We are using a deferral script similar to what @Cayde-6 mentioned. The one caution I would give is that if you are using a policy to trigger the dialogs, which is what we do, be certain to have a timeout in the jamfHelper dialog. Rather than use a LaunchDaeomon, which is the way the method above is done, we have a policy set to Once per Day frequency that runs the deferral script. Because that script runs as part of a policy, if the user simply slides the window out of the way, and the window has no timeout, the Mac has essentially stopped processing
jamf actions until that dialog is gone. This can result in machines that appear to have lost communication when they actually haven't.
Honestly, I would look at what @bpavlov posted. We adjusted our script to take advantage of the
--restart option to take into account the need for the shutdown of T2 systems for BridgeOS updates. The script that @franton came up with for us is very similar to what Balmes came up with.
And if you want handle third party updates as well, look at @cubandave 's UEX and his JNUC session from 2018.