Macs are unable to retrieve software updates while going through the proxy.
The proxy has authentication (ex. IWA) configured.
Macs fail when updating their software when going through the proxy.
Bypass proxy authentication for the domains that Apple Software Update check and download updates from. To do this, set a rule on the Web Authentication Layer in the Visual Policy Manager (VPM) with the destinations below and action set to do not authenticate.
swscan.apple.com
swquery.apple.com
swcdn.apple.com
For more information on how to create a "do not authenticate" rule based on destination URL, please see Bypassing authentication on the Edge SWG based on the destination URL