
Apple's Big Sur seems more like Apple's BS!
It harkens back to the days of Windows Vista - https://youtu.be/VuqZ8AqmLPY
A reboot a day keeps the admin away!
If you have them whitelisted before installation, it should stage them all and let them "chain" together for a single reboot.
It's not like the system HAS to be rebooted immediately upon acceptance of the extension, it's just that the extension won't be fully loaded until after that reboot.
I've had to make almost no changes to my DEPNotify workflow to handle System Extensions. Still one reboot.
I want to clarify something here, and add more context. In Big Sur, apps can still use kernel extensions, which in some cases are required for full functionality. For example, Carbon Black can run in kernel or system extension mode, but many important features require the kernel extension to be loaded.
Big Sur will still call kernel extensions "system extensions" in dialogs, so this can be confusing when we all discuss it. Whitelisting the kernel extension does not allow it to load, and another action is needed: either manual approval by the user (and a restart), or a special MDM command to rebuild the kernel extension cache (which also forces a restart). It's this MDM command that Jamf does not support, leaving us with user approval as an absolute requirement for the software to function.