Forum Discussion
Office bypassing Target Version set by Intune
Ok so I was managing my Microsoft patches through Intune. A while back Microsoft sent out this messageā¦. https://docs.microsoft.com/en-us/DeployOffice/other/devices-updating-monthly-enterprise-chann...
Is there a simple way to determine which 'service' is applying to a single device, when both of the registry locations exist?
Is it as 'simple' as
1. if the value "updatebranch" key HKLM\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officeupdate exists then config.office.com wins. "updatetargetversion" is set to "latest". (we were having problems with the install staying at 2207 with updatetargetversion set to 16.0.15427.20284
2. if the above key doesn't exist then fall back to the "updatebranch" value in HKLM\SOFTWARE\Policies\Microsoft\office\16.0\common\officeupdate
I have a situation where both of the above keys are set ( updatebranch in 1 = Current, 2 = MonthlyEnterprise)
yet the Apps are set to MonthlyEnterprise.
very confusing!
Is it as 'simple' as
1. if the value "updatebranch" key HKLM\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officeupdate exists then config.office.com wins. "updatetargetversion" is set to "latest". (we were having problems with the install staying at 2207 with updatetargetversion set to 16.0.15427.20284
2. if the above key doesn't exist then fall back to the "updatebranch" value in HKLM\SOFTWARE\Policies\Microsoft\office\16.0\common\officeupdate
I have a situation where both of the above keys are set ( updatebranch in 1 = Current, 2 = MonthlyEnterprise)
yet the Apps are set to MonthlyEnterprise.
very confusing!
manoth_msft
Microsoft
MicrosoftHi Steve,
there is more to it. For troubleshooting I would check these locations in the following order:
1) HKLM\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officeupdate > IgnoreGPO
If this key is 1, then the values in the same location are the winning ones, set by Servicing Profile / config.office.com.
If this key is 0, Servicing Profiles / config.office.com is not controlling updates on this box and any potentially existing values in this key are ignored.
2) If No 1 is not the winner, Office checks these locations in the following order for the winning setting:
1st Priority : GPO "UpdatePath" - HKLM\software\policies\microsoft\office\16.0\common\officeupdate!updatepath
2nd Priority : GPO "UpdateChannel" - HKLM\software\policies\microsoft\office\16.0\common\officeupdate!updatebranch
3rd Priority : "UpdateURL" or UpdatePath="\\Server\Share" HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
*4th Priority: UnmanagedUpdateURL - HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\UnmanagedUpdateURL
5th Priority : CDNBaseURL - HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\CDNBaseUrl
3) If No 1 & 2 yield an update channel different from the installed one, I would check if the Microsoft 365 Apps are deployed through Intune using the native app mode and have a different update channel set. In this case Intune will detect a configuration drift (e.g. after Profiles moved the device to channel A, but the Intune app is configured to be on Channel B) and trigger the setup engine to move back to the configured channel. Check this video for an explanation of how Intune can handle the Microsoft 365 Apps: https://youtu.be/fA8lcnRXmkI
Hope this helps!
there is more to it. For troubleshooting I would check these locations in the following order:
1) HKLM\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officeupdate > IgnoreGPO
If this key is 1, then the values in the same location are the winning ones, set by Servicing Profile / config.office.com.
If this key is 0, Servicing Profiles / config.office.com is not controlling updates on this box and any potentially existing values in this key are ignored.
2) If No 1 is not the winner, Office checks these locations in the following order for the winning setting:
1st Priority : GPO "UpdatePath" - HKLM\software\policies\microsoft\office\16.0\common\officeupdate!updatepath
2nd Priority : GPO "UpdateChannel" - HKLM\software\policies\microsoft\office\16.0\common\officeupdate!updatebranch
3rd Priority : "UpdateURL" or UpdatePath="\\Server\Share" HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
*4th Priority: UnmanagedUpdateURL - HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\UnmanagedUpdateURL
5th Priority : CDNBaseURL - HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\CDNBaseUrl
3) If No 1 & 2 yield an update channel different from the installed one, I would check if the Microsoft 365 Apps are deployed through Intune using the native app mode and have a different update channel set. In this case Intune will detect a configuration drift (e.g. after Profiles moved the device to channel A, but the Intune app is configured to be on Channel B) and trigger the setup engine to move back to the configured channel. Check this video for an explanation of how Intune can handle the Microsoft 365 Apps: https://youtu.be/fA8lcnRXmkI
Hope this helps!