I am very excited to share some great news with you. Earlier today we reached the release-to-manufacturing (RTM) milestone for Office 2010, SharePoint 2010, Visio 2010 and Project 2010!
RTM is the final engineering milestone of a product release and our engineering team has poured their heart and soul into reaching this milestone. It is also an appropriate time to re-emphasize our sincere gratitude to the more than 5,000 organizations and partners who have worked with us on rapid deployment and testing of the products. Since the start of our public beta in November 2009, we’ve had more than 7.5 million people download the beta version – that’s more than 3 times the number of 2007 beta downloads! The feedback that we’ve received from all these programs has shaped the set of products we’re excited about, and that I’m sure will delight our customers.
Our Volume License customers with active Software Assurance (SA) on these products will be one of the first to receive the 2010 set of products. They will be able to download the products in English via the Volume Licensing Service Center starting April 27. Customers without SA will be able to purchase the new products through Volume Licensing from Microsoft partners starting May 1.
Earlier this year we announced that we will officially launch Office 2010 to our business customers on May 12 with Stephen Elop, President of Microsoft’s Business Division, delivering a keynote as part of our virtual launch. Our virtual launch will allow people from around the globe to participate in our launch by going to http://www.the2010event.com. The virtual launch site will showcase product demos, customer and partner testimonials, and interviews with product managers and executives, and we hope this will give you another great way to explore, learn, and get excited about the 2010 releases.
Office 2010 will first become available in retail stores in June in the US, and customers can pre-order these retail versions of Office 2010 at http://store.microsoft.com/OfficePreorder today to receive Office when it becomes available.
On behalf of the Office team, I want to thank all of the customers and partners who have helped us reach this milestone. We look forward to continue learning from you and all the great things you will do with our products!
-- Takeshi Numoto
Corporate Vice President, Microsoft Office
We’re thrilled about the growing number of people who are using Microsoft Office every day to get things done at work, at home, at school and on the go. For instance:
On the heels of such positive momentum, we’re excited to talk about big improvements in the way we’ll deliver the next version of Office to consumers.
Along with the great product innovations we’re delivering in Office 2010, we’re introducing even more choice and flexibility for consumers in how they can try, buy and experience Office 2010 on new and existing PCs. This includes:
For consumers who purchase a new PC, Microsoft is working with major PC manufacturers and our retail partners to make it simpler than ever to try and buy Office 2010.
Through our retail partners, Microsoft is introducing an all-new Product Key Card to help consumers more easily access and experience Office 2010 on new PCs that have been pre-loaded with Office 2010. The Product Key Card is a single license card (with no DVD media) that will be sold at major electronic retail outlets.
An added bonus: The card’s packaging is smaller than the full package (DVD) product, and is eco/retail-friendly. The key number contained on the card will unlock Office 2010 software that has been pre-loaded by the PC manufacturers on their PCs, and enables a simpler and faster path for consumers to begin using any one of three full versions of Microsoft Office – Office Home & Student 2010, Office Home & Business 2010, or Office Professional 2010.
As part of Office 2010 software that will be pre-loaded by the PC manufacturers on their PCs, we’re introducing Microsoft Office Starter 2010. Office Starter 2010 is a reduced-functionality, advertising-supported version of Office 2010, available exclusively on new PCs. Office Starter 2010 will provide new PC owners with immediate exposure to the Office 2010 experience on new PCs right out of the box.
Office Starter 2010 will include Office Word Starter 2010 and Office Excel Starter 2010, with the basic functionality for creating, viewing and editing documents. Office Starter 2010 will replace Microsoft Works, offering a consistent Office user experience, such as the Ribbon, with a simple path to upgrade to a fully-featured version of Office 2010 directly from within the product.
For people who want to try or buy Office 2010 on existing PCs, Microsoft is unveiling Click-to-Run, a new and enhanced download experience for consumers. Click-to-Run makes it easier than ever for customers to try or buy Office digitally by significantly reducing the time and effort required to download Office 2010 over the Internet. Click-to-Run automatically downloads and installs any software patches when connected to the Internet, helping people maintain and keep their Office software up-to-date. Click-to-Run uses virtualization technology so it allows customers to maintain multiple versions of Office. This enables them to try Office 2010 side-by-side with the existing version of Office.
We will have the broad beta of Office 2010 later this year and invite people to become familiar with Office 2010, in the way that works best for them, and then easily upgrade to a full version of Office Home and Student 2010, Office Home and Business 2010, or Office Professional 2010 when they’re ready to buy. To find out more information about Office 2010 visit www.microsoft.com/office2010.
Takeshi Numoto, Corporate Vice President, Office
Introducing Click-to-Run
If you’re the type of person who likes to test-drive the latest and greatest software (or you’re the type of person who reads an Office Engineering blog…), then you’re probably familiar with the pain that can be part of trying out new software for the first time. My name is Paul Barr, Lead Program Manager for the Click-to-Run team in Office 2010, and we’ve built Click-to-Run with you in mind. What follows is a more in-depth post on the technology introduced in the New Ways to Try and Buy Microsoft Office 2010 announcement.
Delivering rich programs like Office over the internet hasn’t changed much in the last decade. Sure, we have self-extracting executables, securely signed files, and download managers, but all of these fall short of solving what we think are the biggest problems with downloading and installing large applications:
What is Click-to-Run?
Click-to-Run is a new software delivery mechanism built by the Office product team. It’s based on core virtualization and streaming technologies from the Microsoft App-V team in Cambridge, MA. Click-to-Run is optimized for home users on broadband connections (at least 1Mbps), and there are three key pillars of the investment:
Click-to-Run products also take up about half the disk space of normal products, they repair more completely, and they won’t break other software installed on the PC because they have private copies of all of their files and registration.
Click-to-Run is not a new Office “product”, it’s a new way of delivering and updating the products with which you are already familiar. Click-to-Run delivery is available for both the Office Home and Student 2010, and Office Home and Business 2010 products. It has full language support, and will work on both 32-bit and 64-bit Operating Systems (although only the 32-bit version of Office is actually run on both platforms).
How does Click-to-Run work?
Products delivered via Click-to-Run execute in a virtual application environment on the local Operating System. This means that they have private copies of their files and settings, and that any changes they make are captured in the virtual environment. The effect is they don’t end up modifying any other software installed on the System. With few exceptions, only user data actually passes through the virtual environment to the local System. Click-to-Run users may notice that they have a virtual Q: drive on their PCs, this is the virtual file system used by Office.
Click-to-Run products also support streaming. Think of this in the same way you think about streaming video. You get to watch the first part of the video before the entire file downloads. With Click-to-Run, users can start using their Office programs before the entire suite or product has been downloaded, enabling them to get to work much faster. While the user is running their application, the rest of the products are being downloaded in the background. The initial installation process is very different than what users may be used to. The experience of getting Click-to-Run Office is more like downloading a big web control than doing a traditional Office install:
If a user tries to use a feature or application that is not yet downloaded, Click-to-Run retrieves the required functionality from the internet immediately. In this case, the application may pause briefly, and users might see an experience like the below:
Users can see the current progress of the product download by launching the Click-to-Run Application Manager in Windows Control Panel:
Once fully downloaded, the product is cached locally, and users are free to disconnect from the internet and continue using their Office products:
Click-to-Run in the Office 2010 Beta and beyond…
Users will see that the Office Home and Business 2010 Beta product is available to download using the Click-to-Run technology. This option is optimized for high bandwidth connections (low bandwidth users should download the Office Professional 2010 Beta). When Office 2010 releases, Click-to-Run delivery will be available for a wider range of Office products. Users who download an Office 2010 product using Click-to-Run delivery also have access to the “normal” self-extracting version, as well as the native 64-bit version if those better suit their needs.
Home users may notice that a handful of things behave differently when using a Click-to-Run version of the Office 2010 products. For instance, there is a Click-to-Run specific destination in the Backstage for each application in the product. This section gives details about the status of applied updates, and links to more information about Click-to-Run:
It’s also possible that users will notice that some add-ins, or other integration points with the Office client, behave differently or are broken when using a Click-to-Run product. The vast majority of these will have no issues. All macros, in-document automation, and cross-Office application interoperability work fine. But sometimes the Office product group must make changes that cause some integrated solutions to require updating (building 64-bit versions of the applications is another good example of this). In some cases, add-ins might have trouble locating the Click-to-Run Office products on the machine, or they might have issues communicating with Office products when they are running in the virtual environment.
We expect these issues to be limited in scope. You will see more from us on how to resolve these both for users, and developers that wish to extend Office. In the Beta timeframe, if you are a developer, or are having issues with an add-in that you believe is compatible with Office 2010, you may want to obtain the Professional version of the Office 2010 Beta.
Wrapping it up…
As you’ve seen through the other posts on this blog, the Office 2010 rich clients bring a great new set of features and functionality to users. Click-to-Run is about getting that value into the hands of users easier, faster, and safer than ever. We’re very excited to pioneer the next generation of software delivery over the internet, and we look forward to your feedback.
Hi, I’m Ted Way, a Program Manager on the Licensing team. Ever enter a 25-character key when you installed Office? That’s us. I’m looking forward to sharing how we’re helping administrators worry less about key management and seamlessly integrate Windows and Office activation in the enterprise.
Starting in Office 2010, all volume editions of Office client software will require activation. What’s great for administrators is that Office has adopted the Windows Software Protection Platform (SPP), which means that most of what you have learned (or will learn) about Volume Activation for Windows applies to Office as well. For example, the same Key Management Service (KMS) host can be configured to activate Office 2010 clients as well as Windows 7 and Windows Server 2008 R2. Also, there is no reduction in functionality in volume editions of Office 2010. Even if Office is not activated, your users will still be able to open, save, edit, and print Office files, though users will see notifications reminding them to activate.
This post will kick off a short series of articles on volume activation that will cover topics such as an introduction to volume activation, setting up a KMS host, and using Multiple Activation Key (MAK).
There are two models available for activating volume editions of Office 2010 client. The default method is KMS, which is a local activation service. A KMS host needs to be set up, and that’s the only computer that activates with Microsoft. The other is Multiple Activation Key (MAK), which is similar to the retail activation method: a key needs to be entered, and the computer will need to connect to Microsoft to activate.
KMS is set up on a designated host system that will activate all client installations of Office 2010, eliminating the need for individual computers to connect to Microsoft for product activation. It is a lightweight service that does not require dedicated resources and can easily be co-hosted on a system that provides other services. Here at Microsoft we have one KMS host up and running internally that has activated over 8000 installations of Office 2010 Technical Preview builds. It’s also activating Windows 7 and Windows Vista machines.
Computers running volume editions of Windows 7 or Windows Server 2008 R2 operating systems can be configured as Office KMS hosts. Those running Windows Server 2003 can also be used as long as the KMS service is installed. Once you enter the KMS host key and activate, the host will register its Service record on DNS so KMS clients can find it. The KMS host can be further configured with the slmgr.vbs script that ships with Windows.
By default, a KMS client key is already pre-installed on volume editions of client software. That’s why end users don't need to enter a product key when installing Office Professional Plus, for example. A great aspect of KMS is that once you have a KMS host set up, KMS clients will automatically look for the host on DNS and activate themselves against it. Only one KMS host is needed to activate Windows and all Office client products. Just enter one KMS host key and activate, and the KMS host can activate not just Word, Excel, and PowerPoint, but also Visio, Project, and InfoPath.
KMS activation is not perpetual, so computers are activated (i.e. in the licensed state) for 180 days. Within that time, the KMS client will need to contact the KMS host and re-activate. When it does, it gets another 180 days starting from the day of re-activation. KMS clients by default attempt re-activation every seven days without a notification shown to the user, so this reactivation will happen automatically behind the scenes without any distractions. No “activation count” is “used up” when KMS clients activate and re-activate.
It might be easier to understand Multiple Activation Key, or MAK, by thinking of how Office 2007 retail editions are activated. You went to a store and got a CD for Office 2007. When you installed Office 2007, you were prompted to enter a product key found on the CD’s sleeve. Activation was then done with Microsoft’s activation servers, but you couldn’t activate more than a few times using the same key.
For MAK, the same principle applies, except each key has a different activation count depending on your organization’s needs. For example, a consulting firm with 50 employees constantly on the go may get a MAK key with an activation count of more than 50 (the extra activations are a buffer). That means the same 25-character key is entered for all 50 employee computers, and each of their computers activate online with Microsoft. A smaller firm may only have five computers, and they will get a key with an activation count that’s different than the other company’s key, but it will have enough for their needs.
MAK results in perpetual activation. Once activated, computers do not need to re-activate unless significant hardware changes occur, such as changing a hard drive.
In practice, organizations with 25 or fewer computers will likely find it easiest to use MAK. Larger organizations will see the value in setting up a KMS host to facilitate activation for hundreds if not thousands of computers.
In addition, larger organizations will probably use a mixture of KMS and MAK. KMS would be the default for computers that are connected to the corporate network at least a few times every 180 days. MAK activation would be suitable for laptops or other computers that are not connected to the company network.
Although the technology is the same, there are some important items to note between Windows and Office:
1. KMS hosts configured to activate Office should be installed on Windows Server 2003, volume editions of Windows 7, and Windows Server 2008 R2
2. If you want your KMS host to activate multiple products (e.g. Office 2010 and Windows 7), you will have to install the Windows KMS host key in addition to the Office KMS host key and activate both of them.
3. Office KMS clients are activated when five or more computers with Office attempt activation with the KMS host. For Windows client operating systems (Windows Vista and Windows 7), activation occurs after 25 or more computers with Windows client request activation.
I’ll be posting more articles that get into the nitty-gritty of these activation methods. The goal is to show you how easy and fast it is to set up a KMS host or MAK activate and get your users up and running Office in no time!
Business Contact Manager is a powerful contact and customer information management feature of Outlook.
The new version of Business Contact Manager (BCM) for Outlook 2010 is far more powerful and flexible than BCM for Outlook 2007. Manage your business contacts, track opportunities through the sales cycle, send personalized marketing campaigns, and organize your business projects.
With this introductory post, the BCM team has started to write about the top features in their upcoming release for Office 2010:
There are many new and exciting features in BCM. Visit BCM Team Blog regularly to learn how BCM for Office 2010 can help grow your business.
When you try Office 2010 you can download BCM from the Microsoft Connect site. Please try it out and send us your feedback!
Hello, my name is Melissa Kerr and I am a Program Manager on the Office User Experience team. Today I'm introducing the era of “This is your Ribbon!”, made possible by the new Ribbon customization feature available in Office 2010. Ribbon customization is available across all Office 2010 client applications, and allows you to create a personalized Ribbon optimized to the way you work with the application.
Customization is the ability to add, remove and relocate commands within an application, and is not a new idea. It began with Command Bars in Office 97, progressed to the Quick Access Toolbar in Office 2007, and now has evolved to include Ribbon customization with Office 2010.
Why would I customize?
Office is used by approximately one billion people worldwide, and we know the default organization of commands can’t possibly match the preferences of every single one of our customers.
Using customization in Office 2010, you can group your favorite and most frequently used commands in one location, or remove seldom used commands. Or maybe you have a repetitive task that you’d like to accomplish in fewer mouse clicks. You now have the ability to put those commands on a custom tab, or add them to a new group on an existing tab.
Let's say that you are an editor for a local newspaper and that your company uses Word 2010 to review all articles that are going to print. When reviewing articles, you find that a specific set of commands are used over and over. You’d love for all those commands to be located together on a single tab, making each command only a single click away.
An example of a customized Ribbon.
The Options dialog provides a user interface for customizing the Ribbon, which doesn’t require any coding. To launch this dialog, you can either right click on the Ribbon and click “Customize the Ribbon”, or enter through “Options” on the File tab.
Two entry points to Ribbon customization
The commands you frequently use are located on different tabs, therefore you decide that creating a new custom tab with all of them in one location would be the easiest way to streamline your work and get the results you want faster.
When all customizations are completed, click OK to create your custom Ribbon.
Applying your customizations.
End result of your Ribbon customizations.
Joe, your coworker on floor 3, heard that you created a personalized Ribbon that is optimized to the way you work with Word. He wants what you have! Well, that's easy… Sharing your customizations is as simple as exporting a single file and sending it to him.
Importing & exporting customizations.
Importing and exporting customization files can also benefit many scenarios within an organization. For example, an IT department can create a company-wide custom Ribbon and then distribute it to the entire organization via policy and Office configuration deployment. That will ensure all employees are using the organization’s customized Ribbon.
Features of Ribbon Customization
Ribbon customization capabilities are not limited to the above scenario. Here is a list of the major functionality that Ribbon customization offers:
Thanks for reading and I hope that you will enjoy the era of “This is your Ribbon!”.
Microsoft Office 2010 marks the first time Office will be shipping in both 32-bit and 64-bit versions.
With Windows 7, you have the option of running 64-bit Windows on your 64-bit PC, and now with Office 2010 you have that same choice. As 64-bit processors and operating systems are becoming the standard for systems ranging from servers to desktop computers, 64-bit Office will be able to take advantage of everything that 64-bit systems have to offer.
Some users need greater memory capacity, and those who crunch huge Excel spreadsheets filled with financial data or those who track large projects (such as building an aircraft carrier) using Microsoft Project have that capability. File sizes greater than 2 GB are now possible for applications such as 64-bit Excel and Project, with pretty much all the same user experience and functionality as 32-bit Office. It’s important to note, however, that 32-bit and 64-bit Office side-by-side on the same machine is not supported.
In this post, I’ll help you decide what version is best for you, show you how to install the version you want, provide some background on 64-bit Office, and list some things you should keep in mind.
First, let’s take a step back and understand what 64-bit means. A 32-bit processor uses a 32-bit memory address length, which limits the memory it can address to about 4 GB. As users are running more memory-intensive applications at once, a 32-bit address length is no longer adequate. Enter the 64-bit processor, which can address a potential 17 billion GB.
With a 64-bit processor, you can install a 32-bit or a 64-bit operating system (OS), though only a 64-bit OS is capable of addressing more than 4 GB of memory. Finally, depending on what OS you’ve installed, you can then install a 32-bit or 64-bit application. There is support for 32-bit applications to run on 64-bit Windows using Windows-32-on-Windows-64 (WOW64).
Before talking about 64-bit Office, I want to emphasize how much better 32-bit Office is on 64-bit Windows compared to 32-bit Windows. The basic reason is simple. On 32-bit Windows, it doesn’t make sense to install more than 4 GB of physical memory because anything beyond 4 GB can’t be addressed. However, the limitation means constantly jumping among multiple applications could degrade performance because of thrashing.
On 64-bit Windows, you can install a lot more physical memory. While we work hard to minimize the amount of memory our applications use (Office 2010 has the same minimum memory requirements as Office 2007), this ability to access more memory means that 32-bit Office applications on 64-bit Windows will be able to open, edit, present documents, and switch among applications much faster than on 32-bit Windows. This is especially true if you run other memory-intensive applications alongside Office. Of course, your ultimate performance will be determined by the relationship between the amount of virtual memory being actively used and the amount of actual memory installed on your system.
Whether you choose to run 32-bit Office or 64-bit Office, 64-bit Windows 7 or Vista makes a great operating system environment.
If you’re trying to decide between 32-bit and 64-bit Office, you should ask yourself what your needs are. Are you an Excel power user working with huge amounts of data? Do you need to work with file sizes greater than 2 GB? If so, then you would benefit from 64-bit Office being able to utilize more memory. If not, we’re recommending 32-bit Office 2010 as the default installation on both 32-bit and 64-bit Windows mainly due to compatibility with existing 32-bit controls, add-ins, and VBA (update: most VBA code will work without modification on 64-bit Office, but see this paper more details).
We expect over time for 64-bit Office to become the norm. Beyond the immediate benefits of supporting larger documents, there will be benefits to having a consistent 64-bit ecosystem for all extensions and controls. By offering a 64-bit version of Office 2010, we have taken a huge step along this transition path and enabled both customers and partners to be well-positioned for the future.
If you’re downloading Office 2010 online, then you get to decide what version to download (you can get the other version later if you want). If you buy it on a DVD, both 32-bit and 64-bit versions of Office 2010 will be available. If you install 32-bit Office, for example, and you decide later you want to use 64-bit Office instead, the 32-bit version must be uninstalled (it’s as simple as uninstalling any other program) before installing the 64-bit version.
On the DVD, you’ll notice that the file structure looks like this:
On a computer with no Office products installed, the setup.exe file denoted by the red arrow is the “platform selector.” If you run it, it will automatically install 32-bit Office 2010 by default, even on 64-bit Windows. The only time it will install 64-bit Office is if it detects 64-bit Office already installed on your computer. If you want to install 64-bit Office, then open the x64 folder and run setup.exe from there. Similarly, running the setup.exe file in the x86 folder will install 32-bit Office directly.
You’ll see these instructions if you run setup.exe on 64-bit Windows, select Customize, and click on the Platform tab.
We do not support 32-bit and 64-bit Office versions side-by-side natively on the same 64-bit Windows instance. For example, you will be blocked from installing 64-bit Excel 2010 if 32-bit Outlook 2010 is already installed. This also applies to previous versions of Office, so that 64-bit Project 2010 cannot be installed on the same Windows instance as 32-bit Office 2007. Of course if you are running a 32-bit operating system, you will only be able to install and run 32-bit applications.
You’ll be able to check the version of Office you have by going to the Backstage view (click File tab | Help):
If you want to check what version of Windows you have, right-click Computer, select Properties, and look under “System type.”
What did it take to get here? Simply telling the compiler to generate 64-bit code was a first, but very small step. We had to find all the places where pointer differences or buffer lengths were stored in 32-bit values rather than 64-bit values. We built special tools to examine code for problematic computations that might fail on 64-bit. We had to find new ways of testing the applications to identify errors that would only arise when the code was running. Virtually every line of the millions of lines of code in Office needed to be examined for the consequences of this shift. Many of our tools also needed to be ported as we shifted our default development environment to 64-bit.
We also needed to consider ActiveX controls and components. For example, 32-bit Internet Explorer (IE) can only load 32-bit ActiveX controls, so the 32-bit version of the controls in Office needed to be shipped with 64-bit Office. In addition, there are some components from teams within Microsoft that ship with Office, and we needed to make sure 64-bit versions of these were also available. (For developers: there are exceptions, such as the Microsoft Common Control (ComCtl.OCX) files, which will only be available as 32-bit controls).
Both 32-bit and 64-bit versions of Office are largely indistinguishable, except that 64-bit Office has a much higher memory capacity. As mentioned above, the extra memory capacity comes at the cost of some compatibility with existing extensions to Office, such as 32-bit versions of ActiveX Controls and some 3rd party add-ins, in addition to 32-bit versions of programs that interface directly with Office. New versions of these extensions will need to be obtained, and it will take some time for 64-bit compatible extensions to be made available.
For these reasons, we recommend running 32-bit Office 2010 even on 64-bit Windows operating systems for better compatibility. On 64-bit Windows, more applications and documents may be opened at once, and switching among them will be faster because the machine can have more physical memory for the processes to share. When the 64-bit ecosystem for Office is more mature, you’ll be able to easily migrate to 64-bit Office!
Ted Way,
Program Manager, Product Lifecycle and Engineering Excellence (PLEX)
Microsoft Office
Hi everyone! My name is Alex Dubec and I’m a Program Manager on the Office Trustworthy Computing Performance team. My team is responsible for compiling system requirements across Office, and I’d like to give you a behind-the-scenes look at how we determine system requirements and the hardware your computer requires to run Office 2010.
Before diving into all the details, I want to answer a question that I’m sure is on all of your minds:
In most cases, yes! CPU and RAM requirements for Office 2010 are the same as for Office 2007, so if your computer meets the Office 2007 system requirements, you can run Office 2010. A graphics chipset will help boost the performance of certain features and disk footprint has increased (more on these points later), but as general rules:
First off, I’d like to explain what level of performance you can expect from minimum-requirement hardware. The minimum hardware spec is about defining the kind of computer that an average Office customer needs to have in order to have an acceptable experience performing typical tasks. This means tasks like opening up and editing a 20-page report. Tasks like creating some simple pie charts or scatterplots that highlight your findings, and putting together a few slides summarizing your results for that meeting next Tuesday. Or even tasks like writing up your blog post about system requirements. You should also be able to comfortably run two applications simultaneously.
As you might expect, more intensive tasks benefit from fast chips, more RAM, or speedy hard drives, and newer hardware makes everyday tasks faster – but the hardware requirements aren’t about making Office 2010 blazing fast, or about running several applications at once, or about crunching financial models in a giant spreadsheet. They’re simply about getting typical tasks done.
A lot of other pieces of software carry both “minimum” and “recommended” hardware requirements, and you might be wondering why Office 2010 doesn’t have “recommended” requirements. The reason for this is that customers have told us that understanding hardware requirements can be confusing, and the difference in meaning between “minimum” and “recommended” requirements isn’t all that clear. For example, if the minimum RAM requirement for a program is listed as 1 GB, but 2 GB is recommended, what does that really mean? Does the customer need 1 GB or 2 GB? By including minimums, we’ve tried to make the hardware requirements as clear as possible.
CPU and RAM requirements approximately doubled between Office 2003 and Office 2007, as you can see below:
One of the pieces of feedback we’ve received from customers is that they really, really hate having to buy new hardware every time a new version of Office is released. With that in mind, one of our goals for the Office 2010 was to make sure that the minimum hardware requirement would not increase from Office 2007. We invested in improving the customer experience on minimum-requirement hardware, and we regularly tested performance throughout the development cycle. Our footprint has gotten larger since Office 2007, but we’re proud to say that we’ve succeeded in keeping the CPU and RAM requirements the same as for Office 2007.
To be objective about our hardware requirements, we maintain a performance test lab of machines with the following specifications:
I have one of these machines in my office, and when I got it I couldn’t help but laugh: it was manufactured in January 2000. Maintaining that machine and our lab becomes more challenging as time goes on – this hardware hasn’t been in production for years, and it keeps getting harder to find replacement parts when stuff breaks!
We verified our requirements using this hardware with the following tests:
With this data in hand, we’re comfortable with a 500 MHz CPU and 256 MB of RAM as appropriate minimum requirements for Office 2010. To give this a bit of context, some of the least powerful computers available today are netbooks, and our data suggests that the average current netbook has a 1.6 GHz CPU and 1 GB of RAM – which is significantly more powerful than our minimum requirement.
We haven’t changed the CPU or RAM requirements from Office 2007, but the footprint of most Office applications have gotten larger. These changes force us to increase the system requirements – most standalone application disk-space requirements have gone up by 0.5 GB and the suites have increased by 1.0 or 1.5 GB.
There are a few reasons for these changes:
To determine which operating systems would be supported for Office 2010, we prioritized based on usage statistics for a given OS, as well as the engineering costs associated with ensuring compatibility and providing customer support for that OS. The following charts summarize OS compatibility for Office 2010.
If you’ve checked out Office 2010’s full system requirements, you’ve probably noticed the new graphics processor (GPU) requirement, and might be wondering what that’s all about. Another piece of feedback we received after releasing Office 2007 is that customers were interested in harnessing more of the potential of their PCs. Many computers in 2007 and most computers today have graphics processors separate from the CPU (this doesn’t necessarily mean a dedicated graphics card; for example, most laptops don’t have a physical graphics card, but do come with a graphics processor). If your computer has a GPU, it lets us perform graphics rendering tasks (like drawing charts in Excel, or transitions in PowerPoint) in the GPU instead of in the CPU, which parallelizes work and speeds up performance. This is particularly relevant for users of PowerPoint 2010, which will introduce some awesome new graphics and video integration features (more info at the PowerPoint team blog).
We chose to design for Microsoft® DirectX® 9.0c compliant graphics processors with 64 MB video memory. These processors were widely available in 2007, and most computers available today include a graphics processor that meets or exceed this standard. However, like our CPU and RAM requirements, this requirement is targeted for typical tasks – if you intensively use graphics features, you’ll benefit from a more powerful GPU.
If you want to verify the specs of the graphics core in your computer, the DirectX Diagnostic Tool will help:
Again, to put this requirement in context, the graphics chipsets in many netbooks are capable of using up to 224 MB or 256 MB of memory – which greatly exceeds our system requirement.
If you’re interested in upgrading from Office 2007, and you don’t have a GPU that meets the requirement, don’t worry – you can still use Office 2010. A graphics processor that meets or exceeds the standard will help speed up some of the graphics features you’ve used in earlier versions of Office, and it will help you use advanced transitions, animations, and video features new to PowerPoint 2010. We think a graphics processor will enhance your Office 2010 experience, but again, if your computer doesn’t have one, you can still run Office 2010.
It will come as no surprise that the performance of Office 2010 benefits more RAM, a faster CPU, or newer hardware. If you’re looking to buy a new computer, or if you’re running Windows Vista, Windows 7, or Windows Server 2008, you probably already have a machine that far exceeds the minimum requirements for Office 2010 (although you should check first, just to be safe). That said, I hope that I’ve given you some insight into how we develop system requirements and what they represent. Thanks for reading!
Hi again, I’m Ted Way, program manager for Office 2010 volume activation. Last time I posted to this blog, I talked about KMS and MAK as two activation methods for the enterprise. If you’re planning on deploying Office 2010, Windows (7, Vista, Server 2008 R2, Server 2008), or a combination of these, you’ll be happy to know that the activation technologies are essentially the same. The same KMS host running on Windows Server 2008 R2, volume editions of Windows 7, or Windows Server 2003 can activate both Windows and Office, for example.
In this post I’ll show screenshots of the end-user experience if activation was not successful. In addition, I’ll share some tips and tricks on how to manage your volume editions of Office and activation so your time can be spent on checking out all the cool new features in Office 2010. Your end-user does not need to know anything about activation because everything is happening behind-the-scenes.
For volume editions of Office, users will not see any reminders to activate the first 25 days after installation. However, if activation is not successful, then users will see notification dialogs every time they launch an Office application from day 25 to 30 post-installation. An example of these notification dialogs is shown below. If the user closes the dialog, he or she will still be able to fully use all the features in Office.
If Office still has not been activated 30 days after installation, users will see notification dialogs every time an Office application is started. In addition, the title bar color will change to red as shown below. These visual indicators serve as reminders that users need to activate.
Going to the Backstage view by clicking File tab | Help will be the quickest way to check licensing status:
If you’re using volume editions of Office 2010 Beta and you haven’t activated, take a look at this page for help.
If users are seeing the above notifications to activate, you can set up a KMS host in just minutes by following the directions on the KMS host set up page. Once the KMS host is set up, the KMS clients automatically find the host on DNS and activate themselves against it. This is transparent to the end-user.
Sanjay Garg, a developer of the Office Software Protection Platform focused on enterprise licensing, suggests, “Once a KMS host is activated, make sure you allow the Key Management Service through the Windows Firewall. That way the KMS client requests can get through to the KMS host.”
How do you know whether your KMS host has been successfully activated? On your KMS host computer, open an elevated command prompt and run this command in the Windows\system32 directory.
C:\WINDOWS\system32>cscript slmgr.vbs /dli
You should see the output below. Note the “Licensed” status, meaning you’ve activated your KMS host. When the “Current count” >= 5, then KMS clients will begin activating the next time they request activation.
Name: Office(TM) 14, Beta1ProPlusKMSHost edition Description: Office(TM) 14 KMS, VOLUME_KMS channel Partial Product Key: TCDMC License Status: Licensed Key Management Service is enabled on this machine Current count: 6 Listening on Port: 1688 DNS publishing enabled KMS priority: Normal
Here at Microsoft we have an internal KMS host running on a Windows Server 2008 R2 VM. If you are running Windows Server 2008, consider using a VM of Windows Server 2008 R2 or Windows Server 2003 as your KMS host. The Microsoft KMS host is handling all of our internal Windows AND Office 2010 activation requests. Since the host was set up earlier this year, it’s received 250,000 initial activation requests and 135,000 re-activation requests from licensed Office KMS clients. It’s also received and processed hundreds of thousands of additional requests for Windows client and server activation.
An administrator in Microsoft IT shared his experience: “We configure the server to auto publish in all the internal domains via reg key and we secure the _vlmcs._tcp DNS record in all domains by only allowing a specific security group to update it. We add the KMS servers to the security group as part of the standard KMS build process. Also part of the standard KMS build process we request an IPsec exemption for the servers, because we allow our unmanaged clients (labs, non-domain joined, etc) to activate.”
This handy script is helpful for performing local and remote licensing operations for Microsoft Office 2010. You can find it in the “%ProgramFiles%\Microsoft Office\Office14” folder. For 32-bit installs of Office on 64-bit operating systems, look for it under the “Program Files (x86)” folder. Keep in mind ospp.vbs is the script to configure the Office 2010 client, while slmgr.vbs is used to configure the KMS host and Windows installations.
To run this script, open an elevated command prompt by clicking the Start button and searching for “cmd” in the search box. Right click on the command prompt window and select “Run as administrator.” Go to the directory with this command:
cd “%ProgramFiles%\Microsoft Office\Office14”
You can see the options that are available by typing:
cscript ospp.vbs -?
Richard Moloney, the developer of this script, says a useful benefit after setting up a KMS host is using the -act and -dhistory commands to verify the Office client is finding the KMS host and successfully activating. He suggests, “If you’re setting up a KMS host, you can manually trigger and verify successful activation. You don’t need to wait 25 days until notification dialogs start popping up to start troubleshooting.”
Trigger activation and view the KMS activation history by running:
cscript ospp.vbs –act cscript ospp.vbs –dhistory
For MAK activation, one common task would be to check the status of your computer, install a Professional Plus Beta MAK key, and trigger activation. Run these commands (if you’re pasting these commands, you may need to change the long dash to a short dash). In this example, note that when you run the –act command, you’ll be triggering MAK activation, which goes to Microsoft’s activation servers, not your KMS host.
cscript ospp.vbs –dstatus cscript ospp.vbs –inpkey:22HGX-728MX-BBWX9-7BB8X-J96B4 cscript ospp.vbs –act cscript ospp.vbs –dstatus
What if you got an error code? You can easily get the error description with this command specifying the error code:
cscript ospp.vbs –ddescr:0xC0020017
You can even run this script to check the status or trigger activation of a remote computer. Just provide the computer name and login credentials:
cscript ospp.vbs –act <remote computer name> <username> <password>
This brings me to the next section: how would you remotely manage and activate multiple computers quickly?
To remotely manage volume editions of Windows and Office 2010 in your organization using a GUI tool, download VAMT 2.0 Beta. VAMT 2.0 allows you to get an overview of the licensing status of both Windows and Office 2010 installations.
For VAMT 2.0 to manage client computers, make sure you make an exception for the Windows Management Instrumentation (WMI) on the client computers. Go to Control Panel –> Windows Firewall -> Allow a program through Windows Firewall. If you are managing Windows XP machines running Office 2010, see this article for more information. I’ve included a screenshot of VAMT 2.0 with my two computers:
I can monitor my desktop and laptop, in addition to any other machines I have access to. Both have Windows Vista and Office 2010 applications installed. Under “Product Key Type,” GVLK is the generic volume license key, which is the KMS client key. On my laptop, I have the MAK key installed from the activation page.
If I right click on my computer name, I can install product keys, trigger activation, or even do proxy activation through VAMT 2.0. Proxy activation is a method of activating multiple machines with Office 2010 that have a MAK key installed. This would be helpful for computer networks that are not connected to the Internet, or if you want to MAK activate multiple machines at once for your sales team, for example.
If you have any questions, check out the Office 2010 Volume Activation resource center on TechNet. There’s a great video that gives an introduction to KMS and MAK along with more in-depth documentation.
If you have any specific questions, post it to our forum at http://social.technet.microsoft.com/Forums/en/office2010volact/threads and our team will do our best to address them!
Hello, my name is Vikas and I work in the Office Trustworthy Computing security team. Today I will be telling you more about a feature I have been working on called Protected View. Protected View is one of the new security defense-in-depth features added in Office 2010. If you have not seen Brad’s post yet on this and the other new security improvements, it’s definitely worth taking a few minutes to look it over.
With any piece of complex software, over time new file parsing exploits against it may be found. The older Office binary file formats had been susceptible to these types of attacks. Over the past years hackers have discovered ways to manipulate Office binary files so that when they are opened and parsed, they cause their own code embedded within the file to run. To address these binary file parsing attacks in Office 2007, several new XML based file formats were introduced. These XML file formats are much easier to parse and provide a significant security benefit over the older binary formats. We do understand that there are still several billion binary files being used today and migrating to the new XML formats will take some time but if possible, the sooner you can migrate over, the sooner you can start leveraging the security benefits these new formats provide.
To address these attacks in the past, the Office team had released the MOICE (Microsoft Office Isolated Converter Environment). MOICE would take a potentially risky binary file type and convert it within a sandboxed process to the new XML format and then back to the binary format and open it. The hope of doing this conversion was to remove any exploit code that was hidden away within the file. Some downsides to MOICE were files that required a long time to convert would seem to take a long time to open and users would get frustrated. In addition, the conversion process did not always maintain 100% of the documents layout so there certainly was room to improve when it came to the overall user experience of the feature.
In Office 2010 when a file appears to be from a potentially risky location, such as the Internet, it is now opened in Protected View. Protected View will appear like any other read-only view. Under the covers however, when a file is opened in Protected View, it is being opened in the new Office 2010 sandbox. The Office 2010 sandbox is the “next version” of the MOICE sandbox described earlier. Unlike with MOICE, no file conversation is happening. In fact what is occurring is the file is being opened within a sandboxed instance of the application (Word, Excel, PowerPoint) and if there was malicious code present in the file the goal is that code would not be able to find a way to tamper with your documents; change your profile or other user settings. I will describe this in more detail a bit later in this post.
Since Protected View is a read only view, we understand it is not something that should be used for every file you interact with. Our goal when designing this feature was to only use it in high risk scenarios:
· Files opened from the Internet. When a file is downloaded from the Internet the Windows Attachment Execution Service places a marker in the file’s alternate data stream to indicate it came from the Internet zone. When a Word, Excel or PowerPoint file is opened and has this marker it will open in Protected View until the user decides to trust and edit it. That is done by pressing the “Enable Editing” button shown below:
In some cases when a file is opened from a network share that you believe is part of your Intranet zone it will open in Protected View and indicate on the trust bar that it originated from an Internet location. This could occur because of how your proxy is setup or because you have not indicated in your Internet Options – Local intranet setting to “automatically detect intranet network” as shown below:
· Attachments opened from Outlook 2010. When an attachment is opened from Outlook 2010 it will open in Protected View. Administrators will be able to configure if they want all attachments to open in Protected View or just those sent from senders outside their Exchange environment.
· Files opened from unsafe locations. An example of an unsafe location is files that are opened from your Temporary Internet Files folder. As an administrator you can extend this list to include directories you feel are also unsafe.
· Files that are blocked by File Block Policy. In Office 2007 we introduced a feature called File Block. This allowed administrators to define file types that should not be opened. When a type was blocked it simply could not be opened. From your feedback we heard that this was overly limiting from a usability aspect since your users still wanted to “read” those files. In Office 2010 these blocked files can now be opened in Protected View and as an administrator you can set policy to indicate if the user should be allowed to leave Protected View (by editing the file) or force them to stay in it. We hope this design will make all the issues and pains you felt go away!
· Office File Validation failures. Office File Validation is a new feature that scans an Office file when it is being opened and validates it against a well-known schema. When there are inconsistences between the file and the schema, the file will fail validation and will open in Protected View. Similar to File Block, policy will be available to determine if the user should be allowed to edit the file or not when a failure occurs.
· File Open Dialog. You can open files in Protected View explicitly by using the Open button:
The biggest gain is it lets us remove “are you sure” security prompts while giving you greater protection than you had in the past. For example, if you are an Outlook user like me you may have noticed that each time you open an attachment you are asked a question:
For me it is extremely hard to answer this question without seeing the contents of the file first. In Office 2010 we have removed this dialog and instead we now just open the file directly in Protected View! This allows you to look over the contents and make an informed decision if you really trust the file or not. If you do not, or if you only wanted to read it, you can get your job done and then close it. The reason we are comfortable opening the file directly is because of the many defense in depth checks we now have in place.
In addition to the open prompt, we also removed the Outlook Preview pane prompt shown below:
Now when you read Word, Excel, PowerPoint and Visio files in the Outlook preview pane you will no longer be prompted asking if you really trust the file first when Protected View is enabled.
Protected View had changed how Word, Excel and PowerPoint are architected. When a file is opened in Protected View there are two instances of the application that are running. To illustrate I will use Word. We have one instance of winword.exe that runs in the context of the account you are logged in as (we call this the “host” process) and we have another instance of winword.exe running in a very isolated process (we call this the “client” process). We also call the isolated process the Office sandbox and you will see these two terms intermixed.
The best way to describe it is with a picture. The client process is the part of the UI that is highlighted black and everything else is part of the host process as shown below:
When the user clicks on any part in the Host processes UI, because of UIPI, we have a high assurance the action came from the user and do not need to prompt with additional ‘are you sure you did this?’ dialogs. The host process owns the top level application frame window as shown above which includes the window caption, the ribbon, the trust bar, status bar, etc. The host process manages the Protected View and non-Protected View windows and acts as a “broker” for the client process. There is only one instance of the client/sandbox running at a given time and all files opened in Protected View share the same sandbox instance within an application. When all Protected View windows are closed the client process is terminated. When the client needs to perform a privileged task (such as accessing the file system, registry or other system resources) it makes a request to the host process and the host then will broker and perform the action if it deems appropriate.
As alluded to earlier, the client process is another Windows process that is running in the context of the user account however the token being used is a restricted token. By using a restricted token we were able to remove several rights and privileges this process has. To further lock down the client process we are also running it as a low integrity process. Together the restricted token and low integrity (UIPI) provide the foundations for our Office 2010 sandbox.
As discussed, Protected View is one of the many security defenses in Office 2010. For a malware to actually be able to run in Protected View it will first need to find a way around DEP, ASLR, GS and our new 2010 Office File validation checks. After all that, the malware would need to find a way to break out of the sandbox.
Hopefully now when you think you received a ‘scary’ Word, Excel or PowerPoint file you will be able to open it in Protected View and read it without having to worry that something bad could happen to your computer.
I appreciate you reading this far and stay tuned for more security posts coming soon!
Thanks.Vikas MalhotraSecurity Program ManagerOffice Trustworthy Computing
Hello, my name is Shelley Gu and I am a Program Manager on the Trustworthy Computing Security team. I’d like to introduce some new features we have added to digital signatures in Office 2010. First I’ll briefly explain what digital signatures are and how to use them, and then I’ll dive into the details about how they work in Office 2010.
More and more business transactions are being conducted electronically. Consequently, digital signatures are being used increasingly to legally bind relying parties to their transactions. A digital signature is used to verify the identity of the person who signed the document, and confirms that the content was not modified after the digital signature was applied to the document. Digital signatures provide security based in encryption technologies and help mitigate risk associated with electronic business transactions. With improvements to digital signing, Office aims to meet the information security needs of enterprises and public sector entities worldwide.
To create a digital signature, you must have a digital certificate, which proves your identity to relying parties, and should be obtained from a reputable certificate authority (CA). If you do not have a digital certificate, Microsoft has partners that provide digital certificates as well as other advanced signature services that are integrated into Office at the Office Marketplace.
In Word, Excel and PowerPoint 2010, a digital signature can be added by going to the Office Backstage View:
A signature line or signature stamp can be added in Word, Excel, and InfoPath by going to the Insert Tab:
A signature line looks like this:
A signature stamp (more commonly used in Eastern Asia) looks like this:
Office 2007, and later versions, use an open signing standard called XML-DSig that replaces the less advanced binary signatures from Office 2003 and earlier versions. XML-DSig represents a signature in a mostly human-readable XML format. For more information on XML-DSig, see http://www.w3.org/Signature.
Office 2010 digital signatures are able to use advanced algorithms (like the elliptic curve public key algorithm) supported by Windows Vista and later. All supported operating systems also allow the use of more robust hashing algorithms, like SHA-512.
The most immediate problem with digital signatures is that the certificate you use will expire – usually in as little as one year. After the certificate has expired, no one should trust the signature. If you want to be able to trust a signature over a longer period, then you must keep copies of the information needed to validate the certificate. You might also need to worry about the cryptography becoming obsolete.
Fortunately, a solution to these problems is available in an extension to the XML-DSig standard called XAdES.
XAdES (XML Advanced Electronic Signatures) is a set of tiered extensions to XML-DSig, the levels of which build upon the previous to provide more and more reliable digital signatures.
By implementing XAdES, Office complies with the European Union Advanced Electronic Signature Criteria in Directive 1999/93/EC as well as a new Brazilian government directive which defines XAdES as the accepted standard for digital signing in Brazil.
Office 2010 can create different levels of XAdES signatures on top of XML-DSig signatures:
The Office 2010 Beta only creates up to and including XAdES-T signatures, but Office 2010 RTM will be able to create all the signatures in the above table.
Time stamping digital signatures (XAdES-T signatures) is an important scenario we focused on in Office 2010. In order to create a time stamped signature, you’ll need to:
Once everything is configured, you can just create signatures like you normally would. A timestamp from a trusted timestamp server extends the life of your signature, because even after the certificate expires, the timestamp proves that the certificate had not expired at the time of signing. As a result, time stamping protects against certificate expiration, and if the certificate was revoked after the signature was applied, the signature is still valid.
By default, Office 2010 creates XAdES-EPES signatures. Registry settings are used to specify the level of signatures to create. There are two registry settings to control the type of signature Office creates, XAdESLevel and MinXAdESLevel.
The MinXAdESLevel setting allows you to ensure that created signatures meet your required XAdES level. A XAdES-T or higher signature will fail if the timestamp server isn’t available, and a XAdES-C or higher signature will fail if revocation information isn’t available. Having a minimum setting allows scenarios where you could attempt a XAdES-X-L signature, but fall back to XAdES-EPES if the timestamp server is down.
To create XAdES-T signatures and above you will need to provide Office with a time stamp server to query for time stamps:
If you want to create XAdES signatures, we recommend using one of three levels:
Example:
Sam wants to create XAdES-X-L signatures. If this is not possible, he is willing to accept any signature that is at least a XAdES-T signature. He sets:
In this case, Office attempts to create a signature up to the –X-L level. If Office is unable to create a XAdES-X-L signature, Office falls back to the last successful XAdES level provided that the level is not lower than MinXAdESLevel. In this case, XAdES-T, XAdES-C, and XAdES-X signatures would be acceptable if Office is unable to create a XAdES-X-L signature. Otherwise, Office does not add a signature.
As mentioned previously, Office 2010 Beta is only able to create up to XAdES-T signatures because we added the rest of the XAdES work in after the Beta. The XAdESLevel registry setting we explained above still applies, but the maximum level is 2 (XAdES-T). TheMinXAdESLevel setting isn’t present, but you can only create two types of XAdES signatures – with and without a timestamp, which is controlled by the TimestampRequired setting (which isn’t present in the RTM version).
To create a XAdES-T signature, you will additionally need to set TimestampRequired (below) and TSALocation (see explanation above):
The XAdES feature is one of many security enhancements we have made to Office 2010. Thanks for reading, and we look forward to hearing your feedback!
Hi, I’m Tucker Hatfield and I’m a Program Manager on the Office Graphics team.
Pictures are great – worth 1,000 words they say – so it’s a great idea to use them to spice up a document or add some flair to a presentation. The problem is that they usually end up being self-contained rectangles in the middle of things, and they don’t really flow into the content. You can put borders or effects on them to make them look more artistic, but up until now the only way to isolate part of the picture was to go into an expensive photo editing package and learn the cumbersome process of selecting and removing portions of the image.
Background Removal is a new feature in Word, Excel, PowerPoint and Outlook that makes this process quick and easy for any picture. Unlike similar tools, the Office Background Removal tool doesn’t just select color ranges or trim to a border you draw. Background Removal uses new capabilities and algorithms from the Microsoft Research in Cambridge, UK to achieve better results automatically with very little effort or fine tuning from the user.
So, how does it work?
Even though I can’t explain the deepest secrets of how the code works, I can show you how to use it effectively. Let’s start with this picture and assume that we want to remove the background and keep only the flower.
Clicking the Remove Background button in Picture Tools will start the process. First off, Background Removal tries to figure out what portion of your picture is the foreground, the portion to keep, and which is the background, the portion to remove. The first step in this process is the marquee selection area that gets drawn when you first start Background Removal. When you first start the tool, you’ll see the marquee and portions of the image are overlaid with magenta. Everything marked with magenta is what Background Removal has marked as the background. The normally colored portions are foreground, and will be kept.
You’ll probably notice that the marquee is inset slightly by default. Why is that? Well, it’s rare that the subject of a photo fills the picture completely, and insetting the marquee slightly makes it easier for Background removal to figure out what is the foreground and what is the background. In general, the less background included inside the marquee the more accurate Background Removal will be.
As you can see above, if the goal is to isolate the flower, the default marquee size doesn’t really get the desired result. As it stands, the result would look like this:
To further refine what we get, we’ll need to adjust the shape and size of the marquee. The important rule to remember is that you want the marquee to contain everything you want to keep. It’s okay if there are portions of what’s in the marquee that you don’t want to keep – the magic will do its best to figure out what to keep and what to ignore – but nothing that sticks very far outside of the marquee will be kept, so it’s important to make sure everything you want is inside. Let’s size the marquee so that it is just slightly bigger than the flower. The marquee is sized just the same as any shape or image, by grabbing the handles and resizing or dragging the whole shape to a new location.
Background removal figures out what you wanted and isolates the flower, which results in everything but the flower being removed.
Since the system Background Removal uses to isolate foreground objects from the background isn’t simply based on color choices or contrast values, it can extract even similarly-colored objects from the background.
Or you can even choose to keep something other than the obvious…
Of course, no matter how good the logic is that’s trying to figure out what the foreground of the picture is, there will always be some cases where simply adjusting the marquee can’t figure out what should be kept and what should be discarded. For those cases Background Removal has some simple tools to mark up and refine your selection. We’ll talk about how to use those tools remove the background from an image that presents a problem in a future post. For now, let me close with a couple of quick illustrations of how you might use that flower we removed in the first example.
Hi, I'm Clay Satterfield and I'm a Senior Program Manager on the Office User Experience team. Within the first few hours or so of using the Office 2010 Technical Preview, it’s pretty likely that you’ll eventually need to “Save As” or “Print” or do something else with your file. When you finally do click on the Office Button, you’ll see something that you probably didn’t expect. Instead of a menu, or even a Ribbon tab, you’ll see the new Microsoft Office Backstage View.
Before getting into the details of the Backstage View, I’d like to talk about the thinking that led us to the design. And to do that, I have to start way back in the fall of 2003, before we started designing the Ribbon.
The Office User Experience Team is responsible for providing the UI platform for the rest of Office, so it was our assignment to tackle the following two problems. First, we knew from user feedback that people had a lot of difficulty finding, using, and understanding the vast feature set in Office. Second, we were struggling internally with the fact the menus, toolbars, and task panes were collapsing under their own weight. Those UI concepts were designed for much simpler programs, and could no longer handle the volume of commands in the mature Office applications.
So, we spent a lot of time looking at entire the Office feature set. We thought hard about how new features should be built and we made some predictions about the types of features we’d need to build over the next several versions.
One of the first things we identified was that there were two distinct types of features within the applications. We called the two types IN and OUT features.
The IN features are the ones most people are more familiar with. These are the features that act on the content of the document and show up on the page. Examples include commands like bold, margins, spelling, and styles. These are the features that make up the heart of the application. When using these features, you need to be able to view the document content and often need to have a selection or blinking cursor somewhere in the document.
The “Out” features help people do something with the content they create. Examples include Saving, Printing, Permissions, Versioning, Collaboration, Document Inspector, Workflows, etc. The Out feature set includes a wide ranging and surprisingly long list, but they all have a lot of similarities. The primary characteristic is that they don’t act on a specific point in the document, and their effects don’t appear on the page. In fact, you could easily imagine using one of these features without even opening the document to look at it (for example, setting permissions on the file or sending it as an attachment).
Unfortunately, the other thing the OUT features have in common is that they almost all suffer from low discoverability and poor usability.
When we looked closely at the requirements on the UI platform, we realized that IN and OUT features have very different needs. Some of the most striking differences become obvious when you start thinking about Office’s WYSIWYG user interface.
The user looks at the document, sees something they want to change, and then they find and use a tool that lets them make the change they desire. They repeat this loop until they decide the document is finished.
In fact, when we created the Fluent UI for Office 2007, we specifically focused on improving a few parts of this model. For example, the Ribbon helps users “Find the Tool”. Galleries combine complex steps into a visual result so that “Using the Tool” is easier. Live Preview takes advantage of the power of “Seeing the Results on the Page.”
The Ribbon needs to stay out of the way because most of this model depends on seeing as much as possible of your document. Nearly all of the communication between you and the application happens on the document surface. We don’t need to pop up a dialog box to tell you when you successfully changed the font size – you just see it happen. Same goes for changing margins, inserting a picture, or any other IN command.
Here’s the problem though – The OUT features don’t show up on the page, so the WYSIWYG model falls apart for those features.
· You can’t scan the page for something you want to change. The status of OUT features doesn’t appear there. For example, there’s nothing on the page to indicate who has permissions to read the document, so you have to form the goal to set permissions some other way.
· When people form an editing goal because of something they don’t like on the page, they assume an appropriate tool exists in the application somewhere. People rarely make that assumption for OUT features. For example, many very smart people have no idea that you can e-mail a document to someone from within the application. They just never even imagine that something like that could live in a word processor.
· Even if you do find and use an OUT feature, the communication with the application is difficult and inconsistent. We use a combination of the status bar, message boxes, dialogs, task panes, pop-up notifications, and even web sites to tell you what’s actually going on with your document. For example, if you notice that you can’t edit a document you’ve opened, you have to check three or four possible permissions dialogs, a task pane, the status bar, and the application title bar to find out which feature is making the document read-only.
Sadly, the only way the average person can be successful using our OUT features is with assistance from outside of our user interface. Most commonly, people use these features because a coworker has found and explained them, or because a boss required that they be used (and provided training). A few people might get lucky and read about a new feature on a Tips and Tricks blog.
What we were sorely lacking was the WYSIWYG equivalent for the OUT features.
What made this particularly scary for us internally is that for the foreseeable future, the OUT features are the ones that are growing rapidly. Documents are now rarely simple files authored by one person who keeps it on his hard drive until he prints. Collaboration and sharing are critical. Documents are key parts of complicated business processes. There’s a ton of context surrounding documents, and increasingly, that context needs to surface within the authoring application.
So, based on the planned feature set for Office 2007, we knew we had to tackle the IN problems first. Features like SmartArt, Conditional Formatting, Themes, and all the Office Art effects required investments in Galleries, Live Preview, and contextual tabs. But we knew that the OUT features wouldn’t go away, and as planning for Office 2010 began, we could see that the Office Menu just wasn’t going to cut it.
The Backstage view is the solution that tries to achieve these goals. In future blog posts, we’ll discuss how it works and get into the details of the different features inside the Backstage view. For now, we hope you enjoy exploring it!
Over on the The Microsoft Office Blog there is a post that links to some migration guides for Microsoft Office 2010:
“Whether you're coming from an older version of Office and just want to find the most frequently used commands in a program, or you're entirely new to Office and want a quick overview of how the ribbon works and how to get to the most important things, each guide provides helpful information that we've based on direct feedback from you — our customers.”
Read more and download the guides from here.
In a previous mobile blog post, we briefly introduced our supported mobility scenarios in Office 2010. Those mobility functions rely on support from SharePoint 2010 mobility. Today’s post describes how to setup your SharePoint server environment so you can take advantage of mobile access.
Microsoft SharePoint 2010 includes support for using feature phones to access documents, lists, calendars on SharePoint 2010, performing people and document searches and receiving SMS alerts on SharePoint content.
Microsoft SharePoint Workspace Mobile 2010 allows Windows phone users to access offline documents on SharePoint 2010.
Microsoft SharePoint Server 2010 supports accessing information from a web browser enabled mobile phone or other devices. It delivers:
When you access Microsoft SharePoint 2010 site from mobile phone, this view will be automatically redirected to mobile view as a picture below.
User can click or choose the “View All Site Content” link on top of the home page. It will switch to the following kind of library:
The following sections will tell you things you need to know for deployment.
You can preview the mobile experience on a desktop web browser. To do this, add “?mobile=1” to the end of a SharePoint URL for a document, home page, web part page, wiki page, list view page, list item details/edit/new form page, or Search center page. This does not work for all pages/lists/documents but can show you an idea of the mobile experience.
This section walkthroughs configuration that needs to be setup to deploy SharePoint 2010 for mobile access also provides a list of mobile browsers that support mobile view.
As mobile phones connect to the public Internet, the SharePoint server needs to be accessible outside of the corporate firewall. IT administrators can publish SharePoint via an SSL VPN gateway, use a mobile proxy or expose SharePoint server to internet directly.
One option is to use an SSL VPN gateway server, like Microsoft’s forthcoming Forefront Unified Access Gateway (UAG) Server, to publish SharePoint sites across the firewall as illustrated in the diagram below. The SSL VPN server needs to support the mobile devices that you are planning to enable access too. Microsoft UAG server, currently in Beta, supports mobile browsing access. If you are interested in evaluating UAG server, please refer to “Welcome to Forefront UAG” to understand more UAG in detail. Forefront UAG RC0 is available at here.
Once the SharePoint server is published outside the firewall, the Alternative Access Mapping settings in the Central Administration page need to be configured. In addition, the sites to be published need to belong to a zone which allows cross firewall access. These settings are found under Central Administration. Go to System Settings and under System Settings choose Configure cross Firewall access zone.
To configure the SharePoint Workspace mobile client to access and offline documents on a SharePoint server, users need to enter the UAG server address in the settings page.
Mobile Proxy Servers such as Microsoft’s Mobile Device Manager or Blackberry Enterprise Server can also handle behind-the-firewall access to SharePoint. The server needs to pass the mobile browser’s HTTP headers directly through to SharePoint to operate properly.
SharePoint Workspace mobile client works with Microsoft’s Mobile Device Manager.
SharePoint can be placed on an extranet to enable device access. Only basic authentication is supported, however, and with any Internet-facing servers we recommend a combination of technology and policy safeguards such as SSL.
There are no configuration requirements for mobile phones which are within the corporate firewall.
While most mobile-enabled content is readily accessible out of the box, there are some data types that are either not supported or require additional configuration steps.
Web part pages, document libraries/picture libraries, lists (e.g., calendars, contacts, tasks, etc.) blogs, wikis, Office documents, Search and MySite are available out of the box. The “list view” and “image” web parts are mobile enabled out of the box. Want to mention that MySite and Search functions are only available on MOSS server.
Other web parts need to have a “mobile web part adapter” written which enables mobile functionality. More details on mobile adapters can be found in the Developing Custom Mobile Solutions section below. Pages under the “_Layouts” folder are not available as mobile pages.
SharePoint provides a mobile web part framework for developing custom solutions. By adding mobile web part adapter render classes to the web parts, existing web parts can be interacted with as part of the mobile experience. Some base adapter classes are available for common functions. The SharePoint 2007 mobile SDK can be a good starting point to learn about this development option. For SharePoint 2010, SharePoint mobile pages can be customized by modifying the underlying layouts page. In addition, a mobile page can be configured to redirect to an alternative mobile page.
SharePoint 2010 supports a wide range of mobile browsers as list below. You don’t need to do any additional setting on mobile device.
SharePoint Workspace mobile client is available exclusively on Windows phones.
To access mobile pages, the URL is the same as that of the desktop browser page. However, it can vary depending on the configuration and presence of web proxies. If the proxy-enabled URL is not known, the user can choose the “E-mail a link” button on the Page tab of the SharePoint ribbon in web part page, wiki page, list view page to receive the address in email body. SharePoint 2010 will automatically redirect to the mobile page if a user accesses the URL via a mobile browser.
Recognition was made by USERAGENT to recognize for accessing mobile browser to redirect to mobile view is managed by the file “compat.browser” within the server’s IIS directory that manages device profiles (If the web application port is 80, the file path will be "\inetpub\wwwroot\wss\VirtualDirectories\80\App_Browsers\compat.browser"). With a text editor, the file can be modified to change redirect behavior. The IsMobileDevice attribute of that mobile browser when set to FALSE will cause SharePoint to bypass the mobile view for that browser.
Please refer below MSDN document for browser profile definition.
http://msdn.microsoft.com/en-us/library/ms228122.aspx
Within the firewall SharePoint Workspace mobile client uses NTLM or Kerberos authentication schemes. Outside the firewall Basic authentication scheme over SSL is used to communicate with the SharePoint server published on UAG.
Recommend enabling SSL communication for mobile browsing access to maintain secure communications between the mobile device and SharePoint server.
When 2-factor authentication is required, it needs to be handled by the SSL VPN or proxy server and the mobile device.
Finally, administrators should be aware that mobile browsers might cache information on the device. Recommend setting policies around device locking and types of information accessible on mobile phones to minimize the risk of privacy or other issues if a device is lost.
Hopefully this information is helpful to you – please let us know if you have any questions in the comments.
Hello, I’m Keri Vandeberghe and I work in Microsoft’s Office Design Group (ODG) as a User Experience Designer. I would like to share the story behind the visual approach and brand integration for Office 2010. I’ll give you a behind the scenes look at the philosophy that led us to the current design direction.
Office 2010 is not a complete makeover but a visual refresh to refine surfaces and remove unnecessary visual elements so the focus is on users’ content and less on the borders and widgets that frame the content part of a window (this frame is also known as the “chrome”). In order to achieve this we’ve reduced the number of borders, boxes, and horizontal banding which gave 6 extra pixels of vertical space back to the content area. By adding more white space, and carefully placed visual elements, we strove to create an interface that appears less intrusive, lightweight, and leaves more room for the self-expression of those using it.
For Office 2007 the Ribbon was a new UI paradigm and the visual styling was emphasized to expose features, show the relationship of controls, and bring forth functionality that was buried in menus and dialogs. Boxes and borders around each control and Ribbon group acted as “visual cues” to guide the user. The Office 2007 Ribbon used a high gloss glass surface, which aligned with the Windows Vista aesthetic, and added an additional “WOW” to a new interface.
Comparison of Office 2007 and Office 2010 Ribbon
In Office 2010 we feel the UI has matured and taken on a more refined appearance without sacrificing the overall structure of the Ribbon and its functionality. A major change for Office 2010 visuals is that the default theme is no longer blue. We chose a neutral palette to minimize sensorial overload when creating documents and we also made a departure from flashy finishes. The Ribbon is still the most prominent UI piece and sets the pace for all that follows. The user interface below the Ribbon is more subdued. The soft gradients and the use of light and color are meant to call attention to or draw the users’ eye to a specific area. There is a visual rhythm defined by white space and a few highly contrasted elements like the Office brand orange to indicate selection and the individual product colors in the File tab.
We’ve continued the tradition of shipping three UI themes; Silver, Blue, and Black. All of the text in the Silver theme now has a 5:1 contrast ratio (the perceived difference in a color that occurs when it is surrounded by another color) with its background. This is a common request from our users with low vision and we’ve found that most users also benefit from the enhanced readability and improvements.
You’ll find the control for switching themes by clicking on the File tab > Options > General > Color Scheme.
Consistency in the overall visual styling across Office applications, SharePoint, and Web Applications was a major goal this release. We wanted the experience to feel familiar and consistent when moving from one product to the other. The neutral color palette in SharePoint provides a platform for individual company branding to shine with much less effort. Carrying over the neutral color palette to the Web Apps pairs well with a variety of host chromes and ties the experience back to the full service Office applications.
The Office Design Group worked closely with Microsoft’s brand team to evaluate, refine and identify the in-product branding opportunities. This collaboration ensured that the brand was infused in the product in a relevant and distinctive way.
With Office 2010 we’ve unveiled a new Office brand system. The logo has evolved, moving from the original four colors that signified Word, Excel, PowerPoint and Outlook to a mark that fully embraces the Office orange brand. The logo also completes the evolution from the puzzle pieces last seen in Office XP to a mark that conveys energy, impact, and connection.
The application icons have been re-designed for the release of Office 2010. The new icon designs respond to research that informs us that users can more easily associate icons by letter and color than by abstract design. We’ve adopted an alphabet system to bring a more uniform approach to the wide variety of Office family products.
We’ve also chosen to play up the individual application colors this release and have updated the spectrum of colors to use a more vibrant and pure color palette. We’ve added the product color to the File tab and a few select elements in the Backstage view to make it easier to quickly identify the Office application you are working in. Think of the application colored File tab as a sneak peek into the Backstage view.
The new Microsoft Office brand gesture and updated orange color palette is showcased in the animated splash screen. The animation adds energy, expressiveness, and an element of delight to the product launch experience.
It’s not just a pretty picture Designing and implementing the visuals for Microsoft Office goes beyond the icons and the age old desire simply to “make it look pretty”. It’s about bridging the gap between the familiar and the unknown, conveying and building on a brand, and helping users complete their daily tasks without getting in the way. Hopefully this quick overview has given you a better understanding of the visual refresh you’ll see in Microsoft Office 2010.
Today is an exciting day! At PDC we announced the availability of the public betas of Microsoft Office 2010, SharePoint Server 2010, Visio 2010, Project 2010 and Office Web Apps for business customers. If you’d like to be one of the millions of people who try, test and give feedback on the latest and greatest, you can download the betas at www.microsoft.com/2010.
We also announced that Microsoft Office Mobile 2010 beta is available now too, and you can download it through the Windows Mobile Marketplace for Windows Mobile 6.5 phones.
The final release of Office 2010 will debut next year, but we’re excited to allow everyone to start using the new features and tools that will help you collaborate, connect and work better together with others across the PC, mobile phone and browser.
The betas released today include everything we’ve talked about so far on this Blog and much more. In addition, today we announced several new facets of Office 2010 that you can check out when you download the beta:
The announcements and releases today reflect years of work for the Office team here at Microsoft – head on over to www.microsoft.com/2010, download the Beta, and let us know what you think!
Today’s post is just a quick status update to keep everyone in the loop on the progress Office 2010 is making, as well as to provide finalized details for our Office 2010 Technology Guarantee.
Starting today, consumers who purchase and activate Office 2007 will be able to download Office 2010 at no additional cost when it becomes available in June 2010.
All you need to be eligible for this program – Office 2010 Technology Guarantee – is the following:
The Office 2010 Technology Guarantee will be fulfilled online, via download, at no additional cost.
For more information about the Office 2010 Technology Guarantee, and to sign up for an e-mail reminder when Office 2010 is available, visit www.office.com/techg.
In addition to the Office 2010 Technology Guarantee, were excited to confirm that Office 2010, SharePoint 2010, Visio 2010 and Project 2010 are on schedule and will release to manufacturing (RTM) next month.
For businesses, we will launch the 2010 set of products, including Office 2010, SharePoint 2010, Visio 2010, and Project 2010 worldwide on May 12. To find out more about the Worldwide Business Launch, visit http://sharepoint.microsoft.com/businessproductivity/proof/pages/2010-launch-events.aspx.
For consumers, Office 2010 will be available online and on retail shelves this June. Until then, you can get the Office 2010 beta at www.office.com/beta.
Let us know in the comments if you have any questions or topics you’d like to see us discuss here in the future to help you prepare and leverage Office 2010.
Jevon Fark, Sr. Marketing Manager, Microsoft Office
Have you ever closed Word after making a bunch of changes, and then accidently clicked ‘No' when asked if you want to save your changes? Then you suddenly realized what you have done, only to find that there was no way to recover your work? You are not alone. In fact, so many people were in similar situations that we improved Office 2010 so you can get that document back! We call this feature Versions and I would like to spend a little time introducing it to you.
In prior versions of Office we periodically save your document in the background when you are editing a document. We keep this file around so we can use it to recover your work if the application crashes.
For Word, Excel, and PowerPoint, Office 2010 improves on this idea. In the Backstage view we expose the periodic autosaved files from your current editing session and allow you to compare or restore them as the newest document. We purge them when you save and close your editing session.
Additionally, if you close an editing session without saving, we now keep your last autosaved file and let you access it from the Backstage view, under Recent Documents, or from Document Information when you open your document again. So now you can recover that unsaved work with a few simple clicks.
To ensure that we don't clutter your computer with these autosaved files, we only keep these files for 4 days, or until the next time you edit your document.
Now you can enjoy Office 2010 Excel, PowerPoint and Word with the knowledge that the software is working to protect you from losing your work.
Heading into the new year, the Microsoft Office team is motivated more than ever by what we’re hearing about customers’ experiences with Office 2010. Many people think Office is just for the workplace, but millions of people are using Office at home, at school and for their small businesses to get things done. For instance:
Meanwhile the Office 2010 beta is generating record interest and use, surpassing the previous Office 2007 beta download rate. In just seven weeks, more than two million people around the world have downloaded and are using the Office 2010 beta. To get a better appreciation for that number, it’s a rate of more than 40,000 downloads per day. That’s approximately twice the number of people who run the Boston Marathon each year, or the entire population of Olympia, WA, or Annapolis, MD, downloading the Office 2010 beta every day!
Most importantly, 9 out of 10 beta users feel that the Office 2010 beta is an improvement over their current productivity suite.
In addition to the great momentum statistics, we are also releasing Office 2010 U.S. retail pricing today. Office 2010 will be offered in four versions, to make it easier to choose a version of Office that’s best for you – Office Home and Business, Office Professional, Office Home and Student, and Office Professional Academic. Here’s a chart that outlines the features and pricing for each version.
Or click here to download a more detailed guide to each edition.
We’re committed to making Office 2010 the best productivity suite ever, and making it easier for everyone to try, buy and use Office.
Rachel Bondi, General Manager, Microsoft Office
Howdy, I’m David B Heise and I work on the Office Security team responsible for testing Office File Validation (codename: Gatekeeper). There have been some misconceptions about the new file validation feature in Microsoft Office 2010 and I hope to clear these up and explain the why and what.
Throughout the years the office binary formats have necessarily evolved and grown in scale and complexity. The reasons why the formats are complex have been discussed sufficiently elsewhere (see Joel Spolsky's article here) so we won’t go into that discussion here, however these binary formats are very well documented here. We have found that malicious attackers use the binary files as an attack vector to infect a targeted user, as such we wanted to come up with a way to stop this from happening. One thing our team has been doing is whenever a new Office file format attack is reported to Microsoft we have been checking it with our validation to see how well we’re doing. So far, so very good!
Office File Validation is a feature that was originally introduced in Publisher 2007 to validate Publisher’s PUB files. It verifies that a particular binary file conforms to the application’s expectations. In Office 2010 we’ve expanded this feature significantly to include binary formats for Word, Excel, and PowerPoint. Please note that this feature is for binary formats ONLY (i.e. PUB, DOC, XLS, PPT, etc), this does not validate the XML based documents (i.e. DOCX, XLSX, PPTX, etc), nor does it validate macros or other custom items. What it does validate is the structure of the file, for example if you have a XLS file that has a FONTINDEX structure with the ifnt value set to 4 (which is an invalid value for that particular item) then it fails validation.
Whenever an un-trusted binary file (i.e. not in a trusted location and not a trusted document) is loaded by Word, PowerPoint, or Excel it goes through a check to see if it is a valid file. This check looks at the specific bits of the file that the application is about to parse, in other words the relevant OLESS Streams. If it is determined to be valid, it opens as normal, nothing to see…move along…move along. However if it is found to be invalid, it is sent (by default) to the Protected View.
If you click on that text you will be taken to the Backstage view where you will have the option to open the file in the full application experience. Please note that this is a trust decision that will mark this particular file as a trusted file, and as such, will NOT be validated the next time you open this file.
After you’re done with the file and close the application you may see a prompt like this:
This prompt only appears at most once every two weeks (per application) and gives you the option to send the failing file (or files) to us via Windows Error Reporting. Of course you can remove a file or two if you don’t want to share that information, but by sending us the file we can analyze it further to improve Office File Validation.
We realize that many administrators (or security conscious users) may not like the idea of opening a file that fails validation, so there is a group policy to control the default action when a file fails validation. These policies are located under the application’s “Options\Security\Trust Center\Protected View” in the group policy templates and it is a per application setting.
There are several registry keys that control various aspects of Office File Validation.
Common Keys
HKCU\Software\Microsoft\Office\14.0\Common\Security\FileValidation \ReportingInterval - This is a DWORD that controls the number of days between the showing of the dialog to send files to Windows Error Reporting.
HKCU\Software\Microsoft\Office\14.0\Common\Security\FileValidation\DisableReporting - This is a DWORD that if set to 1 will disable the showing dialog (and thus the sending of files) to Windows Error Reporting.
Application Specific Keys
For these examples I’m going to use “Excel”, but these also work for “PowerPoint” and “Word”
HKCU\Software\Microsoft\Office\14.0\Excel\Security\FileValidation\EnableOnLoad – This is a DWORD that if set to 0 Office will not validate files. HKCU\Software\Microsoft\Office\14.0\Excel\Security\FileValidation\DisableEditFromPV – This is a DWORD that if set to 1 will not allow files to be edited that fail validation.
HKCU\Software\Microsoft\Office\14.0\Excel\Security\FileValidation\EnableOnLoad – This is a DWORD that if set to 0 Office will not validate files.
HKCU\Software\Microsoft\Office\14.0\Excel\Security\FileValidation\DisableEditFromPV – This is a DWORD that if set to 1 will not allow files to be edited that fail validation.
Excel Specific Keys HKCU\Software\Microsoft\Office\14.0\Excel\Security\FileValidation\PivotOptions – This is a DWORD that controls specific options around validating pivot caches (for performance reasons) in files that have them. 0 = Never validate any pivot cache 1 = Validate the pivot cache in the following cases: (1) file is opened from the internet, and the platform marks the file locally as having come from the internet. (2) The file is a Microsoft Outlook email attachment. (3) The user specifically opened the file in protected view. (4) The file is opened from a known "unsafe location" locally where internet content is cached, and any special user-defined untrusted locations, unless protected view unsafe locations are disabled via (a different) registry key. (5)The file is opened and the pivot cache is parsed on load. 2 =Always validate all pivot caches
HKCU\Software\Microsoft\Office\14.0\Excel\Security\FileValidation\PivotOptions – This is a DWORD that controls specific options around validating pivot caches (for performance reasons) in files that have them.
0 = Never validate any pivot cache 1 = Validate the pivot cache in the following cases: (1) file is opened from the internet, and the platform marks the file locally as having come from the internet. (2) The file is a Microsoft Outlook email attachment. (3) The user specifically opened the file in protected view. (4) The file is opened from a known "unsafe location" locally where internet content is cached, and any special user-defined untrusted locations, unless protected view unsafe locations are disabled via (a different) registry key. (5)The file is opened and the pivot cache is parsed on load. 2 =Always validate all pivot caches
For custom solutions built on top of Office there are a few interesting properties that have been added to the Application Objects that will disable file validation for that session. There is also an extra option for Excel to control the validation of Pivot Caches (i.e. the file cached data for pivot tables and charts). Here’s a powershell script example showing how to set these two options for Excel (but the FileValidation property would also apply for Word and PPT):
$excel = New-Object -comobject Excel.Application # valid values are: # msoFileValidationDefault = 0 # msoFileValidationSkip = 1 $excel.FileValidation = msoFileValidationSkip # valid values are: # xlFileValidationPivotDefault = 0 (do whatever you’d normally do, i.e. follow registry & default settings), # xlFileValidationPivotRun = 1 (validate all pivot caches), # xlFileValidationPivotSkip = 2 (don’t validate any pivot caches) $excel.FileValidationPivot = xlFileValidationPivotSkip
We have made specific strides to ensure that file validation is very fast. Yes, it now takes more time to open a file, but we’re generally talking milliseconds more. In fact, you’d be hard pressed to find a normal sized file that takes more than a second to validate, most files validate in the 1 to 100 milliseconds range. Of course if the file is huge and super complex and takes an hour to open already…then yes it will take more than a second, but you probably aren’t going to notice anyway. In addition to that if the file takes more than 5 seconds to validate (so we’re talking very complex files here) we give you the option to cancel and go straight to the Protected View. After all we couldn’t just let you open it normally because then hackers would just make a file that was really complex…then take over your machine, which is exactly what this feature is trying to stop.
In addition for any file that takes a long time to validate (if it passes validation, fails validation, or validation is skipped) will also be shown the same Windows Error Reporting prompt as a failing file; giving you the option to send us the file for further analysis.
In talking with the developers one day we imagined a conversation that went like this:
“So what have you been working on?” “Office File Validation” “What’s that?” “A check on an Office file to make sure it’s ok” “So, you spent the last two years writing a Boolean function?” “Well…um…yes, but it’s an important function!”
“So what have you been working on?”
“Office File Validation”
“What’s that?”
“A check on an Office file to make sure it’s ok”
“So, you spent the last two years writing a Boolean function?”
“Well…um…yes, but it’s an important function!”
At the end of the day the Office File Validation is really just a Yes/No function to inform the application if a file is valid or not, but that’s a really important function! In fact is also a really complex function, as anyone who’s ever even peeked into the file format specifications can attest. So there you have it, in a nutshell. Office File Validation will check your binary file to ensure the significant bits of your file are valid, and if you think we’re wrong you can either trust the file or let us know!
For those of you who are dogfooding the Technical Preview build, thanks for all of the great feedback you’ve sent us so far on the new Backstage view! We’ve been getting a lot of requests for a sneak peak at the design changes that we’ve been making to the Backstage view since the Technical Preview builds have been released. I’ll talk through some of these changes in this post. Please note that these screenshots are still subject to change - they are from an interim build on the way to our Beta later this fall. We continue to tweak the designs based on what we learn in our usability labs and appreciate continued feedback from those of you that are dogfooding the Technical Preview.
File ButtonFrom the early days of this release, we have been working on making the common commands like Print, Save, and Open more discoverable than in Office 2007. When we created the Office Menu in Office 2007, we optimized for Fitt’s Law – making it super easy to put your mouse in the upper left corner and get to these commands. For those folks who discovered the Office Button right away, this was a great little feature that made Office easier to use. Unfortunately, because this design was unconventional and different from the rest of the Ribbon UI we added, it was hard for some customers to find the Office Button the first time. Many who saw the Office Button believed it to be a branding decoration, rather than a functional button.
In the Technical Preview build, we took steps towards addressing this feedback. First off, we put the Office Button within the same row as the other Ribbon tabs. The location of the Office Button contributed most to people confusing it with a decorative logo. Another thing that we changed was the shape – instead of a fancy round button, we turned it into a button that looked much more like a tab. Lastly, we added an arrow to the button to try to encourage people to click on it.
With these changes, we started seeing some significant improvements in the usability tests in terms of people finding this button quickly the first time. But we still thought the initial discoverability needed to be better - we want to be sure people have no trouble finding the functionality under this button. Over and over in the usability lab, customers told us the word “File” was something they were looking for in the UI – all the years of using the File menu to use commands like “Save As” and “Print” is a hard habit to break. So we’ve listened to our customers and in our Beta release you’ll see we’ve added the “File” label to the tab. This has been a tremendous success in the usability labs and we’ve seen an incredible surge in initial discoverability of the Backstage view.
No More Back ButtonOne of the things we’ve been working on has been improving the navigation to and from the Backstage. Because the Backstage view covers up the document, we created the Back button mechanism to allow you to navigate back to your document. Unfortunately, this design had some issues that we’ve been working through – it led to some confusion around what the “X” (close) button in the top right corner should do, set incorrect expectations around what “Back” actually implies (does it work like in the browser?), and was not an easy target to hit.
An important change has been to keep the Ribbon tabs visible and usable while you’re in the Backstage view. This makes the Backstage work much more like any other Ribbon tab – a metaphor people are already familiar with. In addition to clicking on the document thumbnail or pressing ESC, you can simply click on any one of the other Ribbon tabs to get back to your document and use those commands, just as you would switch between other Ribbon tabs.
Technical Preview:
Beta:
Updated VisualsWe’ve also worked to implement our nearly final set of visuals for the Backstage view. Our designers have worked to develop a set of visuals that help make the Backstage easier to browse and make the transition between your document and the Backstage feel smoother:
Organization of Navigation CommandsWe have also added a little bit more efficiency to the “Quick Commands” in the left side of the Backstage view. Commands like “Save”, “Save As”, “Open”, and “Close” are no longer located beneath the “Info” tab and are actually closer to the File button than they have been in previous versions. Options and Exit are also no longer associated with the last tab, which has been renamed to “Help” to better reflect the commands located on this tab (you can think of the Help tab as the replacement for the commands that used to be located on the Office 2003 Help menu.)
Most Recently Used DocumentsFor some of our customers, having very efficient access to their most recently used documents is super important. There are several ways to do this. First, you can add the “Open Recent File” command to the Quick Access Toolbar (QAT). Just drop down the Quick Customize menu at the right of the QAT.
Clicking on the “Open Recent File Button” from the QAT will open the Backstage view directly to the Recent tab.
You could also choose to add a number of recently used documents directly to the navigation pane – the left hand side of the Backstage view. At the bottom of the Recent tab is a new feature that will allow you to choose the number of recent documents to show in the pane.
If you turn on this feature by clicking on the checkbox…
The number of documents you choose will be shown along with the other “Quick Commands” at the top of the Backstage navigation pane.
Turning this feature on also means that you’ll be able to use the keyboard sequence Alt+F+1 (or 2 or 3, etc) to open the most (or 2nd most, etc) recent document. And for those of you who use the pinning feature of the Recent Documents list (which keeps your favorite documents at the top of the list), you will be able to use the Alt+F+1 (or 2, or 3, etc) keyboard sequence to get to your favorite document, regardless of when it was last opened!
You can now use the keyboard to open your pinned and most recently viewed documents:
Thanks for all of the great feedback that you’ve been giving us so far and we hope that these changes help you become even more productive with the new Backstage view. Let us know what you think of these changes and we look forward to continue hearing your feedback on all of the work that we’ve put into Office 2010. We are listening closely and looking forward to the release of the beta version later this fall.
Marina, Program Manager on the Office User Experience team
Hello, my name is Brad and I work on the Office security team; we focus on a couple of key areas: building security features that improve the Office product line and driving the security engineering process across the division as part of the Security Development Lifecycle (SDL).
I would like to start with a high-level introduction of several of the new security features in Office 2010, what our goals are, and how we think about them. Because shipping Office isn’t about how we think about it, but instead how you think about it, feel free to ‘send a smile’ with the Technical Preview and let me know if we hit the mark.
To start things off, ‘Why?’ is always a good question. Why did we spend time doing anything in this space, and to what end? Well, as the security landscape has been changing, Office has had the misfortune of becoming one of the next big targets for hackers to attack. They have been going after many of our file-format parsers and how we read Office files. They’re looking for ways to exploit bugs and to get their code running on your machine. We have done a lot of work to find and fix bugs, but we can’t find everything. We have to take a more proactive approach and build Office to be more resilient to attack.
To do that, we have designed what we have been referring to as a new security workflow, a layered defense that Office documents have to go through as part of the File Open process. We strive to make this process as invisible as possible. This means no noticeable delay in open times, as well as no dialogs asking you how you feel about security.
The security workflow we designed has several key features that we believe achieves the goals. First, we have improved our File Block feature that was introduced in Office 2007. We now have a way to configure it in the application and have a finer level of granularity to manage how Word, Excel, and PowerPoint open their file types.
Another feature is our new binary file-validation system, which call Office File Validation. Since the vast majority of the exploits have focused on our older file formats, pre-dating our XML versions, we built a system that can validate those files to make sure they conform to the documented format, before they are opened by Word, Excel, or PowerPoint. This is something we did in Publisher 2007, which worked out pretty well. Office File Validation is an integral part of Office that on most days, you would never know exists.
The next question is ‘What do you do with those blocked or invalid files?’. Well, if we just blocked a file and said it was invalid, you would probably be pretty curious why it was invalid, or if maybe we made a mistake. Or, you may be sure you know what it is, and still need to read it. Denying you access to these files doesn’t really meet our goals, so we also built another system we call the Protected View.
Protected View is a way for us to show Word, Excel, and PowerPoint files to you, but without all of the worry about those files being dangerous. We build up a read-only view of the document in an isolated sandbox, which has minimal access to the system, and no access to your other files and information. Even if the file is malicious, it can’t get out of the sandbox and do harm to your computer or data.
By tying all of these features together into a layered defense, any file that reaches your machine will get inspected for the file format being blocked, tested for validity, and maybe shown in a read-only protected state. All this happens in real time, with an indistinguishable performance impact on your load time, and you can open these Office files without worry.
The other goal to make these features and workflow successful is that they don’t get in the way and instead have a positive impact on your experience. That means fewer dialog boxes and less information that is not actionable. We need to make security smart enough to get out of the way when its job is done. To do that, we have made files that open in Protected View remember when you chose to trust them, so you don’t have to re-trust them next time. You are not less secure; you’re just less annoyed (hopefully!).
In future posts, my team and I will be digging into these and other features to explain how they work and give some insight into how to get the most out of them for system administrators. Stay tuned, and give feedback if you want to hear more about a specific security feature. We hope you enjoy using Office 2010, as much as we have enjoyed working with you toward its creation.
Thanks,
Brad Albrecht
Senior Security PMOffice Trustworthy Computing
Microsoft Office 2010 provides you powerful new ways to deliver your best work - whether you’re at work or at home, whether you are travelling in a cab or on a flight, whether you are working on a PC, browser or phone. By offering more ways to access your files from virtually anywhere, Office 2010 puts you in control.
As part of Wednesday’s Office 2010 Beta Announcement we announced the availability of the Office Mobile 2010 Beta -- today’s post describes some of the exciting work we’ve done related to mobility in more detail. Specifically, we’ll talk more about the experiences that make Office 2010 the mobile information worker’s best set of productivity tools on the phone.
Basically, there’re two major offerings we provide for mobile information workers to work on their Office documents. Depending primarily on the type of phone you have, you get to choose whichever way works best for you or is available to you. One way is with Microsoft Office Mobile 2010 and another is with Microsoft Office 2010 Mobile Viewers. We’ll discuss both in detail below, but in short….
…If you are using a Windows Phone
l You get both options. If you want to modify your Office documents, you can use Office Mobile 2010 applications providing rich user experience which customers of Microsoft Office client applications are familiar with. If you just want to quickly view the documents, you can use Office 2010 Mobile Viewers which display your documents in mobile IE browser. We will walk you through the different scenarios in upcoming posts so you know which option might work best for you.
…If you are using a phone built on a non-Windows Platform
l You get the Office 2010 Mobile Viewers option only. As previously mentioned, you get to view the Office documents in your mobile browser whether you have smartphones like iPhone, Blackberry, Android, Symbians or non-smartphones.
The Beta for Office Mobile 2010 is available worldwide in Windows Marketplace for Mobile for Windows Mobile 6.5 phones. To try the Office 2010 Mobile Viewer, you need to have the Office Web Apps installed on your company’s Microsoft SharePoint Server 2010 and then you can use explorer on your phone to view Office documents on the server (read this Office Web App blog post for more information on how to deploy the Web Apps in the enterprise).
In future blog posts, we will explore tips and tricks for the different apps and tools Microsoft Office provides to meet the demands of your busy life on-the-go with your mobile device. In the meantime, enjoy the information below and we hope to hear your feedback soon!
Office Mobile 2010
Use Microsoft Office Mobile 2010 on your Windows phone to get the familiar Microsoft look and feel as well as the services that you’re used to.
Even when you’re on the road, you can view Microsoft Office Word, Microsoft Office Excel and Microsoft Office PowerPoint documents sent as email attachments.
Word Mobile 2010, Excel Mobile 2010 and PowerPoint Mobile 2010
Office Mobile 2010 also makes it easy for you to review documents on the move by adding the ability to edit Word, Excel, and PowerPoint files. So use your commute time in a cab or on a flight to customize an existing presentation by hiding or rearranging slides, reviewing speaker notes, and even adding new notes as you rehearse. What’s more, you can now use your Windows phone as a presentation aid that enables you to control the slideshow and simultaneously view notes as you engage more effectively with your audience.
View images and animations. SmartArt graphics are preserved. Easily manage slides.
Using OneNote Mobile, you can take and manage personal notes on your Windows phone. You can even record voice or take pictures using the phone and bring them to OneNote Mobile or share your notes with your PC and refer to them when you are away.
Capture multimedia notes with ease. Take & insert a picture or voice recording and organize your notes with lists.
In addition to files and e-mail attachments, if you get a link to content hosted on SharePoint Online or on SharePoint 2010, you can access it using SharePoint Workspace Mobile 2010, which enables you to browse sites, document libraries, and lists from the comfort of your Windows phone.
Access multiple sites and libraries, view and sync libraries easily and access your content offline.
We’ve also done work to allow you to save edited documents to the phone and just synchronize them back to the server in case you lose your mobile connection.
Office 2010 Mobile Viewers
With your mobile device browser, Office 2010 Mobile Viewers will help you stay organized, get things done, and present information by keeping Office at your fingertips.
Office 2010 Mobile Viewers enable you to view Microsoft Word, PowerPoint, and Excel files in an easy to read small-screen format that maintains high fidelity. Office 2010 Mobile Viewers target a wide range of devices and micro browsers so that people with or without smartphones can take the advantage of the cool features without having to upgrade your mobile phone. Here are a few examples.
Viewing product sales documents on your mobile phone
Imagine you are sitting in the airport when your colleague calls you and says that the inventory data sheet and promotion document you are going to share with the customers later has been modified and saved back on the SharePoint server to reflect the latest status. You don’t need to bother turning on your laptop. You open up your browser from your mobile phone, connect to your team SharePoint portal, select the inventory data sheet, and quickly see the new inventory diagram. You then click on promotion document and see that the visuals have been revamped. You feel confident before you walk on the plane knowing that the customers will surely be happy with your presentation later.
Excel Mobile Viewer and Excel Mobile Viewer functionalities
Word Mobile Viewer – image view and the Word Mobile Viewer – text view.
Joining a meeting and viewing the presentation on your mobile phone
Office 2010 Mobile Viewers also go beyond just allowing you to view your own files. Imagine you’re stuck in a traffic jam are going to be late for a meeting that starts in 5 minutes. Now you pull out your mobile phone and pop open the email you received from the meeting presenter that contains a URL to the presentation broadcast (“Broadcasting presentation” is a new feature supported by PowerPoint 2010 that will be talked about in more detail in the future). You can now participate in the call and view the current slide in real time as the presentation moves along.
PowerPoint Mobile Viewer – image view and PowerPoint Mobile Viewer – outline view.
We hope you’re as excited about Office Mobile 2010 as we are! Future posts will walk you through each of the above mobile productivity tools in more detail so when they are released you’ll be able to use them as we do and improve your productivity on the go.
Update: Replace the images of “Excel Mobile Viewer” and “PowerPoint Mobile Viewer” with updated ones. No description or other content has been changed in the update.
Using Office 2010, have something you want to tell Office? Maybe you're having trouble finding something in the UI or have a specific suggestion on how we can improve a feature. Or, maybe there's something you love and you want to make sure we know about it so that we keep it in the product. The best tool to use to give us feedback on the Office 2010 (Technical Preview) is called Send-a-Smile.
Hello and welcome to Office 2010! My name is Amanda and I am a Program Manager in Office, on my team we build Feedback tools, including Send-a-Smile. My job is to ensure the Office user has the opportunity to provide feedback (likes and dislikes) about their Office 2010 experience and then route this information to the right people on the Office teams. The teams use this information to make decisions regarding feature designs and to help prioritize bug fixes.
Where can I get Send-a-Smile? Send-a-Smile automatically installs with Office 2010, you’ll see two icons added to the notifications area of the taskbar over by the clock: a Smile to click when you want to give us positive feedback and a Frown to click when there's something you don’t like. On Win7, you may need to go specifically add them to the list of icons you want to see in the taskbar.
Do we actually read the comments? Absolutely! In fact we’ve already taken fixes to the product, which future downloaders of the Office 2010 (Technical Preview) will benefit from. Let me walk you through the process from sending a comment to someone on the Office team reviewing the comment.
How does one submit a comment? As previously noted, the Send-a-Smile tool installs along with the Office 2010 (Technical Preview). After the installation is complete, you will see the Smile and Frown icons in the taskbar.
Clicking on the Smile or Frown will launch the Send-a-Smile tool.
There is a text box to type your comment, and optionally you can include a picture of your screen and your e-mail address (so that we can contact you if necessary.) The screenshot is a really interesting and useful part of the feedback... especially where the UI is concerned. But, of course, you can just send the text if you'd rather. After you click “Submit”, off your feedback goes to Microsoft...
Where does the Smile or Frown go after you click submit and see the envelope fly away? Who reads my Smile or Frown comment?
The comment goes into a database here at Microsoft. Based on the comment text, we automatically group “tag” the comments by team and by feature. This helps get your comment to the appropriate team as quickly as possible.
An internal website has been created specifically for these comments. The Office teams use the website to review all the comments “tagged” to their team and features. While reviewing the comments, the teams have the option to give the comment a status to help categorize and later follow up on specific comments.
This feedback mechanism has already had a big impact on the product. Bugs have been identified and fixed. And of course, the many positive comments we receive help us not to tinker with the things that it seems we've gotten right.
We cannot guarantee that we'll act on every comment (which would be impossible anyway since many of the comments directly contradict other comments), but we can promise that we read them, consider them, and use them to help make decisions about the product.
The long and short of it all this, when you have feedback please click on the Smile and Frown icons...we are listening and love to receive feedback on the Office 2010 (Technical Preview). This is the most direct way for anyone in the world to get their feedback heard by the right person, with none of the barriers usually associated with trying to give feedback to a big company (phone trees, "customer service representatives", etc.)