Intune / Configuration Manager Proactive Remediation to trigger Office Click to Run Updater (intended to run for the logged on user to show built-in update pop-up)

Detect-M365AppUpdate.ps1

# See Microsoft 365 Apps Version history https://learn.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date#version-history

$targetVersions = @{
    'CurrentChannel'                        = [System.Version]::Parse('16.0.16130.20306')
    'MonthlyEnterpriseChannel1'             = [System.Version]::Parse('16.0.16026.20238')
    'MonthlyEnterpriseChannel2'             = [System.Version]::Parse('16.0.15928.20298')
    'Semi-AnnualEnterpriseChannel(Preview)' = [System.Version]::Parse('16.0.16130.20306')
    'Semi-AnnualEnterpriseChannel1'         = [System.Version]::Parse('16.0.15601.20578')
    'Semi-AnnualEnterpriseChannel2'         = [System.Version]::Parse('16.0.14931.20944')
    'CurrentChannel(Preview)'               = [System.Version]::Parse('16.0.16227.20094')
}

$configuration = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Office\ClickToRun\Configuration" 
$displayVersion = $null

if ( [System.Version]::TryParse($configuration.VersionToReport, $([ref]$displayVersion))) {

    Write-Output ("Discovered VersionToReport {0}" -f $displayVersion.ToString())

    $targetVersion = $targetVersions.Values | Where-Object { $_.Build -eq $displayVersion.Build } | Select-Object -Unique -First 1

    Write-Output ("Mapped minimum target version to {0}" -f $targetVersion.ToString())

    if ($null -eq $targetVersion -or $displayVersion -lt $targetVersion) {
        Write-Output ("Current Office365 Version {0} is lower than specified target version {1}" -f $displayVersion.ToString(), $targetVersion.ToString())
        Write-Output "Triggering remediation..."
        Exit 1
    } else {
        Write-Output ("Current Office365 Version {0} matches specified target version {1}" -f $displayVersion.ToString(), $targetVersion.ToString())
        Exit 0
    }
} else {
    throw "Unable to parse VersionToReport for Office"
}

Remediate-M365AppUpdate.ps1

$processArgs = @{
    'FilePath'     = "$env:ProgramFiles\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"
    'ArgumentList' = "/update user"
    'Wait'         = $true
}

if (-not (Test-Path $processArgs['FilePath'])) { throw "OfficeC2RClient.exe not found!" }
Start-Process @processArgs

Yes, it can be used in user context. If so, it will display a message to the user about getting updates and prompting to close Office apps.

Yes, it can be used in user context. If so, it will display a message to the user about getting updates and prompting to close Office apps.

Actually, i have added 'ArgumentList' = "/update user updatepromptuser=false forceappshutdown=true" to force close the apps. In my test experience, this works best, with of course, propably missing latest edits of user documents. But my company agrees with this heavy method. Office needs to be patched quickly because of recent Outlook vulnerability.

Update: i've ran the detection script against a much older office installation and it fails and result in Exit code 0, thus not trying to remediate

Major Minor Build Revision

---

16 0 15427 20210

@dungadaman you can just perform a $null check for the $targetVersion I just updated the snippet

@dungadaman you can just perform a $null check for the $targetVersion I just updated the snippet
Thank you. I'll try asap. But at the moment, even with your latest edit, Remedation status Failed on every pc. Running your script interactively works. So something is wrong when deploying through Intune remediation.

Set "Run script in 64-bit PowerShell" to YES, or it will not find the correct registry key

Oh! I feel so dumb. Didn't though about this. Thanks a lot. :)

That's OK, I had the same problem yesterday and took me 30 mins to realise :)

Good to hear I was not the only one ;-)

Hi Everyone,

thank you for the script it worked for me perfectly. Few things I need to ask if someone can help me out with it.

1- should we target the devices or users in the proactive remediation package or it won’t matter?

2- what about the schedule? Should I run it once or daily or hourly? What’s a best practice and it won’t trigger the installation again and again on the fixed devices?

It would be really great if someone can guide me with it.

Can I anyone please let me know?

@Ali121-coder In our case, we targeted the device group.

In the beginning we let it run hourly to get the clients checked and updated as soon as possible. Later we changed it so that it runs every few hours.
Even if you set it to run hourly, remediation will only run in case your clients haven’t updated to the version/s specified in the detection script.

In case the client already updated to the desired version (with PR or manually by the user), this info will be provided in the PR report (you just need to select all columns to be visible).

@TomislavPeharec thank you so much.

Can someone help? I am getting No Office ClickToRun on some computers even though they are running office 365 C2R version