I heard there is a reset (or was it restore) option in system preferences in Catalina, that works like an iPad where you can reset and erase the macOS to factory settings. I am not on beta, so I can't confirm that.
If Apple added this feature in Catalina, that would be better than using imaging to reset computers with fresh macOS.

First, I want to say, the utilization of the 'Download and Install' through Management command for single computer or 'Action' via the search for multiple, didn't work for me. So, I've looked at the 'whitepaper' on how to install/ upgrade to Catalina but it seems one of the easiest ones for MDM infrastructure has been omitted....The 'Mac App Store Apps' approach.

Why use this approach, you ask? Because it beats the hell out of packaging something that is ready to be deployed, it's easy, don't take no space from deployment share and I had none fail.

!!!!Warning, this will reboot your system after the policy has executed, so be wise and revise your policy execution attributes as needed!!!!

Here is how I made it work:

• First, make sure you go and 'purchase' (they are free) Mac OS Catalina licenses through 'VPP' (or whatever they're calling it today).




• After your receive the email confirmation and Jamf Pro syncs with VPP, make sure that when you're reviewing the OS within 'Mac App Store Apps' and setting up scope, you're NOT selecting 'Site' under General tab but on the actual 'Scope' tab. Otherwise, you won't be able to assign the licenses gotten via VPP.




• Setup a Policy that will run against the same scope as whatever you used for the Mac App Store




• Said policy should execute following command (Within 'Files and Processes') '/Applications/Install macOS Catalina.app/Contents/Resources/startosinstall --agreetolicense --nointeraction' (remove the apostrophes from the command)

Side Note: I like using 'Smart Groups' in conjunction with my scopes. It eliminates keeping track what has upgraded, shouldn't be upgraded and what happens when you image it with something else. So here is what I have as criteria:
1. Enrolled via DEP -> is -> Yes
2. OS Version -> greater than -> (I have a specific need for a specific version, so that's what I have there)
3. Building -> is -> my neck of the woods

Now just sit back and monitor policy for successes.

@totalyscrewedup

Which is a perfectly fine way to go, however I prefer the scripted approach macOS Upgrade
which gives the user clear instructions on what is happening. Your method will trigger a 30second countdown timer for users before it auto restarts, which could be fine for some but others could be doing a presentation before it restarts

"Prestage enrollments works fine for now, The Jamf binary not works 100% but that is logical."

Sorry, but how's this logical? Jamf Pro is supposed to be supporting Catalina in full and PreStage enrollment is the official Apple method of provisioning computers. What exactly is not working?

I'm still amazed to see imaging mentioned. I considered our school one of the last holdouts but once the APFS change happened and I read what was necessary to make it maybe work, we finally submitted to provisioning via scripts and policies. It's definitely not as set it and forget it but it works. The real disappointment was DEP. All it really does is throw it in Jamf for you. Cool, so I don't have to do a QuickAdd. Sooo much time saved. /s

@totalyscrewedup ... dude!! Why has nobody come else come up with this solution? You are awesome!!
I am going to test that option via VPP and self service.
Just wondering .. if I can scope to all machines and that app will take care the min requirements?
any one can chime in?

Would there be away to do it without asking for admin credentials?

I have just downloaded the installer app, added it to JAMF admin and made a self service policy when it caches the installer and then triggers the install.

Have had multiple people try it and it seems to work just fine. I have a SUS in place, so I am limiting the installer that way.

User can install at their convenience.

@txhaflaire does your script take into account Standard users performing the upgrade? I know for upgrading to Mojave, admin creds were required and there was a scripted workaround of granting temporary admin access to the user's account during the upgrade process, then revoking admin post-install.

@vcasiero Where did you download the installer app? Did you had to put it in composer before adding it to JAMF admin? I'm trying to push out Catalina via Patch Management but the package doesn't seem to work, so not sure what I'm doing wrong.

Modular imaging is only mostly dead! We still use Jamf Imaging in combination with DEP (when we can).

But Why? Because DEP with "Enrollment Complete" trigger isn't reliable - If I can get 75% success with that combination I'm super happy. But what if you have to make sure that everything the user needs is installed when you hand it to them? Well, now we've got a problem. Especially when users are (super busy and easily distracted) nincompoops who will go into a literal war zone without updating.

When the "Enrollment Complete" trigger is > 95% successful, we'll re-evaluate it. But we've got 58 packages, < 30 GB of apps, settings, presets, and codecs, that get installed as part of our typical machine. And the last thing I need is a producer or on-camera talent camped out between Russian, Turkish, Kurdish, and ISIS soldiers shooting at each other who can't do his job because he forgot to install something before he left the bureau. And when your only internet connection is a portable satellite terminal where downloads cost $4.35/MB and max out at 384Kbps, the last thing anyone needs is a $7,873.50 bill so someone could reinstall Premiere.

So How? (Hint: Jamf Imaging doesn't have to install an OS) If it doesn't already have your supported OS version (10.13 or later) then install it, do a reboot/clean install. If it's in DEP then it gets managed, if it's not then you need to take the corporate AmEx away from an executive and manually get it managed (user initiated enrollment). For us, we use the "Enrollment Complete" trigger to (hopefully) get VPN, VPN Profiles, Bomgar, and Jamf Imaging on the machine. We've got about an 80% success rate with that limited number of packages. Even a DEP machine will probably need help, so we've got Jamf Imaging in our Self Service (which gets installed on enrollment about 95% of the time).

Here's the magic! Once you've got Jamf Imaging on the machine, launch it, authenticate, log in, choose the configuration (none of which install an OS), tell it to image the boot drive, and go. None of our policies are configured to 'install on boot drive' since they're already being installed to the boot drive, but a restart is still done by Jamf Imaging which is fine because several installers require a restart.

Ta-dah! Modular Imaging in 2019!

And don't think I didn't see that the 'Jamf Imaging.app won't be updated' note a few releases ago... awesome!

@cwaldrip Have you looked into DEPNotify and the DEPNotify Starter for Jamf Pro script? Instead of a bunch of policies trigged via Enrollment Complete only the DEPNotify Starter for Jamf Pro needs to trigger off of that, and it in turn calls your other install policies. I don't know that I've had a single failure on DEP enrollment since switching to it.

@sdagley I'll look into it again, and it may be our only option if/when Jamf kills Jamf Imaging.app. But killing the app seems like a waste since it still works perfectly fine since we're not deploying an OS. I think Jamf should re-evaluate their decision not to keep Jamf Imaging around. Sad to see development on that go to waste.

@cwaldrip Don't let the DEPNotify name mislead you, nothing about the tool or Jamf's script to drive it is DEP specific. Before we enabled DEP I modified the DEPNotify Starter for Jamf Pro script to mimic my existing workflow which was triggered by Enrollment Complete. When we switched to DEP pretty much nothing had to change.

just let the users upgrade to Catalina themselves. Why go through all this. If there computer is compatible it will install, if not it won't.

@jjimenez10 Just downloaded it from software update following this link. https://itunes.apple.com/us/app/macos-catalina/id1466841314?ls=1&mt=12
It downloaded the full installer into "Applications". Then just dragged and dropped the .app into JAMF Admin. It auto zipped it into a tar file and recognized is as a MacOS Installer.

Anyone else seeing issues after reboot?

NOTE: This is for 10.15.1 full installer. We are upgrading machines from 10.14.6 (w/the supplemtals and the security update).

We've seen some machines get stuck at the "Screen Time" setup screen, which means we had to force the machine down and cold boot. I have yet to see an explanation for this phenomenon, but I have seen that it's a common issue.

How are you folks avoiding terrifying your users with hung reboots, finder crashes, etc etc, all the known issues that people are having after this upgrade?

@cwaldrip wrote:

Ta-dah! Modular Imaging in 2019!

Postpone all policies until "Enrollment Complete" policy finishes

This still works for us.
Tested today for 10.15.1 In-Place upgrade, we are on Jamf 10.16.1
Credit Goes to @Rosko.

@sdagley I am setting up a DEPNotify to replace my existing workflow and was wondering if there's a way to prevent/postpone policies set to run at "recurring check-in" while those triggered by DEPNotify run.
Right now they seem to overlap, I mean if a policy called by DEPNotify takes a long time to finish, those at "recurring check-in" begin to run.
Maybe it is just time has come to review my existing workflow...
Many thanks!

We've seen the machines get stuck at the "Screen Time" setup screen issue happen a lot. We're also having big issues getting AD logon to work - they just get stuck logging in. Plus one Mac mini has been bricked and sent back for repair.

Not impressed so far!

Count me in the group for seeing the "Screen Time" freeze on one of our early test machines. That was 1 out of 2...fills me with warm joy to see those stats. sigh

thank you @jhuls and @DJL
Has anyone else seen any form of a hung reboot after the install/upgrade finishes?

Is there are workaround that does not involve a cold boot?

If my users see a hung boot, they will lose their damn minds.

@totalyscrewedup hey! So I was able to get VPP for the installer and push out as a policy.

Having trouble with the last part. How do I write a script so it can execute the command '/Applications/Install macOS Catalina.app/Contents/Resources/startosinstall --agreetolicense --nointeraction'?

I want to create a policy so the startosinstall can run as soon as I push it out. Eventually I do want to put it on Self Service adding the Erase option as well.

@carlo.anselmi Unfortunately short of having a breadcrumb dropped at the end of the enrollment complete policy, and then changing all of your recurring check-in policies to exclude systems without that breadcrumb I don't know of a good solution (everybody please Up Vote the Feature Request that @donmontalvo references above). Currently I have tweaked my DEPNotify script that I use so it typically runs in less time than my check in interval.

@sdagley yeap, @dliberti was suggesting the same thing.