Install Microsoft Office Updates

How can I push out Office updates, office 2016 and 2019?

Hi Scott. Software updates would be done through Chocolatey. Chocolatey Software | Packages

If you don’t find a suitable package here, then you’d need to build a script to update it and schedule that out.

Updates are handled by Office itself in those versions, not Windows/Syncro. If automatic updates are not enabled already (typically are) you can do so with GPO or registry entry: Automatic updating for Microsoft Office is not enabled - Office 365 | Microsoft Learn You can force a check for update on click to run editions with:
“C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe” /update user displaylevel=false forceappshutdown=true

I added the registry keys to have Windows updates run and also include other Microsoft products and that worked, but now the registry entries have gone away and automatic updates are turned off (they were there 12 hours ago). Is this caused by Syncro doing the Windows Updates? And Office 2016 is not ClickToRun so it doesn’t do the updates itself, it does it with the Windows updates.

I wouldn’t think Syncro would interfere with the office registry keys but I haven’t tested. 2016 can be click to run or MSI depending on your licensing I believe. If your is MSI then yes you’d need to manage them via Syncro like other updates or turn off the patch management and let Windows do it (assuming Microsoft Update is enabled, probably needed for either to work). windows - How to make "Give me updates for other Microsoft products" enabled again? - Super User

I am having the same issue. I have confirmed that Syncro policies that have Windows Patch Management enabled, disables “Receive Updates for Other Microsoft Products” in Windows Update Advanced Settings. I believe it’s done via group policy and then it locks the setting so that it cannot be toggled back on.

On the machine you can use gpedit to turn the policy back on to fix it temporarily, however once Syncro syncs again, the feature is toggled off and locked again.

Syncro policies that do not have Windows Patch Management do not have this behavior.

In the Windows Patch Management editor in Syncro, there is no way to manage this option.

The end result is that Office 2010, 2013 and 2016 do NOT receive updates at all with no work around other then editing group polices manually on the device. This can be hard to do with hundreds if not thousands of workstations affected.

I’m going to submit a support ticket to see if we can get an option to turn this setting off in Syncro.

Thank you, I also submitted a case just now.

Same issue with Office 2016 ProPlus Open (NOT the C2R version). The default answer of ‘use Chocolatey’ does not wwork, ssince Chocolatey does not have a package for 2016 ProPlus Open License.

I agree with [ask.jeremy] and others… furthermore I think that this affects more than just Microsoft Office. There are many Microsoft programs that receive updates under the “Receive Updates for Other Microsoft Products” Checkbox. I feel like this issue needs to be waived in front of the programmers. It feels like just a simple oversight in the Syncro setup of MS updates.

I wanted to add that I’m having a similar issue as well. Office 2016 is not updating on Syncro-managed clients because the box for enabling Microsoft products to update is greyed out. I can override this by going into group policy manager on the affected system and configure the Windows Update GPO but obviously that defeats the purpose of an RMM solution.

Updateing this in hopes of getting a response from Syncro. This is a big oversight that needs to be adressed urgently

Here is what support said to me:
Thanks for reaching out.

The Agent does make registry changes that block changing update settings which result in blocking updates from other Microsoft products on most Windows OS versions. While currently deploying updated software like Office, it would need to be done through Chocolatey or Scripting in Syncro.

Chocolatey does get installed along with our Third-Party Patch Management Policy. Here is a link to our Knowledge Base has information on Chocolatey: 3rd Party Patch Management FAQ

Typically our Clients manage this through scripting or disable Windows Patch Management and manage all updates by scripts

A few reference links for managing Office updates

Sorry for our limitation on this, I’ll be sure to will pass on the information to our Product Team for review and consideration.

Kindly let us know if you have additional questions. Thank you.

MC Botha
Support Agent
+1 415-523-6363
help@syncromsp.com

Ok, I have a workaround. Not perfect, but better than what we have.
********** THIS DOES NOT WORK FOR C2R VERSIONS **********

• Microsoft releases a monthly patch for Office. Search for <> <> Update for Microsoft Office
  **For example April 2022 Update for Microsoft Office. This shows you BOTH of Office 2013 and 2013 updates
• Download the 32 or 64 bit version as appropriate to your environment. Or both. I have verified that running the incorrect version will only generate a ‘no compatible product’ warning
• The command line switches for these are found at this microsoft webpage
  I have also submitted a script for review which writes the files from your own file library, then runs both the 32 and 64 bit
  CAUTION: This is a point fix. You would need to do a check once per month for the latest Office monthly rollup, and then update your script.

As always, we cannot guarantee the suitability of this process for your environment. No warranty implied or offered. Your mileage may vary.

WindowsUpdates923×360 124 KB

Just reviving this topic that seemed to go nowhere. To recap:

-Syncro agent does not update MS Office or other programs
-Syncro agent actually breaks the functionality of the OS that would otherwise update MS Office
-There is no reason for the agent to turn off updating of Office and other products, just an oversight.

So when can we get this fixed? This is a major issue. I am now in the position with a large client that a 3rd party is going to be auditing our MS Security score, and one of the items on the report is “Update MS Office”

But I can’t do that because my RMM tool breaks that functionality even though it has no reason to.

What’w worse is this does not seem to be an easy workaround such as scripting 20H2 or something. All the MS articles about keeping Office up to date reference the built in machine level update, or WSUS/SCCM which obviously I don’t have or else I would not need an RMM.

Can we get an updatefrom Syncro on this? This is not a feature request, or a nice to have. It’s an urgent bug fix that is required.

Office should continue to automatically update itself, unless you have a very outdated version of Office 2016 that required a particular KB to update (Microsoft issue, not a Syncro issue), meaning it wouldn’t grab those via Windows Updates. It’s actually specific to Outlook I believe, as the rest of the apps should be updating regularly. Anything before this version would be affected: 16.0.4266.1001. The KB Microsoft released to resolve that is HERE.

To be clear, we don’t “break” the ability to download these updates. In order to manage Windows Updates properly Windows Updates must be disabled and handled through our agent. You can’t have “other” Microsoft applications enabled while updates are disabled. If updates weren’t disabled, Windows would do its own thing (including rebooting itself) regardless of what your asset policy says.

Andy - I can demonstrate the following, and reproduce it on demand:

• a windows workstation that has windows updates AND ‘update other Microsoft products’ both selected
• update for windows and other products both work as expected
• We install the Syncro agent, and deploy an update policy
• Windows udpates continue to work. ‘Update other Microsoft Products’ stops working.

By definition, this is “breaking it”. We take something that works, add your product, now it does not work.

We are not trying to have ‘otheer microsoft prroducts’ enabled while disabling OS updates.

Once again, I am happy to demonstrate this. We can reproduce the same results at any time.

Yeah as I explained above in order for Syncro to manage Windows Updates it needs to disable them and control them directly through Microsoft APIs. If we didn’t disable the automatic updates on the endpoint directly, the endpoint would continue to update the OS on its own and we’d have no ability to manage it. There is no way on the endpoint to have Office updates enabled, and primary Windows update functionality disabled.

Again, the scenario you described where you are unable to update Office should only occur with the outdated Office 2016 version I referenced above, otherwise, Office should be able to update itself. If you are seeing this behavior on newer versions of Office then I would reach out to support so they can have a look. Otherwise, if you update your Office 2016 to ensure it’s a newer version that the one I referenced above (16.0.4266.1001) this should resolve your issue.

As referenced above Office 2016 Professional Plus is NOT an outdated version of Office (see Microsoft Office 2016 - Microsoft Lifecycle | Microsoft Learn forr confirmation). It is current and still under mainstream support

The problem is that Click-To-Run (C2R) versions (like those from Office 365) will update automatically and is therefore covered by the scenario you describe. Pro Plus is not a C2R version, it is a volume license version. And as mentioned above, Chocolatey does not have the ability to update 2016 ProPlus.

Therefore there is a gap in the coveragerr provided by the Syncro product. If you turn on the Windows update function in Syncro, and it manages Windows operating system patches, that same function TURNS OFF updates for ProPlus contained within the application. It disables the ‘update other microsoft products’ function.

No matter how many times you try to spin this around, I can demonstrate what we are talking about. I can provie that you have a bug in your system. Not with outdated software, but with valid, current Office software.

So we’re talking about two different things. Office 2016 has not hit its end-of-life period, but you can have an out-of-date version of Office 2016 as I’ve described above. Not processing updates for 2016, for example, means it’s out of date. This is akin to saying an application is vulnerable to attack because it hasn’t been updated (out of date), but that doesn’t mean upgrading to an entirely new version of the application (e.g. Office 2021). Can you please send me a screenshot of the version number on your Office 2016 install from an affected machine please?

• Windows 2016 ProPlus fully up to date
  • Updates are managed by the ‘Update Other Microsoft Products’ function
• Install Syncro
  • ‘Update Other Microsoft Products’ funciton is turned off
  • Updates for 2016 ProPlus no longer happen

I don’t see why this is confusing