Posted on 01-26-2023 10:18 AM
My company currently blocks Microsoft Auto Update via Restricted Software tab in JAMF Pro. I've been tasked with finding a way to create an exception so that Defender gets updated on all of our macs while MS auto update is still in place. Has anyone had any experience with this in the past?
Posted on 01-26-2023 11:11 AM
@mauricemoss Any specific reason you don't want your Office apps to update? Microsoft does now offer deferred update channels so you can delay updates to your users until you've had a chance to qualify them: https://www.kevinmcox.com/2021/10/microsoft-now-provides-curated-deferral-channels-for-autoupdate/
Posted on 01-26-2023 11:12 AM
Is there a specific reason why you are blocking Microsoft's update mechanism rather than using something like it's deferrable updates?
If you do not want to use the recommended update mechanism, you can deploy updates either through a policy, Patch Management, or App Installers.
Posted on 01-28-2023 02:58 PM
I'm also curious why Microsoft Auto Update is being blocked, but, assuming for a moment there's a valid and justifiable reason for this, my next question is, how specifically is it being blocked using Restricted Software? Are you just blocking the "Microsoft AutoUpdate" executable? If so, inside the same app bundle where that lives is "msupdate" which is the command line binary that allows you to update most Microsoft apps using a script. I've never tested this, but I believe as long as you aren't also blocking that binary, you might be able to use it in a script to keep certain Microsoft apps up to date, and still stop the AutoUpdate application from being used.
Posted on 01-28-2023 09:37 PM
Posted on 01-30-2023 07:28 AM
Sure, I can believe that. However, it might still be worth exploring for the OP, if there really isn't an option to just allow the AutoUpdate application to do it's thing. It sounds like they only want to let Defender update regularly and have more control over the other apps.
Of course, just downloading the latest Defender update from https://macadmins.software/ each time and getting it into Jamf Pro to push out might be the easier path.
Posted on 01-30-2023 12:26 AM
Maybe this would work https://learn.microsoft.com/en-us/deployoffice/mac/update-office-for-mac-using-msupdate
But I'm not sure if your Restricted Software block will stop that as well