Jamf Nation Community

Your devices already need to be on Sonoma to set a deadline. Doing this for pre-Sonoma clients does nothing. You need to have a different update flow for these using the traditional options (download, install and restart).

Set up the deferral to kick in 1.9.24 at 8:00 am

Nothing happened. Consensus is this works for some but not for others. 

@AJPinto In my testing of DDM Scheduled Updates a Mac will restart at the scheduled time to complete the update even if there are applications open with un-saved documents. Have you found an application that can't be terminated that repeatedly prevents installation?

While I'm not exactly happy it's taken Apple this long to address the gaping hole in managing macOS updates that Big Sur introduced I am pleased with the introduction of DDM Scheduled Updates in Sonoma. Are there some rough edges at the moment with both the Jamf Pro and macOS parts for configuring and completing DDM scheduled updates? Yes, but for my environment it's working much better for ensuring Sonoma updates by a deadline than Nudge did for Monterey and Ventura. I'm optimistic that both Jamf and Apple will aggressively improve things over their next few releases, and we'll finally be able to cross "Provide reliable management of macOS updates" off the Mac Admins Wish List.

To follow up on my comment that I'm optimistic DDM Scheduled Updates will truly be useful here are the current macOS Sonoma stats for my org:

macOS Sonoma 14.2.1 is being rolled out as our base macOS install so the majority of devices listed are upgrades from macOS Ventura, but for all that were already on Sonoma a DDM Scheduled Update was used to ensure the update to 14.2.1. Of the 3 Macs not yet on 14.2.1 one hasn't been online since the scheduled deadline, one hasn't been logged back into since the deadline, and the 3rd (showing as Unknown) is running the macOS 14.3 Release Candidate build.

@janthenat For x86 Macs that old you can use erase-install (ignore the name, it can be used to upgrade Macs as well). See the wiki page for info on using from Jamf Pro: https://github.com/grahampugh/erase-install/wiki/6.-Use-in-Jamf-Pro

@sdagley Yes indeed, and I'm already doing this. But, there is a new thing and I must play with it ;^)

Did you try turning off the Software Beta Feature? Once you cancel all the in-flight plans, wait 15 minutes, then toggle it back on.

Try pushing the updates again.

When you check the logs, do you see "DeclarativeManagement" for a few devices you sent the updates to?

Also, don't select a specific version when updating (PI116287). Use "Latest version based on device eligibility." This PI is still in Jamf 11.5.

Thanks. Looking for more clarification to understand this better. My isolated testing has been great when I set it to install to latest minor update and force a restart. Im nearly 100% successful. But when scheduling updates (regardless if I require a specific version or 'latest minor version'), the job gets ignored and I have no way to dismiss it, other than telling the user to manually perform the update as time allows. The user sees a notification from the past which is confusing to the user and not acceptable for production as it would create Help Desk calls, etc: "Is IT updating my Mac or am I? What is going on here?"

1 When you stated 'watch the logs, you can see that "DeclarativeManagement" is pending.' are you referring to the computer record's 'Management' tab in the JSS? Or are you referring to the macOS Console app on the target Mac?

2 'If you sent out an old MDM command to your endpoints, any follow-up DDM commands/changes aren't used. The endpoints seem to respect your first commands; ignoring any new ones.': Is this expected behavior or a known issue? Who is to blame here - Apple or Jamf?

3 If I attempt to toggle Software Update Beta off and back on again, I see JSS warnings (from my screenshot above in earlier post) is this normal? Can I safely toggle it without repercussions?

4 Can you comment on the expected behavior of how DDM works on Sonoma Mac targets that are asleep or locked? Will they process the commands, or will they wait until the Mac is unlocked? I can't find any details on this from Apple or Jamf.

5 Im planning on performing a DDM 14.5 update to my IT staff's Macs this Saturday night. Here is my exact planned workflow. Let me know if you think it will be successful:

Im sending the following DDM commands to ~20 M1 Sonoma 14.4 Macs to update to 14.5 and restart (forced): No schedule. No specific version required (Im using 'latest minor version' which currently is 14.5). It will be sent at 2AM manually by me, so most Macs will be asleep or locked obviously. In my isolated tested this worked pretty good, but they were not 'production' Macs. If this experiment fails, Im going back to Nudge for a few more months...

• Good to know about the force restart and update. I'll consider that for some on my lagging lab Macs.

• Good point about the notification. We send out a communications email so our Mac users know. This works well for us.

1. Yes, in Jamf, but under the History tab. Then go to the Management History. Search for DeclarativeManagement. The good news is Jamf 11.6 should offer more DDM log information, so we'll know more about the state of the devices and commands we sent.

2. I'm not sure. This is what I've found in production and testing. If I recall, Jamf Support mentioned that there are some bugs that both are working out on some DDM details.

3. No repercussions on my end. I toggle back and forth often to clear the deck and start over. You should be fine. Just keep in mind it will retire commands that didn't go through.

4. Might be worth asking Jamf support. But it sounds like you're about to find out this weekend.

5. Let us know what happens...I think you'll get success, but curious what happens for Macs that are locked.

@obi-k  Thanks for the details, much appreciated. Ill keep you posted on my DDM testing over the next few days (and my 'big test' Saturday night to ~25 IT production Macs).

I just noticed that some of my test Macs reported AvailableOSUpdates - Scheduled, ScheduleOSUpdateScan, AvailableOSUpdates, ScheduleOSUpdate and OSUpdateStatus - Scheduled,  but did not report "DeclarativeManagement" in their Jamf  Management History logs.

Does this mean that DDM protocol wasn't used for the OS updates? These particular Macs are M1 Macs running Sonoma 14.4.x. and should be capable of DDM. My JSS is 11.5.1 (Cloud). Im confused here.

The success rate of all these Macs (when NOT using a schedule) is 100% - even on Macs that are asleep, idle, etc. I have tested ~10 Sonoma Macs (Intel and ARM) and the only Macs that have failed have been the jobs with scheduled commands. Any commands I have sent that are "Update to Latest minor version" + "Download Install and Restart" (forced) are working great thus far.

I checked some of my Macs: I see similar results as you mentioned. Some have it, some don't. None of your Macs had "DeclarativeManagement" in it?

I'm guessing Jamf is using the old MDM command for the update and force restart then. Not DDM. Jamf would know.

Ok, nice. I might use this for some of mine. Keep us posted on your results.

Like you observed, some logs have DeclarativeManagement some do not.