Posted on 01-29-2022 10:39 PM
We have been experiencing issues with several of out managed devices which seem to be unable to successfully install the 12.2 update released this week. From what we have seen, the installer downloads and runs successfully, but after the system reboots it is still at the same OS version it was previously.
We are seeing this on both Intel and Apple Silicon devices across different versions of macOS. For this reason it appears that it could be related to something on the JAMF/non Apple side of things.
Has anyone else seen anything like this before? I've been reviewing the system and install logs, but can't see anything that jumps out as a specific cause.
We have a policy configured to defer updates for 7 days, however we are seeing this issue on systems which were outside the scope of the policy (we have also tested removing devices from the scope and the issue occurs with them).
Posted on 01-30-2022 04:54 PM
Are you using Defender ATP? I've been facing this all of last week as well and seem to have narrowed it down to that.
Posted on 01-30-2022 05:04 PM
Yes we are actually. Have you been able to get around the issue?
I thought it might be related to ATP, and coincidentally enough I'm seeing an updated version running on some of my machines (which I have not tried to update yet). Will see if I have any luck by removing ATP on a test system...
01-30-2022 05:21 PM - edited 01-30-2022 05:22 PM
Yes, I removed ATP to test on some devices and it worked as expected. I spoke to support on Friday and there appears to be a known issue with the network extension in the previous version. The new version should be in update channels soon to my knowledge but I've a stand-alone installer from support I was planning to test this week.
01-30-2022 06:33 PM - edited 01-30-2022 07:05 PM
[Updated] Still experiencing the issue on some systems with the 101.56.35 release of ATP. Will continue to test.
I manually installed the newest version of ATP (101.56.35) and it resolved the issue. I also noticed some of my systems had automatically updated via MS AutoUpdate.
Just waiting for JAMF to add the new version to patch management so we can force it out to everyone else.
Posted on 02-01-2022 10:34 PM
I have Defender ATP (101.56.35) and installed the 12.2 update yesterday afternoon. My machine is a 27" imac Late 2015 i5 CPU. I installed the Mac OS update via System Preferences > Software Update and the machine went from 12.1 to 12.2.
Maybe you should give more info on the policy unless you get these same problems with a manual update too
Posted on 02-02-2022 02:23 AM
My test device completed the move from 12.1 to 12.2 with the latest version installed but then I started getting more reports yesterday of the issue still being present. Worked with support all day to try and determine what could be the problem but nothing solid yet. I did revert to 101.49.25 and that allowed completion as expected. If you haven’t opened a case with them yet please do.
Posted on 02-08-2022 05:35 AM
I've run into the same issue with 101.56.35
Its the new DLP (data loss prevention) module that is causing the problem. This has traditionally been Windows only but support for Mac has recently been added to Intune and the Mac client.
On M1 devices, with DLP enabled, the Rosetta 2 emulation layer will become disabled after a failed update and apps & installers that are not fully ARM64 native will throw an error 'quit unexpectedly'. macOS will not prompt the end user to re-install Rosetta. Manually re-installing it using softwareupdate --install-rosetta gets the broken apps & installers working again.
Current DLP work around:
Manually disabling the DLP module in the client allows the 12.2 upgrade to succeed.
If you type:
you will see listed near the bottom:
data_loss_prevention: status = 'dormant'
Even though it is idle, it will still interfere with updates.
To disable it type:
sudo mdatp config data-loss-prevention --value disabled
Its status will now change to 'disabled'
Now when you run the 12.2 update, it will succeed.
Worked on my test M1 MacBook and a colleague tested it on an Intel MacBook, also worked.
I'm still testing it but it looks like that is the issue.
Also note that Microsoft are working on an updated client with 'bug fixes'
This may or may not resolve the issue. Unknown if it will at this stage.
Posted on 02-09-2022 08:17 AM
101.56.62 does not fix the issue.
Tested it today and the 12.1 - 12.2 update still fails/reverts back to 12.1.
Using the full 12.2 OS installer
The default unconfigured DLP setting of 'dormant' is causing the issue.
02-17-2022 06:46 AM - edited 02-17-2022 06:49 AM
While we wait for Microsoft to fix the issue.
DLP can be disabled via the new JSON Schema downloadable from the Defender Github. Details here:
or via the old XML config way by adding the following.
<key>features</key> <dict> <key>dataLossPrevention</key> <string>disabled</string> </dict>
02-17-2022 08:17 PM - edited 02-17-2022 08:18 PM
An update (101.59.10) appeared in the Current Channel (Preview) for me this morning. I've installed and tested on one system and was able to successfully upgrade. Hopefully this is released to the Current Channel soon.