The Project 2013 SDK download is updated. The conceptual, how-to, and reference documentation in the download closely matches the Project 2013 developer documentation online content published on MSDN. The Project2013SDK.msi download file now installs properly on Windows 8 and Windows Server 2012. In addition, the Project 2013 SDK download also contains: The on-premises Reporting database schema reference , ProjectServer2013_ReportingDB.chm , and the OLAP cube schema reference.  Updated VBA Help for local use. Objects such as Chart , Report , Series , and Shape now show correct members tables, properties, and methods topics. Sixteen complete code solutions, including two task pane apps (with minor updates) for Project, the QuickStatus app sample for Project Server and Project Online, eight client-side object model (CSOM) solutions, two solutions for querying the ProjectData service for reporting, and three updated legacy PSI solutions. DLLs and a license for redistribution of the Project Server CSOM assemblies, JavaScript files for the CSOM, the Microsoft.Office.Project.Server.Library assembly, and the Microsoft.Office.Project.Server.Events.Receivers library for on-premises development. Note:   Project CSOM solutions also require the redistributable DLLs for the SharePoint 2013 CSOM, which are at SharePoint Server 2013 Client Components SDK . Updated Intellisense files for the PSI and CSOM, source code for creating a PSI proxy assembly, and instructions on how to update the PSI proxy files. XML schemas for the Project client, AppProvisioning, and the Statusing PSI. The top-level online landing page for the Project SDK is Project for developers ( https://msdn.microsoft.com/project ). For additional Project-related SDK content, see Office for developers ( https://msdn.microsoft.com/office ), SharePoint for developers ( https://msdn.microsoft.com/sharepoint ), and Build apps for Office and SharePoint ( https://msdn.microsoft.com/office/apps/ ). The two articles on Task pane apps for Project are in the Apps for Office and SharePoint SDK , and the JavaScript API for Office reference includes information specific for Project, the ProjectDocument object with eleven methods and three events, and four enumerations for Project. Want to try out Project 2013? Sign up for Project Online and Project Pro for Office 365 Download Project Professional 2013 and Project Server 2013 –Jim

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. If you are coming from a software or desktop deployment background, Office 365 ProPlus will change the way you think about software distribution. Many people will be asking, “Where are the bits?” or “Just give me the ISO file and I’ll extract everything and figure it out.” The big difference here is that because Office 365 ProPlus is user- and not device-pivoted, then the first task you’ll usually need to do is populate user accounts in the administrator portal of Office 365. User accounts will have the rights to install up to five copies of Office 365 ProPlus and can de-provision and reassign licenses if they cycle through computers. Office 365 ProPlus provides several administrational options to determine how users are provisioned in the Office 365 ProPlus service, which service components are made available to users and how to distribute and manage Office 365 ProPlus desktop applications. The administration process for Office 365 ProPlus begins with an assessment of your current Office environment, then users are added to the service, Office 365 ProPlus applications are configured then deployed. Office 365 ProPlus introduces new tools to manage client health – these tools collectively known as Office Telemetry are an integral part of Office. Because Office 365 ProPlus is a service and pivoted on the user account, it gives users new access to personalized Office experiences across PCs or on computers they may be using temporarily. The goal is to ensure users are productive as long as they can connect to the service. All of these concepts are predicated on identity management and having a single address and set of user credentials to access these experiences. IT organizations can choose to integrate with their directory services, regularly synchronize Office 365 accounts with their user base, perform bulk list imports periodically or manually provision users. Office provisioning in Office 365 ProPlus brings new capabilities to ensure users are quickly up and running with Office programs. Deployment options include all of the standard approaches from standalone installations using enterprise software distribution to Windows image-based deployments, but the service also enables new scenarios supported by Internet-based installation and software update support. An IT organization can decide to perform most tasks using their network or use Office 365 cloud services to augment Office desktop app provisioning and software update management. Provisioning Users and Activation Basics Office 365 ProPlus activation is tied to the user account, so the account needs to be provisioned and configured to access Office 365 ProPlus services in order for Office programs to remain in an activated state. The users’ Office 365 account status is continually checked by the Office applications to ensure that if a user is de-provisioned by their administrator – for example, the user leaves the organization – then Office 365 ProPlus programs can quickly move to a de-activated state.  This is increasingly important with the impacts of consumerization of IT and users having the ability to install Office on personally-owned PCs and devices. Office and the state of that service is tied to the organization he or she works for, so the administrator needs the ability to turn that service on or off. Office 365 ProPlus is designed with a few important activation grace periods to provide flexibility in automated deployment scenarios and for when users go offline for extended periods of time. An IT administrator can preinstall Office in a Windows operating system image and reset the activation state if required using ospprearm.exe found in %programfiles%Microsoft OfficeOffice15 (no longer the previous location of %programfiles%Common Filesmicrosoft sharedOfficeSoftwareProtectionPlatform). An installation of Office 365 ProPlus provides 5 days of use in the initial grace period before a Microsoft Online Services ID is required. Once Office 365 ProPlus is activated, it can go as long as one month without connecting to the online service to rearm activation. If a user exceeds month and Office 365 ProPlus is de-activated, the user will only need to reconnect to the Internet with a valid user account to rearm the activation. The expectation with the service is that PCs do connect at least once per month to the Internet and activation processes run in the background and are never seen by the user. The next section goes into detail about identity management in Office 365 and if you are an existing Office 365 user most of this should look pretty familiar. Microsoft Online Services ID in Office 365 One of the first things people will notice with Office 365 ProPlus is that they now sign in to Office programs. The sign-in is typically a one-time operation after Office is installed and users will be asked to input an “Organization or School” ID to begin using Office. This ID as previously described is part of the process for software activation and facilitates the concept of roaming settings per user. Sign in to Office Dialog in Office 365 ProPlus For an IT administrator, this typically means a number of things need to happen before a user is greeted with the dialog. –          In the Office 365 tenant, the User Principal Name (UPN) and required attributes have been entered, –          the account has been provisioned for Office 365 ProPlus, and –          the user has received some form of communication to inform her that she has an account with Office 365 and will need set an Office 365 password in cases where Office 365 is implemented without Active Directory Federation Services to enable single sign on. Users may be manually entered by the administrator or entered via CSV file list import. Once she launches an Office program for the first time, she will need to enter her username and password then Office 365 ProPlus will activate and sign in to her personalized settings. If the user is the first person to sign in to an Office 365 ProPlus program on a PC, the installation once complete and signed into will be tallied against the five PC per user installation count. This is important for an administrator, because it means they should not be using their own administrator Office 365 credentials to activate Office installs on behalf of their users, as they will quickly reach their five PC limit. After that initial experience and login, the user can roam from PC to PC within her organization using the same username and password to present her personalized settings. If she is not the first person to log into Office 365 ProPlus and activate for that PC, the activation will not be tallied against her count of five PCs. Synchronizing Active Directory with Directory Sync Tools Directory synchronization with an Active Directory service is often a better way to populate UPNs and attributes in the Office 365 identity store. This is a service which runs within your organization’s Active Directory environment and synchronizes user objects every three hours. You still need to provision users with the rights to use the desired Office 365 services, such as Office 365 ProPlus, in order for users to self-install Office 365 ProPlus or activate Office programs installed on their behalf by IT administrators. More information about Office 365 and Directory Synchronization can be found on TechNet .    Microsoft Online Services Directory Synchronization tool Federating Active Directory with Office 365 Identity federation in Office 365 allows users to access Office 365 services, activate their Office 365 ProPlus installations and roam their user settings with existing Active Directory corporate credentials (user name and password). The setup of single sign-on requires Active Directory Federation Services (AD FS) 2.0. The advantage of using identity federation is that users only need to memorize one set of credentials, all authentication happens on your organization’s premises and adheres to your policies, administrators can control access to services,
user credentials are stored and mastered on-premises, and multi-factor authentication is possible. More information about identity federation can be found in the Prepare for single sign-on  article on the Office 365 support site. The number of options available means there is most likely a method that best serves your needs. There isn’t a one-size-fits-all solution, due to the varying number of customer needs and security policies. While most of these options are rooted in the current Office 365 in market service, many more options and optimizations are coming across the tools and services, plus there are a few partner offerings to assist with user provisioning and authentication. 

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus is designed to be compatible with existing Office files, add-ins, dependent applications and other customizations. It includes new tools to help IT organizations maintain configuration, performance and health characteristics of Office programs and adopt new versions of Office quickly. New tools for Office telemetry allow administrators to quickly troubleshoot issues at the endpoint level or monitor and manage Office programs centrally in an organization. Side-by-side support allows users to have more than one version of Office installed, giving a valuable tool to assist with transitions from older versions of Office to Office 365 ProPlus. If for any reason there are dependencies on an older version of Office, users can always go back to that version. Office Telemetry Telemetry is new to Office and provides the primary functions of maintaining the health of Office programs in a managed IT environment and helping with migrations from previous versions of Office. Telemetry is native to Office desktop apps and can be accessed via the Office Telemetry Log, an Excel-based spreadsheet that reports Office events in a sortable and filterable way. The Office Telemetry Log will allow IT admins to quickly troubleshoot issues local to that PC. The events from the Office Telemetry Log are also optionally sent to a central location and data processing service in order to provide a consolidated view across an organization. This is important for maintaining performance and compatibility characteristics when using Office and also when assessing customizations and compatibility of previous Office versions and the files created with those versions. The intent of the new Office is to maintain compatibility at the file level across Office versions, but when inconsistencies do surface, Office telemetry is designed to alert IT admins and allow them to make proactive decisions to correct and prevent issues.   The Telemetry Dashboard guide explains telemetry capabilities and how it is implemented Telemetry in Office 365 ProPlus consists of five key components: Inventory Agents Shared folders Telemetry Processor Database Telemetry Dashboard The inventory agent is integrated as part of the new Office 365 ProPlus Preview and Office Professional Plus 2013 Preview. By default, the inventorying function is turned off, but can be enabled post installation or using Active Directory Group Policy controls. Inventory agents will also be available for Office 2003 and newer clients, but they are intended for use in migration projects and not as a part of ongoing health and performance management. The inventory agent collects information from the Office Telemetry Log and will detect customizations such as add-ins, custom code (COM and Browser Helper Objects) and Apps for Office. It also reports on product version and architecture.   The Office Telemetry Log collects Office events stored in Windows and displays them in Excel When inventory agents are enabled, the IT admin also specifies a shared folder location to save the inventory agent’s output files. A data processing service then processes the output files and adds entries into a SQL Server database. Finally, the Telemetry Dashboard displays reporting views from the SQL database in Excel to provide an aggregate view of Office versions, commonly used files, errors and events, plus add-ins and related solutions. Side-by-Side Version Support While it has traditionally been possible to install Office side-by-side with other older versions of Office, there have been several side-effects with having this configuration. These side-effects include prompting for and performing Office installation repair when loading the older program, removal of older Outlook versions and Start Menu shortcuts in the same folder among other issues highlighted in KB2121447 . Office 365 ProPlus is designed to allow side-by-side version support with older versions of Office. As a compatibility tool, this means the user is able to keep older versions of Office installed and in the unlikely event that a user encounters a file that does not function properly in the new Office program, they can open the older Office program and open the file from within that program. Office 365 ProPlus running alongside Office 2003 on the same system Default file associations for Office file formats (DOC, DOCX, XLS, XLSX, PPT, PPTX, etc.) will be assigned to the last version of Office installed in Windows 7 and align with how Windows 8 assigns default file associations in the operating system. To assign default file associations to the older Office version an installation repair of the older Office version will assign default file associations to the older version. Likewise, an installation repair on Office 365 ProPlus will reassign default file extensions back to the newer version. These approaches may be automated when an IT administrator pre-installs Office 365 ProPlus and wished to retain default file associations on older version until the user is trained. See Best practices for maintaining Office 2010 or equivalent articles from previous releases for more information about required command line scripting to automate the repair command. Existing Customizations with New Click-to-Run Installs Office 365 ProPlus was designed to support existing extensibility models for Office programs, including Object Model APIs, Web services and protocols, VBA, Office Add-ins and document-level customizations. In fact, in side-by-side installations, Office 365 ProPlus will examine desktop application customizations existing from previous installations of Office and load those when Office 365 ProPlus programs are executed. Customizations found in %AppData%LocalMicrosoftOffice such as OFFICEUI custom ribbon extensions and CUSTOMUI files. In the example below, I have customized Microsoft Word in Microsoft Office Professional Plus 2010 with a “Touch” ribbon tab and installed a third party add-in called “DYMO Label.” After installing Office 365 ProPlus and launching Word 2013, both the “Touch” tab and “DYMO Label” add-in are available.     Office Professional Plus 2010 customizations automatically applied to Office 365 ProPlus in side-by-side configuration This functionality also extends to the Office on Demand applications. If your organization is using Office 2007 or newer, file compatibility combined with familiar ribbon controls and applied pre-existing customizations should help ease user transition to the new Office. More Resources There is a lot of new content both in product and on TechNet to explain Office Telemetry, check out Deploy Office Telemetry Dashboard on TechNet. There is also more information coming out on the Office Next blog about these and further topics, so stay tuned.

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus was designed to enable administrators to control the configuration, installation and updating experience using familiar processes and tools. Because Office 365 ProPlus is rooted in application virtualization, a number of new tools have been developed to enable configuration management using enterprise software distribution and script-based processes. Some organizations may allow users to log in to office365.com and install their own Office programs directly from the Internet, however, this requires that users are comfortable performing this task and they have the rights to install applications on their computer. In most cases, this will be a normal case for Office 365 users who install on their personal devices or home PCs, but may not meet the requirement of a locked-down and managed environment where users are provisioned as Standard Users in Windows. In cases where users do not or cannot self-install, Office 365 ProPlus has been built to allow IT administrators to install Office on behalf of their users. This applies both to Windows image-based installations as well as standalone installs from the network, software distribution, local media or the Office 365 service. By default Office 365 ProPlus receives automatic updates, but IT can elect to disable automatic updating of Office programs and deploy only tested and approved Office builds. The Click-to-Run installation technology and toolset provides flexibility and control to manage how Office 365 ProPlus is installed and updated as well as where installation media is stored. Click-to-Run Components and Tools for the Administrator As I mentioned above, if you come from a systems management background, the first question many will ask is, “where are the bits?” The design of Office 365 ProPlus is to store installation files online via a publicly-accessible service. This allows people to perform self-installation and managed deployments to point to online installation source for initial installs and ongoing software updates. The installation files are also accessible to be downloaded and imported into enterprise software distribution tools or operating system deployment tools. The  Office Deployment Tool enables automated deployment of Office 365 ProPlus. There are three primary components needed to enable managed or “push” deployments of Office 365 ProPlus: Office 365 ProPlus installation files setup.exe bootstrapper to initiate the installation process configuration XML file to govern how and from where Office is downloaded and installed   Contents of the Office Deployment Tool The Setup and configuration XML tools are packaged together as the Office Deployment Tool and available on the Microsoft Download Center . Setup.exe in this case performs two primary tasks – it downloads Office 365 ProPlus, Visio and Project programs to a local file location using the /download command and it controls how Office programs are installed using the /configure command. Both commands point to a configuration file to govern what is downloaded and how Office is configured. The configuration XML file governs both what is downloaded and how Office Click-to-Run is applied to the target computer. The controls relevant to downloading installation source from the https://officecdn.microsoft.com/ site are the following. Note: all controls are CaSe SeNsItIvE. Option Description Sample Syntax Add Parent control to determine source, architecture, product and languages to download. From CDN:               From local network:                Product The targeted products to download within the command. Multiple products may be nested under the control and multiple languages may be nested under the control. Office 365 ProPlus      SourcePath Location where the Office is downloaded to. If unspecified, the downloaded content will be saved to the folder where the setup.exe is located. OfficeClientEdition Determines the architecture of the product to download, 32 or 64 bit. Note: 32-bit is still the recommended architecture for new Office versions. Cross-architecture installations are not permitted; if a 32-bit Office version is already installed on a system, the 64-bit Click-to-Run package will not install and vice versa.   Or: OfficeClientEdition=”32″ OfficeClientEdition=”64″ Language Language determines the language DAT files to be downloaded with the Click-to-Run package. Version Version is used as part of the control and specifies the version to be downloaded. If version is not specified, setup.exe will download the latest build. Available version numbers will be posted to KB article in the future.     Downloading Click-to-Run Installation Source Click-to-Run builds are available for download from the Office 365 service. Administrators can use the configuration XML file to determine the architecture (x86 or x64), language and version number to download. The following screenshots show the process to download Office 365 ProPlus installation files from the service.   Setup tool and command line usage You can create XML files with commands specific to downloading, installing or uninstalling Office. Here is a sample of an XML I called download.xml to download the latest Click-to-Run builds of Office 365 ProPlus Preview and Visio Pro Preview.                               Progress after executing ‘setup.exe /download download.xml’ command   Office folder is downloaded and applied to the Office Deployment Tool folder   Office 365 ProPlus build is stored as DAT and CAB files in the ..dataversionnumber folder within the directory of setup.exe or SourcePath location In a managed IT environment, the IT administrator can execute an automated scheduled task every two weeks or so to download the most recent Office 365 ProPlus builds. The great thing is that new builds always contain the latest software updates and you don’t need to add them to the updates folder as with the MSI package, they are already slipstreamed into the build and installation times for the first release build will be comparable to future builds. It is good news if you build lots of PCs with task sequence-based setup or just wish that installs when the product is in the middle of the release cycle were as fast as they were with RTM builds. As someone with a Windows imaging background, I wish I had this sooner and that other components I install in my task sequences were updated similarly, because once you start layering in a service pack and more than ten additional software updates, MSI-based installs start to get very slow. Alternatively, the administrator can manually download the exact build desired by specifying the build number in the configuration XML file. If left unspecified, the download command will download the newest available x86 build of Office 365 ProPlus. Using Active Directory Group Policy to Deploy and Enforce Configuration Templates Let’s take a small detour from setup for a minute and discuss post-installation configuration. Ideally, Group Policy configuration is decided and implemented prior to rolling out any version of Office and in the case with Click-to-Run, we need Group Policy if we want to make configuration changes to how Office is set up. Office 365 ProPlus is designed to work with Active Directory Group Policy configuration management. Aside from the handful of controls available in the configuration XML file to govern Office 365 ProPlus setup, Group Policy is required for fine-tuned configuration management of Click-to-Run installation and run time. Group Policy adds unique settings for the Office 365 ProPlus service to manage how roaming settings are accessed, control software update behavior and determine which online services are allowed for storing files among thousands of other settings.   Local Group Policy Editor in Windows Group Policy is also used to configure security settings and how new telemetry features in Office 365 ProPlus and Office Professional Plus 2013 capture and report data for client performance. New telemetry
features also utilize Group Policy to block or enable Office Add-ins from running.  The Office 2013 Preview Administrative Template (ADMX/ADML) files can be downloaded now from the Microsoft Download Center and these apply to both the Office Professional Plus 2013 and Office 365 ProPlus packages.

A couple of cross blog references here on resource management topics – and both affect Project Online as well as the on premise installations.  Firstly an issue where you cannot open more than a certain number of resources from your Resource Center in Project Professional 2013 – blogged over on the Project Support blog at https://blogs.technet.com/b/projectsupport/archive/2013/03/11/project-server-2013-why-can-t-i-open-all-my-resources-from-the-resource-center.aspx .  The numbers aren’t exact – but will be around 120 for IE9, then 520 or so for IE10, Chrome and Firefox. The second one is from our very good friend Gary Chefetz over at MSProjectExperts and unlocks the key to the Windows Logon Account field if you wish to add resources via Project Professional 2013 – https://www.projectserverhelp.com/Lists/Posts/Post.aspx?ID=205 .   Also note Gary’s comment on needing to select at least one resource from the existing resource center to open Pro up.

Back in November 2012, we announced our Microsoft Connectivity Analyzer Tool (MCA) Beta client.  We have been very busy working to improve the testing options that are available from the MCA client.  Here’s what we’ve built for the 1.0 release. Microsoft Connectivity Analyzer Tool 1.0 We are excited to announce the 1.0 release of the Microsoft Connectivity Analyzer .  This tool is a companion to the Microsoft Remote Connectivity Analyzer web site.  The MCA tool provides administrators and end users with the ability to run connectivity diagnostics for five common connectivity symptoms directly from their local computer.  Users can test their own connectivity, and save results in an HTML format that administrators will recognize from viewing results on the RCA website.   Click here to install the MCA 1.0 tool (Please visit the site to view this video) Microsoft Connectivity Analyzer The MCA tool offers five test symptoms I can’t log on with Office Outlook – This test is equivalent to the Exchange RCA test for “Outlook Anywhere (RPC over HTTP)”. There is an option to run the SSO test provided on the parameters page. I can’t send or receive email on my mobile device    – This test is equivalent to the Exchange RCA test for Exchange ActiveSync. ***New*** I can’t log on to Lync on my mobile device or the Lync Windows Store App – This test checks for the Domain Name Server (DNS) records for your on-premise domain to ensure they are configured correctly for supporting Mobile Lync clients. Also it connects to the Autodiscover web service and makes sure that the authentication, certificate, web service for Mobility is correctly set up. ***New*** I can’t send or receive email from Outlook (Office 365 only) – This test checks Inbound/Outbound SMTP mail flow and also includes Domain Name Server validation checks for O365 customers. ***New*** I can’t view free/busy information of another user – This test verifies that an Office 365 mailbox can access the free/busy information of an on-premises mailbox, and vice versa (one direction per test run). Microsoft Lync Connectivity Analyzer Tool You will also notice the Lync Connectivity Analyzer Tool on the client page.  We are working on combining MCA with MLCA in the near future but wanted to make both these great tools available to customers now to improve our client diagnostics options. Feedback Send all feedback to  MCA Feedback . Please let us know what you think of the tool and whether this will be helpful in troubleshooting connectivity scenarios.  Also feel free to provide feedback on additional tests you would like to see added in the future. Microsoft Remote Connectivity Analyzer 2.1 We are excited to announce the 2.1 release of the Microsoft Remote Connectivity Analyzer web site.  The tool provides administrators and end users with the ability to run connectivity diagnostics for our servers to test common issues with Exchange, Lync and Office 365.  We have added new Office 365 Domain Name Server tests, enhanced existing tests, and improved the overall site experience. Be sure to check out the updates to the Remote Connectivity Analyzer website .    

In the latest Garage Series for IT Pros post, our adventurous desktop specialist hosts Yoni Kirsh and Jeremy Chapman explain the differences between Windows Installer Package (MSI) and Click-to-Run package types, how to download Click-to-Run builds for use with software distribution tools, when it’s necessary to provision user accounts in Office 365 and Yoni tests whether Office 365 ProPlus can be installed before our skydiver, Fully Sik, hits the ground. Tune in at https://www.microsoft.com/garage .   To view previous episodes, check out the Garage Series for IT Pros Archive .

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus offers flexible software delivery options to suit organizations of all sizes and desktop service architectures. From small businesses where users often install their own software, to large enterprises where hundreds of applications are centrally delivered by the IT department to every user, Office 365 ProPlus installation adapts to your processes and workflows. Install Office 365 ProPlus from the Internet Self-installation of Office 365 ProPlus allows users to install Office on their personal PCs directly from www.office365.com . After the administrator has created the user account, the user can log in to the Office 365 service and install Office 365 ProPlus. Users will need to be local administrators on their PCs when self-installing and the installation will always be the most up-to-date Office build and be enabled to receive automatic updates. When the user initiates the installation, a small setup file (roughly 400 KB) is downloaded and run from the local PC the filename (for example: Setup.X86.en-us_ProPlusRetail_56f7d927-5bf8-435e-a240-9eaeef2f53c5_.exe) contains the installation parameters and what is loaded from the content delivery network site ( https://officecdn.microsoft.com/ ) where Office installation files are stored. Software installation page in Office 365 Self-installation may be appropriate in certain organizations where users have administrative privileges and are expected to install their own software. Self-installation rights may also be provided in well-managed organizations where users by definition cannot install software on managed computers, but are given access to Office 365 ProPlus installation on home or personal PCs. Administrators may also centrally disable the right for user self-installation, but this is a global control within the Office 365 Admin Portal and will apply to all users in the tenant. Process for managed self-installation or home and personal device installation in a managed environment In the process flow above, the IT administrator may optionally define Office configurations using local configuration management tools like Group Policy prior to publishing self-installation steps to end users. End users will be responsible for installing any required add-ins, dependent applications or standardized Office templates if needed and in the self-installation scenario, users are by default configured to receive automatic monthly updates from the Office 365 service. Automated Deployments using Software Distribution Infrastructure Most large organizations use enterprise software distribution or image-based deployment automation to install software on behalf of their users. Office 365 ProPlus enables these tools and processes to install Office either from the network or with support from the Office 365 online service. As with the download process the Office Deployment Tool uses setup.exe to install and configure Office 365 ProPlus. These tools are designed with flexibility in mind so an administrator can point the setup engine at local, network or Web-based file sources. The configuration XML file governs the installation process to determine what products, architectures, languages, and versions are installed and from which sources. It also allows the administrator to suppress installation and first run experiences, accept licensing agreements on behalf of the user, determine where installation logs are stored, enable or disable automatic software updates and configure where Office looks for updates. Process for on-premises software delivery of Office 365 ProPlus With these tools you can follow classic enterprise software distribution approaches where software installation files are installed via local cache or directly from the management or distribution point. New to Office 365 ProPlus is the ability to distribute just the setup.exe file and instruct that Office Click-to-Run packages are installed from the Office 365 online service ( https://officecdn.microsoft.com/ ). This is a great scenario in off-LAN situations when VPN connectivity to a management point is slower than the target machine’s connection to the Internet. Because installations are usually much faster than with previous MSI-based packages, deploying Office pre-installed in a custom Windows image will not save as much time as with previous Office releases and it allows you to pre-cache Office Click-to-Run builds with multiple language support within a captured Windows image (WIM) file, then use scripting automation or your favorite task sequencing engine to install Office directly from the local file source within the WIM file. It is also recommended to install Office native to the language of the operating system as opposed to using language packs atop the EN-US installation of Office, but both options are still possible with Office 365 ProPlus and Click-to-Run. The configuration XML file governs both what is downloaded and how Office Click-to-Run is applied to the target computer. The controls relevant to using setup.exe /configure are the following. Option Description Sample Syntax Add Parent control to determine source, architecture, product and languages to download. From local folder:               From local network:               Remove Used to uninstall Office products.                                 Product Multiple products may be nested under the control and multiple languages may be nested under the control. Office 365 ProPlus      SourcePath Location where the Office is installed from. If SourcePath is unspecified, setup will first look for installation source in the local folder and if not present it will look to the CDN source. OfficeClientEdition Determines the architecture of the product to download, 32 or 64 bit. Note: 32-bit is still the recommended architecture for new Office versions. Cross-architecture installations are not permitted; if a 32-bit Office version is already installed on a system, the 64-bit Click-to-Run package will not install and vice versa.   Or: OfficeClientEdition=”32″ OfficeClientEdition=”64″ Language Language determines the language DAT files to be downloaded with the Click-to-Run package. Updates Configures automatic updating behavior. Updates may be either from the public Office 365 service, local location, local file share or private https:// site. To use a local file share: To use the CDN:   

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus changes the security and data management story from securing end points and activities on the end point to decisions for securely accessing data. In order to enable users to switch from one device to another and resume working with their content, it means that either they log into a remotely hosted environment or that endpoints have access to remotely-stored documents. Office 365 ProPlus optimizes for the best experiences on devices while also providing rich browser-based experiences with Office Web Apps. In either constellation, Office 365 ProPlus does not use a Remote Desktop Protocol-based architecture where the user logs into a remote system and views that from the endpoint. Files and content will move to the consuming device whether viewed through a browser or with rich clients, so securing access to files is a key consideration. If your organization is not quite ready to move email or file storage workloads to Office 365 Enterprise services – with Exchange and SharePoint functionality available – then Office 365 ProPlus may be the best fit because your email services and files will be stored on your premises. The only data Office 365 ProPlus will need to store in the cloud are User Principle Names and related minimum user attributes for handling activation and roaming settings information (primarily HTTP links to files and custom dictionary entries).  Everything else in that case remains in your infrastructure using traditional data management and access models. Securing the Service Some of the primary vectors for Office 365 security have been discussed in this series as they relate to authentication and authorization to Office 365 services and which services are permitted as save-to or open-from locations. For the latter configuration, Office 365 ProPlus and Office Professional Plus 2013 may be managed by new Group Policy settings to optionally restrict storage to SkyDrive or third party cloud storage locations. You may also limit sign-in credentials to Organizational IDs and disable sign-in to personal IDs or disable sign-in altogether. Disabling sign-in completely applies best to Office Professional Plus 2013 installs of Office, where activation is performed via Key Management Service (KMS) or Multiple Activation Key (MAK). Access to files and services may be augmented by Rights Management Services and/or multifactor authentication used in conjunction with Active Directory Federation Services to provide secure authentication and authorization to your organization’s files. Securing Clients Office 365 ProPlus includes enterprise-class security controls and fully-supports Group Policy configuration management. Additional features carried over from Office 2010 include Protected View, Data Execution Prevention (DEP) support, trust locations and documents, Office file validation and file block and ActiveX Kill Bit. For many organizations, the default security settings for Office 365 ProPlus are suitable and for those of you with highly locked-down environments, Group Policy enables thousands of settings via ADMX administration templates to fine-tune Office settings to fit your needs. Securing Office on Demand and Web Apps Office on Demand is a new delivery model allowing users to stream complete Office applications from a SkyDrive Pro location. It enables users to get quick access to Office applications and their files on essentially any Windows 7 or newer PC with an Internet connection – and without ActiveX controls disabled by the admin. But what does this mean for the files accessed via these unmanaged or non-owned PCs? Because the user in this case has access to SkyDrive Pro from the unmanaged PC, Office on Demand works to provide an excellent viewing and editing experience. If that user elects to download a copy and view it in Notepad or a browser, the file has already made it to the local hard drive of the computer. While Office on Demand does enable a more compelling user experience in this case, it doesn’t diminish security if those files were already accessible from that unmanaged computer. Much more to come This post only scratches the surface of security considerations scoped to the client and essentially was written to answer a few very frequently-asked questions I get when presenting Office 365 ProPlus to large organizations. Check out the  Security overview for Office 2013 Preview on TechNet for further information on product and service security as it relates to Office Professional Plus 2013 and Office 365 ProPlus. Also be sure to download the Office 2013 Preview Administrative Template files (ADMX/ADML) for Group Policy management.

Here’s some basic information you’ll want to have if you want to support SkyDrive Pro libraries and Sync services in your organization. If you just want to get your bearings around SkyDrive Pro, you can start here: https://office.microsoft.com/en-us/sharepoint-server-help/what-is-skydrive-pro-HA102822076.aspx   Regarding SkyDrive Pro prerequisite software and services: To support SkyDrive Pro libraries in your organization, the latest SharePoint or Office 365 personal sites (also known as My Sites) need to be deployed in your organization, and the user profile service needs to be running. This is because social features, such as sharing documents, depend on personal sites and user profiles. To support Sync in SkyDrive Pro (the ability to synchronize SkyDrive Pro documents with local desktops), make sure that either Office 2013 (Standard or Professional) or an Office 365 subscription that includes the Office 2013 applications is running on Windows 7 or Windows 8 client devices.  Regarding security concerns: SkyDrive Pro client exchanges with SharePoint sites rely on synchronization protocol and external mechanisms for security, such as those provided by VPNs or Secure Socket Layer (SSL) technology. SkyDrive Pro data is not encrypted over the network when the SkyDrive Pro client talks to SharePoint (which is required to support SkyDrive Pro), unless the transport protocol is being used for server communication is through https (which uses SSL or Transport Layer Security – TLS). Server administrators can configure SSL encryption for data sent over the network between the SkyDrive Pro and the SharePoint servers. On-disk data can be encrypted using the Windows BitLocker Drive Encryption. For more information see ‘BitLocker Drive Encryption’ at https://go.microsoft.com/fwlink/p/?LinkId=163122 . Note: SSL is recommended for SharePoint connections from outside a corporate domain. If you’re using Active Directory, you can configure the following Group Policy setting: Sync Only On Domain Network: Requires a Secure Socket Layer (SSL) connection for SkyDrive Pro clients trying connect to SharePoint Server 2013 (or SharePoint 2010) from outside the organization’s intranet. In addition, you can secure the SharePoint site from unauthorized access by setting access control lists appropriately. For guidance about how to set access control for users to synchronize with SharePoint libraries and lists, see ‘Overview of site permissions in SharePoint 2013’ at  https://technet.microsoft.com/en-us/library/jj219771.aspx .