My company currently blocks Microsoft Auto Update via Restricted Software tab in JAMF Pro. I've been tasked with finding a way to create an exception so that Defender gets updated on all of our macs while MS auto update is still in place. Has anyone had any experience with this in the past?
@mauricemoss Any specific reason you don't want your Office apps to update? Microsoft does now offer deferred update channels so you can delay updates to your users until you've had a chance to qualify them: https://www.kevinmcox.com/2021/10/microsoft-now-provides-curated-deferral-channels-for-autoupdate/
I'm also curious why Microsoft Auto Update is being blocked, but, assuming for a moment there's a valid and justifiable reason for this, my next question is, how specifically is it being blocked using Restricted Software? Are you just blocking the "Microsoft AutoUpdate" executable? If so, inside the same app bundle where that lives is "msupdate" which is the command line binary that allows you to update most Microsoft apps using a script. I've never tested this, but I believe as long as you aren't also blocking that binary, you might be able to use it in a script to keep certain Microsoft apps up to date, and still stop the AutoUpdate application from being used.
Sure, I can believe that. However, it might still be worth exploring for the OP, if there really isn't an option to just allow the AutoUpdate application to do it's thing. It sounds like they only want to let Defender update regularly and have more control over the other apps.
Of course, just downloading the latest Defender update from https://macadmins.software/ each time and getting it into Jamf Pro to push out might be the easier path.