Disabling Microsoft AutoUpdate’s new Required Data Notice in managed environments

Version 4.13 of Microsoft AutoUpdate for Mac, released on Tuesday, contains a new Required Data Notice that will pop up immediately upon installation and must be acknowledged before MAU will continue to function.

While the user experience is not great, thankfully Microsoft has provided us a way to suppress the new dialog on managed systems. Read on for the details.

Microsoft’s Diksha Mehta began warning us of this upcoming change related to the GDPR on the MacAdmins Slack back in June but it became obvious this week that many MacAdmins missed the warning. There was also confusion when Paul Bowden announced that further privacy related changes related to each application, with new warning dialogs and preferences keys, were pushed back to August**.

The new setting to disable the Required Data Notice, which to be effective will need to be applied to computers before MAU 4.13 is installed, can be set using a defaults write or a configuration profile.

defaults write com.microsoft.autoupdate2 AcknowledgedDataCollectionPolicy RequiredDataOnly

Because the dialog needs to be acknowledged by all users on a computer a configuration profile will greatly simplify deployment and can be added into an existing profile for managing MAU settings.

<key>AcknowledgedDataCollectionPolicy</key>
<string>RequiredDataOnly</string>

Below is an example of a comprehensive configuration profile for managing all of MAU’s settings. Let me know if you have any questions or please join us in the #microsoft-autoupdate channel in the MacAdmins Slack for further discussion.

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>PayloadIdentifier</key>
		<string>com.company.profile.mcx.Microsoft.AutoUpdate2</string>
		<key>PayloadRemovalDisallowed</key>
		<true/>
		<key>PayloadUUID</key>
		<string>5A516798-5C30-4670-8E91-DB57EE6F33FF</string>
		<key>PayloadDisplayName</key>
		<string>Microsoft AutoUpdate2</string>
		<key>PayloadDescription</key>
		<string>Microsoft AutoUpdate2 managed settings.</string>
		<key>PayloadOrganization</key>
		<string>Example Company, Inc.</string>
		<key>PayloadScope</key>
		<string>System</string>
		<key>PayloadType</key>
		<string>Configuration</string>
		<key>PayloadVersion</key>
		<integer>1</integer>
		<key>PayloadContent</key>
		<array>
			<dict>
				<key>PayloadType</key>
				<string>com.apple.ManagedClient.preferences</string>
				<key>PayloadIdentifier</key>
				<string>com.company.profile.mcx.Microsoft.AutoUpdate2</string>
				<key>PayloadDisplayName</key>
				<string>Microsoft AutoUpdate2: 1.4.1</string>
				<key>PayloadUUID</key>
				<string>3749F383-0621-4A69-99E8-AFE0466A04FB</string>
				<key>PayloadEnabled</key>
				<true/>
				<key>PayloadVersion</key>
				<integer>1</integer>
				<key>PayloadContent</key>
				<dict>
					<key>com.microsoft.autoupdate2</key>
					<dict>
						<key>Forced</key>
						<array>
							<dict>
								<key>mcx_preference_settings</key>
								<dict>
									<key>StartDaemonOnAppLaunch</key>
									<true/>
									<key>HowToCheck</key>
									<string>AutomaticDownload</string>
									<key>UpdateCheckFrequency</key>
									<integer>360</integer>
									<key>ChannelName</key>
									<string>Custom</string>
									<key>ManifestServer</key>
									<string>https://mau.example.com/cache/collateral/Live/</string>
									<key>UpdateCache</key>
									<string>https://mau.example.com/cache/</string>
									<key>AcknowledgedDataCollectionPolicy</key>
									<string>RequiredDataOnly</string>
									<key>Applications</key>
									<dict>
										<key>/Applications/Company Portal.app</key>
										<dict>
											<key>Application ID</key>
											<string>IMCP01</string>
											<key>LCID</key>
											<integer>1033</integer>
										</dict>
										<key>/Applications/Microsoft Excel.app</key>
										<dict>
											<key>Application ID</key>
											<string>XCEL2019</string>
											<key>LCID</key>
											<integer>1033</integer>
										</dict>
										<key>/Applications/Microsoft OneNote.app</key>
										<dict>
											<key>Application ID</key>
											<string>ONMC2019</string>
											<key>LCID</key>
											<string>1033</string>
										</dict>
										<key>/Applications/Microsoft Outlook.app</key>
										<dict>
											<key>Application ID</key>
											<string>OPIM2019</string>
											<key>LCID</key>
											<integer>1033</integer>
										</dict>
										<key>/Applications/Microsoft PowerPoint.app</key>
										<dict>
											<key>Application ID</key>
											<string>PPT32019</string>
											<key>LCID</key>
											<integer>1033</integer>
										</dict>
										<key>/Applications/Microsoft Remote Desktop.app</key>
										<dict>
											<key>Application ID</key>
											<string>MSRD10</string>
											<key>LCID</key>
											<integer>1033</integer>
										</dict>
										<key>/Applications/Microsoft Teams.app</key>
										<dict>
											<key>Application ID</key>
											<string>TEAM01</string>
											<key>LCID</key>
											<integer>1033</integer>
										</dict>
										<key>/Applications/Microsoft Word.app</key>
										<dict>
											<key>Application ID</key>
											<string>MSWD2019</string>
											<key>LCID</key>
											<integer>1033</integer>
										</dict>
										<key>/Applications/OneDrive.app</key>
										<dict>
											<key>Application ID</key>
											<string>ONDR18</string>
											<key>LCID</key>
											<integer>1033</integer>
										</dict>
										<key>/Applications/Skype for Business.app</key>
										<dict>
											<key>Application ID</key>
											<string>MSFB16</string>
											<key>LCID</key>
											<integer>1033</integer>
										</dict>
										<key>/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app</key>
										<dict>
											<key>Application ID</key>
											<string>MSau04</string>
											<key>LCID</key>
											<integer>1033</integer>
										</dict>
									</dict>
								</dict>
							</dict>
						</array>
					</dict>
				</dict>
			</dict>
		</array>
	</dict>
</plist>

**Unfortunately we don’t have the exact details on these additional new preferences yet but do know that some controls such as the SendAllTelemetryEnabled kill switch is moving to a suite-wide setting in com.microsoft.office which will make managing them across all apps easier in the future.

UPDATE July 23, 2019: Rich Trouton has also written about this issue and has provided both a script that will set the preference on disk across all user folders as well as a configuration profile that manages only this single setting and no others in his post: Suppressing Microsoft AutoUpdate’s Required Data Notice screen

UPDATE July 24, 2019: I added this key to the open source ProfileCreator application.

UPDATE August 7, 2019: A new support document from Microsoft about upcoming changes in Office 16.28 includes additional details about the preference key discussed in this post. Importantly setting either option will suppress the dialog from appearing to your users.

In addition to the RequiredDataOnly string we knew about, the alternative option for the AcknowledgedDataCollectionPolicy key is RequiredAndOptionalDataThe differences between Required and Optional data for Office are outlined in this support article.

3 comments on “Disabling Microsoft AutoUpdate’s new Required Data Notice in managed environments

  1. Pingback: Weekly News Summary for Admins — 2019-07-26 – Scripting OS X

  2. Shane Palmer

    FYI. As mentioned by Paul Bowden on Slack this can be either a computer level or user level configuration profile. See https://macadmins.slack.com/archives/C29PWTQFM/p1563381267144800

    After testing I found you can also run the defaults command to modify the computer level plist as well. This should cover all users that haven’t already set that key by clicking OK.

    defaults write /Library/Preferences/com.microsoft.autoupdate2 AcknowledgedDataCollectionPolicy RequiredDataOnly

    Additionally, there is also a bug that while the Require Data Notice is displayed Microsoft AutoUpdate will run at 100% CPU. See https://macadmins.slack.com/archives/C29PWTQFM/p1563828753012400

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *