Office 365 ProPlus Administrator Series: Using Office 365 as a Deployment Share

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. While the concept of having deployment automation call online file sources for unattended installations isn’t new, Office 365 ProPlus adds the unique benefit of robust file streaming instead of the traditional download and execute style installation. Office 365 ProPlus and the Office Deployment Tool (see my earlier blog about deployment options) allows you to define the file path as the SourcePath location defined in the configuration XML of the Office Deployment Tool. The current Office Deployment Tool lets you download and install Click-to-Run Office packages with your own software distribution tools. When you download Office Click-to-Run files, you will see the path where they are stored in the CMD window.     Download of the Office 365 ProPlus Click-to-Run files using the Office Deployment Tool In this case, Office source files are located at and you can use that value inside of your configuration XML. The Office Deployment Tool needs an XML with the SourcePath configured for installation which contains the OfficeDataVersionNumber folders to resolve. If you use a configuration XML with the following parameters:                                 your deployment automation will call the Office 365 streaming service and install according to the version number, architecture, language and other parameters that you assign in the configuration XML.  Notice I even used an older version number than the current one (.1019)  and was able to declare update behavior, display level and accept the EULA on behalf of my users. In a nutshell, even though I am using Office 365 as the SourcePath to install from, I didn’t give up any controls I had by installing Office 365 ProPlus from my local file share location. If I had Group Policy settings enforced on the computers I target for my deployment, then I would have complete control over how Office is installed, configured and managed. This is where it can get interesting… If I use the Office Deployment Tool – specifically just the setup.exe and the configuration XML sample I have above – I can pair this with System Center Configuration Manager 2012, Microsoft Deployment Toolkit, Windows Intune, third party tools, simple logon scripts or even psexec commands. In this case, I decided to pair with another cloud service – Windows Intune – to show everything working.     Process for using Windows Intune to stream an Office 365 ProPlus installation – 1. Configure install, 2. Push install instructions to PC, 3. Stream from Office 365, 4. Report success back to Windows Intune You might be asking yourself, “Why would I use Windows Intune versus sending users to the Office 365 Web portal to self-install Office?” If you are asking this question, there is a good chance you are an administrator on your computer or your users are able to install software themselves. For more than a decade, Microsoft has advocated Standard User accounts in Windows to maintain configuration control and therefore improve inherent security levels against malware. If you also manage a lot of software, it wouldn’t make sense to ask users to visit multiple websites to install their own software. Imagine your first day on the job and your boss tells you, “Here is your computer and email account. I sent you an email with a list of the 100 applications you’ll need to be productive and all the links of where to find the applications. Enjoy the next 3-8 hours of software installation.” What initially sounds like freedom for the end user would be a degraded experience for the person who otherwise receives a pre-configured PC with the 100 applications pre-installed based on his user role, geography and language preferences (you could argue that is the primary reason why Windows imaging and deployment automation exists). Centralizing your application resources to a single catalog and location along with using “required” or “push” installation performed by the administrator simplifies the process for the user and helps ensure that your users’ PCs stay in a manageable state. Windows Intune and System Center Configuration Manager 2012 both provide a central application catalog and support push software deployments. I put together a short narrated video of the process using Windows Intune along with Office 365 streaming. Basically, I used a file similar to the configuration XML sample above (I named it configuration2.xml) and added that along with the setup.exe to my Windows Intune environment. These two files only constitute about half a megabyte (MB) of space, so it doesn’t really consume any storage resources. It also means that the files are quickly copied from the Windows Intune service to the managed PC’s local cache. Both Windows Intune and the application model in System Center Configuration Manager 2012 will download the entire application payload prior to executing installation commands. For Office 365 ProPlus, that would mean you would typically need to wait for a 1 gigabyte (GB) file download, then Office would be installed from the local Windows Intune or Configuration Manager file cache. In this case, we can just cache that tiny half MB file and the streaming begins immediately from Office 365 according to our instruction set. The result is that the Windows Intune service basically instructs the Office 365 service and when completed sends a success message back to Windows Intune. Here it is in action… (Please visit the site to view this video)   Jeremy Chapman @deployjeremy Office Deployment Team

Announcement: New Office 365 sign-in page

The sign-in page for Office 365 has a new look! The redesign provides a simple sign in experience that adapts to work better on whatever device you’re using, from a desktop to tablet to phone, as well as reducing the number of times you’ll need to sign in. Highlights include: The sign-in page automatically adapts to the screen resolution and capabilities of different devices, operating systems, and browsers. You can start signing in almost immediately, while the rest of page downloads in the background. Improved experience for on-premises-to-cloud single sign-on. You can stay connected until you want to sign out. Just check the “Keep me signed in” option. Want to know more? Check out details and screenshots of the new experience . NOTE: The new sign-in page works best in Internet Explorer 8 or later browsers. Learn more about Office 365 browser support .

Announcement: New Office 365 sign-in page

The sign-in page for Office 365 has a new look! The redesign provides a simple sign in experience that adapts to work better on whatever device you’re using, from a desktop to tablet to phone, as well as reducing the number of times you’ll need to sign in. Highlights include: The sign-in page automatically adapts to the screen resolution and capabilities of different devices, operating systems, and browsers. You can start signing in almost immediately, while the rest of page downloads in the background. Improved experience for on-premises-to-cloud single sign-on. You can stay connected until you want to sign out. Just check the “Keep me signed in” option. Want to know more? Check out details and screenshots of the new experience . NOTE: The new sign-in page works best in Internet Explorer 8 or later browsers. Learn more about Office 365 browser support .

The new Office Garage Series: Did Deployment Just Get Faster?

In this week’s new Office Garage series episode, our hosts Jeremy Chapman and Yoni Kirsh explore the change in guard of compatibility tools; race Click-to-Run Office installs using MDT, SCCM, and Windows Intune versus the MSI and catch up with Office engineer, John Hoegger, on the end-to-end aspects of deployment. They demonstrate compatibility tools and automated software distribution and discuss the Office roll-out inside Microsoft, to answer whether or not deployment just got faster. Tune into .

Office 365 ProPlus Administrator Series: Office 365 ProPlus and Series Overview

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Welcome to my series on Office 365 ProPlus for the administrator. Some of you will have used various components of Office 365 and in some cases be able to skip past large sections of this blog series and others may be new to the concepts in Office 365 ProPlus and will want to know how it might impact their current software distribution, Windows imaging or software management processes. I have a long history in Windows imaging and deployment and prior to that worked heavily with systems management products to deliver and manage software, and I think that will come out as I write about all of the IT pro features for Office 365 ProPlus and related topics. I’ve had the pleasure of working with some of the best software engineers, testers and program managers over the last couple of years and we are excited to present and deliver a lot of new IT value related to Office deployment and management technologies. This blog series builds on the Office and the Cloud blog authored today by John Jendrezak and will go into a lot of depth in subsequent posts. I posted this series in reverse order should it should read from top to bottom like one contiguous long blog, but I do plan to address further topics and do some hands-on integration in the future with management tools we can use to automate Office 365 ProPlus deployment, like System Center Configuration Manager, Windows Intune and the Microsoft Deployment Toolkit. What is new with Office 365 ProPlus and why should I care as an IT pro? Office 365 ProPlus builds on the culmination of several technologies – from application streaming to cloud services – to enable new user and administrative experiences to support Office as a Service. Unlike previous iterations of Office application suites, Office 365 ProPlus enables users to get to rich Office experiences quickly on any Windows 7 or newer PC and have their files and personalized settings follow them from PC to PC. Whether at home, at work or on the go, Office is now connected by the person using Office, not by the device – that means each user can install Office on all the computers they own or use. The Office 365 ProPlus installation does not require you to uninstall or upgrade from previous Office versions, instead it streams Office down to you PC alongside your existing Office applications. Streaming enables you to start using Office in a fraction of the time needed for older generation Office installations – you can use Office while it continues to stream in the background. Once Office 365 ProPlus is launched, you sign in to Office and it automatically links you to your files, settings, personalization and even will point you to the last position you were reading in a document, regardless of the computer you are using. Because your Office is accessible anywhere, you can work across computers and Windows devices seamlessly – however you want. When combined with SkyDrive Pro, Office 365 ProPlus also lets you use Office anywhere with Office on Demand, a new way to quickly deliver rich Office applications to a PC within seconds using application streaming technology. Office on Demand streams and launches a temporary copy of your favorite Office application without installing it and when you log off, there are no links back into the new Office applications and the files you were working on are no longer on that PC, but saved back into SkyDrive Pro by default. This will work on any Windows 7 or newer computer, whether you have an Administrator or Standard User account. As you would expect, these new Office experiences can be delivered and managed on your organization’s terms. Office 365 ProPlus is designed to be suitable for small businesses to multinational corporations. IT administrators can control active users, software configurations and delivery, data access and connections to email and communication services. As you read on I will try to cover all of the areas that matter to IT and system administrators and also cover the major processes for assessing, testing, piloting, deploying and managing Office 365 ProPlus. I’m posting most of the major desktop application-related topics as one block of content, but intend to keep going. The next planned phase in the series is to show working integrated scenarios I’ve built with tools like System Center Configuration Manager 2012, Windows Intune and the Microsoft Deployment Toolkit. For now, these blogs are intended to show the architecture and core plumbing to enable deployment and management for organizations of all sizes. Feel free to submit content requests and give us your feedback.   Jeremy Chapman @deployjeremy Office Deployment Team  

Office 365 ProPlus Administrator Series: Integrating Office 365 ProPlus into Your Organization

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus integrates with your IT service management processes and tools. With Office 365 ProPlus you and your users receive unparalleled access and experiences with Office programs. Office 365 ProPlus uses the cloud for streamlined software delivery and updates, but does not execute Office applications remotely in cloud, instead the focus is getting Office up and running quickly on the local PC using application streaming. These new experiences enable offline use and can take full advantage of local system resources, without being limited by what can be done via the Web browser or remote desktop experiences. Office 365 ProPlus is connected to the user – not the device – and that means integration starts with provisioning your users an active Office 365 account. The resulting Microsoft Online Services ID gives users access to the software and services you allow them to have and it also acts as the way Office delivers roaming settings across a user’s collection of devices. There are multiple options for establishing online IDs – from manual or bulk list entries to Active Directory synchronization to directory services federation. These options allow you to tailor the login and provisioning experience to either reflect real time changes to your directory services to manage all identity and authentication aspects in the cloud. Office 365 ProPlus also integrates with existing software distribution policies and practices in your organization. Some organizations will allow users to perform Office 365 ProPlus installation directly from the Office 365 Web portal, but most will opt to download and import Office 365 ProPlus installation files into their software distribution environments, then use those tools to centrally perform installation on behalf of their users. This integration with on premises software distribution allows organizations to maintain existing security policies where users do not typically have required rights to install software themselves. Office 365 ProPlus is also designed to integrate with Microsoft Application Virtualization to provide additional configuration and control options. Additionally, those using virtual desktop infrastructure (VDI) can use Office 365 ProPlus on user-dedicated Windows 7 and Windows Server 2008 R2 or newer virtual machines without the Remote Desktop Services role enabled.     Using Software Distribution to Deploy Office 365 ProPlus Office 365 ProPlus is designed to integrate with most common desktop architectures while providing additional cloud benefits for quickly provisioning and de-provisioning users, roam core productivity settings across devices and incorporate common user credentials to activate Office experiences across multiple computing devices. For more information on integrating Office 365 ProPlus into your organization, check out Deployment options for Office 365 ProPlus Preview on TechNet.

Office 365 ProPlus: Upgrading Customer Preview (4128) Clients to Release (4454 or 4481) Clients, Plus Deploying Release Clients and Office for Mac…

It’s been a while since I have blogged in the Office 365 Technical Blog and if you haven’t had a chance, check out our TV-like series of client video blogs at  In this post, I want to answer a few questions we are getting frequently pertaining to the Office 365 client apps… 1. How do I upgrade Office 365 ProPlus Preview clients to release versions? 2. If my Office 365 tenant hasn’t been upgraded, how do I get the new Office clients for PCs and Macs? Let’s start with the first question. A lot of people think the Office 365 ProPlus apps are radically different compared to their MSI-based brethren, but once installed they are practically indiscernible. Likewise, as almost every Beta release of software from Office to Windows and others, there isn’t usually a direct “upgrade” path from a Beta (or “Preview”) release to a production build. Usually this is because it isn’t a mainstream supported or tested path. In the same sense, upgrading from a 4128 Preview branch build to what was a 4454 Release branch build does not work. This scenario requires uninstalling and reinstalling Office clients. We would recommend the same for Click-to-Run packages or MSI-based installation packages. In fact, even when you go from Office 2007 to Office 2010 or Office 2010 to Office 2013, the recommended approach in an IT-managed environment is to do an uninstall and reinstall of the Office client applications. This practice will lead to higher installation success rates and user configuration settings are maintained, so you end up with an “upgrade-like” outcome. Like with Office MSI-based packages, there are offscrub scripts available for Click-to-Run packages if uninstallation does not complete as planned. I will walk through the uninstall and reinstall steps in this post and also talk about the way you would script this using the Office Deployment Tool with your application deployment tools. The first thing we need to check is which build of Office is installed. There have been three primary build numbers for Office 365 ProPlus Preview: 15.0.4128.1014, x.1019, x.1025. I tend to refer to these as “4128 builds.” To identify the build you are on, you go to %ProgramFiles%Microsoft Office and open VersionDescriptor.xml. If you don’t see this file or folder structure, chances are you have Office Professional Plus 2013 Preview (MSI package) installed. If you do have and open the XML, you should see something like this: You can also go to the backstage of any of your Office apps – like Word – by clicking the File tab, then Account and you will see the version number: I highlighted the XML above compared to the somewhat friendlier user interface because it contains a detail that determines when updates are possible, notice this line: That is similar to the cversion.ini in Windows we all know and love and like cversion.ini’s MinClient property it gates updates only as far back as the 4446 build branch. If you are an avid Office enthusiast, you may be asking yourself, “But Jeremy, that build number is quite a bit higher than the Release to Manufacturing (RTM) build of Office Professional Plus or Standard 2013 (MSI). Those were 15.0.4420.1017, so shouldn’t we be using a 15.0.4420.1017 build of Office 365 ProPlus?” Truth is with Click-to-Run and Office 365 ProPlus (plus every other non volume SKU) monthly updates will see new build numbers for each and every build. Our General Availability (GA) build branch on February 27th for Office 365 ProPlus was 4454 and now we are at 4481… and counting. Because your Office 365 ProPlus Preview is 15.0.4128.1025 (usually), it is lower than the “RequiredClientVersion Build” property value and therefore cannot be “updated” to a 4481 build. But why exactly? The Preview builds use a different and parallel activation service with Preview tenants and accounts, the virtual file system plumbing for Click-to-Run is also quite a bit different, and as mentioned before Preview/Beta-to-RTM isn’t a mainstream scenario as an upgrade path. So as with pre-release Office versions in the past, an uninstall and reinstall is required and recommended. Let’s walk through that now. Uninstalling Office 365 ProPlus Preview There are really three ways to uninstall the Office 365 ProPlus Preview clients; manual uninstall, removal via the Office Deployment Tool or stronger removal via Offscrub support tools. In most cases, simple uninstall via the Windows Control Panel will suffice. Going to “Control PanelProgramsPrograms and Features” manually in Windows will display Microsoft Office 365 ProPlus (and even the build number again): If you have a few installs out there and need to automate the uninstallation of Office, you should download the Office Deployment Tool for Click-to-Run Preview . If you search the Microsoft Download Center for the “Office Deployment Tool” (ODT), you will see a Preview and a release version. Rule of thumb is if you are installing/uninstalling the Preview client, use the Preview ODT. You will need to download the setup.exe and the configuration XML file. To uninstall Office 365 ProPlus Preview, use the Remove property in the XML. You will ultimately run: setup.exe /configure path_toconfiguration.xml Here is an example of the XML file – I called mine remove.xml: The Display Level=”None” property will make it a silent uninstall and if you thought the Click-to-Run installation was fast, the uninstallation is much faster. Finally, there is a nuclear option to completely remove Office Click-to-Run packages using the Microsoft Fix It tool found in KB2739501 . This tool is great if you experience any uninstallation issues, but the manual or ODT-driven uninstalls will typically be enough. Between those three options, you should have no problems uninstalling Office 365 ProPlus Preview. Installing Office 365 ProPlus Release Build… and the answer to “If my Office 365 tenant hasn’t been upgraded, how do I get the new Office clients for PCs and Macs?” Now that you are familiar with the Office Deployment Tool, it’s time to use it to install Office. This is also how to get Office if you currently have a Pre-Update Office 365 tenant with rights to Office Professional Plus. You are using a pre-upgrade tenant if your site still has the orange flourishes around the top of the portal page. IMPORTANT NOTE: Use the Office Deployment Tool release version – not the one with “Preview” in it’s title. Now on the same machine you just uninstalled Office 365 ProPlus Preview, we will install Office 365 ProPlus’ latest build (which is now 15.0.4481.1005) using the release version of the ODT. To do this, you need to make small changes to the sample configuration.xml file. You can remove the SourcePath if you want to install straight from the Internet. Here is what my configuration.xml file looks like: Then from the folder where I extracted the Office Deployment Tool, I run the following command from an Administrator Command Prompt: Of course there are many, many more options to use with the configuration.xml file and everything is described in painstaking details on TechNet. Now all you have to do is sign in with your active Office 365 tenant credentials – and those can be a pre-upgrade tenant with Office Professional Plus rights, an M, E3, E4 or Office 365 ProPlus standalone new tenant. But there is still one more thing I want to cover… How Do I Get Office for Mac 2011 with a Pre-Upgrade Tenant? Pre-upgrade Office 365 tenants will not expose links to end users for Office 365 ProPlus or Office for Mac 2011. If you want to use Office for Mac 2011 with Office 365 activation, you can download the DMG installation package from this link . That will download an English-US version of Office for Mac 2011 SP3 which will activate against an Office 365 tenant Pre- or Post-Upgrade for users with rights to Office Professional Plus or Office 365 ProPlus desktop apps. These will also count against the five installations per user and the interface to manage deactivation of Office apps will be available to users once pre-upgrade tenants have been upgraded.   Thanks and that’s a
ll for now. Be sure to tune in to our Garage Series Live! webcast on April 3rd 9AM PST at .   See you then, Jeremy Chapman Office Deployment Team    

Office 365 ProPlus Administrator Series: Office 365 ProPlus Service Components – a look at Identity, Click-to-Run delivery, Roaming Settings and…

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus comprises of multiple service components. John Jendrazak hit on many of these topics with his post on the Office Next blog , but I will try to frame this for the IT admin for managed environments. The user is at the center of the service and is empowered to experience Office across all of the devices they use. Office 365 ProPlus enables its users to install Office on up to five computers and even access rich Office experiences on computers used temporarily when combined with SharePoint Online. So whether at home, in the office or on the go, Office 365 ProPlus users are productive and connected. Their application settings, links to recent files and folders, custom dictionaries and even bookmarks to the last position they were in a document roam with them from device to device. At the same time, IT administrators can manage these experiences, access to services, deploy Office on behalf of their users and quickly add or remove user accounts – even for seasonal or temporary workers. This section explains the architecture and anatomy of the services and technologies to enable the Office 365 ProPlus experience Identity At the core of the Office 365 ProPlus service is the concept of identity. An active user account in Office 365 provides the key for the rest of the Office 365 services. Every Office 365 user has an Online Services ID which both provides access to services and also stores a key list of personalization settings and links to most recently used documents for Office 15 applications. Microsoft Online Services IDs and corresponding personalization information are stored centrally in Windows Azure and loaded by the Office application during application launch, or when switching between accounts while running Office programs or when logging into Office 365 ProPlus software installations will require the user to sign in with this identity to activate Office 365 software. IT administrators can also provision or de-provision user accounts along with their rights to access services as needed; status changes are quickly reflected in user applications and services. Below are architectures of the three primary identity options for organizations using Office 365.      Microsoft Online Services ID           This option does not require on premises infrastructure or directory services. Administrators can manually import users from a local directory, but as new users join or others leave the local directory service, the administrator will need to manually provision or de-provision accounts. Passwords, authentication and authorization are managed in the cloud.   Microsoft Online Services ID with Directory Synchronization     This option is used with on premises Active Directory directory services and will synchronize user accounts from a directory service. In this case, User Principle Names and relevant user attributes are synchronized every three hours with the online directory store. Passwords, authentication and authorization are managed in the cloud. Single Sign On with Active Directory Federation Services     This option is used when organizations want to share the same sign on information as used with their local domains for users accessing Office 365 services. This option retains the same sign on for Office 365 services and local directory services. On premises infrastructure is used to manage passwords, authentication and authorization for Office 365 services. Passwords are not stored or managed in the cloud.  Click-to-Run Delivery Click-to-Run delivery is new to Office 365 ProPlus and enables Office applications to be delivered using application streaming technology. The time needed from initiating an installation of Office Click-to-Run to first use can be as little as one minute, whereas traditional Office installations can easily take more than 20 minutes. There are several additional advantages for using Click-to-Run, including: –           Side-by-side support to run the new Office with previous versions of Office –           Discrete software updating without interrupting end users –           Easily customizable with Office Add-ins, dependent applications and Office Apps –           Faster installation and faster first run experiences compared to traditional Office installations –           Flexible deployment and installation options from self-installation to enterprise “push” deployments Click-to-Run is rooted in multi-year investments with Microsoft’s application virtualization technologies and Office 2010 Click-to-Run. Based on customer feedback and continuous improvements of these deliveries, Click-to-Run in the new Office enables local applications and add-ins to interact with Office installations – something not possible with other forms of application virtualization delivering Office or Office 2010’s Click-to-Run implementation. Click-to-Run also uses virtual file system (VFS) as opposed to a mount point installation (MNT) to avoid creation of a Q: or similar drive.   Comparison of Office 365 ProPlus Click-to-Run with Microsoft Application Virtualization 4.6 and Office 2010 One of the biggest differences with this model compared to other variations of application virtualization are that Office features are loaded at a component level instead of waiting for a large feature block. In the old model 5-10% of the application is typically loaded as the first feature block and that allows the application to launch and perform a few basic tasks. The rest of the application is then loaded and cached while you work within the boundaries of the first feature block. This model works extremely well with smaller applications, but a standalone Office application is several hundred MB with many components shared across the Office suite of applications. So the larger feature block had to be broken up into a component level to aid the first launch experience. The components are all loaded according to a pre-defined queue and if a user attempts to load a feature lower in the queue before it is there, that feature is loaded dynamically to get those portions of the application working. Cache continues to come in in the background via intergratedoffice.exe processes running to cache the entire Office suite – even while applications are in use. I often get the question, “Do I need to use all of the application functions for them all to load into cache?” No, while your usage can manipulate what features are prioritized, eventually all features are cached in the background. The next major difference is that in the past, virtual applications were completely isolated from each other. That was quite beneficial in the Windows XP and earlier days when DLL conflicts were common. The DLL conflict issues were largely solved in Windows Vista with file and registry virtualization and for many business users first experienced in Windows 7 when IT admins began to realize that file and registry virtualization (renamed User Account Control Virtualization) solved most of the application-to-application conflict issues natively in Windows. For Office, the isolation model was a challenge because Office is by nature an extensible platform with other applications calling into it and those of you using Office Starter or the trial experiences of Office 2010 (aka Click-to-Run v1) will remember that Office add-ins could not talk to the installed versions of Office. Likewise if App-V 4.6 was used to deliver Office 2010, it meant I had to sequence add-ins into the Office sequence and if I tried to do something like install Power Pivot as a local executable atop an App-V-delivered copy of Excel 2010, it would not work by design and your application packaging team would need to re-sequence the Office package to include Power Pivot. All of these events, updates to the Windows platform and challenges meant we needed to open up the isolation model and allow for local customizations, applications and add-ins to integrate with Office Click-to-Run. Despite Office 365 ProP
lus using application virtualization, other objects on the system can interact with it. One of the easiest examples to see this is with the installation of language packs – once I have a base install of Office using Click-to-Run, I can install a language pack to modify how Office runs. The same is true for add-ins and other local customization. While we added the ability to integrate with local applications, we kept the ability to install side-by-side with other versions of Office. This was possible in the old days with MSI-based installation, but there were always a number of issues with having two versions of Office installed. Many of these issues go away with application virtualization, but some remain like which application should own default file associations. In Windows 7, the last installed application wins and in Windows 8, users are asked to determine the default program. Despite some of the challenges with side-by-side, it dramatically reduces the risk of rolling out the new Office, because users can revert to an older version in the rare cases when they detect a file incompatibility or other customization that does not work as intended.  In the real world and despite best intentions, admins can’t always test every file and every add-in out there before rolling a new version of Office into production, so the side-by-side support helps. The challenge then becomes how to establish a plan for removing the older Office version and determining those policies and practices because you don’t want to be stuck in the future with two or more versions on Office in support – especially when they are on the same machines. In other words, side-by-side should be used to ease the transition and move some of the testing back to the user, but shouldn’t be relied on as a permanent configuration.     Office 365 ProPlus running side-by-side with Microsoft Office 2003 Now that I am on the topic of support, let’s talk about software updating. Many people think that updates are forced upon users and while some will like the “always up-to-date” phrase and let automatic updates happen (or just approve update files as they come in), others may not – especially those who have seen updates cause major issues. IT administrators using Click-to-Run have full control of the software update experience and can opt to receive automatic updates or roll out specific Office builds based on organizational testing and validation. A range of the most recent Office Click-to-Run builds will be provided to Office 365 administrators to help them remain current, while providing the flexibility to allow for testing prior to deploying new builds into production. Do users need to install Office 365 ProPlus themselves? No. While it might sound like freedom to some people to be able to install their own applications, for some of the companies I worked with when I was in Windows with 200,000 applications or even more reasonable numbers like 10,000 applications, it probably isn’t a good idea to ask every new hire to go ahead and manually install the 50-100 apps they might need to be productive. So we as IT admins need a way to install applications on a user’s behalf – what I like to call “push deployment” versus self-service scenarios where I would call it a “pull deployment.” Click-to-Run is designed to integrate with existing IT service management tools and processes to enable push and pull deployments in a managed way with products like Microsoft’s System Center Configuration Manager or other enterprise software distribution tools. A Click-to-Run installation is installed on the local PC and available to other users of the PC as with MSI-based software installation, so it works similar to how we would deploy an MSI or any other EXE-based package today and in fact Click-to-Run uses EXE files to initiate an installation. Once the installation is fully-cached, Office is available for use offline, without connecting to the Internet or the Office 365 service.   Roaming settings Roaming settings has been updated and extended to enable users to easily switch between devices and see the documents and files they were last working on. There were limited roaming settings capabilities in the past when Office was paired with Windows Live services, but the new Office extends roaming capabilities as a core part of the sign-in experience. When a user is logged in and launches an application, the following core settings are loaded into their respective Office apps: –           Links to recently used documents (http file paths) –           Links to recent places (http file paths) –           Last reading position in Word document –           Last viewed slide in PowerPoint –           Custom dictionary (all apps) –           Office theme and user picture (all apps)   John O’Sub is signed in to Word 2013 Preview automatically and his recent files and folders are displayed as well as Office theme These settings are loaded into the Office applications as the applications launch. Because the files (documents, spreadsheets, presentations, notes, etc.) themselves are not roaming, there isn’t a measurable impact on application launch performance. Consumer experiences in will also enable relevant settings to roam with the user portal experience, such as recently used documents and recent places. Office on Demand Office on Demand is a new delivery option for Office and uses a variation of Click-to-Run to enable Office application streaming delivery on demand to any Windows 7 or newer PC with a connection to the Office 365 service. A user accesses Office on Demand via SkyDrive Pro in Office 365. In this case, the Office application – such as Word, PowerPoint or Excel – is streamed and usable in as little as 30 seconds. Office on Demand does not require administrator privileges on the PC, so it can be used on any Windows 7 or newer PC with an Internet connection – even PCs used temporarily. Office 365 ProPlus subscription users are not limited by the number of PCs they can access Office on Demand with. All application processes run from within the user profile and files by default will be opened from and saved to a SkyDrive Pro location associated with the user account. Office on Demand applications are delivered using the application virtualization isolation model, so it is not possible to customize Office on Demand applications with add-ins, customizations or dependent applications unless they are already present in existing Office installs. In this case the application is also not registering itself in the system or taking control of file type associations in Windows. Once the user has left the Office on Demand application session, subsequent users cannot access the Office applications or the previous user’s remotely stored files. Office on Demand is available for the following applications: –           Word –           Excel –           PowerPoint –           Access –           Publisher –           InfoPath Lync, OneNote, and Outlook are not available via Office on Demand delivery. Delivery of Office on Demand always consists of the most up-to-date build of Office 365 ProPlus programs and Office on Demand programs are always provisioned via Office 365 public cloud services, so unlike Click-to-Run delivery on premises described earlier, Office on Demand cannot be delivered via on premises infrastructure. When first launching Office on Demand from a PC, you will need to allow for an ActiveX Control called “Microsoft Office (Roaming)” to be installed. Once that Add-on is in place, users can launch Office on Demand. For organizations looking to use this approach for delivering Office to shared computers or other desktop service architectures, you can preinstall the ActiveX Control on PCs targeted for this delivery model in your organization. Office on Demand is also an excellent way to train users on the new Office user interface and features without requiring a broad deployment using software distribution infrastructure and becau
se users with Standard User account privileges can use Office on Demand, you will not need to grant users Administrator account rights.   Office on Demand programs are accessed via an active SkyDrive Pro account. The reason for this is that if a user is only temporarily on a PC and needs to access his or her files, then the entry point comes from opening a file and the save location will be back to the online location from where the file was opened. Office on Demand disables long term local cache to help ensure that when the program is closed and the user is signed out, files will be stored back up to the online location from which they were opened.   By clicking on a document, you will first launch the Office Web App associated with the file and in many cases, the Office Web App will provide sufficient functionality for both viewing and editing the file. If you want to use functionality not available in the Office Web App, you can choose to edit the file in a pre-existing Office or launch a new Office program using Office on Demand.   To launch the Office on Demand program from the Office Web App, you can click EDIT DOCUMENT in the Web App’s viewer mode (above) or EDIT IN WORD in the Web App’s edit mode. Similar processes are used with other Office programs like PowerPoint and Excel.   The Office on Demand program data is stored in the %userprofile% root folder. After Office on Demand is launched for the first time on a PC and Office is fully-cached in the %userprofile% directory subsequent launches of Office on Demand programs are nearly instantaneous, because they are executing from local cache. Once the Office builds are updated on the Office CDN, then launching Office on Demand will stream the Office programs again with the updated build. Bringing the Pieces Together The identity aspects light up many pieces of the service and having an anchor ID in place for the user makes multi-device installation, managed user de-provisioning, roaming settings, Office on Demand and many service-side capabilities possible.  Just as directory services have been the backbone to making traditional on-premise/private cloud services, systems management, collaboration and other workloads function, the online ID is vital to enabling the service model. Identity enables content and application delivery experiences with Office 365 ProPlus and extends further into other workloads when you move past the corporate network’s DMZ and begin mixing managed and personal devices. If you really want to go deep on identity management options, check out the Office 365 Deployment Guide for Enterprises .  For more information about Click-to-Run, I’ll go deeper in the next couple of posts, but you can also check out the Click-to-Run overview  and the Click-to-Run for Office 365 setup architecture overview on TechNet. 

March 2013 update of the Project 2013 SDK download file

The Project 2013 SDK download is updated. The conceptual, how-to, and reference documentation in the download closely matches the Project 2013 developer documentation online content published on MSDN. The Project2013SDK.msi download file now installs properly on Windows 8 and Windows Server 2012. In addition, the Project 2013 SDK download also contains: The on-premises Reporting database schema reference , ProjectServer2013_ReportingDB.chm , and the OLAP cube schema reference.  Updated VBA Help for local use. Objects such as Chart , Report , Series , and Shape now show correct members tables, properties, and methods topics. Sixteen complete code solutions, including two task pane apps (with minor updates) for Project, the QuickStatus app sample for Project Server and Project Online, eight client-side object model (CSOM) solutions, two solutions for querying the ProjectData service for reporting, and three updated legacy PSI solutions. DLLs and a license for redistribution of the Project Server CSOM assemblies, JavaScript files for the CSOM, the Microsoft.Office.Project.Server.Library assembly, and the Microsoft.Office.Project.Server.Events.Receivers library for on-premises development. Note:   Project CSOM solutions also require the redistributable DLLs for the SharePoint 2013 CSOM, which are at SharePoint Server 2013 Client Components SDK . Updated Intellisense files for the PSI and CSOM, source code for creating a PSI proxy assembly, and instructions on how to update the PSI proxy files. XML schemas for the Project client, AppProvisioning, and the Statusing PSI. The top-level online landing page for the Project SDK is Project for developers ( ). For additional Project-related SDK content, see Office for developers ( ), SharePoint for developers ( ), and Build apps for Office and SharePoint ( ). The two articles on Task pane apps for Project are in the Apps for Office and SharePoint SDK , and the JavaScript API for Office reference includes information specific for Project, the ProjectDocument object with eleven methods and three events, and four enumerations for Project. Want to try out Project 2013? Sign up for Project Online and Project Pro for Office 365 Download Project Professional 2013 and Project Server 2013 –Jim

Office 365 ProPlus Administrator Series: Office 365 ProPlus Administrator Overview

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. If you are coming from a software or desktop deployment background, Office 365 ProPlus will change the way you think about software distribution. Many people will be asking, “Where are the bits?” or “Just give me the ISO file and I’ll extract everything and figure it out.” The big difference here is that because Office 365 ProPlus is user- and not device-pivoted, then the first task you’ll usually need to do is populate user accounts in the administrator portal of Office 365. User accounts will have the rights to install up to five copies of Office 365 ProPlus and can de-provision and reassign licenses if they cycle through computers. Office 365 ProPlus provides several administrational options to determine how users are provisioned in the Office 365 ProPlus service, which service components are made available to users and how to distribute and manage Office 365 ProPlus desktop applications. The administration process for Office 365 ProPlus begins with an assessment of your current Office environment, then users are added to the service, Office 365 ProPlus applications are configured then deployed. Office 365 ProPlus introduces new tools to manage client health – these tools collectively known as Office Telemetry are an integral part of Office. Because Office 365 ProPlus is a service and pivoted on the user account, it gives users new access to personalized Office experiences across PCs or on computers they may be using temporarily. The goal is to ensure users are productive as long as they can connect to the service. All of these concepts are predicated on identity management and having a single address and set of user credentials to access these experiences. IT organizations can choose to integrate with their directory services, regularly synchronize Office 365 accounts with their user base, perform bulk list imports periodically or manually provision users. Office provisioning in Office 365 ProPlus brings new capabilities to ensure users are quickly up and running with Office programs. Deployment options include all of the standard approaches from standalone installations using enterprise software distribution to Windows image-based deployments, but the service also enables new scenarios supported by Internet-based installation and software update support. An IT organization can decide to perform most tasks using their network or use Office 365 cloud services to augment Office desktop app provisioning and software update management. Provisioning Users and Activation Basics Office 365 ProPlus activation is tied to the user account, so the account needs to be provisioned and configured to access Office 365 ProPlus services in order for Office programs to remain in an activated state. The users’ Office 365 account status is continually checked by the Office applications to ensure that if a user is de-provisioned by their administrator – for example, the user leaves the organization – then Office 365 ProPlus programs can quickly move to a de-activated state.  This is increasingly important with the impacts of consumerization of IT and users having the ability to install Office on personally-owned PCs and devices. Office and the state of that service is tied to the organization he or she works for, so the administrator needs the ability to turn that service on or off. Office 365 ProPlus is designed with a few important activation grace periods to provide flexibility in automated deployment scenarios and for when users go offline for extended periods of time. An IT administrator can preinstall Office in a Windows operating system image and reset the activation state if required using ospprearm.exe found in %programfiles%Microsoft OfficeOffice15 (no longer the previous location of %programfiles%Common Filesmicrosoft sharedOfficeSoftwareProtectionPlatform). An installation of Office 365 ProPlus provides 5 days of use in the initial grace period before a Microsoft Online Services ID is required. Once Office 365 ProPlus is activated, it can go as long as one month without connecting to the online service to rearm activation. If a user exceeds month and Office 365 ProPlus is de-activated, the user will only need to reconnect to the Internet with a valid user account to rearm the activation. The expectation with the service is that PCs do connect at least once per month to the Internet and activation processes run in the background and are never seen by the user. The next section goes into detail about identity management in Office 365 and if you are an existing Office 365 user most of this should look pretty familiar. Microsoft Online Services ID in Office 365 One of the first things people will notice with Office 365 ProPlus is that they now sign in to Office programs. The sign-in is typically a one-time operation after Office is installed and users will be asked to input an “Organization or School” ID to begin using Office. This ID as previously described is part of the process for software activation and facilitates the concept of roaming settings per user. Sign in to Office Dialog in Office 365 ProPlus For an IT administrator, this typically means a number of things need to happen before a user is greeted with the dialog. –          In the Office 365 tenant, the User Principal Name (UPN) and required attributes have been entered, –          the account has been provisioned for Office 365 ProPlus, and –          the user has received some form of communication to inform her that she has an account with Office 365 and will need set an Office 365 password in cases where Office 365 is implemented without Active Directory Federation Services to enable single sign on. Users may be manually entered by the administrator or entered via CSV file list import. Once she launches an Office program for the first time, she will need to enter her username and password then Office 365 ProPlus will activate and sign in to her personalized settings. If the user is the first person to sign in to an Office 365 ProPlus program on a PC, the installation once complete and signed into will be tallied against the five PC per user installation count. This is important for an administrator, because it means they should not be using their own administrator Office 365 credentials to activate Office installs on behalf of their users, as they will quickly reach their five PC limit. After that initial experience and login, the user can roam from PC to PC within her organization using the same username and password to present her personalized settings. If she is not the first person to log into Office 365 ProPlus and activate for that PC, the activation will not be tallied against her count of five PCs. Synchronizing Active Directory with Directory Sync Tools Directory synchronization with an Active Directory service is often a better way to populate UPNs and attributes in the Office 365 identity store. This is a service which runs within your organization’s Active Directory environment and synchronizes user objects every three hours. You still need to provision users with the rights to use the desired Office 365 services, such as Office 365 ProPlus, in order for users to self-install Office 365 ProPlus or activate Office programs installed on their behalf by IT administrators. More information about Office 365 and Directory Synchronization can be found on TechNet .    Microsoft Online Services Directory Synchronization tool Federating Active Directory with Office 365 Identity federation in Office 365 allows users to access Office 365 services, activate their Office 365 ProPlus installations and roam their user settings with existing Active Directory corporate credentials (user name and password). The setup of single sign-on requires Active Directory Federation Services (AD FS) 2.0. The advantage of using identity federation is that users only need to memorize one set of credentials, all authentication happens on your organization’s premises and adheres to your policies, administrators can control access to services,
user credentials are stored and mastered on-premises, and multi-factor authentication is possible. More information about identity federation can be found in the Prepare for single sign-on  article on the Office 365 support site. The number of options available means there is most likely a method that best serves your needs. There isn’t a one-size-fits-all solution, due to the varying number of customer needs and security policies. While most of these options are rooted in the current Office 365 in market service, many more options and optimizations are coming across the tools and services, plus there are a few partner offerings to assist with user provisioning and authentication.