Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save talkingmoose/b6637160b65b751824943ede022daa17 to your computer and use it in GitHub Desktop.
Save talkingmoose/b6637160b65b751824943ede022daa17 to your computer and use it in GitHub Desktop.
Downloads and installs the latest available Microsoft product specified directly on the client. This avoids having to manually download and store an up-to-date installer on a distribution server every month.
#!/bin/zsh
:<<'ABOUT_THIS_SCRIPT'
-----------------------------------------------------------------------
Written by:William Smith
Partner Program Manager
Jamf
bill@talkingmoose.net
https://gist.github.com/b6637160b65b751824943ede022daa17
Originally posted: November 19, 2017
Updated: February 13, 2023
Updated: March 8, 2024
Updated: April 22, 2024
Updated: June 5, 2024
Included Team ID check
Purpose: Downloads and installs the latest available Microsoft
product specified directly on the client. This avoids having to
manually download and store an up-to-date installer on a
distribution server every month.
Instructions: Update the linkID value to one of the corresponding
Microsoft products in the list and optionally update the sha256Checksum
value with a known SHA 256 string. Run the script with elevated
privileges. If using Jamf Pro, consider replacing the linkID,
sha256Checksum, and teamID values with "$4", "$5" and "$6", entering the ID
as script parameters in a policy.
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by/4.0/
"You say goodbye and I say exit 0."
-----------------------------------------------------------------------
ABOUT_THIS_SCRIPT
# enter the Microsoft fwlink (permalink) product ID
# or leave blank if using a $4 script parameter with Jamf Pro
linkID="" # e.g. "525133" for Office 2019
teamID="" # usually "UBF8T346G9" but may differ between products
# 525133 - Office 2019 for Mac SKUless download (aka Office 365)
# 2009112 - Office 2019 for Mac BusinessPro SKUless download (aka Office 365 with Teams)
# 871743 - Office 2016 for Mac SKUless download
# 830196 - AutoUpdate download
# 2069439 - Edge (Intel Consumer Beta)
# 2069340 - Edge (Intel Consumer Dev)
# 2069147 - Edge (Intel Consumer Canary)
# These no longer work; unable to determine link IDs
# XXXXXXX - Edge (Enterprise Stable)
# XXXXXXX - Edge (Enterprise Beta)
# XXXXXXX - Edge (Enterprise Dev)
# Releases sourced from https://www.microsoft.com/en-us/edge/download?form=MA13FJ
# 2069148 - Edge (Intel Consumer Stable)
# 2093504 - Edge (Apple Silicon Stable)
# 2069340 - Edge (Intel Dev)
# 2099619 - Edge (Apple Silicon Dev)
# 525135 - Excel 2019 SKUless download
# 871750 - Excel 2016 SKUless download
# 869655 - InTune Company Portal download (Intel only from October 2023)
# 853070 - InTune Company Portal download (Universal)
# 823060 - OneDrive download
# 820886 - OneNote download
# 525137 - Outlook 2019 SKUless download
# 871753 - Outlook 2016 SKUless download
# 525136 - PowerPoint 2019 SKUless download
# 871751 - PowerPoint 2016 SKUless download
# 868963 - Remote Desktop
# 800050 - SharePoint Plugin download
# 832978 - Skype for Business download
# 869428 - Teams Classic
# 2249065 - New Teams
# 525134 - Word 2019 SKUless download
# 871748 - Word 2016 SKUless download
# enter the SHA 256 checksum for the download file
# download the package and run '/usr/bin/shasum -a 256 /path/to/file.pkg'
# this will change with each version
# leave blank to to skip the checksum verification (less secure) or if using a $5 script parameter with Jamf Pro
sha256Checksum="" # e.g. "67b1e8e036c575782b1c9188dd48fa94d9eabcb81947c8632fd4acac7b01644b"
if [ "$4" != "" ] && [ "$linkID" = "" ]
then
linkID=$4
fi
if [ "$5" != "" ] && [ "$sha256Checksum" = "" ]
then
sha256Checksum=$5
fi
if [ "$6" != "" ] && [ "$teamID" = "" ]
then
teamID=$6
fi
# this is the full fwlink URL
url="https://go.microsoft.com/fwlink/?linkid=$linkID"
# create temporary working directory
echo "Creating working directory '$tempDirectory'"
workDirectory=$( /usr/bin/basename $0 )
tempDirectory=$( /usr/bin/mktemp -d "/private/tmp/$workDirectory.XXXXXX" )
# change directory to temporary working directory
echo "Changing directory to working directory '$tempDirectory'"
cd "$tempDirectory"
# download the installer package and name it for the linkID
echo "Downloading package $linkID.pkg"
/usr/bin/curl --location --silent "$url" -o "$linkID.pkg"
# checksum the download
downloadChecksum=$( /usr/bin/shasum -a 256 "$tempDirectory/$linkID.pkg" | /usr/bin/awk '{ print $1 }' )
echo "Checksum for downloaded package: $downloadChecksum"
# extract Team ID from the download
downloadTeamID=$( /usr/sbin/pkgutil --check-signature "$tempDirectory/$linkID.pkg" | /usr/bin/awk -F '[()]' '/Developer ID Installer/{ print $2 }' )
echo "Team ID for downloaded package: $downloadTeamID"
# install the package if checksum validates
if ([ "$sha256Checksum" = "$downloadChecksum" ] || [ "$sha256Checksum" = "" ]) && ([ "$teamID" = "$downloadTeamID" ] || [ "$teamID" = "" ]); then
echo "Checksum and Team ID verified. Installing package $linkID.pkg"
/usr/sbin/installer -pkg "$linkID.pkg" -target /
exitCode=0
else
echo "Checksum failed. Recalculate the SHA 256 checksum and try again. Or download may not be valid."
exitCode=1
fi
# remove the temporary working directory when done
/bin/rm -Rf "$tempDirectory"
echo "Deleting working directory '$tempDirectory' and its contents"
exit $exitCode
@alex-lavon
Copy link

Is there a new product id for Teams? 869428 only pulls Teams Classic now. Thanks @talkingmoose!

@talkingmoose
Copy link
Author

I've found the ID for New Teams and updated the script to include it.

@colorenz
Copy link

Hey @talkingmoose

maybe you can add a teamid check to be on the safe side? As far as i know the Microsoft Team ID is always UBF8T346G9.

if [ "$6" != "" ] && [ "$Teamid" = "" ]
then
    Teamid=$6
fi

...............

# Get package TeamID
packageTeamid=$(spctl -a -vv -t install "$tempDirectory/$linkID.pkg" 2>&1 | awk -F '[()]' '/origin=/ {print $2}')

#Check if the package TeamID is the Microsoft TeamID.
if [[ " $Teamid " == " $packageTeamid " ]]; then
    echo "Package TeamID $packageTeamid is valid"
else
    echo "Package TeamID $packageTeamid is unvalid"
    exit 1
fi


@talkingmoose
Copy link
Author

@colorenz, thanks for the suggestion. I've updated it and briefly tested it. Take it for a spin and let me know your results.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment