It IS updating itself once it gets to user AppData and user is using it. Ian is doing vain work by pushing msi over and over again. If use is not using it, it will stay the same version forever and eventually will be marked by security scanners for having some RCE. You can push msi to this machine, it will not update the version in AppData. Which is the same as if the user installed it on his own via exe from MS page. We are going to have Teams rollout soon using msi and i kind of dread this. As this will only create many more vulnerabilities. Especially on multi user machines. Because system wide installer "conveniently" activates when a new user logs in and copies its version at that point to user's profile and opens a sign in window. But if user ignores that, yeah, another obsolete vulnerable in future version sitting in user profile. MS it pushing Shadow IT with this design and then sells MCAS to control Shadow IT 😄