Jamf Nation Community

Interesting... We install (in my opinion) too many agents on our Macs. If it was one of them causing this, I wonder why it doesn't do this on every Mac. I have a policy that finds and deletes the install app. I see that it has been successful doing that.

We have quite a few ourselves, and are actually evaluating for overlaps and consolidations in 2025 thank god.

For us its a EPM tool that loves to get in the way. You need to write new policies for it's allow rules as Apple updates things, and different devices are in different enforcement levels for one reason or another leading to tons of variables. 

Right now, all of our Macs not yet upgraded to Sequoia currently display a 15GB upgrade size, meaning that the Mac will be downloading the full installer. A moment ago, I created a new Mac VM running Sonoma and did not enroll it into my Jamf Pro server. It has none of our software installed. Software Update is showing at 7.5GB download for Sequoia. So, I am going to enroll this VM in Jamf Pro and exclude it from all the agent install policies. I will check Software Update after enrollment, and keep checking it after I manually install one of our agents. Maybe this will pin down which agent is responsible for interfering with the upgrade. We have seen some random failures to run minor updates where macOS displays an error similar to "update settings have changed". We were never able to pinpoint what caused it and the updates would eventually work.

As it turns out, your idea of the full installer app downloading as a "fall back" was correct. We defer most updates for a set period of time to give us time to test the new version and make sure nothing will break before we allow everyone to update. I noticed that the profile we use to defer major macOS upgrades had what looked like a conflicting setting in it. It defers the major upgrades for the specified time, but it seemed to be causing Software Update to download the full installer. Removing this conflicting setting has resulted in the smaller delta upgrade being presented in Software Update. Thank you for giving me the idea of this being a fall back behavior because something is breaking the workflow. Because of this issue, I was having to run a policy to temporarily elevate non-admin users to admin so that they could get the upgrade to Sequoia done. A follow up policy demotes them back to standard. The process is working perfectly, but I would prefer not to have to use it.

Im glad I was of some help. 

Ironically we are actually having issues with this right now. Our EPM tool which has a local account with a secure token is screwing with the volume ownership workflow of the OS updates triggering macOS to download the full OS installer. Im trying to keep from giving people admin access as a work around as my security team (or rather in the end it will be me) figures out the configuration issue. The fun never ends :).