macOS MAU intune

Streamline Your Mac Experience with Microsoft Auto Update Tool

In a previous article, we explored how to control update behavior for Microsoft applications on macOS using Microsoft AutoUpdate and Microsoft Intune. However, the journey towards achieving a seamless update management experience doesn’t end here. Set a Deadline For Office Updates on macOS using MAUThe inclusion of options to

8 min read
Streamline Your Mac Experience with Microsoft Auto Update Tool
MAU Deadline

In a previous article, we explored how to control update behavior for Microsoft applications on macOS using Microsoft AutoUpdate and Microsoft Intune. However, the journey towards achieving a seamless update management experience doesn’t end here.

Set a Deadline For Office Updates on macOS using MAU
The inclusion of options to configure Microsoft AutoUpdate (MAU) in the settings catalog of the latest service promises to simplify this process.

Recently, while going through discussions on the MacAdmins community, I noticed that many of us are still grappling with the challenge of apps getting auto-updated without much control or user interaction. This concern resonated with me and motivated me to delve deeper into how we can enhance the end-user experience while ensuring that our systems remain up-to-date and secure.


In this blog post, we will explore the intricacies of this functionality and discuss the key differences between setting update deadlines based on days and specific date/time. We will also delve into the advantages and considerations of using the 'number of days' method versus the 'specific date, time, and version' method for tighter update control.


Setting Update Deadlines Based on Days

Starting with version 4.13 of Microsoft AutoUpdate (MAU), you can set a deadline for when updates are required to be installed on a user’s Mac.

Users will receive notifications about the upcoming deadline and can temporarily postpone the updates from being installed. But once the deadline is reached, any applications the user has open will be closed and the updates applied.

Advantages of Setting Update Deadlines Based on Days:

To configure a deadline that is a certain number of days after the update is detected, use the following preference setting:

For example, to configure a specific date and time for a deadline for Word and Outlook you can use something like this:

<key>UpdateDeadline.ApplicationsForcedUpdateSchedule</key>
<dict>
  <key>/Applications/Microsoft Word.app</key>
  <dict>
    <key>Application ID</key>
    <string>MSWD2019</string>
    <key>ForcedUpdateDate</key>
    <date>2023-10-25T20:01:20Z</date>
    <key>ForcedUpdateVersion</key>
    <string>16.27.19071500</string>
  </dict>
  <key>/Applications/Microsoft Outlook.app</key>
  <dict>
    <key>Application ID</key>
    <string>OPIM2019</string>
    <key>ForcedUpdateDate</key>
    <date>2023-10-28T20:01:20Z</date>
    <key>ForcedUpdateVersion</key>
    <string>16.27.19071500</string>
  </dict>
</dict>

Deadline Notifications For Users

Once the Automatic Download and Install feature is activated, MAU will seamlessly update any closed applications. If an application is open and can't be updated, a notification will alert users about an impending deadline. At this point, users have the option to save their work, close the active applications, and allow MAU to proceed with the updates. Doing so will eliminate any further deadline notifications for those specific applications.

If users prefer not to update immediately, they have the option to delay the updates. In this case, they will receive subsequent reminders as the deadline approaches. Initially, users can opt to be reminded again after a specific number of hours, but postponing beyond the deadline is not an option.

As the deadline nears—specifically, one hour before it—users will receive a continuous notification accompanied by a countdown timer. If the deadline is reached and the users have not saved their work or closed their applications, MAU will automatically close the applications, without saving any data, and initiate the updates.

You have the flexibility to extend the grace period by adjusting the deadline timer settings. The default grace time is 60 minutes, but this can be increased. For instance, if you wish for the countdown to commence 3 hours before the deadline, you can set the timer to 180 minutes.

Deadline preference for MAU

The simplest setting to configure is the "number of days" deadline for all applications after an update is identified. This setting can be adjusted at the same top-tier level of the configuration profile, within the 'mcx_preference_settings' key dictionary, alongside other parameters like 'HowToCheck,' 'UpdateCheckFrequency,' and 'ChannelName.' Even with this global setting in place, you still have the flexibility to specify different deadlines for individual applications further down in the profile.

💡
Ensure that you configure the IgnoreUIOpenAfterInstall setting in Microsoft AutoUpdate (MAU) as it is used to control the behavior of applications after they have been updated. Specifically, when this setting is enabled, it prevents the updated applications from automatically launching or reopening after the update process is complete.

I have pasted the example of the MAU profile, that I use in my tenant and it works perfectly fine. The end users are happy as the apps are no longer force closed.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>AcknowledgedDataCollectionPolicy</key>
			<string>RequiredDataOnly</string>
			<key>Applications</key>
			<dict>
				<key>/Applications/Company Portal.app</key>
				<dict>
					<key>Application ID</key>
					<string>IMCP01</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Defender.app</key>
				<dict>
					<key>Application ID</key>
					<string>WDAV00</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Edge.app</key>
				<dict>
					<key>Application ID</key>
					<string>EDGE01</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Excel.app</key>
				<dict>
					<key>Application ID</key>
					<string>XCEL2019</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft OneNote.app</key>
				<dict>
					<key>Application ID</key>
					<string>ONMC2019</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Outlook.app</key>
				<dict>
					<key>Application ID</key>
					<string>OPIM2019</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft PowerPoint.app</key>
				<dict>
					<key>Application ID</key>
					<string>PPT32019</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Remote Desktop.app</key>
				<dict>
					<key>Application ID</key>
					<string>MSRD10</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Teams.app</key>
				<dict>
					<key>Application ID</key>
					<string>TEAMS10</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Microsoft Word.app</key>
				<dict>
					<key>Application ID</key>
					<string>MSWD2019</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/OneDrive.app</key>
				<dict>
					<key>Application ID</key>
					<string>ONDR18</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Applications/Skype for Business.app</key>
				<dict>
					<key>Application ID</key>
					<string>MSFB16</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
				<key>/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app</key>
				<dict>
					<key>Application ID</key>
					<string>MSau03</string>
					<key>LCID</key>
					<integer>1033</integer>
				</dict>
			</dict>
			<key>ChannelName</key>
			<string>Production</string>
			<key>DisableInsiderCheckbox</key>
			<true/>
			<key>ExtendedLogging</key>
			<true/>
			<key>HowToCheck</key>
			<string>Manual</string>
			<key>IgnoreUIOpenAfterInstall</key>
			<true/>
			<key>PayloadDisplayName</key>
			<string>Microsoft AutoUpdate</string>
			<key>PayloadIdentifier</key>
			<string>com.microsoft.autoupdate2.1EBE1309-AD76-4386-9F1D-6BF39AFE5336</string>
			<key>PayloadType</key>
			<string>com.microsoft.autoupdate2</string>
			<key>PayloadUUID</key>
			<string>1EBE1309-AD76-4386-9F1D-6BF39AFE5336</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>UpdateCheckFrequency</key>
			<integer>12</integer>
			<key>UpdateDeadline.DaysBeforeForcedQuit</key>
			<integer>3</integer>
			<key>UpdateDeadline.FinalCountDown</key>
			<integer>15</integer>
			<key>UpdaterOptimization</key>
			<string>CPU</string>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Configure deadline for MAU</string>
	<key>PayloadDisplayName</key>
	<string>MAU - Deadline-Configurations</string>
	<key>PayloadIdentifier</key>
	<string>IRL-8C0901E8-5C54-4406-9F54-1E8CED765611</string>
	<key>PayloadOrganization</key>
	<string>IRL</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>8C0901E8-5C54-4406-9F54-1E8CED765611</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	<key>TargetDeviceType</key>
	<integer>5</integer>
</dict>
</plist>

Share This Post

Check out these related posts

Early Bird Gets the Worm: Testing iOS 18 & macOS 15 (Beta) Devices with Intune

Platform SSO for macOS: A Deep Dive into Configuration & Troubleshooting

Application Inventory: The Unsung Hero of macOS Security