Tom, I'm waiting to see your results, please post back. We are a smaller company that yours, but I don't want to break existing people who have the Pulse client actually working. It seems like there isn't a new Pulse Client with 9.1r11.3, so maybe just the other components get an upgrade, and if users are connecting directy from client then they don't see the upgrade prompt....
We just finished the upgrading the appliance and I wanted to document my steps. We were able to upgrade the appliance, uninstall the apps, reinstall the new Pulse Secure Application Launcher without needing to elevate admin priveleges against multiple test devices. I need to redact some information and I can't send any screenshots for compliance reasons but I hope this helps.
We did have one finding for users who use the Pulse Secure application on a Chromebook. The role we were testing on had Split Tunneling enabled but for some reason I could not perform nslookups for my PC name. I could connect to it direct by IP but hostname look ups failed. I removed Split Tunneling from this profile and then things worked correctly. Thsi configuration was UNCHANGED prior to upgrading through and the split tunneling networks were properly defined. Maybe something with our CB setup or CB in general but they are a small fraction of our populace. Once I did that connectivity restored.
I think the BIG thing is to disable the web installation and automatic upgrade of Pulse Secure clients. I am calling it a night though. Good luck everyone.