Jamf Nation Community

SMR1 · ‎01-30-2023

Just checking to see if anybody else is running in to this issue. When we started deploying Office updates, we were using Installomator, but we started seeing some issues where not all of the office apps were updating. We then switched to the package, but we're having the same issue, where some of the office apps aren't updating and it breaks the app, so we have to just rerun the installer. The other issue is, after it updates, it sometimes removes the icons from the dock, but not all it'll just remove one.

sdagley · ‎02-17-2023

@SMR1 Yes, the deferral updates are setup using a Configuration Profile as shown in @obi-k 's response:

Add an "Application & Custom Settings->External Application" payload to a profile, then select the following options: Source->Jamf Repository, Application Domain->com.microsoft.autoupdate2, Version->4.54, Variant->Microsoft AutoUpdate.json

For "Update channel" select "Current Channel (Deferred)" and you'll see the "Deferred updates" settings option appear listing the deferred channels discussed in the article by @kevinmcox I linked to in one of my previous responses.

View solution in original post

AJPinto · ‎01-30-2023

We just use Microsoft Auto Updater for the past 6 months or so. It has largely been a set it and forget it kinda thing. Literally the only maintenance we have is updating the JAMF Packages for new installs.

SMR1 · ‎01-31-2023

Unfortunately, we're not allowed to use the auto updater. We have to roll out the update in phases for testing and then to production.

AJPinto · ‎01-31-2023

Yuck. We do roll out in phases, different device groups get different configuration profiles with different deferrals. My device and the test devices have a 0 day deferral. The only thing you really dont get control over is what package is issued as it will come from Microsoft directly which could cause a problem if you have a security endpoint hash checking. However all the packages are signed by Microsoft so trusting their developer certificate should also work.

Ruling out MAU I would suggest using JAMF Patch Management. I dont really care for installomater, you literally get what you pay for. It has a great community but its not an enterprise application.

sdagley · ‎01-31-2023

@SMR1 We have the same requirement for testing releases before releasing to production, but when Microsoft introduced deferred release channels that allowed us to switch to the auto updater (I had been using scripted calls to msupdate to mimic the deferred channels, and was happy to retire those because scripted access to msupdate had become anything but reliable by then). If you haven't seen info on the deferred channels for MAU yet, here's an excellent writeup from @kevinmcox : https://www.kevinmcox.com/2021/10/microsoft-now-provides-curated-deferral-channels-for-autoupdate/

MAU's auto updates aren't 100% reliable either, but I find using Jamf's Patch Management to force an update to MAU if it fails to update itself on a cycle is usually sufficient to resolve any stuck updates.

SMR1 · ‎02-01-2023

Thanks for the article, I'll check it out.

obi-k · ‎01-31-2023

Have you played with a config profile and preference domain?

SMR1 · ‎02-01-2023

We haven't, but I think I'll look in to it. I think the one of concerns using the autoupdate is, if were doing our testing for a specific version and during the phase another version comes out, we can't have the new version go out, because it wasn't tested.

sdagley · ‎02-01-2023

@SMR1 We have 3 phases of test users for Office update using the MS deferred update channels - no deferral, 3 day deferral, and 7 day deferral. Regular users are on the 3 week deferral channel, and treated as single phase. If any issues show up during the testing phases the profile for regular users would be changed to disable automatic updates. There is a 5 day deadline before updates are forced for regular users, so overlapping updates isn't an issue.

SMR1 · ‎02-17-2023

How do setup the deferral updates in Jamf? Is it a conf profile? For our deployments, we provide specific dates for each deployment, if the update comes out on the 14th, we test it on alpha, beta would be the 15th, UAT would 17th and production would be around the 25th. Willing to try and just move dates around.

sdagley · ‎02-17-2023

@SMR1 Yes, the deferral updates are setup using a Configuration Profile as shown in @obi-k 's response:

Add an "Application & Custom Settings->External Application" payload to a profile, then select the following options: Source->Jamf Repository, Application Domain->com.microsoft.autoupdate2, Version->4.54, Variant->Microsoft AutoUpdate.json

For "Update channel" select "Current Channel (Deferred)" and you'll see the "Deferred updates" settings option appear listing the deferred channels discussed in the article by @kevinmcox I linked to in one of my previous responses.

SMR1 · ‎02-18-2023

Another question. When using the deferred channels, is there a specific time it runs the update or when it kicks off after adding the smart groups.

sdagley · ‎02-18-2023

@SMR1 I'd suggest you look at the Preference Domain Properties options in the "Application & Custom Settings->External Application" payload mentioned above - it details all of the options you have available for MAU. Setting a specific time for updates to run is not one of them, but you can control how long before the update is enforced so the user does have the option to postpone installation. Updates will install as soon as the Office app needing update quits.

fperry · ‎02-07-2024

I am not seeing the monthly slated updates for 2024. Am I missing something on making this work?

JeffBugbee · ‎09-16-2024

As of today, the latest version of the MAU schema in Jamf is 4.64. This coincides with the October 2023 release version of MAU.

https://learn.microsoft.com/en-us/officeupdates/release-history-microsoft-autoupdate#october-2023-re...

This also coincides with the Microsoft employee Paul Bowden's update of his JamfManifest github: https://github.com/pbowden-msft/JamfManifests/blob/main/com.microsoft.autoupdate2.txt

Paul has apparently been away for quite some time, and as a result, all the recent preference/config changes to MAU have not been included.

Jamf Nation Community

Deploying Office 365 updates issues