Enhancements to Microsoft AutoUpdate: A Security-Focused Approach
Microsoft has rolled out a significant upgrade to its AutoUpdate functionality, placing a strong emphasis on security measures. According to Ryan Haning, the Product Manager for Microsoft 365 for Mac, the latest adjustments primarily affect how the ManifestServer preference is implemented on client devices.
Changes in ManifestServer Configuration
Starting with Microsoft AutoUpdate (MAU) version 4.79, any configured ManifestServer URL or local folder path on unmanaged devices will be disregarded. This update means that only devices managed through Mobile Device Management (MDM) systems or similar management solutions will process a custom ManifestServer setting.
The decision to confine ManifestServer configurations to managed environments serves a critical purpose: it prevents unauthorized or improperly configured local update manifests from taking effect. This move enhances the security of Office updates, significantly lowering the risk of accidental installation of potentially harmful or outdated software.
Guidance for IT Teams
For organizations that depend on custom update sources, it is crucial for IT teams to ensure that all relevant Macs are registered with a device management platform, such as Microsoft Endpoint Manager or any other compatible MDM. Preferences related to the ManifestServer that remain in local configurations on unmanaged devices will be disregarded. This situation could lead to disruptions in update processes if overlooked.
Recommended Audit and Communication Practices
In light of these adjustments, Microsoft advises IT administrators to conduct a thorough audit of their systems to identify any existing locally configured ManifestServer preferences. It is vital to verify that every Mac requiring specific ManifestServer configurations is enrolled in an authorized device management solution. Additionally, organizations should proactively communicate these changes to all relevant stakeholders, revising internal documentation and deployment procedures as needed.
As detailed in the accompanying announcement, Microsoft states:
Next steps
- Review your organization’s update management settings to determine if the ManifestServer setting is currently utilized locally.
- Ensure all devices requiring specific ManifestServer configurations are enrolled in a device management solution.
- Communicate this change to your team and plan any necessary adjustments to the deployment processes.
Conclusion and Further Resources
This security enhancement is effective as of Microsoft AutoUpdate (MAU) version 4.79. For comprehensive technical details and guidance on configuration, consider exploring Microsoft’s official documentation.
For additional insights and images regarding this update, refer to the detailed discussion here.
Leave a Reply