Jamf Nation Community

hdsreid · ‎06-24-2019

I have the 2016 patch titles configured, and it seems able to patch the 2016 titles without issue. My problem arises when I try to deploy updates to my 365 titles out there that are not updating properly. When I select to upgrade "all" in a Word patch title for example, it includes the 2016 (16.16 designation) versions in the scope. Is there anything I can do to get around this?

kendalljjohnson · ‎06-24-2019

I patch via my own policies that are scoped to Smart Groups specific to having 2016/19 installed. I'm definitely not the best at regex but here's how I did the smart groups if that helps:

MS Office 2016:

Application Title is Microsoft Excel.app
Applicaiton Version does not match regex ^(16.[2-9]d.)|(16.1[7-9].)

MS Office 2019:

Application Title is Microsoft Excel.app
Applicaiton Version matches regex ^(16.[2-9]d.)|(16.1[7-9].)

hdsreid · ‎06-24-2019

@kendalljjohnson

thank you for that, that is a lot simpler than my current smart group query...lol

let me edit my group and I will try doing it as policies instead of patch management. Do you patch the applications independently or do you deploy the latest 365 package?

hdsreid · ‎06-25-2019

@kendalljjohnson

so i did the regex groups as you identified, however I have 16.16.11 users popping up in the o365 group now. the logic behind the regex seems to be correct, not quite sure whats going on

edit: found an old thread on here, got it working with

^(16.[2-9]d.)|(16.1[7-9].)

https://www.jamf.com/jamf-nation/discussions/30416/splitting-up-office-2016-and-2019-in-smartgroups

kendalljjohnson · ‎06-25-2019

Great catch, thanks for the update.

I patch the individual apps so that we aren't pushing a single file as big as the whole group, better to have and individual app fail install than the whole thing not work.

dan-snelson · ‎06-25-2019

In case this is of interest …

Leveraging Microsoft AutoUpdate 3.18 "msupdate" binary with Jamf Pro 10 Patch Policies

hdsreid · ‎06-26-2019

hey @dan-snelson that is an interesting idea and along the lines of my original intention before trying out the Jamf patch management. I just ran a test on my VM with it, and it appears I have to send out a config profile to whitelist msupdate binary to run in the background. I found a config profile for this https://github.com/pbowden-msft/MobileConfigs/tree/master/Jamf-MSUpdate but am having issues with exporting the settings from profilecreator to sign it. I might just try uploading the unsigned to JSS and seeing how much it messes with it edit: the unsigned profile also generates an error about being unable to create object from file when uploaded to JSS

dan-snelson · ‎06-26-2019

@hdsreid After reviewing @pbowden's Privacy Preferences Policy Control payload, I see a couple differences in the one we're using.

Please try adding the following Identifiers for the Receiver Identifier of com.microsoft.autoupdate2:

/usr/local/jamf/bin/jamfAgent

… and …

com.jamf.management.Jamf

Jamf Nation Community

jamf patching for Office 2016 vs 365