Also we are still playing around with these and ensuring that they behave the way we want them to.

@Ken_Bailey are you using JAMF Cloud ?   We are still JAMF on prem, running JAMF 10.27, and not seeing the same options within Defer updates as you have above.    Putting it down to a later release of JAMF which incorporates that granular level of control.  More reason for us to upgrade to latest JAMF release I guess, and all the work that involves  😞

We just migrated to the cloud last week. We were on prem when I posted this and running the latest version of Jamf Pro at the time.

@Ken_Bailey I'm struggling to figure out how to set the above so that Monterey is deferred for 90 days but allow things like the Big Sur 11.6.1 update released today.

Would Big Sur 11.6.1 be considered a "minor software update" ? 

I'm waiting for the 11.6.1 Big Sur Update to start showing as available here so I can play around with the settings to try and figure it out.

We want to ensure people are still getting any Big Sur updates that Apple releases, but not Monterey. 

@johnsz_tu we ended up pushing the configuration profile with just Defer updates of Only major software updates for 90 Days. We have a number of users who have upgraded to 11.6.1. None have been able to update to Monterey yet. So the Big Sur updates should be minor software updates, based on what I am seeing in our environment. The major update should only be a new OS like Big Sur to Monterey.

Also to state we are also still leveraging the Software Restrictions for Monterey, on top of this Defer updates.

Thanks @Ken_Bailey i'll give this a go! 

---

@Ken_Bailey wrote:

We have a number of users who have upgraded to 11.6.1. None have been able to update to Monterey yet 

---

Perfect this is exactly what we are after. Much appreciated. 

What version of JAMF pro are you running? We are on 10.30.3 and don’t have the same deferral options. 

We migrated to the cloud recently. Currently on 10.32.2

I'd like to know this too. We still have a lot of macOS 10.15 Catalina Macs in production and we want to prevent them from seeing Monterey in the Software Update pref pane (Defer).

For what it's worth, based on the notes here it looks like that feature is only compatible with 11.3+

That's unfortunate, so for devices running Catalina, or anything lower than 11.3, we would have to block all OS updates, or update to Monteray? That seems like a massive oversite

That's par for the course especially with a two year old OS to not have the latest and greatest MDM capabilities. I think you answered your own question here as well. Apple's biggest desire is to have its user base on the latest OS release if the hardware supports it. 

Agreed, but they also make it impossible for us to easily manage OS updates by making framework changes and breaking MDM functionality (which Jamf still has not resolved). It's unfortunate Apple still cannot recognize the needs of enterprise are different than consumers

@Ryan_A_GDX For Catalina - putting aside the config profile inconsistencies- my testing has shown that you CAN still block Monterey using the "softwareupdates --ignore "macOS Monterey".   This method is deprecated/no longer works for Big Sur 11.x onwards, BUT if you are fortunate/unfortunate enough to still have mac devices in your fleet running Catalina, this method will work. 

no, it doesn't work. I am on catalina 10.15.7 :

sudo softwareupdate --ignore "macOS Monterey"
Ignored updates:
(
"macOSInstallerNotification_GM"
)

Software Update can only ignore updates that are eligible for installation.
If the label provided to ignore is not in the above list, it is not eligible
to be ignored.

Ignoring software updates is deprecated.

it would appear that the update is not being presented to the mac device you are using.  Perhaps you have deferrals in place.  I can confirm 100% that the process I detailed in previous post DOES work IF the update is presented to the device.  As already covered, yes the function is deprecated from Big Sur onwards, however does work for Catalina devices.  Also - the device needs to be MDM managed.  There was another post JN relating to this.  Apple mandated this was a requirement in order to use this --ignore functionality.    

Thanks RJH, seems I have to learn more about this MDM stuff. All this is new for me and I don't yet understand the conditions involved for this to work. I am on Intel based MBpro - Catalina 10.15.7.

Apple documentation states that here  as well. 

EDIT: Link fixed. Sorry about that.

@mainelysteve broken LINK there ?   "

This page isn’t working"

Link is fixed now. Appears that the previous link contained a bunch of text from an aborted earlier reply.

That link didn't work for me either. Is it this? https://support.apple.com/en-gb/guide/mdm/mdm02df57e2a/web 

Hrrmmm... I just looked at it again and just had to clear out the entire post and retype it. The link html kept including saved text from an earlier reply. Hopefully it works and doesn't make me look at ID10T.

Yep, that's the page I was referring to.