I just wanted to put up this PSA for folks who use Securly for filtering web traffic. I found last week that my Big Sur machines were no longer able to install VPP apps. We would get a strange "Bag Load Failed" error in the JSS logs. Once I removed the profile the apps installed with no issues.
Securly is aware of the issue and says they will let me know when they figure out whats going on.
Same to us - with a set proxy.pac VPP Apps can be installed in SelfService (only for Catalina) - but with BigSur we get the same Message "Bag Load Failed"
We also tried to bypass with setting Exceptions (*.apple.com and our Domain) to Automatic Proxy Configuration-Config Profile - without success
I believe this is a JAMF issue.
If you manually set the Automatic Proxy Configuration instead of using a config profile, VPP apps download without issue.
To test, remove the config profile or unscope the machine from it.
Send this command (using your actual SmartPAC URL in between the quotes and the correct port name if you aren't using Wi-Fi) via ARD, policy, or whichever method you prefer.
networksetup -setautoproxyurl "Wi-Fi" "https://useast-www.securly.com/smart.pac?fid=blahblahblah"
Has everyone had success with adding the PAC URL via script instead of config profile? We have this in place since we are in the process of swapping staff laptops to brand new M1 laptops but what we are seeing is everyone hitting the base/default policy. Our pac URL uses the variable $EMAIL to determine the user the device is associated with and it seemed to be working correctly when in a config profile. This is our PAC URL: https://www.securly.com/smart.pac?fid=*&user=$EMAIL . The Asterisks are just where I removed our company identifier likely not even necessary. Attached is a photo of the browser output of www.securly.com/auth/session which normally is able to output the AD user as well as the OU they are a member of. Currently that info is blank
This is the browser output when deployed via config profile, Stephanie Taylor is the user this example machine was assigned to.
( [email] => firstname.lastname@example.org [useremail] => email@example.com [role] => 3 [hasValidateFID] => true [safeGroupName] => - [cgPolicyId] => [hash_extn] => :sonx:sgnx:firstname.lastname@example.org [user] => Array ( [userId] => 2056 [email] => email@example.com [role] => 0 [lastLoggedIn] => 1616433060 [memberSince] => 1537210684 [ipAddr] => 18.104.22.168 [timeZone] => America/Anchorage [logo] => /schoollogos/kibsdlogo.png [notifEmail] => [isCrextnOnly] => 0 ) [gafeDomains] => Array (  => kibsd  => kibsd.onmicrosoft.com  => kibsd.org ) [schoolFID] => firstname.lastname@example.org [timezone] => America/Anchorage [access_timestamp] => 03/22 09:23am Monday
In the Apple article "What's new for enterprise in macOS Big Sur", one of the items listed for macOS Big Sur 11.5 is "Resolves an issue where MDM app installations may fail when using a proxy configured with a PAC file."
I'm out of the office at the moment, so I haven't tested this.