I'm working through the usual new macOS approval process for my org. Everything checked out on my test machines, so I updated my daily driver. Now, every 30 minutes or so I am getting a popup that is new to macOS 15 saying "sudo is trying to execute a command as administrator." Clicking "Cancel" makes it pop up again a few seconds later, and authenticating with an admin makes it pop up again about 30 minutes later. I like this popup in theory, but as implemented it doesn't give anywhere near enough information to figure out why it is showing up or if it's a valid request.
I've ruled out our in-house launchagents and the like, and it doesn't seem to be happening on test machines with normal user programs installed. That makes me think it's tied to some admin related tool like Jamf Sync, Packages, autopkgr, or something else that most users won't have installed. Alternatively, it could be some driver set like the LogiOptions+ needed for some keyboards.
Is anyone else seeing this recurring message on macOS 15? Anyone have tips on tracking down what causes it? If I can't explain it, I'll likely end up having to treat it as a deployment blocker.
