MSEndpointMgr

Office 365 client deployment: notes from the field

Recently I took on an new task assignment to migrate all users from the Office 2016 client to Office 365 Pro Plus. I thought I could finish this task in an hour, and I was totally wrong about that! Sure it was very easy to make Office 365 application and deploy the application using ConfigMgr. Right? After I quickly make the application, I sit back and start thinking what else am I missing still, and then I realized there are some preparations and configurations that I need to do.

1. Visio and Project

My original plan was uninstall Office 2016, exclude Visio and Project, then install Office 365 64bit client, but soon I realized it is not supported to do so.

2. Update Office Administrative Template

Microsoft has done a great job adding more features to Office products in each builds, which means there are more setting can or should be managed. Currently the latest version of Office Administrative Template is published in Jan.22, 2020, it can be found from https://www.microsoft.com/en-us/download/details.aspx?id=49030

3. Privacy Control

Microsoft has made improvement of privacy control. Starting with Version 1904 of Office 365 ProPlus, there are new policy settings that will allow us to control Diagnostic data and Connected experiences , this is also one of the reason why we need update Office administrative template, all these policy settings are located under User Configuration\Policies\Administrative Templates\Microsoft Office 2016\Privacy\Trust Center

Diagnostic data is used to keep Office secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This data does not include a user’s name or email address, the content of the user’s files, or information about apps unrelated to Office. There are two type of Diagnostic data: Required and Optional .

  • Required diagnostic data is the minimum data necessary to help keep Office secure, up-to-date, and performing as expected on the device it’s installed on
  • Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. If you choose to send optional diagnostic data, required diagnostic data is also included

You can use Configure the level of client software diagnostic data sent by Office to Microsoft policy setting choose what level of diagnostic data is sent to Microsoft. Just remember, disable this setting will send both diagnostic data to Microsoft, if you don’t want send any data, choose Enable-Neither.

Connected experiences use cloud-based functionality to provide enhanced Office features. I personally wouldn’t want my IT disable the feature for me, because I really love PowerPoint designer feature, it makes my presentation so pretty. You can find list of Connected experiences from https://docs.microsoft.com/en-us/deployoffice/privacy/connected-experiences .

Since I want to leave Connected experiences options open for my end users, I don’t want make decision for them whether or not they wants these features, I leave this policy “Disable Opt-in Wizard on first run” as Not Configured, so that they will see the first run wizard tell them about privacy control, and how they can configure those settings by themselves.

There are 4 other policy settings for Connected experiences, you can find lots details here https://docs.microsoft.com/en-us/deployoffice/privacy/manage-privacy-controls

Don’t forget mobile devices! You can now use Office cloud police service  manage privacy control settings as well.

4. Microsoft Teams

5. Workplace join notification

When first time login to Teams or active Office 365 apps, it gives this Workplace join notification. By default, “Allow my organization to manage my device” is checked, if user click Yes, this device will be Workplace joined. There are some benefits of this, it provides seamless second factor authentication and Single Sign-On to workplace resources and applications.

But I really don’t like this popup windows, because I had to make separated instruction explain to end users what this means. If you are like me, want prevent Workplace join notification,  you can use this registry key

HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin, “BlockAADWorkplaceJoin”=dword:00000001

You might wonder here, why I don’t want Workplace join? Because these are corporate devices, and my next plan is implement hybrid Azure AD joined and co-management, I won’t need Workplace join after all.  More details about planning hybrid Azure AD joined https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan

6. Keeping Office 365 installation media up-to-date

Because we are doing this upgrade roll out in different phase, I wanted keep Office 365 installation media up-to-date. How to achieve this? My friend Nickolaj has an excellent blog post about this. https://msendpointmgr.com/2019/10/28/schedule-content-update-for-an-office-365-proplus-application-in-configmgr/

7. Start Layout

We love customize Windows 10, don’t we? 🙂 . After updated to Office 365 client, we noticed our start layout looks very terrible, because we had pinned Office 2016 apps in start layout, now that Office 2016 is uninstalled, star layout only shows those crazy looking ~W icons. Fix this is easy, just need to make a new start layout, make a new Group Policy with WMI filter. WMI filter has configure only apply to Office 365 installed.

Filter for Office 365 64bits installed

SELECT path,filename,extension,version 
FROM CIM_DataFile 
WHERE path="\\Program Files\\Microsoft Office\\root\\Office16\\" AND filename="WINWORD" AND extension="EXE" AND version > "16"

Filter for Office 2016 32bit installed

SELECT path,filename,extension,version 
FROM CIM_DataFile 
WHERE path="\\Program Files (x86)\\Microsoft Office\\Office16\\" AND filename="WINWORD" AND extension="EXE" AND version > "16"

Hope you enjoy reading my post and find it somehow helpful! 🙂

Sandy Zeng

Sandy is an Enterprise Mobility MVP since 2018. She is an experienced Information Technology Specialist for over 10 years. Skilled in Microsoft Endpoint Manager (ConfigMgr and Intune), Windows 10 and security. Sandy's interests are mostly related to Microsoft Technologies, she has passions learning new skill sets to improve her professional career and also as her hobbies. She uses her expertise to help customers achieve their goals and solve their issues.

Sandy founded the https://sandyzeng.com blog and is now a blogger on MSEndPointMgr.

5 comments

  • any ideas for the start layout office detection when there is also 2019 inhouse? i mean it seems to be complicated since 365 is also c2r and using the same “16” version…

  • Great writeup. Lots of interesting things to pickup and use in our deployment. 👍

  • Thank you- We’ve already deployed O365, but I picked up a few tidbits here I didn’t already know. Thanks for the write-up!

Sponsors

Categories

MSEndpointMgr.com use cookies to ensure that we give you the best experience on our website.