Posted on 09-21-2021 04:12 AM
Hey Everyone! I have new task on enhancing O365 patching in my environment. Currently we are using the old school method of downloading the patches from Macadmins and copy to DP's & then clone the existing polices and Smart groups and distribute to the clients. I proposed MAU - Just to make it a zero touch. So here to understand the basics and become a pro.
Solved! Go to Solution.
Posted on 09-22-2021 12:52 PM
@KyleEricson Yup, @mm2270 is correct (of course!) that it's recommended to use the built-in Applications and Custom Settings profile creator in Jamf *if* you have a need to customize MAU's behavior. To @AmateurMacAdmin 's point, you don't have to set up a Config Profile for MAU to make it work - it'll work just fine out of the box (besides, that's what happens on a consumer device). In the old days of MAU, you might have wanted to push a Config Profile to pre-populate the 'Applications' dictionary to forcibly register apps with MAU, but that's really not necessary these days as the Office apps register themselves in the 'ApplicationsSystem' key of computer-wide preferences, so they will get updated by MAU even if the user never launches the apps.
Posted on 09-21-2021 06:23 AM
Paul Bowden (@pbowden) from Microsoft has a nice script that helps you use the msupdate tool that's part of the MAU application.
Here's a link to his script: https://github.com/pbowden-msft/msupdatehelper/blob/master/MSUpdateTrigger.sh
I'd check that out, since a large part of the work has already been done in that.
Beyond that though, using the tool is pretty straight forward. On any Mac with it installed, you can run
/Library/Application\ Support/Microsoft/MAU2.0/Microsoft\ AutoUpdate.app/Contents/MacOS/msupdate -h
That will print back a list of commands you can run against it. Generally speaking you will have it list updates and then take action to install either individual updates based on their designation or just install all available updates.
Hope that helps get you started.
Posted on 09-21-2021 09:22 AM
You can configure the MAU with the below keys
Domain Key Type Profile Manageable Supported Software Version
com.microsoft.autoupdate2 UpdateDeadline.ApplicationsForcedUpdateSchedule Dictionary Yes 4.13+
com.microsoft.autoupdate2 UpdateDeadline.DaysBeforeForcedQuit Integer Yes 4.13+
please check the below link for more details on MAU and other Office Preference Keys
https://docs.google.com/spreadsheets/d/1ESX5td0y0OP3jdzZ-C2SItm-TUi-iA_bcHCBvaoCumw/edit#gid=0
Posted on 09-21-2021 02:24 PM
@AmateurMacAdmin at it's most basic level, you can install MAU and let 'er rip! It includes a Launch Agent that will wake up every 12 hours to detect, download and install updates. If you're in an environment where you cannot consume updates directly from the monthly production channel, let me know, and I can advise on the right config settings.
Posted on 09-22-2021 09:21 AM
Thanks @pbowden - Yes I would glad to know that one as well.
Posted on 09-22-2021 09:50 AM
@AmateurMacAdmin @KyleEricson I’m going to play devil’s advocate to provoke a conversation, but ideally you wouldn’t use either of those scripts - instead you would just let MAU run automatically to keep you up to date.
I’m fully anticipating that your response to start with a “But..” 🙂 which is good because then I can ascertain the right path for you to take!
Posted on 09-22-2021 09:53 AM
Yes, but the MAU will only work if you do a mobile config for it correctly. I ask as I have used these scripts in the past and if I were going to use one which one should I use for Jamf Pro
@pbowden
Posted on 09-22-2021 10:01 AM
Ah that's sounds great @pbowden. May I ask you one last thing (Maybe not) what is the best way to setup a configuration profile for MAU
Posted on 09-22-2021 10:15 AM
@pbowden Yeah, I would like to see this too.
This is what I came up with in iMazing Profile Editor, but not sure if I'm missing something critical to make this work.
Posted on 09-22-2021 10:55 AM
@KyleEricson I'm using Jamf Pro's built in Application & Custom Settings payload and their built in payload for MAU to manage it. Is there a reason you aren't using that instead of the iMazing profile?
BTW, the Update Check Frequency value is in minutes, not hours, so right now you have MAU checking for updates every 12 minutes. Is that what you intended?
Posted on 09-22-2021 12:18 PM
Oh snap yeah that's meant to be hours @mm2270 Do I not need to register an application to the MAU app? My iMazing profile has settings for that?
Posted on 09-22-2021 12:23 PM
Never mind found this setting in Jamf.
Posted on 09-22-2021 12:52 PM
@KyleEricson Yup, @mm2270 is correct (of course!) that it's recommended to use the built-in Applications and Custom Settings profile creator in Jamf *if* you have a need to customize MAU's behavior. To @AmateurMacAdmin 's point, you don't have to set up a Config Profile for MAU to make it work - it'll work just fine out of the box (besides, that's what happens on a consumer device). In the old days of MAU, you might have wanted to push a Config Profile to pre-populate the 'Applications' dictionary to forcibly register apps with MAU, but that's really not necessary these days as the Office apps register themselves in the 'ApplicationsSystem' key of computer-wide preferences, so they will get updated by MAU even if the user never launches the apps.
Posted on 09-22-2021 12:54 PM
Posted on 09-22-2021 01:00 PM
@KyleEricson also, good catch by @mm2270 about the hours vs. minutes discrepancy. I just checked the sources, and if the value set is less than 240 it is ignored completely - which means MAU will be checking every 12 hours.
I'll have lots of MAU tips and tricks in my JNUC 2021 session on 10/19 🙂
Posted on 09-21-2021 09:16 PM
@pbowden In your GitHub you have two scripts for patching Office apps. Which one should we use with Jamf Pro?
Posted on 02-11-2022 07:30 AM
Anyone else notice that you cannot add the Deferred updates property the a new or existing config profile in Jamf 10.35? You check the box to add the property but nothing is added to be able select/configure that property.