Recently I took on an new task assignment to migrate all users from the Office 2016 client to Office 365 Pro Plus. I thought I could finish this task in an hour, and I was totally wrong about that! Sure it was very easy to make Office 365 application and deploy the application using ConfigMgr. Right? After I quickly make the application, I sit back and start thinking what else am I missing still, and then I realized there are some preparations and configurations that I need to do.
1. Visio and Project
My original plan was uninstall Office 2016, exclude Visio and Project, then install Office 365 64bit client, but soon I realized it is not supported to do so.
- All installed products must be either the 32-bit version or the 64-bit version. For example, you can’t install a 32-bit version of Visio or Project on the same computer with a 64-bit version of Office.
- It depends what version of Visio and Project has installed and installation technologies, there are multiple supported or not supported scenarios, details can be found from
https://docs.microsoft.com/en-us/deployoffice/install-different-office-visio-and-project-versions-on-the-same-computer#example-installation-scenarios - Microsoft recommend that you uninstall any previous versions of Office, including Visio and Project, before installing the newer version
https://docs.microsoft.com/en-us/deployoffice/upgrade-from-msi-version#keep-some-office-products-and-uninstall-all-other-office-products
2. Update Office Administrative Template
Microsoft has done a great job adding more features to Office products in each builds, which means there are more setting can or should be managed. Currently the latest version of Office Administrative Template is published in Jan.22, 2020, it can be found from https://www.microsoft.com/en-us/download/details.aspx?id=49030
3. Privacy Control
Microsoft has made improvement of privacy control. Starting with Version 1904 of Office 365 ProPlus, there are new policy settings that will allow us to control Diagnostic data and Connected experiences , this is also one of the reason why we need update Office administrative template, all these policy settings are located under User Configuration\Policies\Administrative Templates\Microsoft Office 2016\Privacy\Trust Center
Diagnostic data is used to keep Office secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This data does not include a user’s name or email address, the content of the user’s files, or information about apps unrelated to Office. There are two type of Diagnostic data: Required and Optional .
- Required diagnostic data is the minimum data necessary to help keep Office secure, up-to-date, and performing as expected on the device it’s installed on
- Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. If you choose to send optional diagnostic data, required diagnostic data is also included
You can use Configure the level of client software diagnostic data sent by Office to Microsoft policy setting choose what level of diagnostic data is sent to Microsoft. Just remember, disable this setting will send both diagnostic data to Microsoft, if you don’t want send any data, choose Enable-Neither.
Connected experiences use cloud-based functionality to provide enhanced Office features. I personally wouldn’t want my IT disable the feature for me, because I really love PowerPoint designer feature, it makes my presentation so pretty. You can find list of Connected experiences from https://docs.microsoft.com/en-us/deployoffice/privacy/connected-experiences .
Since I want to leave Connected experiences options open for my end users, I don’t want make decision for them whether or not they wants these features, I leave this policy “Disable Opt-in Wizard on first run” as Not Configured, so that they will see the first run wizard tell them about privacy control, and how they can configure those settings by themselves.
There are 4 other policy settings for Connected experiences, you can find lots details here https://docs.microsoft.com/en-us/deployoffice/privacy/manage-privacy-controls
Don’t forget mobile devices! You can now use Office cloud police service manage privacy control settings as well.
4. Microsoft Teams
- After install Office 365 client from Software Center, I didn’t find Teams from my Windows Start menu. I am using PSAppDeployToolkit to make my Office 365 package, so I added a force restart popup notification in the end. After restart, Teams is cached in users profile. I think logoff and login again will do the same, but since I am doing uninstall Office 2016 and install Office 365, a reboot will be better.
- When I tried make my first meeting call in Teams, Windows Defender firewall gave me a nice popup windows, when user is a standard user, he/she won’t able to configure these settings. Microsoft has publish a sample script to configure this firewall rules, but you will need make it as logon script or task schedule https://docs.microsoft.com/en-us/microsoftteams/get-clients#sample-powershell-script
Here is an other good post written by Michael Mardahl : https://msendpointmgr.com/2020/03/29/managing-microsoft-teams-firewall-requirements-with-intune
5. Workplace join notification
When first time login to Teams or active Office 365 apps, it gives this Workplace join notification. By default, “Allow my organization to manage my device” is checked, if user click Yes, this device will be Workplace joined. There are some benefits of this, it provides seamless second factor authentication and Single Sign-On to workplace resources and applications.
But I really don’t like this popup windows, because I had to make separated instruction explain to end users what this means. If you are like me, want prevent Workplace join notification, you can use this registry key
HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin, “BlockAADWorkplaceJoin”=dword:00000001
You might wonder here, why I don’t want Workplace join? Because these are corporate devices, and my next plan is implement hybrid Azure AD joined and co-management, I won’t need Workplace join after all. More details about planning hybrid Azure AD joined https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan
6. Keeping Office 365 installation media up-to-date
Because we are doing this upgrade roll out in different phase, I wanted keep Office 365 installation media up-to-date. How to achieve this? My friend Nickolaj has an excellent blog post about this. https://msendpointmgr.com/2019/10/28/schedule-content-update-for-an-office-365-proplus-application-in-configmgr/
7. Start Layout
We love customize Windows 10, don’t we? 🙂 . After updated to Office 365 client, we noticed our start layout looks very terrible, because we had pinned Office 2016 apps in start layout, now that Office 2016 is uninstalled, star layout only shows those crazy looking ~W icons. Fix this is easy, just need to make a new start layout, make a new Group Policy with WMI filter. WMI filter has configure only apply to Office 365 installed.
Filter for Office 365 64bits installed
SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Microsoft Office\\root\\Office16\\" AND filename="WINWORD" AND extension="EXE" AND version > "16"
Filter for Office 2016 32bit installed
SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files (x86)\\Microsoft Office\\Office16\\" AND filename="WINWORD" AND extension="EXE" AND version > "16"
Hope you enjoy reading my post and find it somehow helpful! 🙂
any ideas for the start layout office detection when there is also 2019 inhouse? i mean it seems to be complicated since 365 is also c2r and using the same “16” version…
Great writeup. Lots of interesting things to pickup and use in our deployment. 👍
Thank you Skender Osmani!
Very nice write up. Thanks.
Thank you- We’ve already deployed O365, but I picked up a few tidbits here I didn’t already know. Thanks for the write-up!