The new Office Garage Series: Identity, Activation and Data Access with a User-Based Office

In the latest new Office Garage Series post, watch while hosts Jeremy Chapman and Yoni Kirsh catch up with foremost security expert and Zero Day author Mark Russinovich; examine the best usage scenarios for the MSI-based Office Professional Plus 2013 and the Click-to-Run based Office 365 ProPlus install; while demonstrating identity, activation and data access with a user-based Office. Tune into .

Office 365 ProPlus Administrator Series: Office 365 ProPlus Service Components – a look at Identity, Click-to-Run delivery, Roaming Settings and…

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus comprises of multiple service components. John Jendrazak hit on many of these topics with his post on the Office Next blog , but I will try to frame this for the IT admin for managed environments. The user is at the center of the service and is empowered to experience Office across all of the devices they use. Office 365 ProPlus enables its users to install Office on up to five computers and even access rich Office experiences on computers used temporarily when combined with SharePoint Online. So whether at home, in the office or on the go, Office 365 ProPlus users are productive and connected. Their application settings, links to recent files and folders, custom dictionaries and even bookmarks to the last position they were in a document roam with them from device to device. At the same time, IT administrators can manage these experiences, access to services, deploy Office on behalf of their users and quickly add or remove user accounts – even for seasonal or temporary workers. This section explains the architecture and anatomy of the services and technologies to enable the Office 365 ProPlus experience Identity At the core of the Office 365 ProPlus service is the concept of identity. An active user account in Office 365 provides the key for the rest of the Office 365 services. Every Office 365 user has an Online Services ID which both provides access to services and also stores a key list of personalization settings and links to most recently used documents for Office 15 applications. Microsoft Online Services IDs and corresponding personalization information are stored centrally in Windows Azure and loaded by the Office application during application launch, or when switching between accounts while running Office programs or when logging into Office 365 ProPlus software installations will require the user to sign in with this identity to activate Office 365 software. IT administrators can also provision or de-provision user accounts along with their rights to access services as needed; status changes are quickly reflected in user applications and services. Below are architectures of the three primary identity options for organizations using Office 365.      Microsoft Online Services ID           This option does not require on premises infrastructure or directory services. Administrators can manually import users from a local directory, but as new users join or others leave the local directory service, the administrator will need to manually provision or de-provision accounts. Passwords, authentication and authorization are managed in the cloud.   Microsoft Online Services ID with Directory Synchronization     This option is used with on premises Active Directory directory services and will synchronize user accounts from a directory service. In this case, User Principle Names and relevant user attributes are synchronized every three hours with the online directory store. Passwords, authentication and authorization are managed in the cloud. Single Sign On with Active Directory Federation Services     This option is used when organizations want to share the same sign on information as used with their local domains for users accessing Office 365 services. This option retains the same sign on for Office 365 services and local directory services. On premises infrastructure is used to manage passwords, authentication and authorization for Office 365 services. Passwords are not stored or managed in the cloud.  Click-to-Run Delivery Click-to-Run delivery is new to Office 365 ProPlus and enables Office applications to be delivered using application streaming technology. The time needed from initiating an installation of Office Click-to-Run to first use can be as little as one minute, whereas traditional Office installations can easily take more than 20 minutes. There are several additional advantages for using Click-to-Run, including: –           Side-by-side support to run the new Office with previous versions of Office –           Discrete software updating without interrupting end users –           Easily customizable with Office Add-ins, dependent applications and Office Apps –           Faster installation and faster first run experiences compared to traditional Office installations –           Flexible deployment and installation options from self-installation to enterprise “push” deployments Click-to-Run is rooted in multi-year investments with Microsoft’s application virtualization technologies and Office 2010 Click-to-Run. Based on customer feedback and continuous improvements of these deliveries, Click-to-Run in the new Office enables local applications and add-ins to interact with Office installations – something not possible with other forms of application virtualization delivering Office or Office 2010’s Click-to-Run implementation. Click-to-Run also uses virtual file system (VFS) as opposed to a mount point installation (MNT) to avoid creation of a Q: or similar drive.   Comparison of Office 365 ProPlus Click-to-Run with Microsoft Application Virtualization 4.6 and Office 2010 One of the biggest differences with this model compared to other variations of application virtualization are that Office features are loaded at a component level instead of waiting for a large feature block. In the old model 5-10% of the application is typically loaded as the first feature block and that allows the application to launch and perform a few basic tasks. The rest of the application is then loaded and cached while you work within the boundaries of the first feature block. This model works extremely well with smaller applications, but a standalone Office application is several hundred MB with many components shared across the Office suite of applications. So the larger feature block had to be broken up into a component level to aid the first launch experience. The components are all loaded according to a pre-defined queue and if a user attempts to load a feature lower in the queue before it is there, that feature is loaded dynamically to get those portions of the application working. Cache continues to come in in the background via intergratedoffice.exe processes running to cache the entire Office suite – even while applications are in use. I often get the question, “Do I need to use all of the application functions for them all to load into cache?” No, while your usage can manipulate what features are prioritized, eventually all features are cached in the background. The next major difference is that in the past, virtual applications were completely isolated from each other. That was quite beneficial in the Windows XP and earlier days when DLL conflicts were common. The DLL conflict issues were largely solved in Windows Vista with file and registry virtualization and for many business users first experienced in Windows 7 when IT admins began to realize that file and registry virtualization (renamed User Account Control Virtualization) solved most of the application-to-application conflict issues natively in Windows. For Office, the isolation model was a challenge because Office is by nature an extensible platform with other applications calling into it and those of you using Office Starter or the trial experiences of Office 2010 (aka Click-to-Run v1) will remember that Office add-ins could not talk to the installed versions of Office. Likewise if App-V 4.6 was used to deliver Office 2010, it meant I had to sequence add-ins into the Office sequence and if I tried to do something like install Power Pivot as a local executable atop an App-V-delivered copy of Excel 2010, it would not work by design and your application packaging team would need to re-sequence the Office package to include Power Pivot. All of these events, updates to the Windows platform and challenges meant we needed to open up the isolation model and allow for local customizations, applications and add-ins to integrate with Office Click-to-Run. Despite Office 365 ProP
lus using application virtualization, other objects on the system can interact with it. One of the easiest examples to see this is with the installation of language packs – once I have a base install of Office using Click-to-Run, I can install a language pack to modify how Office runs. The same is true for add-ins and other local customization. While we added the ability to integrate with local applications, we kept the ability to install side-by-side with other versions of Office. This was possible in the old days with MSI-based installation, but there were always a number of issues with having two versions of Office installed. Many of these issues go away with application virtualization, but some remain like which application should own default file associations. In Windows 7, the last installed application wins and in Windows 8, users are asked to determine the default program. Despite some of the challenges with side-by-side, it dramatically reduces the risk of rolling out the new Office, because users can revert to an older version in the rare cases when they detect a file incompatibility or other customization that does not work as intended.  In the real world and despite best intentions, admins can’t always test every file and every add-in out there before rolling a new version of Office into production, so the side-by-side support helps. The challenge then becomes how to establish a plan for removing the older Office version and determining those policies and practices because you don’t want to be stuck in the future with two or more versions on Office in support – especially when they are on the same machines. In other words, side-by-side should be used to ease the transition and move some of the testing back to the user, but shouldn’t be relied on as a permanent configuration.     Office 365 ProPlus running side-by-side with Microsoft Office 2003 Now that I am on the topic of support, let’s talk about software updating. Many people think that updates are forced upon users and while some will like the “always up-to-date” phrase and let automatic updates happen (or just approve update files as they come in), others may not – especially those who have seen updates cause major issues. IT administrators using Click-to-Run have full control of the software update experience and can opt to receive automatic updates or roll out specific Office builds based on organizational testing and validation. A range of the most recent Office Click-to-Run builds will be provided to Office 365 administrators to help them remain current, while providing the flexibility to allow for testing prior to deploying new builds into production. Do users need to install Office 365 ProPlus themselves? No. While it might sound like freedom to some people to be able to install their own applications, for some of the companies I worked with when I was in Windows with 200,000 applications or even more reasonable numbers like 10,000 applications, it probably isn’t a good idea to ask every new hire to go ahead and manually install the 50-100 apps they might need to be productive. So we as IT admins need a way to install applications on a user’s behalf – what I like to call “push deployment” versus self-service scenarios where I would call it a “pull deployment.” Click-to-Run is designed to integrate with existing IT service management tools and processes to enable push and pull deployments in a managed way with products like Microsoft’s System Center Configuration Manager or other enterprise software distribution tools. A Click-to-Run installation is installed on the local PC and available to other users of the PC as with MSI-based software installation, so it works similar to how we would deploy an MSI or any other EXE-based package today and in fact Click-to-Run uses EXE files to initiate an installation. Once the installation is fully-cached, Office is available for use offline, without connecting to the Internet or the Office 365 service.   Roaming settings Roaming settings has been updated and extended to enable users to easily switch between devices and see the documents and files they were last working on. There were limited roaming settings capabilities in the past when Office was paired with Windows Live services, but the new Office extends roaming capabilities as a core part of the sign-in experience. When a user is logged in and launches an application, the following core settings are loaded into their respective Office apps: –           Links to recently used documents (http file paths) –           Links to recent places (http file paths) –           Last reading position in Word document –           Last viewed slide in PowerPoint –           Custom dictionary (all apps) –           Office theme and user picture (all apps)   John O’Sub is signed in to Word 2013 Preview automatically and his recent files and folders are displayed as well as Office theme These settings are loaded into the Office applications as the applications launch. Because the files (documents, spreadsheets, presentations, notes, etc.) themselves are not roaming, there isn’t a measurable impact on application launch performance. Consumer experiences in will also enable relevant settings to roam with the user portal experience, such as recently used documents and recent places. Office on Demand Office on Demand is a new delivery option for Office and uses a variation of Click-to-Run to enable Office application streaming delivery on demand to any Windows 7 or newer PC with a connection to the Office 365 service. A user accesses Office on Demand via SkyDrive Pro in Office 365. In this case, the Office application – such as Word, PowerPoint or Excel – is streamed and usable in as little as 30 seconds. Office on Demand does not require administrator privileges on the PC, so it can be used on any Windows 7 or newer PC with an Internet connection – even PCs used temporarily. Office 365 ProPlus subscription users are not limited by the number of PCs they can access Office on Demand with. All application processes run from within the user profile and files by default will be opened from and saved to a SkyDrive Pro location associated with the user account. Office on Demand applications are delivered using the application virtualization isolation model, so it is not possible to customize Office on Demand applications with add-ins, customizations or dependent applications unless they are already present in existing Office installs. In this case the application is also not registering itself in the system or taking control of file type associations in Windows. Once the user has left the Office on Demand application session, subsequent users cannot access the Office applications or the previous user’s remotely stored files. Office on Demand is available for the following applications: –           Word –           Excel –           PowerPoint –           Access –           Publisher –           InfoPath Lync, OneNote, and Outlook are not available via Office on Demand delivery. Delivery of Office on Demand always consists of the most up-to-date build of Office 365 ProPlus programs and Office on Demand programs are always provisioned via Office 365 public cloud services, so unlike Click-to-Run delivery on premises described earlier, Office on Demand cannot be delivered via on premises infrastructure. When first launching Office on Demand from a PC, you will need to allow for an ActiveX Control called “Microsoft Office (Roaming)” to be installed. Once that Add-on is in place, users can launch Office on Demand. For organizations looking to use this approach for delivering Office to shared computers or other desktop service architectures, you can preinstall the ActiveX Control on PCs targeted for this delivery model in your organization. Office on Demand is also an excellent way to train users on the new Office user interface and features without requiring a broad deployment using software distribution infrastructure and becau
se users with Standard User account privileges can use Office on Demand, you will not need to grant users Administrator account rights.   Office on Demand programs are accessed via an active SkyDrive Pro account. The reason for this is that if a user is only temporarily on a PC and needs to access his or her files, then the entry point comes from opening a file and the save location will be back to the online location from where the file was opened. Office on Demand disables long term local cache to help ensure that when the program is closed and the user is signed out, files will be stored back up to the online location from which they were opened.   By clicking on a document, you will first launch the Office Web App associated with the file and in many cases, the Office Web App will provide sufficient functionality for both viewing and editing the file. If you want to use functionality not available in the Office Web App, you can choose to edit the file in a pre-existing Office or launch a new Office program using Office on Demand.   To launch the Office on Demand program from the Office Web App, you can click EDIT DOCUMENT in the Web App’s viewer mode (above) or EDIT IN WORD in the Web App’s edit mode. Similar processes are used with other Office programs like PowerPoint and Excel.   The Office on Demand program data is stored in the %userprofile% root folder. After Office on Demand is launched for the first time on a PC and Office is fully-cached in the %userprofile% directory subsequent launches of Office on Demand programs are nearly instantaneous, because they are executing from local cache. Once the Office builds are updated on the Office CDN, then launching Office on Demand will stream the Office programs again with the updated build. Bringing the Pieces Together The identity aspects light up many pieces of the service and having an anchor ID in place for the user makes multi-device installation, managed user de-provisioning, roaming settings, Office on Demand and many service-side capabilities possible.  Just as directory services have been the backbone to making traditional on-premise/private cloud services, systems management, collaboration and other workloads function, the online ID is vital to enabling the service model. Identity enables content and application delivery experiences with Office 365 ProPlus and extends further into other workloads when you move past the corporate network’s DMZ and begin mixing managed and personal devices. If you really want to go deep on identity management options, check out the Office 365 Deployment Guide for Enterprises .  For more information about Click-to-Run, I’ll go deeper in the next couple of posts, but you can also check out the Click-to-Run overview  and the Click-to-Run for Office 365 setup architecture overview on TechNet. 

March 2013 update of the Project 2013 SDK download file

The Project 2013 SDK download is updated. The conceptual, how-to, and reference documentation in the download closely matches the Project 2013 developer documentation online content published on MSDN. The Project2013SDK.msi download file now installs properly on Windows 8 and Windows Server 2012. In addition, the Project 2013 SDK download also contains: The on-premises Reporting database schema reference , ProjectServer2013_ReportingDB.chm , and the OLAP cube schema reference.  Updated VBA Help for local use. Objects such as Chart , Report , Series , and Shape now show correct members tables, properties, and methods topics. Sixteen complete code solutions, including two task pane apps (with minor updates) for Project, the QuickStatus app sample for Project Server and Project Online, eight client-side object model (CSOM) solutions, two solutions for querying the ProjectData service for reporting, and three updated legacy PSI solutions. DLLs and a license for redistribution of the Project Server CSOM assemblies, JavaScript files for the CSOM, the Microsoft.Office.Project.Server.Library assembly, and the Microsoft.Office.Project.Server.Events.Receivers library for on-premises development. Note:   Project CSOM solutions also require the redistributable DLLs for the SharePoint 2013 CSOM, which are at SharePoint Server 2013 Client Components SDK . Updated Intellisense files for the PSI and CSOM, source code for creating a PSI proxy assembly, and instructions on how to update the PSI proxy files. XML schemas for the Project client, AppProvisioning, and the Statusing PSI. The top-level online landing page for the Project SDK is Project for developers ( ). For additional Project-related SDK content, see Office for developers ( ), SharePoint for developers ( ), and Build apps for Office and SharePoint ( ). The two articles on Task pane apps for Project are in the Apps for Office and SharePoint SDK , and the JavaScript API for Office reference includes information specific for Project, the ProjectDocument object with eleven methods and three events, and four enumerations for Project. Want to try out Project 2013? Sign up for Project Online and Project Pro for Office 365 Download Project Professional 2013 and Project Server 2013 –Jim

Office 365 ProPlus Administrator Series: Office 365 ProPlus Administrator Overview

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. If you are coming from a software or desktop deployment background, Office 365 ProPlus will change the way you think about software distribution. Many people will be asking, “Where are the bits?” or “Just give me the ISO file and I’ll extract everything and figure it out.” The big difference here is that because Office 365 ProPlus is user- and not device-pivoted, then the first task you’ll usually need to do is populate user accounts in the administrator portal of Office 365. User accounts will have the rights to install up to five copies of Office 365 ProPlus and can de-provision and reassign licenses if they cycle through computers. Office 365 ProPlus provides several administrational options to determine how users are provisioned in the Office 365 ProPlus service, which service components are made available to users and how to distribute and manage Office 365 ProPlus desktop applications. The administration process for Office 365 ProPlus begins with an assessment of your current Office environment, then users are added to the service, Office 365 ProPlus applications are configured then deployed. Office 365 ProPlus introduces new tools to manage client health – these tools collectively known as Office Telemetry are an integral part of Office. Because Office 365 ProPlus is a service and pivoted on the user account, it gives users new access to personalized Office experiences across PCs or on computers they may be using temporarily. The goal is to ensure users are productive as long as they can connect to the service. All of these concepts are predicated on identity management and having a single address and set of user credentials to access these experiences. IT organizations can choose to integrate with their directory services, regularly synchronize Office 365 accounts with their user base, perform bulk list imports periodically or manually provision users. Office provisioning in Office 365 ProPlus brings new capabilities to ensure users are quickly up and running with Office programs. Deployment options include all of the standard approaches from standalone installations using enterprise software distribution to Windows image-based deployments, but the service also enables new scenarios supported by Internet-based installation and software update support. An IT organization can decide to perform most tasks using their network or use Office 365 cloud services to augment Office desktop app provisioning and software update management. Provisioning Users and Activation Basics Office 365 ProPlus activation is tied to the user account, so the account needs to be provisioned and configured to access Office 365 ProPlus services in order for Office programs to remain in an activated state. The users’ Office 365 account status is continually checked by the Office applications to ensure that if a user is de-provisioned by their administrator – for example, the user leaves the organization – then Office 365 ProPlus programs can quickly move to a de-activated state.  This is increasingly important with the impacts of consumerization of IT and users having the ability to install Office on personally-owned PCs and devices. Office and the state of that service is tied to the organization he or she works for, so the administrator needs the ability to turn that service on or off. Office 365 ProPlus is designed with a few important activation grace periods to provide flexibility in automated deployment scenarios and for when users go offline for extended periods of time. An IT administrator can preinstall Office in a Windows operating system image and reset the activation state if required using ospprearm.exe found in %programfiles%Microsoft OfficeOffice15 (no longer the previous location of %programfiles%Common Filesmicrosoft sharedOfficeSoftwareProtectionPlatform). An installation of Office 365 ProPlus provides 5 days of use in the initial grace period before a Microsoft Online Services ID is required. Once Office 365 ProPlus is activated, it can go as long as one month without connecting to the online service to rearm activation. If a user exceeds month and Office 365 ProPlus is de-activated, the user will only need to reconnect to the Internet with a valid user account to rearm the activation. The expectation with the service is that PCs do connect at least once per month to the Internet and activation processes run in the background and are never seen by the user. The next section goes into detail about identity management in Office 365 and if you are an existing Office 365 user most of this should look pretty familiar. Microsoft Online Services ID in Office 365 One of the first things people will notice with Office 365 ProPlus is that they now sign in to Office programs. The sign-in is typically a one-time operation after Office is installed and users will be asked to input an “Organization or School” ID to begin using Office. This ID as previously described is part of the process for software activation and facilitates the concept of roaming settings per user. Sign in to Office Dialog in Office 365 ProPlus For an IT administrator, this typically means a number of things need to happen before a user is greeted with the dialog. –          In the Office 365 tenant, the User Principal Name (UPN) and required attributes have been entered, –          the account has been provisioned for Office 365 ProPlus, and –          the user has received some form of communication to inform her that she has an account with Office 365 and will need set an Office 365 password in cases where Office 365 is implemented without Active Directory Federation Services to enable single sign on. Users may be manually entered by the administrator or entered via CSV file list import. Once she launches an Office program for the first time, she will need to enter her username and password then Office 365 ProPlus will activate and sign in to her personalized settings. If the user is the first person to sign in to an Office 365 ProPlus program on a PC, the installation once complete and signed into will be tallied against the five PC per user installation count. This is important for an administrator, because it means they should not be using their own administrator Office 365 credentials to activate Office installs on behalf of their users, as they will quickly reach their five PC limit. After that initial experience and login, the user can roam from PC to PC within her organization using the same username and password to present her personalized settings. If she is not the first person to log into Office 365 ProPlus and activate for that PC, the activation will not be tallied against her count of five PCs. Synchronizing Active Directory with Directory Sync Tools Directory synchronization with an Active Directory service is often a better way to populate UPNs and attributes in the Office 365 identity store. This is a service which runs within your organization’s Active Directory environment and synchronizes user objects every three hours. You still need to provision users with the rights to use the desired Office 365 services, such as Office 365 ProPlus, in order for users to self-install Office 365 ProPlus or activate Office programs installed on their behalf by IT administrators. More information about Office 365 and Directory Synchronization can be found on TechNet .    Microsoft Online Services Directory Synchronization tool Federating Active Directory with Office 365 Identity federation in Office 365 allows users to access Office 365 services, activate their Office 365 ProPlus installations and roam their user settings with existing Active Directory corporate credentials (user name and password). The setup of single sign-on requires Active Directory Federation Services (AD FS) 2.0. The advantage of using identity federation is that users only need to memorize one set of credentials, all authentication happens on your organization’s premises and adheres to your policies, administrators can control access to services,
user credentials are stored and mastered on-premises, and multi-factor authentication is possible. More information about identity federation can be found in the Prepare for single sign-on  article on the Office 365 support site. The number of options available means there is most likely a method that best serves your needs. There isn’t a one-size-fits-all solution, due to the varying number of customer needs and security policies. While most of these options are rooted in the current Office 365 in market service, many more options and optimizations are coming across the tools and services, plus there are a few partner offerings to assist with user provisioning and authentication. 

New support service team for people with disabilities

Got an employee with disabilities? Wondering how you can help them use Office 365? Ask us.     We’re passionate about providing the best possible experience for all our customers, including those with disabilities, to help them get the most out of Microsoft products. There are over 58 million people with disabilities in the US and 1 billion globally. Connecting customers with disabilities to experts that can guide them on accessibility features and help get the best from their devices and software is a top priority for Microsoft. For the last several months, Microsoft Customer Service and Support has been piloting a new support offering that provides a tailored experience for people with disabilities and customers using our accessibility features. ( ) This experience is now available throughout North America, providing support specialists trained on accessibility and disability via telephone and email. Even though customer feedback has been overwhelmingly positive during the pilot, we know we still have a lot to learn. After a support interaction, we ask customers to give us feedback about how we can continue to improve this support environment. You can find contact information for the Support Desk for People with Disabilities and/or Assistive Technologies on under the “Microsoft Support – help for products and services” link Accessibility Support Contact Information: Direct Telephone Line: 1-800-936-5900 TTY: 1-800-892-5234 Weekdays: 5 A.M. – 9 P.M. (Pacific Time) Weekends: 6 A.M. – 3 P.M. (Pacific Time)  

New Ignite Webcast – Exchange Deployment and Coexistence

To sign up for this webcast please download and save the attached calendar invite below where you will find the Webcast Meeting information.  Ignite Webcasts are online sessions led by Microsoft Office 365 Product Managers, Engineers and Support staff. The Ignite webcast series addresses Office 365 technical subjects and scenarios and is beneficial to anyone who wants to increase their knowledge of the Office 365 suite. View the Ignite Site for more information about Ignite programs and webcasts. You can view past Ignite Webcast sessions and materials here and be sure to see upcoming Ignite Webcasts on the Ignite Events Page .     Learn how to setup an Exchange Server 2013 on-premises deployment with coexistence among Exchange 2007 and Exchange 2010. In addition to understanding how Exchange Server 2013 architectural changes enable more flexible network designs, we will discuss tips and best practices for a smooth transition to Exchange Server 2013. This is a great opportunity to join a discussion with our Microsoft presenter. Bring your questions! Our webcast will be led by Brian Day. Brian is a Senior Program Manager from the Exchange  Customer  Adoption Team (CAT). The CAT team focuses on many areas including understanding and assisting in removing road blocks preventing customers from adopting Exchange Server at the rate the customer would like to.  Remember, to sign up for this webcast please  download and save the attached calendar invite below . We are excited to see you there!  —————————————————————————————————————————————————————————— Presenter :  Brian Day, Senior Program Manager from the Microsoft Exchange Customer Adoption Team.   Date/Time:  Thursday March 21 st , at 10:00 AM Pacific Time . (1 Hour presentation) Live Meeting Information: ……………………………………………………………………………………………………………………….. Join online meeting Join by Phone  +14257063500        +18883203585          Find a local number   Conference ID: 27579341    Forgot your dial-in PIN?  |    First online meeting?      [1033])!]   Audience: Office 365 for professionals and small businesses Office 365 for enterprises

The new Office Garage Series: Client Configuration Management 101

This week our hosts Jeremy Chapman and Yoni Kirsh explore group policy, roaming settings and go under the hood with demonstrations of redirecting update paths and new Office Telemetry tools. They also catch up with Office engineers Skji Conklin and Chris Yu on the level of IT control between the MSI-based Office Professional Plus 2013 Install and the Click-to-Run based Office 365 ProPlus install. See the new episode: .

The new Office Garage Series: Client Configuration Management 101

This week our hosts Jeremy Chapman and Yoni Kirsh explore group policy, roaming settings and go under the hood with demonstrations of redirecting update paths and new Office Telemetry tools. They also catch up with Office engineers Skji Conklin and Chris Yu on the level of IT control between the MSI-based Office Professional Plus 2013 Install and the Click-to-Run based Office 365 ProPlus install. See the new episode: .

Office 365 ProPlus Administrator Series: Addressing Compatibility Concerns with Office 365 ProPlus

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus is designed to be compatible with existing Office files, add-ins, dependent applications and other customizations. It includes new tools to help IT organizations maintain configuration, performance and health characteristics of Office programs and adopt new versions of Office quickly. New tools for Office telemetry allow administrators to quickly troubleshoot issues at the endpoint level or monitor and manage Office programs centrally in an organization. Side-by-side support allows users to have more than one version of Office installed, giving a valuable tool to assist with transitions from older versions of Office to Office 365 ProPlus. If for any reason there are dependencies on an older version of Office, users can always go back to that version. Office Telemetry Telemetry is new to Office and provides the primary functions of maintaining the health of Office programs in a managed IT environment and helping with migrations from previous versions of Office. Telemetry is native to Office desktop apps and can be accessed via the Office Telemetry Log, an Excel-based spreadsheet that reports Office events in a sortable and filterable way. The Office Telemetry Log will allow IT admins to quickly troubleshoot issues local to that PC. The events from the Office Telemetry Log are also optionally sent to a central location and data processing service in order to provide a consolidated view across an organization. This is important for maintaining performance and compatibility characteristics when using Office and also when assessing customizations and compatibility of previous Office versions and the files created with those versions. The intent of the new Office is to maintain compatibility at the file level across Office versions, but when inconsistencies do surface, Office telemetry is designed to alert IT admins and allow them to make proactive decisions to correct and prevent issues.   The Telemetry Dashboard guide explains telemetry capabilities and how it is implemented Telemetry in Office 365 ProPlus consists of five key components: Inventory Agents Shared folders Telemetry Processor Database Telemetry Dashboard The inventory agent is integrated as part of the new Office 365 ProPlus Preview and Office Professional Plus 2013 Preview. By default, the inventorying function is turned off, but can be enabled post installation or using Active Directory Group Policy controls. Inventory agents will also be available for Office 2003 and newer clients, but they are intended for use in migration projects and not as a part of ongoing health and performance management. The inventory agent collects information from the Office Telemetry Log and will detect customizations such as add-ins, custom code (COM and Browser Helper Objects) and Apps for Office. It also reports on product version and architecture.   The Office Telemetry Log collects Office events stored in Windows and displays them in Excel When inventory agents are enabled, the IT admin also specifies a shared folder location to save the inventory agent’s output files. A data processing service then processes the output files and adds entries into a SQL Server database. Finally, the Telemetry Dashboard displays reporting views from the SQL database in Excel to provide an aggregate view of Office versions, commonly used files, errors and events, plus add-ins and related solutions. Side-by-Side Version Support While it has traditionally been possible to install Office side-by-side with other older versions of Office, there have been several side-effects with having this configuration. These side-effects include prompting for and performing Office installation repair when loading the older program, removal of older Outlook versions and Start Menu shortcuts in the same folder among other issues highlighted in KB2121447 . Office 365 ProPlus is designed to allow side-by-side version support with older versions of Office. As a compatibility tool, this means the user is able to keep older versions of Office installed and in the unlikely event that a user encounters a file that does not function properly in the new Office program, they can open the older Office program and open the file from within that program. Office 365 ProPlus running alongside Office 2003 on the same system Default file associations for Office file formats (DOC, DOCX, XLS, XLSX, PPT, PPTX, etc.) will be assigned to the last version of Office installed in Windows 7 and align with how Windows 8 assigns default file associations in the operating system. To assign default file associations to the older Office version an installation repair of the older Office version will assign default file associations to the older version. Likewise, an installation repair on Office 365 ProPlus will reassign default file extensions back to the newer version. These approaches may be automated when an IT administrator pre-installs Office 365 ProPlus and wished to retain default file associations on older version until the user is trained. See Best practices for maintaining Office 2010 or equivalent articles from previous releases for more information about required command line scripting to automate the repair command. Existing Customizations with New Click-to-Run Installs Office 365 ProPlus was designed to support existing extensibility models for Office programs, including Object Model APIs, Web services and protocols, VBA, Office Add-ins and document-level customizations. In fact, in side-by-side installations, Office 365 ProPlus will examine desktop application customizations existing from previous installations of Office and load those when Office 365 ProPlus programs are executed. Customizations found in %AppData%LocalMicrosoftOffice such as OFFICEUI custom ribbon extensions and CUSTOMUI files. In the example below, I have customized Microsoft Word in Microsoft Office Professional Plus 2010 with a “Touch” ribbon tab and installed a third party add-in called “DYMO Label.” After installing Office 365 ProPlus and launching Word 2013, both the “Touch” tab and “DYMO Label” add-in are available.     Office Professional Plus 2010 customizations automatically applied to Office 365 ProPlus in side-by-side configuration This functionality also extends to the Office on Demand applications. If your organization is using Office 2007 or newer, file compatibility combined with familiar ribbon controls and applied pre-existing customizations should help ease user transition to the new Office. More Resources There is a lot of new content both in product and on TechNet to explain Office Telemetry, check out Deploy Office Telemetry Dashboard on TechNet. There is also more information coming out on the Office Next blog about these and further topics, so stay tuned.

Office 365 ProPlus Administrator Series: Configuring Office 365 ProPlus Applications and Experiences

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus was designed to enable administrators to control the configuration, installation and updating experience using familiar processes and tools. Because Office 365 ProPlus is rooted in application virtualization, a number of new tools have been developed to enable configuration management using enterprise software distribution and script-based processes. Some organizations may allow users to log in to and install their own Office programs directly from the Internet, however, this requires that users are comfortable performing this task and they have the rights to install applications on their computer. In most cases, this will be a normal case for Office 365 users who install on their personal devices or home PCs, but may not meet the requirement of a locked-down and managed environment where users are provisioned as Standard Users in Windows. In cases where users do not or cannot self-install, Office 365 ProPlus has been built to allow IT administrators to install Office on behalf of their users. This applies both to Windows image-based installations as well as standalone installs from the network, software distribution, local media or the Office 365 service. By default Office 365 ProPlus receives automatic updates, but IT can elect to disable automatic updating of Office programs and deploy only tested and approved Office builds. The Click-to-Run installation technology and toolset provides flexibility and control to manage how Office 365 ProPlus is installed and updated as well as where installation media is stored. Click-to-Run Components and Tools for the Administrator As I mentioned above, if you come from a systems management background, the first question many will ask is, “where are the bits?” The design of Office 365 ProPlus is to store installation files online via a publicly-accessible service. This allows people to perform self-installation and managed deployments to point to online installation source for initial installs and ongoing software updates. The installation files are also accessible to be downloaded and imported into enterprise software distribution tools or operating system deployment tools. The  Office Deployment Tool enables automated deployment of Office 365 ProPlus. There are three primary components needed to enable managed or “push” deployments of Office 365 ProPlus: Office 365 ProPlus installation files setup.exe bootstrapper to initiate the installation process configuration XML file to govern how and from where Office is downloaded and installed   Contents of the Office Deployment Tool The Setup and configuration XML tools are packaged together as the Office Deployment Tool and available on the Microsoft Download Center . Setup.exe in this case performs two primary tasks – it downloads Office 365 ProPlus, Visio and Project programs to a local file location using the /download command and it controls how Office programs are installed using the /configure command. Both commands point to a configuration file to govern what is downloaded and how Office is configured. The configuration XML file governs both what is downloaded and how Office Click-to-Run is applied to the target computer. The controls relevant to downloading installation source from the site are the following. Note: all controls are CaSe SeNsItIvE. Option Description Sample Syntax Add Parent control to determine source, architecture, product and languages to download. From CDN:               From local network:                Product The targeted products to download within the command. Multiple products may be nested under the control and multiple languages may be nested under the control. Office 365 ProPlus      SourcePath Location where the Office is downloaded to. If unspecified, the downloaded content will be saved to the folder where the setup.exe is located. OfficeClientEdition Determines the architecture of the product to download, 32 or 64 bit. Note: 32-bit is still the recommended architecture for new Office versions. Cross-architecture installations are not permitted; if a 32-bit Office version is already installed on a system, the 64-bit Click-to-Run package will not install and vice versa.   Or: OfficeClientEdition=”32″ OfficeClientEdition=”64″ Language Language determines the language DAT files to be downloaded with the Click-to-Run package. Version Version is used as part of the control and specifies the version to be downloaded. If version is not specified, setup.exe will download the latest build. Available version numbers will be posted to KB article in the future.     Downloading Click-to-Run Installation Source Click-to-Run builds are available for download from the Office 365 service. Administrators can use the configuration XML file to determine the architecture (x86 or x64), language and version number to download. The following screenshots show the process to download Office 365 ProPlus installation files from the service.   Setup tool and command line usage You can create XML files with commands specific to downloading, installing or uninstalling Office. Here is a sample of an XML I called download.xml to download the latest Click-to-Run builds of Office 365 ProPlus Preview and Visio Pro Preview.                               Progress after executing ‘setup.exe /download download.xml’ command   Office folder is downloaded and applied to the Office Deployment Tool folder   Office 365 ProPlus build is stored as DAT and CAB files in the ..dataversionnumber folder within the directory of setup.exe or SourcePath location In a managed IT environment, the IT administrator can execute an automated scheduled task every two weeks or so to download the most recent Office 365 ProPlus builds. The great thing is that new builds always contain the latest software updates and you don’t need to add them to the updates folder as with the MSI package, they are already slipstreamed into the build and installation times for the first release build will be comparable to future builds. It is good news if you build lots of PCs with task sequence-based setup or just wish that installs when the product is in the middle of the release cycle were as fast as they were with RTM builds. As someone with a Windows imaging background, I wish I had this sooner and that other components I install in my task sequences were updated similarly, because once you start layering in a service pack and more than ten additional software updates, MSI-based installs start to get very slow. Alternatively, the administrator can manually download the exact build desired by specifying the build number in the configuration XML file. If left unspecified, the download command will download the newest available x86 build of Office 365 ProPlus. Using Active Directory Group Policy to Deploy and Enforce Configuration Templates Let’s take a small detour from setup for a minute and discuss post-installation configuration. Ideally, Group Policy configuration is decided and implemented prior to rolling out any version of Office and in the case with Click-to-Run, we need Group Policy if we want to make configuration changes to how Office is set up. Office 365 ProPlus is designed to work with Active Directory Group Policy configuration management. Aside from the handful of controls available in the configuration XML file to govern Office 365 ProPlus setup, Group Policy is required for fine-tuned configuration management of Click-to-Run installation and run time. Group Policy adds unique settings for the Office 365 ProPlus service to manage how roaming settings are accessed, control software update behavior and determine which online services are allowed for storing files among thousands of other settings.   Local Group Policy Editor in Windows Group Policy is also used to configure security settings and how new telemetry features in Office 365 ProPlus and Office Professional Plus 2013 capture and report data for client performance. New telemetry
features also utilize Group Policy to block or enable Office Add-ins from running.  The Office 2013 Preview Administrative Template (ADMX/ADML) files can be downloaded now from the Microsoft Download Center and these apply to both the Office Professional Plus 2013 and Office 365 ProPlus packages.