Microsoft Auto Update

mauricemoss
New Contributor

My company currently blocks Microsoft Auto Update via Restricted Software tab in JAMF Pro. I've been tasked with finding a way to create an exception so that Defender gets updated on all of our macs while MS auto update is still in place. Has anyone had any experience with this in the past?

7 REPLIES 7

sdagley
Esteemed Contributor II

@mauricemoss Any specific reason you don't want your Office apps to update? Microsoft does now offer deferred update channels so you can delay updates to your users until you've had a chance to qualify them: https://www.kevinmcox.com/2021/10/microsoft-now-provides-curated-deferral-channels-for-autoupdate/

 

McAwesome
Valued Contributor

Is there a specific reason why you are blocking Microsoft's update mechanism rather than using something like it's deferrable updates?

If you do not want to use the recommended update mechanism, you can deploy updates either through a policy, Patch Management, or App Installers.

Hi @McAwesome , If we deploy office package with team, then do we need to deploy any configuration profile to get MS Office apps auto updated those will get updated automatically without any additional profile or policy pl?

 

Technical Architect

mm2270
Legendary Contributor III

I'm also curious why Microsoft Auto Update is being blocked, but, assuming for a moment there's a valid and justifiable reason for this, my next question is, how specifically is it being blocked using Restricted Software? Are you just blocking the "Microsoft AutoUpdate" executable? If so, inside the same app bundle where that lives is "msupdate" which is the command line binary that allows you to update most Microsoft apps using a script. I've never tested this, but I believe as long as you aren't also blocking that binary, you might be able to use it in a script to keep certain Microsoft apps up to date, and still stop the AutoUpdate application from being used.

sdagley
Esteemed Contributor II

@mm2270 Unfortunately scripted driving of msupdate has been anything but reliable for over a year.

mm2270
Legendary Contributor III

Sure, I can believe that. However, it might still be worth exploring for the OP, if there really isn't an option to just allow the AutoUpdate application to do it's thing. It sounds like they only want to let Defender update regularly and have more control over the other apps.

Of course, just downloading the latest Defender update from https://macadmins.software/ each time and getting it into Jamf Pro to push out might be the easier path.

dlondon
Valued Contributor

Maybe this would work https://learn.microsoft.com/en-us/deployoffice/mac/update-office-for-mac-using-msupdate

But I'm not sure if your Restricted Software block will stop that as well