I don't have a solution, but I can confirm we are seeing the same behavior.

Same issue. In Security & Privacy config, it doesn't matter if you set Immediately or Never for "Require Passcode to Unlock Screen", on the device it sets to Immediately. 

I've run into the same issue while preparing my Sonoma configuration for lab rebuilds, but seem to have worked out the solution. See below for the working settings. This sets require password after screen saver or sleep to never.

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>askForPassword</key>

<true/>

<key>askForPasswordDelay</key>

<real>2147483647</real>

</dict>

</plist>

I am seeing exactly this issue with my lab rebuilds also -- sonoma. I tried the solution above and it worked perfectly. Thank you Mike4!!!!

@Mike4 Thanks for posting a solution!

How did you deploy this .plist? If you delivered it via a custom configuratoin payload, which domain did you use? I did not ind similar settings in the com.applescreensaver.plist when digging around just now.

Thanks to @Mike4 for pointing us in the right direction! This is a very frustrating change on Apple's part, and I'm disappointed that Jamf hasn't patched this yet months after Sonoma's release. 

To answer @iamYaje 's question: the domain we want to apply these changes to is com.apple.screensaver. More info can be found here:

https://developer.apple.com/documentation/devicemanagement/screensaver
https://developer.apple.com/documentation/devicemanagement/screensaveruser

However, I was not able to get this to work using @Mike4's settings. Specifically, I had to change the value type for 'askForPasswordDelay' from 'real' to 'integer', per the documentation linked above. After that, it works perfectly. Maybe Apple changed something in an update and 'real' is no longer valid. I tested on OS 14.2.1.

I also added an extra key to disable the screensaver completely (why in 2024 Apple doesn't just have the screensaver disabled by default is mindboggling). These settings will accomplish that:

Note: this setting is listed on the docs as applying only to the user's individual screensaver settings, but adding the key to the computer-wide 'com.apple.screensaver' plist works just fine.

@micmil thanks for posting this reply.

We use autologin to a standard user-account in our secure lab environment. That autologin feature now only works after a computer restart (following upgrade to Sonoma) after the password has been entered once for the account in a given time-period. If the screen saver goes active, we then need to enter the password again if the computer is restarted.

I'm attempting to configure the .plist for com.apple.screensaver and it hasn't been working so far. It looked like it was overlapping with our Security and Privacy payload setting (same key), so I unconfigured that. When exporting the profiles to XML to review, I'm not seeing the <integer>xxx...</integer> key show up in the configuration for some reason and the password is still being required when the screensaver comes up. Any ideas as to what we might be missing?:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>askForPassword</key>
<true/>
<key>askForPasswordDelay</key>
<integer>2147483647</integer>
</dict>
</plist>

Is it possible we might need to disable the screensaver entirely using the screensaveruser domain as you did?

I am trying to actually require the password after screen saver begins or display is turned off.  Right now my users can change this setting to NEVER.  I need it to be locked to immediately or 5 seconds or even 1 minute.   I've tried PLIST and the setting in JAMF and nothing seems to work in Sonoma 14.4.   Anyone know how to enforce this?

Hi,

I've been a little confused about this because com.apple.screensaver doesn't seem to be a domain that exists anymore? I'm on 14.5 and can't write any changes to that domain because it's not present.

My Mac labs are now on 15. I had to do it manually on each machine as I couldn't figure it out and was on a time crunch. If you figure it out, let us know!

I don't have any insight regarding doing this manually using Defaults or something else. We use Jamf Pro to deploy this as a configuration profile at the Computer level. It seems to work without issue on OS 14 machines, and the very few OS 15 machines we have deployed. 

I guess I don't know how to take that and turn it into something Jamf can deploy. Inputting it as a custom schema just gets rejected.

Ah I see. While you can use JSON schema to configure settings, the format is different. As I am a noob when it comes to JSON, I can't help you with that. But here is the profile I was referencing; I hope this helps. Just make sure the profile is set to "Computer Level."

If all you're trying to do is disable the screen lock timeout, the Security and Privacy settings are optional. We just decided to lump them all together since all our "shared" machines should get these settings anyway.

Ah, it never even occurred to me that you'd have to go to the "Upload" section to input XML code. I didn't see anywhere other than the JSON section and thought it must be that.

A configuration profile as set up in the screenshot above is indeed working perfectly as intended on 14.5.

Same, in case anyone happens to have a solution for this. We're using Sequoia 15.3.1.

The plist sets it to whichever time specified, but the user can still change it back to "never". There doesn't seem to be a way to enforce this.