Streamline Your Mac Experience with Microsoft Auto Update Tool

In a previous article, we explored how to control update behavior for Microsoft applications on macOS using Microsoft AutoUpdate and Microsoft Intune. However, the journey towards achieving a seamless update management experience doesn’t end here.

Set a Deadline For Office Updates on macOS using MAU

The inclusion of options to configure Microsoft AutoUpdate (MAU) in the settings catalog of the latest service promises to simplify this process.

Intune - In Real LifeSomesh Pathak

Recently, while going through discussions on the MacAdmins community, I noticed that many of us are still grappling with the challenge of apps getting auto-updated without much control or user interaction. This concern resonated with me and motivated me to delve deeper into how we can enhance the end-user experience while ensuring that our systems remain up-to-date and secure.

In this blog post, we will explore the intricacies of this functionality and discuss the key differences between setting update deadlines based on days and specific date/time. We will also delve into the advantages and considerations of using the 'number of days' method versus the 'specific date, time, and version' method for tighter update control.

Setting Update Deadlines Based on Days

Starting with version 4.13 of Microsoft AutoUpdate (MAU), you can set a deadline for when updates are required to be installed on a user’s Mac.

Users will receive notifications about the upcoming deadline and can temporarily postpone the updates from being installed. But once the deadline is reached, any applications the user has open will be closed and the updates applied.

Advantages of Setting Update Deadlines Based on Days:

• Flexibility in scheduling updates: By setting update deadlines based on the number of days, you have more flexibility in determining when updates should be enforced. This allows your end users to plan their other activities like meetings, etc.
• Prioritization based on urgency: With the ability to set deadlines based on days, you can also prioritize updates according to their urgency. Critical security updates can be enforced sooner, while non-essential updates can be scheduled for a later date.
• Managing update rollouts: Setting update deadlines based on days is particularly useful when managing update rollouts across different departments or teams. It allows for staggered deployment, ensuring that all systems are updated within a specified timeframe without overwhelming the network or causing disruptions.

To configure a deadline that is a certain number of days after the update is detected, use the following preference setting:

For example, to configure a specific date and time for a deadline for Word and Outlook you can use something like this:

<key>UpdateDeadline.ApplicationsForcedUpdateSchedule</key>
<dict>
  <key>/Applications/Microsoft Word.app</key>
  <dict>
    <key>Application ID</key>
    <string>MSWD2019</string>
    <key>ForcedUpdateDate</key>
    <date>2023-10-25T20:01:20Z</date>
    <key>ForcedUpdateVersion</key>
    <string>16.27.19071500</string>
  </dict>
  <key>/Applications/Microsoft Outlook.app</key>
  <dict>
    <key>Application ID</key>
    <string>OPIM2019</string>
    <key>ForcedUpdateDate</key>
    <date>2023-10-28T20:01:20Z</date>
    <key>ForcedUpdateVersion</key>
    <string>16.27.19071500</string>
  </dict>
</dict>

Deadline Notifications For Users

Once the Automatic Download and Install feature is activated, MAU will seamlessly update any closed applications. If an application is open and can't be updated, a notification will alert users about an impending deadline. At this point, users have the option to save their work, close the active applications, and allow MAU to proceed with the updates. Doing so will eliminate any further deadline notifications for those specific applications.

If users prefer not to update immediately, they have the option to delay the updates. In this case, they will receive subsequent reminders as the deadline approaches. Initially, users can opt to be reminded again after a specific number of hours, but postponing beyond the deadline is not an option.

As the deadline nears—specifically, one hour before it—users will receive a continuous notification accompanied by a countdown timer. If the deadline is reached and the users have not saved their work or closed their applications, MAU will automatically close the applications, without saving any data, and initiate the updates.

You have the flexibility to extend the grace period by adjusting the deadline timer settings. The default grace time is 60 minutes, but this can be increased. For instance, if you wish for the countdown to commence 3 hours before the deadline, you can set the timer to 180 minutes.

The simplest setting to configure is the "number of days" deadline for all applications after an update is identified. This setting can be adjusted at the same top-tier level of the configuration profile, within the 'mcx_preference_settings' key dictionary, alongside other parameters like 'HowToCheck,' 'UpdateCheckFrequency,' and 'ChannelName.' Even with this global setting in place, you still have the flexibility to specify different deadlines for individual applications further down in the profile.

I have pasted the example of the MAU profile, that I use in my tenant and it works perfectly fine. The end users are happy as the apps are no longer force closed.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>AcknowledgedDataCollectionPolicy</key>
			<string>RequiredDataOnly</string>
			<key>Applications</key>
			<dict>
				<key>/Applications/Company Portal.app</key>
				<dict>
					<key>Application ID</key>
					<string>IMCP01</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Defender.app</key>
				<dict>
					<key>Application ID</key>
					<string>WDAV00</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Edge.app</key>
				<dict>
					<key>Application ID</key>
					<string>EDGE01</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Excel.app</key>
				<dict>
					<key>Application ID</key>
					<string>XCEL2019</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft OneNote.app</key>
				<dict>
					<key>Application ID</key>
					<string>ONMC2019</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Outlook.app</key>
				<dict>
					<key>Application ID</key>
					<string>OPIM2019</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft PowerPoint.app</key>
				<dict>
					<key>Application ID</key>
					<string>PPT32019</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Remote Desktop.app</key>
				<dict>
					<key>Application ID</key>
					<string>MSRD10</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Teams.app</key>
				<dict>
					<key>Application ID</key>
					<string>TEAMS10</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Word.app</key>
				<dict>
					<key>Application ID</key>
					<string>MSWD2019</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/OneDrive.app</key>
				<dict>
					<key>Application ID</key>
					<string>ONDR18</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Skype for Business.app</key>
				<dict>
					<key>Application ID</key>
					<string>MSFB16</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app</key>
				<dict>
					<key>Application ID</key>
					<string>MSau03</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
			</dict>
			<key>ChannelName</key>
			<string>Production</string>
			<key>DisableInsiderCheckbox</key>
			<true/>
			<key>ExtendedLogging</key>
			<true/>
			<key>HowToCheck</key>
			<string>Manual</string>
			<key>IgnoreUIOpenAfterInstall</key>
			<true/>
			<key>PayloadDisplayName</key>
			<string>Microsoft AutoUpdate</string>
			<key>PayloadIdentifier</key>
			<string>com.microsoft.autoupdate2.1EBE1309-AD76-4386-9F1D-6BF39AFE5336</string>
			<key>PayloadType</key>
			<string>com.microsoft.autoupdate2</string>
			<key>PayloadUUID</key>
			<string>1EBE1309-AD76-4386-9F1D-6BF39AFE5336</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>UpdateCheckFrequency</key>
			<integer>12</integer>
			<key>UpdateDeadline.DaysBeforeForcedQuit</key>
			<integer>3</integer>
			<key>UpdateDeadline.FinalCountDown</key>
			<integer>15</integer>
			<key>UpdaterOptimization</key>
			<string>CPU</string>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Configure deadline for MAU</string>
	<key>PayloadDisplayName</key>
	<string>MAU - Deadline-Configurations</string>
	<key>PayloadIdentifier</key>
	<string>IRL-8C0901E8-5C54-4406-9F54-1E8CED765611</string>
	<key>PayloadOrganization</key>
	<string>IRL</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>8C0901E8-5C54-4406-9F54-1E8CED765611</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	<key>TargetDeviceType</key>
	<integer>5</integer>
</dict>
</plist>