I saw this today announcing Office Insider and it put a bad taste in my mouth. Does anyone know if this is something we can suppress for Volume license installs or even O365 installs that are managed by IT?
Solved
MS Office Insider
+21Best answer by dgreening
A user-level custom config profile fed with the following plist will do the trick. The domain is com.microsoft.autoupdate2. I created a smart group based on an extension attribute which reports on the MAU version (see below) and scoped the config profile to machines which have MAU 3.4.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DisableInsiderCheckbox</key>
<true/>
</dict>
</plist>Extension Attribute to report MAU version
#!/bin/sh
MAU=`defaults read /Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/Info CFBundleGetInfoString | awk {'print $1'}`
echo "<result>$MAU</result>"
+18A user-level custom config profile fed with the following plist will do the trick. The domain is com.microsoft.autoupdate2. I created a smart group based on an extension attribute which reports on the MAU version (see below) and scoped the config profile to machines which have MAU 3.4.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DisableInsiderCheckbox</key>
<true/>
</dict>
</plist>Extension Attribute to report MAU version
#!/bin/sh
MAU=`defaults read /Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/Info CFBundleGetInfoString | awk {'print $1'}`
echo "<result>$MAU</result>"Interesting. I'll have to give this a try.
This does bring up an interesting topic though. How did you know that
<key>DisableInsiderCheckbox</key>
<true/>was the answer? How did you know it wasn't
<key>MakeBadBoxGoAway</key>
<yes/>or
<key>ShowHandsOfWhoWantsToHideTheInsiderBox</key>
<oohoohmisterkotter/>How do you know the vocabulary and values that an app will recognize and understand in a plist? I've reached out to MS for help on managing Office2016 and they sent me to a developer page that only had a single example... a single key to show the very general format, but no lexicon of all the valid keys or values. I guess this question could really apply to any application. How would anyone know?
+18pbowden from MS pinned a document to the microsoft-office slack channel which documented the setting:
- Can IT departments disable the Insider checkbox to stop their users from opting in to the program? Yes. The Terminal command is defaults write com.microsoft.autoupdate2 DisableInsiderCheckbox –bool true although many enterprise customers will likely set this preference via a OS X Configuration profile.
+36No harm in scoping this to all users, the key would just be ignored if you're not on MAU 3.4.
I love that this is enforced at the Local level. Grey that sucker out.
+8What needs to be added to the MCX setting to set Update Checking to Manual? I know that I can script it, but if I'm pushing a config profile anyway I might as well have both settings in there? I've tried a few of the obvious with no luck.
+8Never Mind, I figured it out. For anyone else wondering the plist looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DisableInsiderCheckbox</key>
<true/>
<key>HowToCheck</key>
<string>Manual</string>
</dict>
</plist>@Abdiaziz yep, thanks, confirmed today, set at Library level and all is good.
Paul B is gonna be getting a lot of beers from a lot of Mac admins. :)
Don
+12You may also want to include the ChannelName key. If the user has already joined the beta problem, disabling the checkbox won't "uncheck" it if already checked.
public updates:
<key>ChannelName</key>
<string>internal</string>
Beta:
<key>ChannelName</key>
<string>External</string>
+5<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DisableInsiderCheckbox</key>
<true/>
<key>ChannelName</key>
<string>Internal</string>
</dict>
</plist>Gave me this:
Which is exactly what we wanted. Tested with latest version of the updater as of today.
+12Thanks @dgreening
I've just tested this as a computer level Configuration Profile from the JSS and it works great
(i'd rather push it at computer level if possible as it won't require a login to install)
+36If a user checked the box, don't you have to first uncheck it?
+12Hi @donmontalvo, looks like it does need to be un-checked first.
I just tested and if the box is checked before the configuration is applied it remains checked after, and the option gets grayed out as expected.
I got together an EA to check if it's enabled or not here, I couldn't get the defaults or Python CFPreferences commands to work as root so needed to make it run as the user.
+7@Sonic84 writes:
You may also want to include the ChannelName key. If the user has already joined the beta problem, disabling the checkbox won't "uncheck" it if already checked.
It turns out you can set ChannelName key to the following values: Production, External, Internal, Custom, or InsiderFast.
See this Microsoft article for details.
+19Do these channels correspond with the Windows versions of Office 2016?
+18Any update on "toggling" the checkbox OFF before the configuration is applied? (otherwise it could be disabled and active)
+7@markdmatthews I was able to "uncheck" the box by issuing a defaults write com.microsoft.autoupdate2 ChannelName Production command as the user. You can do it even after the configuration is applied. The DisableInsiderCheckbox setting just locks down the checkbox in the MAU UI but doesn't enforce settings change. I'm assuming including ChannelName set to whatever channel in the configuration would also change the setting.
+18Sorry, I didn't follow up on my question - we also resolved this back in April via a custom settings payload (configuration profile) > com.microsoft.autoupdate2.plist
The big gotcha was setting:
<key>ChannelName</key>
<string> </string>
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.