I created a policy that updates our McAfee ePO agent, and when it runs I get a pop up to allow Jamf to administer my computer. I googled around and found the JamfAppleEvents.mobileconfig on GitHub, uploaded that to Jamf and I'm still getting the pop up (screenshot attached).
It's interesting to note that this only happens when upgrading McAfee. If the agent is not already installed the policy runs fine, but when I run the policy to upgrade McAfee I receive this pop up. Clicking allow completes the policy and it is successful.
I'm still plagued with this on the devices I can't use with ABM yet... also referenced in detail here:
I've tried everything including tearing my hair out to no avail. In my case a script called in a policy that's running sysadminctl to add a securetoken to a user seems to be generating this prompt; I've taken that standard JamfAppleEvents.mobileconfig and added sysadminctl with allowed accessibility, admin files, all files (since it specifically seems to hang on creating a new home folder for the user.) I deduced this from getting the contents of the policy output from /Application Support/JAMF/tmp/POLICY##.tmp and that was the next line that appeared AFTER I clicked ALLOW.
/usr/bin/log show --predicate 'subsystem == "com.apple.TCC"' | grep Prompting
Clued me in that, as expected, my script running sysadminctl is indeed triggering an approval prompt from JamfManagementService... but adding sysadminctl to the PPPC and Allowing Accessibility, Admin Files, and All Files did not do the trick. Any other thoughts?