Office and Microsoft 365 Apps Deployment & Update Management 2022
If you’re running Office 2016 or earlier, see your best options to configure Office for deployment and how you can predictably manage updates for newer versions of Office whether you’re targeting a few dozen or a few thousand users. Host Jeremy Chapman answers your top questions for Office and Microsoft 365 app deployment and servicing.
Importantly, Office 2016 & 2019 won’t be supported for connecting to Microsoft 365 services, including Exchange Online, starting Oct 2023. And Security updates for Office 2013 will end in April 2023. Don’t wait until the last minute — now is a great time to upgrade.
Why it’s important to update today.
Office installation packages have been replaced by Click to Run. Security Update Status provides a 360-degree view of all connected devices that’s not yet available in Endpoint Manager. And access controls for configuring and policy managing Microsoft 365 Apps for Enterprise (Office) for any device signed into your tenant (not just managed devices). See an overview of Microsoft’s 365 Apps admin center.
Gain more control and visibility.
Moving to Microsoft 365 Apps for Enterprise allows you to better configure and customize core Office app experiences, installation, and policy management across Word, Excel, PowerPoint, Teams, and Outlook in the Microsoft 365 Apps admin center. See how to create a servicing profile.
Don’t wait until the last minute!
Security updates for Office 2013 will end in April 2023. Office 2016 and 2019 won’t be supported for connecting to Microsoft Cloud services, including Exchange Online, in October 2023. See the key support expiration dates.
Watch our video here.
► QUICK LINKS:
00:00 Introduction of Office and Microsoft Apps deployment and update management
00:26 What’s different and what’s the same
00:50 Click to Run overview
01:40 Tooling updates
01:50 Microsoft 365 Apps admin center overview
02:30 New policy controls
03:20 Changes to how updates are managed
05:33 How to create a servicing profile
07:40 Controls exclusive to Microsoft 365 Apps admin center
09:05 Key support expiration dates to consider
► Link Reference: Learn more and to try it for yourself: config.office.com
► Unfamiliar with Microsoft Mechanics?
• As the Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMe...
• Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t...
• Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com...
• To get the newest tech for IT in your inbox, subscribe to our newsletter: https://www.getrevue.co/profile/msftm...
► Keep getting this insider knowledge, join us on social:
• Follow us on Twitter: https://twitter.com/MSFTMechanics
• Share knowledge on LinkedIn: https://www.linkedin.com/company/micr...
• Enjoy us on Instagram: https://www.instagram.com/microsoftme...
• Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
- Coming up, I’ll answer your top questions for Office and Microsoft 365 app deployment and servicing. Now, if you’re running Office 2016 or earlier right now, I’ll explain what’s different and your best options to configure Office for deployment. Then once everything is deployed, I’ll show you how you can predictably manage updates for newer versions of Office, whether you’re targeting a few dozen or a few thousand users. Now first, if you have experience with Office 2016 or earlier versions, let me explain what’s different and what’s the same. Now it’s important to know that both the Microsoft 365 desktop apps as well as Office 2019 and newer on-prem versions use Click-to-Run installation packaging and software update delivery for servicing. That also means that MSI-based Office installation packages have not been available since the Office 2016 release. Click-to-Run uses a more modern technology stack to install and service Microsoft 365 and Office apps and all apps will run from the local disc. And Click-to-Run is also used to install both subscription as well as perpetual activation versions of Office, and it also works for both 32- and 64-bit installs along with your existing Office COM-based add-ins as well as macros. So it’s designed to be compatible even if you’re coming from 2016 or previous versions of Office. Now Click-to-Run Office packages use a different type of XML-based configuration file compared to what you might be used to using MSP-based configuration files for the MSI when you deploy Office at scale. So that covers what’s new and different for deployment and configuration. So let’s move on to tooling. Now, as you move to newer versions of Office, you can, of course, use your preferred software distribution tools to configure and deliver Office apps to your devices and users. That said, another tool you should know about gives you even more control and visibility. This is the Microsoft 365 Apps admin center, where you’ll find everything you need to configure the core apps and experiences across Word, Excel, PowerPoint, Teams, Outlook, and more. You can get to it directly by navigating to Office configuration from the Microsoft 365 admin center or using its direct address at config.office.com. Here you can see that it includes capabilities to create configuration files used to customize the installation, along with the policy management service to enforce policies on a user’s device. Now, unlike the settings preferences that you might be used to with MSI versions of Office, these policy controls enforce your required settings even if that device isn’t domain joined or enrolled in your device management. For example, if a user self-installs Office desktop apps from Office.com on a personally-owned device and it’s unmanaged, then when they sign in into their Office 365 work or school account, your policy settings will get applied and enforced for the Office apps. And if the PCs you’re deploying Office to have existing Office apps, you have the flexibility to just uninstall the core Office apps but keep other apps like Visio, Project, SharePoint Designer, or InfoPath running on those devices. So those are some highlights of core Office configuration controls for newer versions of Office. Now another area to understand is how updates are managed. Now, there are a few choices here and you might be wondering, well, what’s changed, and what are the options? While you’re creating the Office configuration file, here in the Update channel control, you can select from the Current channel, Monthly Enterprise, or Semi-Annual Enterprise, along with preview options for testing purposes. Now let me explain how these updates and channels work. Office updates are designed to deliver three things: security and quality fixes, as well as new capabilities. And as I mentioned, there are three primary channel options. First, the Current channel, where updates can be delivered more frequently than once per month. Next, there’s the Semi-Annual channel where feature updates are delivered twice per year with additional security updates delivered monthly. And in between those channels is the Monthly Enterprise channel with a predictable once-per-month release schedule. Now, this channel gives you the best balance between keeping the experience stable and staying up-to-date with new capabilities. This includes things like new security controls for data loss prevention or Microsoft Information Protection updates. Now looking at the options, you might think that the semi-annual option seems like the way to go, but here’s the thing. So with the Semi-Annual channel, you might get stuck on a particular version for six to 14 months while it’s supported, and during that time, you’ll receive security updates but only select quality fixes. So you could be missing out on many of the performance and reliability fixes as well as new features that your power users especially will want. And the Semi-Annual channel is really intended for specialized devices like PCs on the factory floor or shared medical devices. The Monthly Enterprise channel, with its predictable delivery of performance and quality updates, is really what we recommend as the default for most large organizations. Update management for the Monthly Enterprise channel also has the broadest set of admin controls with a new option that’s called servicing profiles. Now, these let you automatically deliver monthly Office updates for specific users or groups and manage everything directly from the Microsoft 365 Apps admin center. I’ll walk you through the steps to create one. So first I’ll choose the devices or groups that I want. In this case, I’ll target all devices. And you can also set exclusion dates, for example, if you don’t want updates delivered during busy periods for your organization. So here in my example, I’ll set one up for fiscal year end, which I’ll start at June 28th and I’ll have that run through July 6th. Next, update deadlines let you configure the number of days after an update is available when installation is enforced. In my case, I’ll go ahead and set this to seven days. And now I can review my settings and create my profile. And then once you’ve set up servicing profiles, there are additional controls. So for example, you can pause updates from the servicing profile at any time. In settings, to customize rollout waves to roll out updates over time, you just need to select your groups. In my case, I’ll do this and choose finance. Now I’ll go ahead and choose my marketing group. And those will be for the first wave and then all remaining devices will be in the second wave in my case. And I can pick the number of days in between waves, and I’ll go ahead and choose three here. Then after your servicing profile is running and the updates get applied, you can also track update progress over time across the devices in scope, along with any issues that might arise. And if necessary, you can even roll back updates to a previous update for specified devices. Now, the primary advantage of using this model versus traditional management tools is that the success rate of updates according to our data increases from 73%, if you’re using traditional methods, to 94.5% using servicing profiles. And by the way, everything that I’ve shown you today so far in the Microsoft 365 Apps admin center gives you more control than what you’re probably using today with Endpoint Manager or Configuration Manager. And the good news is that both experiences can work together. So for example, you can use your configuration XML files from the Microsoft 365 Apps admin center as part of your deployments with those other tools. Now let me show you a few more controls in the Microsoft 365 Apps admin center that are currently exclusive to this experience. So here I’m in Security Update Status, which gives you a nice 360-degree view of the updates for all your devices with Office or a Microsoft 365 apps, as long as they’re signed into your Office 365 or Microsoft 365 tenant. Now, even though in my case I have a few days remaining for my update goal of 95%, I can easily see that devices are not up to date and take action. So I’m going to go ahead and open up Inventory, and this gives me a complete dashboard of the Office builds and channels deployed to devices signed into my Office 365 tenant. And you can also see a complete list of devices. Now, if I go back, you get access to a complete list of even all the COM add-ins in use in your organization as well. Now, these are views that aren’t currently available through Endpoint Manager’s software inventory, which is based on add/remove programs data of only those devices that are enrolled under device management. But don’t worry, we’re working on integrating these views and others into Endpoint Manager without requiring any migration, and until then, you can use them right from here. And finally, you might be wondering, well, what’s the urgency to move to a more recent version of Office? Well, for that, there are a few support dates that you’ll want to consider. So first, as a reminder for how Mainstream and Extended Support work, during Mainstream Support, typically for five years, Microsoft provides software updates that include both quality fixes and security updates. Now in Extended Support, Microsoft only provides security updates. So let’s translate that into Office versions that you might have running now. So for Office 2013, we’ll reach the end of Extended Support, meaning no more security updates, as of April 2023. Now, for Office 2016 and Office 2019, we’ll stop supporting the connection to our cloud services, including Exchange Online, in October 2023, but you’ll continue to get security updates until the end of Extended Support for those products. So check out aka.ms/SupportMechanics for more information. That was a quick overview of how you can use the Microsoft 365 Apps admin center to configure and manage your favorite Office apps. To learn more and try it out for yourself, go to config.office.com, and for more Office deployment deep dives, check out aka.ms/ODInsidersVideos, and be sure to subscribe to Microsoft Mechanics for all the latest updates. Thanks for watching, and we’ll see you next time.