Sonoma will not allow AD network users to update Mac OS or change settings in Privacy & Security

Several of our staff have this same issue. Their macs are joined to our Microsoft Active Directory. The MS user account is setup in Users & Groups as "Admin, Mobile" and they can successfully log in with their domain credentials.

As mentioned above they are members of the group granting local admin rights and can successfully authenticate any admin-related action EXCEPT authorizing a software update (e.g. Sonoma 14.1.1 to 14.1.2) or enabling settings in Privacy & Security. When they try they gets the following message:

OS Update

Privacy & Security settings access

We have to log in with a local Mac Admin account to run updates or make changes. Domain accounts that have been granted admin access will not authenticate for either of the above.

This does not appear to be an issue for Intel machines, just the M1, M2 and M3.

Please let me know if you need any further details.

Thank you.