Suppressing Microsoft AutoUpdate’s Required Data Notice screen
Suppressing Microsoft AutoUpdate’s Required Data Notice screen
As part of the latest update to Microsoft AutoUpdate app, a new screen has appeared which requires the logged-in user to click on it.
This screen is to notify users that Microsoft AutoUpdate collects diagnostic data for Microsoft and provides basic information on how to opt-out of the data collection. The overall point of the screen is to help Microsoft comply with the European Union’s General Data Protection Regulation (GDPR) and similar laws.
While this screen is fairly straightforward for an individual to deal with on their own Mac, it may cause challenges for computer labs because those facilities may remove and repopulate user home folders on each login. Since the setting which records that a user has seen the notification is stored in the user’s home folder, in the ~/Library/com.microsoft.autoupdate2.plist file, this may result in the lab’s users seeing this notification multiple times unnecessarily. To address this, Microsoft has made suppressing this screen possible by adding the following key and value to the com.microsoft.autoupdate2.plist file
- Key: AcknowledgedDataCollectionPolicy
- Value: RequiredDataOnly
This setting can be applied with a script or with a configuration profile. For more details, please see below the jump.
I’ve written a script and configuration profile to apply this setting. Either will work, but my personal preference would be to use the profile.
Script:
This script is also available on GitHub via the link below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script is designed to suppress the Microsoft AutoUpdate Required Data Notice screen | |
# The script runs the following actions: | |
# | |
# 1. Identifies all users on the Mac with a UID greater than 500 | |
# 2. Identifies the home folder location of all users identified | |
# in the previous step. | |
# 3. Sets the com.microsoft.autoupdate2.plist file with the following | |
# key and value. This will suppress Microsoft AutoUpdate's | |
# Required Data Notice screen and stop it from appearing. | |
# | |
# Key: AcknowledgedDataCollectionPolicy | |
# Value: RequiredDataOnly | |
# Identify all users on the Mac with a UID greater than 500 | |
allLocalUsers=$(/usr/bin/dscl . -list /Users UniqueID | awk '$2>500 {print $1}') | |
for userName in ${allLocalUsers}; do | |
# Identify the home folder location of all users with a UID greater than 500. | |
userHome=$(/usr/bin/dscl . -read "/Users/$userName" NFSHomeDirectory 2>/dev/null | /usr/bin/sed 's/^[^\/]*//g') | |
# Verify that home folder actually exists. | |
if [[ -d "$userHome" ]]; then | |
# If the home folder exists, sets the com.microsoft.autoupdate2.plist file with the needed key and value. | |
/usr/bin/defaults write "${userHome}/Library/Preferences/com.microsoft.autoupdate2.plist" AcknowledgedDataCollectionPolicy RequiredDataOnly | |
# This script is designed to be run with root privileges, so the ownership of the com.microsoft.autoupdate2.plist file | |
# and the enclosing directories are re-set to that of the account which owns the home folder. | |
/usr/sbin/chown "$userName" "${userHome}/Library/" | |
/usr/sbin/chown "$userName" "${userHome}/Library/Preferences" | |
/usr/sbin/chown "$userName" "${userHome}/Library/Preferences/com.microsoft.autoupdate2.plist" | |
fi | |
done |
Profile:
This profile is also available on GitHub via the link below:
https://github.com/rtrouton/profiles/tree/master/DisableMAURequiredDataNotice
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>PayloadContent</key> | |
<array> | |
<dict> | |
<key>AcknowledgedDataCollectionPolicy</key> | |
<string>RequiredDataOnly</string> | |
<key>PayloadDescription</key> | |
<string>Configures Microsoft AutoUpdate settings</string> | |
<key>PayloadDisplayName</key> | |
<string>Microsoft AutoUpdate</string> | |
<key>PayloadIdentifier</key> | |
<string>com.company.3D526594-EF29-400F-8459-37A72D044BD9.com.microsoft.autoupdate2.229DC997-3B88-4E97-8FD6-F4A033A2A779</string> | |
<key>PayloadOrganization</key> | |
<string></string> | |
<key>PayloadType</key> | |
<string>com.microsoft.autoupdate2</string> | |
<key>PayloadUUID</key> | |
<string>229DC997-3B88-4E97-8FD6-F4A033A2A779</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
</dict> | |
</array> | |
<key>PayloadDescription</key> | |
<string>Suppress Microsoft AutoUpdate's Required Data Notice screen</string> | |
<key>PayloadDisplayName</key> | |
<string>Disable MAU Required Data Notice</string> | |
<key>PayloadIdentifier</key> | |
<string>com.company.3D526594-EF29-400F-8459-37A72D044BD9</string> | |
<key>PayloadOrganization</key> | |
<string>Company Name</string> | |
<key>PayloadScope</key> | |
<string>System</string> | |
<key>PayloadType</key> | |
<string>Configuration</string> | |
<key>PayloadUUID</key> | |
<string>3D526594-EF29-400F-8459-37A72D044BD9</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
</dict> | |
</plist> |
I was able to download the DisableMAURequiredDataNotice.mobileconfig file but when I go to upload it into Jamf Config profiles, it sorta works. Creates the entry but doesn’t add any of the custom settings. Is there something I am missing or do I need to make a special plist for the custom settings for this?
Thanks!
In case you might offer a solution – the Guest User account seems to be terminally afflicted? I know less than Sgt. Schultz – but it kinda maybe makes sense that no settings can be “set” for the Guest Account?
FYI. As mentioned by Paul Bowden on Slack this can be either a computer level or user level configuration profile. See https://macadmins.slack.com/archives/C29PWTQFM/p1563381267144800
After testing I found you can also run the defaults command to modify the computer level plist as well. This should cover all users that haven’t already set that key by clicking OK.
defaults write /Library/Preferences/com.microsoft.autoupdate2 AcknowledgedDataCollectionPolicy RequiredDataOnly
Additionally, there is also a bug that while the Require Data Notice is displayed Microsoft AutoUpdate will run at 100% CPU. See https://macadmins.slack.com/archives/C29PWTQFM/p1563828753012400
I meant to add that the computer level plist might be a workaround for the issue of this not working with the Guest Account that Jake mentioned.
Thanks, Shane. I got so annoyed with it that I just yanked Office. I also truly don’t comprehend what “data” Microsoft wishes to mine that apparently legally requires a “Required Data Notice”, or why they’d cause it to run the CPU at 100% just to display their goofy notice and force users to accept it? All just a bit too Orwellian for me 😉
Given I tap into the Guest account quite frequently, it actually would take less time for me to just quickly reinstall the software should I ever need it again 😉
And my apologies if this is beyond the scope here. Thanks very much for this resource, as otherwise I’d have had no idea at all how to even possibly stop that nonsense.
If your fix works with the guest account, it’d be great to know, though? And possibly the gurus – who are genuinely kind enough to do their best to shield us from this type of nonsense – maybe they can be more clear with us about what data we’re expected to be forced to release to Microsoft in exchange for having installed their wondrous product? 😉
And I’m not even paranoid. It just seems that very weird to me? Thanks!
“Fairly straightforward for an individual to deal with”, you say. But “Learn more” leads to a Microsoft’s Essential Services page – 100 minutes to read! And mostly incomprehensible to non-IT scientists. Am I being bullied into accepting that my European “connection experience” data (of two types, apparently) can be collected and used in the USA? Unless I accept, I can’t even use a normal shutdown on my laptop because Autoupdate interrupts it. So currently, I’m using Pages and shutting down with the power button and I’m furious.
Any updates on what I am doing wrong on this. I upload the mobileconfig but there is nothing configured in it that I can see in Jamf. Is there a plist I need?
Every time I attempt to scope the profile to one of my test Macs it shows as failed in Jamf Pro. It’s not getting pushed out.
If you check the mobileconfig that you uploaded, you might find, like I did, that the guts of the file are gone – there’s just a “general” section and that’s it, which makes me think that Apple changed something between when Rich posted this and now….
Just signed it, pushed it out to my labs and no more pop-up! Much appreciated!
Is there any way to eliminate the Notice for the built-in Guest user?
+1 for killing it on guest account.