Summary: Provides a summary of Click-to-Run for Office 365 customization and discusses how to use AppLocker and AppHelp for customization at the application level.
Click-to-Run is a streaming and virtualization technology that is designed to significantly reduce the time that is required to download and use Office client products. Streaming allows users to begin to use a Click-to-Run product before the complete product is downloaded.
Click-to-Run for Office 365 products are based on core virtualization and streaming Microsoft Application Virtualization (App-V) technologies. Click-to-Run resources run in an isolated virtual environment on the local operating system.
To customize Click-to-Run for Office 365 installation settings for an on-premises deployment of Office 365 ProPlus, administrators who have signed up for Office 365 can use the Office Deployment Tool. You download the Office Deployment Tool from the Microsoft Download Center site. The download includes a sample Configuration.xml file. To customize a Click-to-Run for Office 365 installation, you run the Office Deployment Tool and provide a custom Configuration.xml configuration file. The Office Deployment Tool performs the tasks that are specified by using the optional properties in the configuration file.
You can specify the following Click-to-Run installation options in the Configuration.xml file:
For more information, see Customization overview for Click-to-Run.
Managing user and computer settings for Click-to-Run for Office 365
To manage the user and computer settings that you want to enforce in Click-to-Run for Office 365, you must use Group Policy. It is the recommended tool for enforcing user and computer settings in both Windows Installer-based Office 2013 (MSI) and Click-to-Run for Office 365.
If you want to set initial default settings for Office 2013 volume licensed MSI installations, you can use the Office Customization Tool (OCT) to customize features and configure user settings. Users can change most of the settings after the installation.
In an Active Directory environment, administrators apply policy settings to groups of users and computers in a site, domain, or organizational unit to which a Group Policy object is linked. True policy settings are written to the approved registry key locations for policy, and these settings have access control list (ACL) restrictions that prevent non-administrator users from changing them. Administrators use Group Policy to create highly restricted or lightly managed desktop configurations, which depends on their specific business and security requirements. Group Policy settings have precedence over Office Customization Settings user settings. The OCT is used to customize Windows Installer-based installations.
For information about Group Policy and Administrative Templates for Office 2013, see the following resources:
You can download the Administrative Templates here: Office 2013 Preview Administrative Template files (ADMX/ADML) and Office Customization Tool. The download includes an Excel spreadsheet (office2013grouppolicyandoctsettings.xslx) that describes all the Group Policy and OCT settings.
About application level customization for Click-to-Run installations
Click-to-Run is not customizable at the application level. However, there are some options:
Using AppLocker to block Click-to-Run applications
You can use AppLocker to control which applications and files users can run. These include executable files, scripts, Windows® Installer files, DLLs, Packaged apps and Packaged app installers. For example, you can use AppLocker to prevent users from running Access 2013 Click-to-Run.
In an Active Directory environment, if you are using and Group Policy to manage user settings, AppLocker is ideal for managing your Windows-based computers. AppLocker relies on Group Policy for authoring and deployment. To see a list of supported Windows operating system and system requirements, see "Versions, interoperability, and differences in functionality" in AppLocker Technical Overview. AppLocker is included with enterprise-level editions of Windows.
For detailed information about using AppLocker, see the following resources:
AppLocker Step-by-Step Guide
Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012
AppLocker Policies Design Guide
AppLocker Policies Deployment Guide
Windows 8, Windows Server 2012
Manage Packaged Apps with AppLocker
Use the AppLocker Windows PowerShell Cmdlets
Windows 7, Windows Server 2008 R2
Using the AppLocker Windows PowerShell Cmdlets
AppLocker Operations Guide
Video: AppLocker Demo
Using AppHelp blocking messages in Compatibility Administrator
For organizations without Windows Enterprise versions, you can use AppHelp hard block messages to prevent individual Office 365 ProPlus applications from running. This is the internal mechanism that Windows uses to block known incompatible or otherwise problematic applications from launching. You can use the Compatibility Administrator tool as part of the Application Compatibility Toolkit to enable hard blocks.
The Compatibility Administrator tool helps you resolve potential application-compatibility issues before you deploying a new version of Windows to your organization. Compatibility Administrator provides the following:
A blocking AppHelp message prevents the application from starting and displays a message to the user. You can define a specific URL where the user can download an updated driver or other fix to resolve the issue. When you use a blocking AppHelp message, you must also define the file-matching information to identify the version of the application and enable the corrected version to continue.
To learn about using the Compatibility Administrator tool and creating AppHelp messages, see the following resources:
For more information about Office 365 ProPlus, see Office 365 ProPlus.