Deploying Office 365 updates issues

SMR1
Contributor III

Just checking to see if anybody else is running in to this issue. When we started deploying Office updates, we were using Installomator, but we started seeing some issues where not all of the office apps were updating. We then switched to the package, but we're having the same issue, where some of the office apps aren't updating and it breaks the app, so we have to just rerun the installer. The other issue is, after it updates, it sometimes removes the icons from the dock, but not all it'll just remove one.

1 ACCEPTED SOLUTION

sdagley
Esteemed Contributor II

@SMR1 Yes, the deferral updates are setup using a Configuration Profile as shown in @obi-k 's response:

Add an "Application & Custom Settings->External Application" payload to a profile, then select the following options: Source->Jamf Repository, Application Domain->com.microsoft.autoupdate2, Version->4.54, Variant->Microsoft AutoUpdate.json

For "Update channel" select "Current Channel (Deferred)" and you'll see the "Deferred updates" settings option appear listing the deferred channels discussed in the article by @kevinmcox I linked to in one of my previous responses.

 

View solution in original post

13 REPLIES 13

AJPinto
Honored Contributor II

We just use Microsoft Auto Updater for the past 6 months or so. It has largely been a set it and forget it kinda thing. Literally the only maintenance we have is updating the JAMF Packages for new installs.

SMR1
Contributor III

Unfortunately, we're not allowed to use the auto updater. We have to roll out the update in phases for testing and then to production.

AJPinto
Honored Contributor II

Yuck. We do roll out in phases, different device groups get different configuration profiles with different deferrals. My device and the test devices have a 0 day deferral. The only thing you really dont get control over is what package is issued as it will come from Microsoft directly which could cause a problem if you have a security endpoint hash checking. However all the packages are signed by Microsoft so trusting their developer certificate should also work.

 

Ruling out MAU I would suggest using JAMF Patch Management. I dont really care for installomater, you literally get what you pay for. It has a great community but its not an enterprise application.

sdagley
Esteemed Contributor II

@SMR1 We have the same requirement for testing releases before releasing to production, but when Microsoft introduced deferred release channels that allowed us to switch to the auto updater (I had been using scripted calls to msupdate to mimic the deferred channels, and was happy to retire those because scripted access to msupdate had become anything but reliable by then). If you haven't seen info on the deferred channels for MAU yet, here's an excellent writeup from @kevinmcox : https://www.kevinmcox.com/2021/10/microsoft-now-provides-curated-deferral-channels-for-autoupdate/

MAU's auto updates aren't 100% reliable either, but I find using Jamf's Patch Management to force an update to MAU if it fails to update itself on a cycle is usually sufficient to resolve any stuck updates.

SMR1
Contributor III

Thanks for the article, I'll check it out.

obi-k
Valued Contributor II

Have you played with a config profile and preference domain?

Screenshot 2023-01-31 at 9.09.23 AM.png

SMR1
Contributor III

We haven't, but I think I'll look in to it. I think the one of concerns using the autoupdate is, if were doing our testing for a specific version and during the phase another version comes out, we can't have the new version go out, because it wasn't tested. 

sdagley
Esteemed Contributor II

@SMR1 We have 3 phases of test users for Office update using the MS deferred update channels - no deferral, 3 day deferral, and 7 day deferral. Regular users are on the 3 week deferral channel, and treated as  single phase. If any issues show up during the testing phases the profile for regular users would be changed to disable automatic updates. There is a 5 day deadline before updates are forced for regular users, so overlapping updates isn't an issue.

SMR1
Contributor III

How do setup the deferral updates in Jamf? Is it a conf profile? For our deployments, we provide specific dates for each deployment, if the update comes out on the 14th, we test it on alpha, beta would be the 15th, UAT would 17th and production would be around the 25th. Willing to try and just move dates around.

sdagley
Esteemed Contributor II

@SMR1 Yes, the deferral updates are setup using a Configuration Profile as shown in @obi-k 's response:

Add an "Application & Custom Settings->External Application" payload to a profile, then select the following options: Source->Jamf Repository, Application Domain->com.microsoft.autoupdate2, Version->4.54, Variant->Microsoft AutoUpdate.json

For "Update channel" select "Current Channel (Deferred)" and you'll see the "Deferred updates" settings option appear listing the deferred channels discussed in the article by @kevinmcox I linked to in one of my previous responses.

 

SMR1
Contributor III

Another question. When using the deferred channels, is there a specific time it runs the update or when it kicks off after adding the smart groups.

sdagley
Esteemed Contributor II

@SMR1 I'd suggest you look at the Preference Domain Properties options in the "Application & Custom Settings->External Application" payload mentioned above - it details all of the options you have available for MAU. Setting a specific time for updates to run is not one of them, but you can control how long before the update is enforced so the user does have the option to postpone installation. Updates will install as soon as the Office app needing update quits.

fperry
New Contributor II

I am not seeing the monthly slated updates for 2024. Am I missing something on making this work?