Help

Monterey Upgrade - System Extensions needing approval by user

Go to solution
dlondon
Valued Contributor

‎10-28-2021 01:13 AM - edited ‎10-28-2021 01:23 AM

Upgraded a test machine to Monterey from Big Sur and it wants the user to approve the system extensions for Microsoft Defender and Cisco AMP that were working fine before and approved with Configuration Profiles.

For Defender, I've tried unscoping and rescoping the Configuration profile as well as uninstalling and reinstalling Defender

Still trying to understand it but has anyone else hit this issue and found a way through the problem?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
dlondon
Valued Contributor

Posted on ‎11-09-2021 12:43 AM

I think I shot myself in the foot on this one.  I had scoped the Configuration Profiles to Catalina and Big Sur machines and so the recently upgraded ones on Monterey went out of scope.  I widened the scope of the group to include Monterey and the machines went back into scope and the Configuration Profiles redeployed. 

I did have to reboot to have the configuration profiles go into affect.

View solution in original post

0 Kudos
Reply
7 REPLIES 7

Go to solution
andrew_nicholas
Valued Contributor

‎10-28-2021 03:28 AM - edited ‎10-28-2021 03:28 AM

I haven't had that for Defender as of yet; each of my test upgrades went as expected, though I did need to reapprove a FortiClient extension I'd manually approved rather than deployed via config.

0 Kudos
Reply

Go to solution
Tlehr
New Contributor II

Posted on ‎10-28-2021 09:40 AM

What does your Cisco Amp PPPC profile look like? I can compare it to mine that is currently working on a Big Sur -> Monterey upgrade test machine.

0 Kudos
Reply

Go to solution
dlondon
Valued Contributor
In response to Tlehr

‎11-04-2021 01:39 AM - edited ‎11-04-2021 01:41 AM

Here's the one for System Extensions for Cisco AMP

Screen Shot 2021-11-04 at 4.37.49 pm.png

Screen Shot 2021-11-04 at 4.38.22 pm.png

0 Kudos
Reply

Go to solution
daworley
Contributor II

Posted on ‎10-28-2021 10:52 AM

Often when doing major version upgrades like that I've found the endpoint experience best when I clone the profile (same payloads) but give it a new name and scoped specifically to that major OS version. So like the PPPC or System Extension payloads could be identical between Big Sur and Monterey, but it's technically a different profile.

This makes sense when you think of MDM as being an event that causes changes on the local system. If the profile existed on the Mac before the OS upgrade then the upgrade would over-write the changes made on the old OS. By removing/reapplying the profile the MDM events reissue the local system events and reestablishes the changes. 

Reply

Go to solution
dlondon
Valued Contributor

Posted on ‎11-09-2021 12:43 AM

I think I shot myself in the foot on this one.  I had scoped the Configuration Profiles to Catalina and Big Sur machines and so the recently upgraded ones on Monterey went out of scope.  I widened the scope of the group to include Monterey and the machines went back into scope and the Configuration Profiles redeployed. 

I did have to reboot to have the configuration profiles go into affect.

0 Kudos
Reply

Go to solution
wds
New Contributor II
In response to dlondon

Posted on ‎01-05-2022 01:46 PM

I'm dealing with this issue, too. When you say you had to "reboot" the configuration profiles, what do you mean by that? Do you mean you clicked edit, then clicked save, then "Distribute to All"? Or did you have to clone all the profiles and redeploy them as new?

0 Kudos
Reply

Go to solution
gaoyajing0810
New Contributor II
In response to wds

Posted on ‎02-24-2022 08:36 PM

Description file will pop up when saved after modifying scope. Whether the prompt is for all devices or users/or only for new devices.

0 Kudos
Reply