Is there a plist or config I can manually push to devices that allows me to defer an update for more than 90 days?
When Apple releases a new major OS, we typically wait until they are in the 14.3.or 14.4 version since I started working in a company with Apple enviornment as we have see many bugs popup for various apps. Some of the apps we use on company level take couple months as well
No, not more than 90 days. That is the official answer you will get from Apple or JAMF.
I have 3 macs that should have gone on to OSX 13 9 months ago, because our defer was expired, but they are still running OSX 12. So in some way ignoring it will stop the updates from instaling. Not a clue it this is a loophole that is now closed.
Nope, you can only defer MacOS Updates by 90 days. Lucky for us that is December 26th, so its a good Merry Christmas for organizations that are not ready. At least we know Apple is thinking about us over the holidays.
Apple will only allow you to defer macOS upgrades for 90 days. However, you can use a software restriction payload to keep users from installing macOS 14. After the 90 days run out, users will be able to download the installer, but not launch it to complete the install. Define "Install macOS Sonoma.app" in the Process Name field.
I use both restrictions in my environment in case I need longer than 90 days to test or resolve an issue.
That will only work if the upgrade is being installed through the app. A couple years back, they started upgrading through the "Software Update" pane. That method doesn't run an app at all. I think OP is looking for a way to block that method. I know I'm here looking for ideas for the same thing...
Not trying to start a fight or anything, but the only thing that changed when Apple switched to the "Software Update" pane for upgrades is that it does not direct you to the App Store anymore. It just downloads the app and launches it. Restricting the app still works. Give it a shot.
Sometimes it works and sometimes not. Last time this happened when users were on macos12 and had the option to upgrade to 13. The Config payload works fine upto a point.
Jamf said this was a bug with Apple OS itself where they had seen this issue popup with other orgs as well
Several of my users were able to do the install despite having the macOS Sonoma installer being blocked by restricted software. I put the restriction in place just after WWDC. For some reason the profile I created to delay macOS Sonoma wasn't installed on some systems. On my test Mac, I noticed that the installer app did not launch. The Mac simply upgraded to Sonoma in a way similar to if it had updated to 13.6. The profile I created does keep the Sonoma upgrade from appearing in Software Update, so that is how I am keeping people from upgrading along with the software restriction. I was expecting this since this was the way Ventura was released last year.
Starting with Ventura, Apple began offering OS upgrades as a delta update, reducing the size of the download. The problem with this is that these delta updates / upgrades are dynamic and don't make use of the installer app. If the OS you're using is several versions back, it will still get deployed via the full installer app, but for anything fairly recent like going from Ventura to Sonoma, it will most likely be in the form of the smaller and unfortunately, unblockable delta releases.