How to setup MAU for Office O365 patches

AmateurMacAdmin
New Contributor II

Hey Everyone! I have new task on enhancing O365 patching in my environment. Currently we are using the old school method of downloading the patches from Macadmins and copy to DP's & then clone the existing polices and Smart groups and distribute to the clients. I proposed MAU - Just to make it a zero touch. So here to understand the basics and become a pro. 

 

1 ACCEPTED SOLUTION

@KyleEricson Yup, @mm2270 is correct (of course!) that it's recommended to use the built-in Applications and Custom Settings profile creator in Jamf *if* you have a need to customize MAU's behavior. To @AmateurMacAdmin 's point, you don't have to set up a Config Profile for MAU to make it work - it'll work just fine out of the box (besides, that's what happens on a consumer device). In the old days of MAU, you might have wanted to push a Config Profile to pre-populate the 'Applications' dictionary to forcibly register apps with MAU, but that's really not necessary these days as the Office apps register themselves in the 'ApplicationsSystem' key of computer-wide preferences, so they will get updated by MAU even if the user never launches the apps.

View solution in original post

16 REPLIES 16

mm2270
Legendary Contributor III

Paul Bowden (@pbowden) from Microsoft has a nice script that helps you use the msupdate tool that's part of the MAU application.

Here's a link to his script: https://github.com/pbowden-msft/msupdatehelper/blob/master/MSUpdateTrigger.sh

I'd check that out, since a large part of the work has already been done in that.

Beyond that though, using the tool is pretty straight forward. On any Mac with it installed, you can run

/Library/Application\ Support/Microsoft/MAU2.0/Microsoft\ AutoUpdate.app/Contents/MacOS/msupdate -h

That will print back a list of commands you can run against it. Generally speaking you will have it list updates and then take action to install either individual updates based on their designation or just install all available updates.

Hope that helps get you started.

vinu_thankachan
Contributor

You can configure the MAU with the below keys 


Domain                               Key Type                 Profile               Manageable Supported Software Version
com.microsoft.autoupdate2 UpdateDeadline.ApplicationsForcedUpdateSchedule     Dictionary  Yes    4.13+
com.microsoft.autoupdate2 UpdateDeadline.DaysBeforeForcedQuit    Integer     Yes       4.13+

please check the below link for more details on  MAU and other Office Preference Keys 

https://docs.google.com/spreadsheets/d/1ESX5td0y0OP3jdzZ-C2SItm-TUi-iA_bcHCBvaoCumw/edit#gid=0

 

pbowden
Contributor III

@AmateurMacAdmin at it's most basic level, you can install MAU and let 'er rip! It includes a Launch Agent that will wake up every 12 hours to detect, download and install updates. If you're in an environment where you cannot consume updates directly from the monthly production channel, let me know, and I can advise on the right config settings.

Thanks @pbowden - Yes I would glad to know that one as well.

@AmateurMacAdmin @KyleEricson I’m going to play devil’s advocate to provoke a conversation, but ideally you wouldn’t use either of those scripts - instead you would just let MAU run automatically to keep you up to date. 
I’m fully anticipating that your response to start with a “But..” 🙂 which is good because then I can ascertain the right path for you to take!

KyleEricson
Valued Contributor II

Yes, but the MAU will only work if you do a mobile config for it correctly. I ask as I have used these scripts in the past and if I were going to use one which one should I use for Jamf Pro
@pbowden 

Read My Blog: https://www.ericsontech.com

Ah that's sounds great @pbowden. May I ask you one last thing (Maybe not) what is the best way to setup a configuration profile for MAU

@pbowden Yeah, I would like to see this too. 
This is what I came up with in iMazing Profile Editor, but not sure if I'm missing something critical to make this work.
2021-09-22_12-13-36.png2021-09-22_12-14-06.png

Read My Blog: https://www.ericsontech.com

mm2270
Legendary Contributor III

@KyleEricson I'm using Jamf Pro's built in Application & Custom Settings payload and their built in payload for MAU to manage it. Is there a reason you aren't using that instead of the iMazing profile?

BTW, the Update Check Frequency value is in minutes, not hours, so right now you have MAU checking for updates every 12 minutes. Is that what you intended?

KyleEricson
Valued Contributor II

Oh snap yeah that's meant to be hours @mm2270  Do I not need to register an application to the MAU app? My iMazing profile has settings for that?

Read My Blog: https://www.ericsontech.com

KyleEricson
Valued Contributor II

Never mind found this setting in Jamf.

Read My Blog: https://www.ericsontech.com

@KyleEricson Yup, @mm2270 is correct (of course!) that it's recommended to use the built-in Applications and Custom Settings profile creator in Jamf *if* you have a need to customize MAU's behavior. To @AmateurMacAdmin 's point, you don't have to set up a Config Profile for MAU to make it work - it'll work just fine out of the box (besides, that's what happens on a consumer device). In the old days of MAU, you might have wanted to push a Config Profile to pre-populate the 'Applications' dictionary to forcibly register apps with MAU, but that's really not necessary these days as the Office apps register themselves in the 'ApplicationsSystem' key of computer-wide preferences, so they will get updated by MAU even if the user never launches the apps.

KyleEricson
Valued Contributor II

Ok great I never knew this was a thing till today thanks! @mm2270  @pbowden 

Read My Blog: https://www.ericsontech.com

@KyleEricson also, good catch by @mm2270 about the hours vs. minutes discrepancy. I just checked the sources, and if the value set is less than 240 it is ignored completely - which means MAU will be checking every 12 hours.

I'll have lots of MAU tips and tricks in my JNUC 2021 session on 10/19 🙂

KyleEricson
Valued Contributor II

@pbowden In your GitHub you have two scripts for patching Office apps. Which one should we use with Jamf Pro?

Read My Blog: https://www.ericsontech.com

scottlep
Contributor II

Anyone else notice that you cannot add the Deferred updates property the a new or existing config profile in Jamf 10.35? You check the box to add the property but nothing is added to be able select/configure that property.