Season 2 of the Garage series with host Jeremy Chapman is now on the new Office 365 Technology blog.
Looking for the latest new Office Garage Series post? The scope of the show has expanded for season 2. And with that, you can now find the show on the new Office 365 Technology blog. As always, you can go to http://www.microsoft.com/garage to view the latest episode.
Season 2 of the Garage series kicks off with an episode covering the enhancements around touch and immersive experiences. If you missed TechEd 2013 North America in New Orleans, or even if you didn't, you'll want to check out the 6 part series that was filmed on location in New Orleans.
You won’t want to miss this week’s show. Jeremy is joined by Amanda Lefebvre as they give a pre-release, first look at upcoming Office experiences in the Web. They walk through real-time co-authoring beyond pure text editing across Word, PowerPoint and at a cell level in Excel. And they show net new capabilities previously only available on the desktop. Our hosts also challenge a local New Orleans band, Remedy Krewe, to compose a blues song real-time as they work together both online and offline.
If you miss the good old days of Yoni and Jeremy co-hosting and talking about specifically about deployment and manageability of the new Office, check out the Garage Series for IT Pros Archive of previous episodes.
In this episode of the new Office Garage Series for IT Pros, we look back at some of the best moments of season 1 from Xstream installs in air, on land and water and some of the best demos as we helped answer some of your top questions on the new Office. From the differences between the two versions and package/install types with the MSI-based Office Professional Plus 2013 and the Click-to-Run-based Office 365 ProPlus, the new user-centric model, integration with your existing deployment tools, managing Office in virtual environments, it’s not too late to catch up as we gear up for season 2 kicking off next week in the Big Easy.
Jeremy: So we are finally at the end of season 1 of the Garage Series show. We’ve covered a gamut of topics related to the new Office client and the user-centric model for Office 365 and how it can integrate with your existing identity and deployment infrastructure.As we gear up for season 2 which has us starting on location in bayou country and the blues capital of the world, we thought we’d take a look back at some of the best moments. So let’s start off by taking a look back at our Xstream Office 365 ProPlus installs in air, on land and in water.
<a title="The new Office: Garage Series for IT Pros - A look back at the season so far (1 of 2)" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=0f70d731-d94e-4e0e-b0f1-eb783a815fd3&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=0f70d731-d94e-4e0e-b0f1-eb783a815fd3&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - A look back at the season so far (1 of 2)</a>
Yoni: The highlight of my year has been the birth of my daughter Charlotte, but right up there along with that was getting to fly the Extra 200 that you see in our aerobatics XStream install from episode 7. As a pilot and adrenalin junky, very few piloting experiences come close to that. So thanks to our friends at redbaron.com.au for giving us the opportunityJeremy: That was awesome and impossible to top. My contribution on the other hand was streaming Office with Windows Intune to my car PC in the time that it took to cross Seattle’s famous floating bridge. We did this entirely in one take and I was not sure about the timing. In hindsight I wish I could have kicked off the install a little sooner in order to make the compressed timeframe at the floating section of the bridge. But I was open to whatever happened as I took on the challenge.Yoni: It’s pretty impressive that you have a PC in the dashboard of your car, Jez.Jeremy: Yeah, if it wasn’t built into my car, it may have been illegal to install Office while driving. Switching gears though, we also covered quite a few unique demos. In episode 5, we raced Office installs, from the Office 365 portal via Windows Intune, MDT, and ConfigMgr collectively versus the traditional MSI install, speed definitely wasn’t on its side in this case.Yoni: We covered a lot of ground in discussing the user-centric model, package types, how you integrate Office 365 ProPlus with your existing deployment and servicing infrastructure, and specific requirements for virtual environments.Jeremy: Perhaps some of the more compelling demos were the ones that showcased multi-device support and the latest in touch and Lync experiences <a title="The new Office: Garage Series for IT Pros - A look back at the season so far (2 of 2)" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=18fc126f-7896-410b-972f-ee9a070215d6&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=18fc126f-7896-410b-972f-ee9a070215d6&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - A look back at the season so far (2 of 2)</a>
It’s still not too late to catch up with season 1. We hope that you are already test driving Office 365 ProPlus for yourself. Here’s a roundup of all 12 episodes:
Mark your calendars and join in the fun with more new stunts and unique demos as we cover all of the Office including the server stack to bring you what’s new and better with Office 365 and much more.Our next episode will capture the unique character of the Big Easy as we put real-time co-authoring to the test. Bye for now.
-Jeremy and Yoni
Garage Series for IT Pros Archive of previous episodes
Office 365 ProPlus Trial
Office TechCenter on TechNet
Office 365 TechCenter on TechNet
Follow @OfficeGarage on Twitter
About the Garage Series hosts:
By day, Jeremy Chapman works at Microsoft, responsible for optimizing the future of Office client and service delivery as the senior deployment lead. Jeremy’s background in application compatibility, building deployment automation tools and infrastructure reference architectures has been fundamental to the prioritization of new Office enterprise features such as the latest Click-to-Run install. By night, he is a car modding fanatic and serial linguist. He first met Yoni Kirsh, founder of the Australian-based deployment services company Fastrack Technology, back in 2007 at a Microsoft customer desktop advisory council. Yoni's real-world experience managing some of the largest Client deployments for the Asia Pacific region has helped steer the direction of the new Office. Additionally, Yoni is an aviation enthusiast and pilot. Both Jeremy and Yoni are respected technical speakers and between them have over 20 years of experience in the deployment and management of Microsoft Office and Windows clients. They are also leading experts in the transition to Office as a service.
This week, our adventurous hosts tackle one of the most requested topics, managing Office in virtualized environments from the entire desktop to hosting the application on Remote Desktop Server with Office 365. They explain virtualization options, licensing implications and even demonstrate how to convert Click-to-Run media into an App-V package. Lead deployment engineer Jefferson Criddle also joins again to discuss how application virtualization is at the core of the Click-to-Run based Office 365 ProPlus.
<a title="The new Office: Garage Series for IT Pros - Managing Office in virtualized environments" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=f1fb1508-2c61-43e9-bc36-a3d714de1538&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=f1fb1508-2c61-43e9-bc36-a3d714de1538&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - Managing Office in virtualized environments</a>
Add an ICS reminder to your calendar to tune in each Wednesday 9am PST. We redirect the www.microsoft.com/garage link each week to go to the latest episode.
Jeremy: Last week we went deeper on the identity and user provisioning aspects of Office 365 ProPlus and demonstrated the primary options for provisioning user accounts and services to users. We also showed these tasks can be automated using PowerShell cmdlets.
Yoni: The user provisioning aspects are definitely some of the most visible changes to how Office is consumed with Office 365 ProPlus. There are also a lot of changes in terms of desktop virtualization and which Office packages can be used in each scenario.
Jeremy: Importantly, if you bought Office 365 ProPlus or an Enterprise Office 365 SKU that contains Office 365 ProPlus via Volume Licensing channels, users with Office 365 ProPlus rights can also consume Office Professional Plus 2013 via Remote Desktop Services as one of their five installations. The specific terms are listed in the "Exceptions and Additional Terms for Office 365 ProPlus" details on the volume licensing site. Also the operating system environment (OSE) may now be a physical or virtual operating system. This is a change to Office 365 from last year, where the OSE needed to be physical.
Yoni: This is great news for people out there using virtualization to deliver either entire desktops or Office apps with technologies like RemoteApp in Windows Server or tools like Citrix XenApp. As we have been mentioning throughout the series and as Jefferson Criddle mentions on today's show, Click-to-Run is based on the same technology underpinnings found in Microsoft Application Virtualization.
Jeremy: We drew a lot of this out on the display in the show, but to provide a little more clarity, I decided to create a few graphics with a little more detail. The first virtualization technology we discussed was App-V and I've documented the attributes it shares with Click-to-Run below and some of the unique aspects for App-V and Click-to-Run.
Yoni: Then we talked about Remote Desktop Services (RDS), but we didn't mention in the show that you can connect to a single PC or "session" using a remote device. Windows has had this built in for years and products like GoToMyPC from Citrix extend that capability to other device platforms. That means if you cannot make it to your desk at work, you can remote into it and use Office installed on that remote PC. We labeled the Remote Desktop Connection screen in Windows as a Connection Broker, but in most VDI cases you'll be using something else to login and broker the connection.
Jeremy: RDS is what we used to call Terminal Services 5+ years ago. That is when multiple users log into a single Windows Server operating system simultaneously with multiple user profiles. There is basically one install of Office serving sometimes 50-to-100 people simultaneously. Based on how that works and how Office activation works, you need to use Volume Licensing activation with Office Professional Plus 2013, as Office 365 ProPlus will not install or run on a server with the RDS role enabled.
Yoni: It makes sense because if one user were to install and activate Office and 100 of his colleagues used the first user's install, they would need rights somehow to the software. You're effectively running a Volume Licensing (VL) architecture in that case, so you need VL bits. One important note here is that App-V 5.0 can only be used with converted Click-to-Run packages using the Office Deployment Tool's /packager command. So because there are no VL builds of Click-to-Run, App-V 5.0 cannot be used to deliver new Office clients in an RDS environment.
Jeremy: The most common virtualization architecture supporting both installation types of Office is Virtual Desktop Infrastructure (VDI) with virtual machines dedicated to users. This is a typical configuration used with off shore development where the user logs into the same virtual machine with each and every login. As long as that VM is static to the user, runs Windows 7/Server 2008 R2 and connects periodically to the Internet, it can run Office 365 ProPlus and the same is true for Office Professional Plus 2013 with the Windows Installer Package (MSI) based installation. The graphic below explains it with a bit more depth.
Yoni: All architectures using pooled VDI will need to use a VL package of Office with the MSI-based installer. These architectures can be used to maximize server resource utilization in VDI while providing a common base OS layer to ease management.
Jeremy: That was a crash course in only a few of the desktop virtualization architectures and permutations I've seen, but there are many more and several combinations between the types listed out above. It really scratches the surface and these are some of the most frequent questions we get, so I hope this helps.
With this show we also wrap the topics related to Office desktop apps in terms of what’s new, different and your specific options. Over the past few weeks we’ve covered all things Client related from the differences between the Office Professional Plus 2013 MSI-based install and the Office 365 Professional Plus Click-to-Run install, to configuring the new Office, automating user provisioning in Office 365, integrating with deployment tools and much more.
Don’t forget to tune in next week when we round up some of our favorite moments of the season, ahead of our series specials from Microsoft TechEd in New Orleans where we will extend our focus across the Office stack with more action packed weekly shows.
Yoni: Cool and exciting stuff ahead. I’d love to join in on the action in New Orleans, but I’ll have my hands full at home with the latest arrival to the Kirsh clan, my newborn daughter, Charlotte.
Jeremy: Congrats and we’ll miss you in New Orleans, Yoni. There’s lot’s to share too from the latest on touch and immersive experiences, the evolution of richer Office experiences on the Web and real-time co-authoring, the next frontier in sharing and collaboration including enterprise social, site mailbox and Lync as well as the latest advancements in enterprise search and data protection with capabilities such as eDiscovery in SharePoint and Data Loss Prevention in Microsoft Exchange and much more as we put the new Office through its paces in some extreme Louisiana based situations (hint: alligators) and also hear from tech analyst, author and journalist Paul Thurrott again as we look at his favorite things with Office 2013. So bye for now.
See you next week,
Jeremy and Yoni
Overview of Licensing and Activation in Office 365 ProPlus
Overview of using Virtualization to Deploy Office (2010)
This week our hosts address one of the most visible changes to the new Office desktop apps - sign in experience for the service. Jeremy and Yoni draw out the identity architecture on the PPI to show the main options. Then they demonstrate how to get users into an organization's Office 365 identity store and how to grant specific users access to Office 365 services. You'll see how to do all of this manually or using scripted automation solutions with PowerShell cmdlets. They catch up with Trustworthy Computing Lead for Office, Keith Yedlin, to talk about security and they show the single sign on experience with Active Directory Federation Services (ADFS). In this week's XStream install Yoni takes on the water as he tries to install Office 365 ProPlus before a wakeboarder takes a spill.
<a title="The new Office: Garage Series for IT Pros - Automating User Provisioning in Office 365" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=0091779b-3d30-48ef-aaa4-448dc01b331f&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=0091779b-3d30-48ef-aaa4-448dc01b331f&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - Automating User Provisioning in Office 365</a>
Jeremy: Last week we went deeper on the anatomy of software updates in Click-to-Run-delivered Office 365 ProPlus. Remember, many of those concepts translate to all Office 2013 consumer products and Office 365 Home Premium as well as Office 365 Small Business Premium, which all use Click-to-Run servicing. Office 365 ProPlus is unique compared to other Office versions because it also allows IT administrators to control which Office build is installed, where updates are pulled from and whether the update service is enabled or not.
Yoni: The software update controls give IT the ability to test, validate and roll-back updates as needed. That is super important for IT especially when they have third party or in-house solutions built and they need to make sure those are compatible before they roll an update into production.
Jeremy: This week we tackle a very visible topic in a services-based world where the user is at the center - Identity Management. We covered this at a foundational level in Episode 4 when we had Mark Russinovich on the show. Identity management is one of the biggest mental hurdles in adapting to a user-based model. It also provides the foundation for many of the benefits users see, like roaming settings, access to their email and Office files on almost any device and the ability to install Office on five PCs or Macs.
Yoni: As I talk to my peers and customers, a lot of them are thrilled about the prospect of user-based licensing and how that can impact costs and accounting in a world of multiple devices per user. On the flipside, they are typically unsure of what that means and how it impacts the way they manage desktop services. In many people's minds, they want to buy via user-based licensing and deploy with a more anonymous Key Management Service (KMS). But for many reasons this cannot work and there is no way to connect the user to his or her files without their identity somehow being involved to create the relationship between them and their data. Imagine trying to use social networking services like Facebook or Twitter anonymously or applying for a credit card without giving your name. Services need something to tie the person back to their organization.
Jeremy: In Office's case, it also means we can eliminate the need to otherwise hand out 5x5 keys. Users not only can access services, but they can also activate Office on up to five devices and manage those devices using their Organizational ID. Microsoft provides tools to import and synchronize user objects from an existing Active Directory environment, perform bulk CSV list imports or use custom PowerShell scripts to populate the identity store with User Principle Names and required directory attributes. We mapped out all of the primary options on the PPI display and then demonstrated these tools in action.
Yoni: One thing people often overlook is that once the users are in the store, they need to purchase then assign licenses to various Office 365 services, like the Office 365 ProPlus desktop applications. We showed how licenses for services are assigned manually in the portal. But assuming you've set up Directory Synchronization and maybe even Single Sign On with ADFS, then you probably want to automate the process of assigning licenses and for that we use the Set-MsolUserLicense cmdlet.
Jeremy: The final frontier from an automation perspective is really to set up ADFS and single sign-on as a way to ensure that your policies for password updates and the service authentication itself integrates with your existing tools and policies. The best place to go for all of this is the Office 365 deployment center on TechNet. It walks you through the right solution depending on your organization size and needs.
Yoni: Of course the Office 365 deployment center and more key resources are listed below. This week we also took to the water in this week's XStream install. I wanted to find out if Office 365 ProPlus could install without an Internet connection on a boat before our stuntman took a spill in a local river. You will need to watch the video to see if that worked out. If you watched last week, Sydney traffic managed to beat our Click-to-Run install, so anything can happen.
Jeremy: Luckily our stunt man didn't encounter any crocodiles during this week's stunt.
Next week we'll cover the major desktop virtualization options and how you can use the new Office - both the traditional volume license packages and the new Office 365 ProPlus packages - with desktop virtualization solutions. Also, if you are coming to Microsoft TechEd in New Orleans on June 3-6, we'll be filming shows live from the Office show floor. We are going beyond the Office desktop apps to show the best of Exchange, SharePoint, apps for Office, Lync, touch and large screen experiences and the integration across all of these solutions.
Office 365 deployment center
Manage Windows Azure Active Directory by using Windows PowerShell
Directory synchronization roadmap
This week adventurous hosts go deeper on how software updates really work for the new Office. They attempt to demystify what’s different compared to the Office Professional Plus 2013 MSI install and explain the optimized update service for the Office 365 ProPlus Click-to-Run install. They also explain how the service works in cases where you might want to test, validate and publish updates either on premises or use the default Office content delivery network (CDN) and see how to go beyond default settings. Plus, Jeremy talks to Jefferson Criddle from the Office engineering team and Yoni gets behind the wheel in a Ferrari F430 Spider to see if he can beat Sydney, Australia traffic in today’s XStream Install.
<a title="The new Office: Garage Series for IT Pros - Anatomy of Office Software updates" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=e11453f7-805c-4959-8300-6e5c6de12a7a&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=e11453f7-805c-4959-8300-6e5c6de12a7a&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - Anatomy of Office Software updates</a>
Jeremy: Last week we wrapped up our three-part series on Click-to-Run configuration and deployment with on premises software distribution tools. I took to the streets to see if I could install Office via Windows Intune in my car PC while tethered to my mobile phone before I crossed the 520 bridge in Seattle.
Yoni: Importantly we showed how you would customize Click-to-Run with the Office Deployment Tool and Group Policy. We also showed install-time configurations you can make by calling different configuration XML files depending on what you need using tools like System Center Configuration Manager and Windows Intune for standalone Office installation or Microsoft Deployment Toolkit as part of a Windows image deployment. This week we'll discuss another aspect that you set at install-time but need to manage ongoing - software updates in the new Office.
Jeremy: You'll often hear people use the phrase “always-up-to-date” when they describe Office 365 ProPlus. The design of the service is to not allow Office desktop applications to ever go more than a year out of date. For many users and in all self-installation scenarios, updates will stream regularly from the Office 365 public service. Managed organizations with Office 365 ProPlus have control over the update process to ensure that software updates do not introduce compatibility or similar issues prior to authorizing software updates for their managed PCs.
Yoni: With Click-to-Run, tools like Microsoft Update and the traditional MSP files are not involved in software updates as they are with MSI-based Office packages. Likewise, management tools like Windows Server Update Services (WSUS) and products controlling WSUS like System Center Configuration Manager are not distributing software updates to Click-to-Run . Instead, to support the application virtualization underpinnings and enable background updating something different was developed.
Jeremy: Yes, the engine had to change in this case to support Click-to-Run. In many ways updating is a lot more predictable. As the engine is checking more frequently for updated Office builds, we are seeing more success discovering and applying updates with Click-to-Run. I blogged about that a few months back on the Office 365 Community Technical Blog and highlighted all of the configuration XML controls used to take over the software update process if you do not want to use the default auto-updating behavior.
Yoni: There are really three options when it comes to software updates with Click-to-Run and these options are controlled via the Office Deployment Tool's configuration XML file:
In all three options, the update service will look if there is a build of Office already installed, compare that to the build Office is trying to update to, then only transfer the delta of what is required. Jeremy sketched this process out on the PPI display in the show.
Jeremy: And Yoni showed the update experience on his computer. He also took to the streets and brutally one-upped my car from the last episode and installed Office in a Ferrari F430 Spider - and had nicer weather to boot. You'll have to see the show to find out how that went.
Yoni: So next week, we'll cover a topic core to this release of Office - automating user and service provisioning. We'll go quite a bit deeper than we did earlier in the season and show both the manual and scripted ways using PowerShell to add users and assign licenses to the Office service.
See you next week.
Office 365 ProPlus Administrator Series: Client Deployment Options
Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool
This week marks the third in a three part series as hosts Jeremy Chapman and Yoni Kirsh take the concepts from installing and configuring Office Click-to-Run in the first two parts and integrate those with software distribution tools like System Center Configuration Manager, Microsoft Deployment Toolkit and Windows Intune. They demonstrate the specific commands used with standalone software installation or part of the Windows imaging process and Jeremy tests whether he can stream Office to his car PC while WiFi-tethered with his phone before he crosses Seattle's famous floating bridge on Interstate 520.
<a title="The new Office: Garage Series for IT Pros - Click-to-Run integration (Part 3 of 3)" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=273f70c4-98b1-4125-b92e-0c62ddd6386f&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=273f70c4-98b1-4125-b92e-0c62ddd6386f&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - Click-to-Run integration (Part 3 of 3)</a>
Jeremy: Last week in part two out of three of our focus on managing and configuring the new Office, we talked about the workarounds you might use to block unwanted Office desktop applications from running and how you would install Office Click-to-Run in a multiple language environment. While Click-to-Run doesn't allow you to block certain components of Office from installing, there are ways to hide or block unwanted applications from running. I showed AppLocker in action to block Access from running.
Yoni: And if you don't have Windows Enterprise required to use AppLocker, Jeremy showed another way to block executables using the AppHelp Hard Block mechanism Windows uses. Probably not the cleanest approach to blocking an EXE, but if simply hiding paths into the application just won't do, you can use the same approach Windows uses to block apps. You might also want to look at App-V 5 with Office 365 ProPlus if you want to deselect Office apps altogether.
Jeremy: So this week we translate what we saw in episode 5's deployment race a few weeks back, but actually show how to get Configuration Manager, MDT and Windows Intune set up to automate the installation of Office 365 ProPlus on behalf of end users. Office 365 ProPlus Click-to-Run is installed via a setup.exe bootstrapper similar to the Office MSI packages so normal software distribution tools work to install Office.
Yoni: For tools like System Center Configuration Manager, Windows Intune or third party software distribution you can download and import Office Click-to-Run installation binaries, create packages (or Apps if you use ConfigMgr '12) and advertise them as you would any other application. We documented all of the silent install commands last week in Part 2 of this deep dive. Another thing you can do with Office 365 ProPlus is use these tools to send a small instruction set down to your Internet-connected endpoints and have them pull Office bits directly from the Office 365 CDN.
Jeremy: I blogged about that a few months back on the Office 365 Community Technical Blog with a video demo and it adds another option for distributing Office and saving your VPN bandwidth potentially for remote computers. You transfer around 250kb telling the end point what to install, including: build, architecture, and update behavior. Then the 700MB or so Office package is streamed from the Internet via the Office 365 CDN instead of using your software distribution infrastructure and a remote VPN connection.
Yoni: This week you demonstrated this option in your car using Windows Intune to install Office 365 ProPlus directly from the Office CDN. You'll have to check out this week's show to see how that went. And if the install from the Internet option isn't your cup of tea or you are in a market where Internet is charged by the amount of MB transferred, you may want to block installation of Office via the Internet. In that case, you can disallow user self-installation in the Office 365 Admin Portal and use software distribution infrastructure exclusively to ensure all Office 365 ProPlus installs happen within your LAN. The flexibility is there and the decision is yours to make.
Jeremy: There is another question we get a lot, "Can we put Office 365 ProPlus and Click-to-Run builds in our Windows images?"
Yes. Whether you preinstall Office in your image then capture it or whether you install Office at build time with a task sequence, both will work. If you are installing and capturing the image, Office has been tested to work fine after running Sysprep.exe. The main thing to remember in that case is you want to install, but not activate Office. So the procedure would be to
If you are using the Microsoft Deployment Toolkit for imaging, there is another important point to remember. When Office installs using Click-to-Run the integratedoffice.exe process managing the installation is passed from the installation initiator account (in MDT it is the Administrator account) to the System Account after around 10% of the installation progress. That means the System Account also needs access to the deployment share or wherever you are pointing setup.exe via the SourcePath property to look for the Click-to-Run package. One thing I do here to ensure success is copy the installation package to the local hard drive of the target machine, then run setup. This is roughly how the Office MSI setup uses the hidden C:\MSOCache folder to stage installation files.
On the show I added two custom tasks to my MDT task sequence. This assumes I imported Office into the ".\Deploy\Applications\Microsoft Office 365 ProPlus\" directory in my MDT deployment share:
Task Name: Copy Office 365 ProPlusCommand: xcopy.exe "%deployroot%\Applications\Microsoft Office 365 ProPlus\*" "%SystemDrive%\Deploy\Applications\Microsoft Office 365 ProPlus\" /e
Task Name: Install Office 365 ProPlusCommand: "%SystemDrive%\Deploy\Applications\Microsoft Office 365 ProPlus\setup.exe" /configure "%SystemDrive%\Deploy\Applications\Microsoft Office 365 ProPlus\configuration.xml"
The nice thing about these tasks and using the %SystemDrive%\Deploy folder as a file cache location is that MDT's LTICleanup.wsf is run at the end of the MDT task sequence and deletes the Office installation source files automatically from the hard drive when the task sequence completes. If you use this approach as opposed to ensuring the System Account has access to Office source, these two custom tasks should be very late in your overall task sequence so MDT doesn't inadvertently set its %deployroot% variable at some point in the process to the %SystemDrive%.
Yoni: Of course there are a few ways to accomplish what Jeremy describes above and you can add controls to customize installation using install scripts or database variables to control language preferences, architecture, source and update locations, etc. by modifying which configuration.xml files are called by setup.
Jeremy: The sky is the limit and the nice thing about automation is that you tend to only need to know this stuff as long as it takes to build out your software distribution processes and task sequences, after that it just runs by itself.
Yoni: Be sure to check out the other two parts of this series if you are in the midst of figuring out how to customize and deploy Office 365 ProPlus:
Jeremy: That wraps up our three-part series on customization and deployment. Next week we'll go deep on the software update engine and available controls. Plus Yoni will get behind the wheel in a Ferrari F430 Spider as he looks to see if he can beat Sydney, Australia traffic in next week's XStream Install.
Deployment Options for Office 365 ProPlus
This week marks the second in a three part series, as hosts Jeremy Chapman and Yoni Kirsh, explore specific differences between the Office Professional Plus 2013 MSI and Office 365 ProPlus Click-to-Run install and potential workarounds for your Office configuration. They cover topics from removing and blocking applications from the Office suite, using multiple languages and disabling first run to changing update properties. And hear from lead Office set-up engineer, Paul Barr.
<a title="The new Office: Garage Series for IT Pros - Workarounds for your Office Configuration (Part 2 of 3)" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=7500ed74-90a2-4df7-8569-4b15429d8c08&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=7500ed74-90a2-4df7-8569-4b15429d8c08&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - Workarounds for your Office Configuration (Part 2 of 3)</a>
Jeremy: Last week in part one out of three of our focus on managing and configuring the new Office, e we featured an epic XStream install where we challenged Yoni to install Office without an Internet connection doing High-G aerobatics. We also went deep on the Office Deployment Tool for Click-to-Run and how it is used to download Office installation files, install Office with custom configurations or remove Click-to-Run installations with scripted or automated solutions. In this episode we'll talk about frequent and little known workarounds, language customization and removing all user prompts from an Office 365 ProPlus Click-to-Run installation.
Yoni: So a question I often get is how do I disable certain Office applications from installing. With the MSI you could use the Office Customization Tool to disable components from installing. In Click-to-Run you are installing at a suite or SKU level and to stop people from using them, you would need to first remove shortcuts to the unwanted apps. Then you can use things like AppLocker or similar tools to block executable files from running. If you deploy Office 365 ProPlus with App-V 5 you can prevent applications from installing as part of the Office suite.
Jeremy: We also talked about language management and how you would use language properties in the Office Deployment Tool's configuration XML to download and install Office in different languages. I spoke Mandarin this week and showed how woefully out of practice I am. Then we took a tour of some of the new Group Policy settings to disable user prompts at installation and first run.
Yoni: Right, and in those cases we usually want to remove the sign in if possible and just about all the user prompts and the awesome video we get on first run. And to do that, we need to specify a few settings in the configuration XML and in Group Policy.
Configuration XML - you just need to activate the commented out line in the sample file like this and that will turn off the installation displays and firstrun.exe:<Display Level="None" AcceptEULA="TRUE" />
Group Policy - there are three main areas to look at - Disable First Run (this is %userprofile% based for each person logging in the first time), Disable "First things first" and Disable Sign-In. The Group Policy settings are as follows:
Disable First Run experienceUser Configuration\ Microsoft Office 2013\ First Run Disable First Run Movie - Enabled Disable Office First Run on application boot – Enable
Disable “First things First”User Configuration\ Microsoft Office 2013\ Privacy\ Trust Center Disable Opt-in Wizard on first run – Enabled Enable Customer Experience Improvement Program – Disabled Allow including screenshot with Office Feedback - Disabled Send Office Feedback – Disabled Automatically receive small updates… - Disabled
Disable Sign-In (for cases where Single Sign-on ADFS is used)User Configuration\ Microsoft Office 2013\ Miscellaneous Block signing into Office – Enabled: Org ID Only
These settings will eliminate all user prompts and first run experiences, assuming you are training your users in advance of an Office deployment and you don't want them signing up for things like Customer Experience Improvement Program or sending Watson reports back to Microsoft.
Jeremy: Many of these settings are similar to the ones we would use in Office 2007 and Office 2010 to eliminate user prompts, first run experiences and feedback reporting, but there are a few more in the case of Office 365 ProPlus, because things like telling users about signing into Office are new and important in this release.
Next week we'll put the pieces together in the deep dive and show all of this working using System Center Configuration Manager for software distribution, Microsoft Deployment Toolkit with Windows imaging and Windows Intune.
In fact, tune in to see if I can out do Yoni as I take to the driver’s seat for our next XStream install stunt. I take on the challenge of installing Office 365 ProPlus via Windows Intune on my in-car PC tethered to my 4G Windows phone - all by the time it takes me to cross Seattle’s famous 520 floating bridge , so mark your calendars and tune in to see if I actually succeed.
Reference for Click-to-Run configuration.xml file
Download Click-to-Run for Office 365 products by using the Office Deployment Tool
In this week's episode, hosts Jeremy Chapman and Yoni Kirsh kick off a three-part series deep dive on customizing and deploying Office Click-to-Run packages. The first part of the series describes how the Office Deployment Tool for Click-to-Run is used to download, install, uninstall and convert Office packages for use with Application Virtualization. Yoni also takes to the air and attempts an Office 365 ProPlus install - without Internet access - while performing outrageously high-G Aerobatics.
<a title="The new Office: Garage Series for IT Pros - Managing Your Office Configuration (Part 1 of 3)" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=bc312c9e-2377-42c8-bd6d-03121a52ba29&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=bc312c9e-2377-42c8-bd6d-03121a52ba29&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - Managing Your Office Configuration (Part 1 of 3)</a>
Jeremy: So last week we recapped our Garage Series Live! show with Paul Thurrott, Office engineers and early Office adopters to tell us their experiences. We demonstrated touch enhancements in the new Office desktop, web and modern apps; Yoni showed Lync running on the PC, phone and browser and we saw the System Center experience for deploying Click-to-Run packages. And we topped the show off with a little trivia challenge in the spirit of the weekly shows.
Yoni: This week we go into more comfortable territory and describe the underpinnings of the Office Deployment Tool and how everything works. I also got to push Office to its limits with this week's XStream Install during some high-G aerobatics. But before we get to that, lets talk about install-time customization with Click-to-Run.
A lot of my peers and people I would talk to during Customer Preview thought Click-to-Run packages were only installable over the web and that led to a bunch of concerns around making things work with existing imaging and deployment tools, whether users had the right accounts to self-install install apps and what the bandwidth requirements looked like. The Office Deployment Tool solves for most of these concerns.
Jeremy: Right, so the Office Deployment Tool brings that offline control back to IT so they can install Office for their end users regardless of the tools are processes they have in place. If you can run an elevated command with whatever you use to install software today, then you can install Office 365 ProPlus. The setup.exe in the tool has three primary controls:
1. Download - for downloading Office builds and languages2. Configure - for installing and uninstalling Office3. Packager - for converting Office 365 ProPlus for use with Application Virtualization (App-V) 5.0
The Office Deployment Tool also uses a configuration XML file to dictate what is downloaded and where to as well as how Office is set up on the the target PC. It's similar in concept to the configuration XMLs we used in the MSI world, but with properties optimized for Click-to-Run. We don't use the Office Customization Tool with Click-to-Run, but the overwhelming majority of configurations you would have made with that tool are enforceable via Group Policy.
Yoni: As for the ODT, there are a few must-read articles on TechNet you'll want to look at to get a grasp of what the tool does and how to configure Office at install time.
We'll cover language management and the Packager command for App-V in a couple of weeks.
Jeremy: I wanted to also provide a few sample configuration XML sample files for downloading and installing Click-to-Run packages and explain a couple of the lesser know points of the tool. The /download switch and accompanying XML properties are pretty straightforward, but there are a couple things you need to know.
SourcePath (which is optional) indicates the location to save the Click-to-Run source when you run the Office Deployment Tool in download mode. If you do not specify SourcePath, Setup will attempt to create an \Office \Data\... folder structure in the working directory from which you are running setup.exe.
Here are sample contents for a download configuration.xml file:
<Configuration> <Add SourcePath=”\\server01\office” OfficeClientEdition="32"> <Product ID="O365ProPlusRetail" > <Language ID="en-us" /> </Product> </Add> </Configuration>
That will download the most recent package, but if you wanted to specify an older package, you could modify
the <Add...> line to look like this:
<Add SourcePath=”\\server01\office” Version="184.108.40.206" OfficeClientEdition="32">
If you don't include the SourcePath property at all, it will save to the folder where ODT's setup.exe is located. You could also add Language ID lines within Product IDs:
<Language ID="en-us" /> <Language ID="ja-jp" /> <Language ID="de-de" />
That will let you download language support for all the languages your company supports.
Yoni: And with the /configure switch you can install or uninstall Office. Here are a few examples for XML contents:
Install Office 365 ProPlus:
<Configuration> <Add SourcePath=”\\server01\office” OfficeClientEdition="32"> <Product ID="O365ProPlusRetail" > <Language ID="en-us" /> </Product> </Add> </Configuration>
In the same way, we can omit the SourcePath="" entirely and setup will look at the folder it is in for the Click-to-Run package and if it doesn't find it there, it will download the package from the Internet directly. Like above in our download example, you can include a Version property. If you include a Version property with the intent on keeping that version intact or waiting for you to publish a new build later, you need to disable automatic updates or point the updating engine to your update server location by including a line like the one below between the </Add> and </Configuration> lines in the XML:
<Updates Enabled=“TRUE” UpdatePath=”\\server01\updates”>
And to uninstall an Office Click-to-Run build, you would use a configuration XML like this:
<Configuration> <Remove> <Product ID="O365ProPlusRetail" > <Language ID=”en-us” /> </Product> </Remove> </Configuration>
or, to remove everything Click-to-Run without specifying Product IDs:
<Configuration> <Remove All=TRUE> </Remove> </Configuration>
Jeremy: We'll go deeper next week into things you can and can't do, as well as any common workarounds next week. But Yoni, this is your big week. You got to fly in a Extra 200 air race stunt plane. How did that work out?
Yoni: As a pilot, this a big deal. It's like the Formula 1 race car of stunt planes and is capable of extremely high G-forces. So I tested Office Click-to-Run to see if I could complete an install before I lost my lunch. You'll have to watch and find out the outcome. Special thanks to my friends at www.redbaron.com.au.
Jeremy: Tune in next week for part 2 of the 3-part deep dive on customization and deployment integration where we discuss a few more advanced configuration topics as well as a few common workarounds.
See you then.
This week our hosts, Jeremy Chapman and Yoni Kirsh, recap the Garage Series Live! where they discussed and demonstrated the new Office with author and tech journalist, Paul Thurrott, early adopter customers, and Office engineers. They were joined Patrick Wirtz from the Walsh Group, Marvin Correa from Sephora, and Sebastian Stein from HhpBerlin along with Jefferson Criddle and John Hoegger from the engineering team. This hour long special episode was filmed live on April 3rd.
<a title="The new Office: Garage Series for IT Pros (webcast) - Real world adoption tips, tricks, and secrets shared" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=04f3034f-6af9-417f-ba6d-924f81e06f44&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=04f3034f-6af9-417f-ba6d-924f81e06f44&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros (webcast) - Real world adoption tips, tricks, and secrets shared</a>
Jeremy: Coming off the great race where we showed how Office Click-to-Run can integrate with existing software and image distribution tools, we changed gears dramatically to present a live episode of the Garage Series with friends from early the Office adopters program, Paul Thurrott and the Office engineering team.
Yoni: Yes, we spent the last 5 episodes showing what is possible and how to think about some of the major differences in the new Office, but now we're diving a bit deeper into practice. If you haven't had a chance to see the last 5 episodes, check them out:
Jeremy: This one of the first times we've had early adopters of Office 365 wave 15 technologies, as we've only really been in market with them for a little over a month. Paul, Patrick, Marvin and Sebastian were awesome to work with and really brought a wealth of adoption experience to the show. They were all looking to deal with the trend of users bringing in their own devices, multiple devices per user, high demand for touch, evolving mobility requirements, providing Office services to seasonal workers and improving communication services across Windows and non-Windows devices.
Yoni: Right, and Paul challenged himself and us to have him appear as a skydiver or in a clown suit in an earlier winsupersite.com post. This was to pay homage to our first ever XStream install, where we install Office within 90 seconds of free fall. You can see the result, which provided one of the more comic moments of the show and my favorite tweet: “World, I can die now. For I have seen everything. @thurrott+jumpsuit@office garage” -Travis Lowdermilk Our thanks to Skydive Snohomish for outfitting Paul for the day.
Jeremy: Paul also arranged for a special recording of Windows Weekly where he quizzes Leo Laporte to see if he can provide the right answers to the most commonly misunderstood questions about the new Office as a service with Office 365 ProPlus. We didn't quite capture the true outcome as we intro'd Paul on the show, so watch to see how Leo really scores out of 5.
<a title="Windows Weekly on Office 365 ProPlus" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=082c3ce0-610e-4f22-8432-54f6b4787da8&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=082c3ce0-610e-4f22-8432-54f6b4787da8&src=v5:embed:syndication:">Video: Windows Weekly on Office 365 ProPlus</a>
Jeremy: Paul was great and offered a lot of wisdom and insight about the rationale for going with the new Office. And we had a great conversation with our early adopters and each brought a unique perspective. Patrick from the Walsh Group is really close to the software delivery and update management aspects with the new Click-to-Run clients. Sebastian brought his insights about the architecture and delivery options for the desktop service at HhpBerlin. Marvin had some great end user stories about which scenarios really shined at Sephora in their pilot. And Yoni brought some incredible demos of Office touch enhancements, Lync across multiple platforms and automating Click-to-Run delivery with System Center Configuration Manager 2012.
Yoni: It turned out that our whole group was using System Center to deliver new Office desktop apps to their users. I wanted to point out that the first two demos were truly live, but the Configuration Manager demo was sped up a bit due to timing considerations - so we could see the install working quickly. Our Office engineers, Jefferson Criddle from the setup side and John Hoegger from test also talked to the design goals and changes to the new Office to support the user-based model, faster delivery and integration with enterprise tools.
Jeremy: We ended with a round of trivia to challenge the knowledge of our guests in an East versus West trivia fight. Part of the fun of live broadcasting was that I had the director talking in my earpiece telling me to speed up that section and in this case, it also meant I didn't declare the winner of the competition - the East couch. Congratulations Paul, John and Patrick!
Yoni: Of course we also had live Q&A rolling in during the broadcast about:
Jeremy: We didn't have enough time to discuss what our early adopters are doing next. The Walsh Group is deploying Office 365 ProPlus using Click-to-Run and expects to be done by June 1 while working on their transition plan to Exchange, SharePoint and Lync in a hybrid configuration. They've seen their deployment times reduce by 50% for each release of Office starting with Office 2007. Sephora is extending their Office 365 footprint with other departments. HhpBerlin are planning to fully-transition to Office 365 ProPlus over the next two years as they grow their business and are looking forward to integrate all kinds of devices with the rich Office experience.
Yoni: It was an awesome show. Many thanks to our great guests, Paul Thurrott, Patrick Wirtz, Marvin Correa, Sebastian Stein, Jefferson Criddle and John Hoegger.
Jeremy: Next week we have a special in store, where we subject Yoni to High-G aerobatics, to see whether Office can install before he loses his lunch. Of course, we'll talk about meaty topics like downloading and configuring Office 365 ProPlus bits using the Office Deployment Tool as well. I can't stress enough about how excited I am for aerobatics and this particular XStream install. You'll have to tune in next week to see what happens.
See you then,Jeremy and Yoni
About the Garage Series hosts:
The live broadcast is over. But you can watch the replay now at www.microsoft.com/garage or the live streaming page.
Watch as we connect with well-known technology analyst, author and blogger, Paul Thurrott and other special guests, including early adopter customers and top Office engineers. In this special 60-minute episode, our adventurous hosts reveal lesser-known adoption secrets, demonstrate new Office touch and Lync experiences, and more.
Thanks for watching and see you next week!
Jeremy Chapman and Yoni Kirsh
SAVE THE DATE APRIL 3rd, 9AM PST
Join us for live discussion and Q&A as we are joined by well-known technology analyst, author and blogger, Paul Thurrott and other special guests including early adopters and top Office engineers. Don’t miss the fun as our adventurous hosts reveal lesser known deployment secrets and much more. Mark your calendar and tune in live at www.microsoft.com/garage or go directly to the live streaming page.
Update: On demand video is now available.
In this blog post, our intrepid hosts Jeremy Chapman and Yoni Kirsh answer your questions about a user-based Office service, how identity and services are provisioned, where data and passwords are stored and what the user experiences look like. They also catch up with cybersecurity expert and author, Mark Russinovich, to discuss the cloud security model.
<a title="The new Office: Garage Series for IT Pros - Identity, Activation and Data Access" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=ac03e637-fe5d-4e26-a4cb-6d6f6ab72c2c&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=ac03e637-fe5d-4e26-a4cb-6d6f6ab72c2c&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - Identity, Activation and Data Access</a>
Add a reminder to your calendar to tune in each Wednesday 9am PST. Also mark April 3rd, 9am PST on your calendars when we come to you with the Garage Series Live! We'll have Paul Thurrott, early adopters and Office engineers to discuss lessons learned, deployment secrets and much more.
Jeremy: Last week we focused on the introductory themes of configuration management as a primer to pre-installation, install time, policy and post-installation configuration management. This week we look at the most fundamental shift in the new Office, enabling it as a user-based service. Users can benefit from this new model as we discussed in episode 1, but for IT it means that the pivot point for all of this - the user ID - is now added into the Office online services identity store.
Yoni: If we think about this, the core thing we are enabling as an IT admin is the activation service. In the past (Office 2007 and earlier) we used a bypass key in a settings file and in the volume licensing editions of Office 2010 we leveraged the Windows activation model with the Key Management Service (KMS) or Multiple Activation Key (MAK) and we can still do that with Office Professional Plus or Standard 2013. Now with Office 365 ProPlus, the model is user based and each user can install Office on up to 5 PCs or Macs.
Jeremy: That means that Microsoft in some way needs to know who that user is to enable them to install and manage those five copies - whether on domain-joined or privately-owned and unmanaged machines - there has to be some mechanism in place to show what where the user has installed Office and be able to deactivate copies as he replaces his computers in the future. This along with roaming settings really define the new Office user-based model.
Yoni: I often get asked whether we can still do the user-based licensing and give everyone five copies of Office, but do everything with MAK or bypass keys. Why didn't you do this, Jeremy?
Jeremy: Well, it is an interesting idea, but when you think about it, just about every option would have implementation or usability challenges. Sending unique 5x5 keys to everyone is a challenge and once a user would reach their limit of 5 installs, then the telephone activation model doesn't scale too well. Also there would be nothing tying Office to that user. Imagine trying to use Outlook.com email, Facebook or Twitter without a user account - there would be no personalization. Once you add monetary value each installation of the software, connecting to the paying user is even more important.
As we saw in our first episode we can move between devices and links to my files move with me, so I can be productive on any device without having to email myself files or log into web-based services manually each time, all of that is hooked directly into the Office apps to make it easier for people to access their content.
Yoni: That makes sense, but there are a few new steps we need to get all of this working and there are a few options. We can manually provision users and assign them services - all of this including password assignment can be automated using PowerShell - or we can use Directory Sync to automatically populate user principle names in the Windows Azure Active Directory service. In both of these options, the user passwords are mastered in Azure AD.
Jeremy: If you want to keep password management in sync with your on premises directory service and not move passwords up to Azure Active Directory, you can use Active Directory Federation Services (ADFS) to master user passwords and keep authentication on premises. ADFS will pass login attempts to your on premises Security Token Service (STS) and your STS issues claims tokens to the user to access the service. That way the user can use the same password he would use for his Active Directory on premises login, so he doesn't have a second password to remember. Of course you can use PowerShell or other tools to synchronize passwords, between the on premises environment and Azure AD, but not everyone is comfortable doing that.
Yoni: Running all of this in Azure AD is certainly easier and we'll go into more detail in a future episode, but setting up ADFS and achieving single sign on is easier than many people would think and there are benefits beyond Office 365 when thinking about directory federation.
Jeremy: So we showed the installation experience for a domain-joined computer where single sign on is enabled and one that is not domain-joined, but installs via the Office 365 portal. In the direct from portal case when you kick off the installation, you will see a file that looks something like this:
The string above bascially shows architecture (x86), language (en-us), product ID (O365ProPlusRetail) and unique identifier (_24...). In cases where we manage the installation, we use the configuration XML with the Office Deployment Tool and push the installation with some form of automation - like scripts, System Center Configuration Manager, Microsoft Deployment Toolkit, Windows Intune or a plethora of third party equivalents. In a future episode we'll talk about all of the configurations needed to suppress completely sign-in, first run experiences and user prompts. IT admins have had to deal with these in past releases of Office, but now there are ways to automatically sign users in to Office 365 installs picking up their domain credentials. I also showed the effects of deleting the user account from the Azure AD store and how it put Yoni's Office into Reduced Functionality Mode (RFM) - even if Yoni installs Office on his personal devices using his organization's Office software assets, once Yoni leaves the org the IT department can deprovision his personal installs. That keeps software asset management cleaner and IT is in control.
Yoni: Don't forget we also had Mark Russinovich on the show and he explained the security model for online services with Azure AD - in your car. It sounds like they are taking the defense in depth approach to harden the service. And you made him slum it in your car, Jeremy.
Jeremy: Yes, I caught up with Mark the week before he went to the RSA conference to promote his new book, Trojan Horse. Mark is a technical fellow for the Windows Azure team and of course is one of the industry's foremost cybersecurity experts. He had just returned from Costa Rica and was concerned about my abilities to interview and drive at the same time - you can see that in one of the outtakes. I wish I would have filmed this, but he was even troubleshooting my crash dump logs in my car PC. I hope that you like the interview and don't forgot to check out his book Trojan Horse for yourself, the sequel to Zero Day. Both are great books with themes taken right out of today's headlines.
Yoni: I wish I could have been there for the interview, mate. Don’t forget to join us next week where we take a closer look at compatibility and gear up for the great race of Office installs from the traditional MSI, System Center Configuration Manager, Microsoft Deployment Toolkit, Windows InTune and Click-to-Run as we look at whether or not deployment just got faster
Garage Series for IT Pros Archive for previous episodes
In this blog post, our animated hosts Jeremy Chapman and Yoni Kirsh begin to tackle the frequently asked question, "Do I get more control if I use the traditional Office installation?" They look at automation support and install-time controls, configuration management via Group Policy and new Office Telemetry tools with a special visit from the lead Office Telemetry engineer, Chris Yu.
<a title="The new Office: Garage Series for IT Pros - Configuration Management 101" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=fabbc423-7183-48c4-8cdf-14ae21445a4b&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=fabbc423-7183-48c4-8cdf-14ae21445a4b&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - Configuration Management 101</a>
Jeremy: Last week we went deep on package types for Office and explained the feature differences and similarities between Click-to-Run and MSI-based installations of Office. In the blog post, we also explained that network traffic is about the same whether we use Office Professional Plus 2013 or Office 365 ProPlus - around 700 MB at install time and similar monthly update sizes. In fact, if you installed our last update for Click-to-Run (15.0.4454.1513 atop .1511), the package size was around 43 MB (thanks for the measurement, Curtis). Yoni showed how to get the Click-to-Run bits using the Office Deployment Tool. I wrote about where pre-upgrade tenants get Office for Mac bits. Finally we explained the three core instances where subscription activation won't work: RDS, Windows To Go and closed networks.
Yoni: This week we focus on configuration management and cover all of the main areas for Office - pre-installation prep, install time settings, Group Policy and post-installation monitoring. Like any good donut plot, it turns out our tools for pre-installation prep and post-installation monitoring are now the same tool set with the new Office Telemetry capabilities. And we brought in Chris Yu from the Office engineering team to explain his creation. One of the most exciting parts of this release is that you now have context for your troubleshooting and compatibility/migration efforts. Instead of just blindly finding all Office files and solutions, we can see how frequently files are used and whether they are in the critical path for a migration, who uses what and who will be impacted by any issues.
Jeremy: For example, it doesn’t really matter whether or not a spreadsheet is compatible if it hasn't been opened in 5 years and only one person has it. Imagine finding 100,000 docs across a 1000-seat company. Office Telemetry will help you identify what matters based on what is used and who is using it. So it helps reduce the amount of time you spend testing for a new Office rollout.
Yoni: But it doesn't stop there. Whereas in the past we would have used compat tools just to prepare for a migration, we can use Office Telemetry to maintain performance and continually track issues. We'll know the extent of the impact of any problems and can even use the new solution management capabilities to block unwanted add-ins from running.
Imagine your help desk phone rings and a user complains about a bad Office add-in. Once you confirm it's bad, you can find the other 100 people with that add-in loaded and blacklist it from running - before the help desk line rings a second time.
Jeremy: This week we presented an overview, but next week we'll go much deeper into the Office Telemetry tools: Telemetry Dashboard and Telemetry Log. When we're rolling out Office, after we do our compatibility testing, the next step is usually to figure out which configuration settings we want to enforce with Group Policy.
The process is the same one that you would normally use, download the Office Administrative Templates, load the ADMX files into %windir%\PolicyDefinitions\, open gpedit and open the office2013grouppolicyandoctsettings.xlsx you just downloaded to poke around a bit.
Yoni: Those with trained eyes will see things like \general!skydrivesigninoption, \licensing!hidemanageaccountlink, \firstrun!disablemovie, \osm!enablelogging for the first time. These are the same for the traditional and Click-to-Run installation and correspond to a handful of new features from signing into Office to managing telemetry components. In total, Office has 2163 configurable ADMX settings.
Jeremy: I had a chance to interview Skji Conklin the program manager looking over Office Group Policy and Roaming Settings. I think a lot of people who grew up with Roaming User Profiles in Windows might get confused about how the roaming feature works in Office. On the Windows side, we roam the actual file on each log in or log out event, which could amount to several MB of data while causing performance issues among other things when logging in and out.
In Office, we roam a tiny amount of information tied to the user account - links to the most recently used docs (MRU), custom dictionary, last page or last slide, and theme settings. Since we only roam links to files instead of the files themselves, the settings package is tiny and file access management policies remain intact.
Yoni: With Office Telemetry running, Group Policy configurations in place and our new understanding for roaming settings in Office, the final core area to look at was install time configuration. If you are using the traditional MSI installation package the Office Customization Tool is basically identical to the Office 2010 version and can be used in the same way. Likewise, you can use the configuration.xml file format we've had since Office 2007 as well.
Jeremy: When you start looking at Click-to-Run, you need the Office Deployment Tool (ODT). Click-to-Run doesn't use the Office Customization Tool and the configuration.xml file is different. Last week, we saw the ODT used to download a Click-to-Run package and this week we explained the new configuration XML file and how that can control software update behavior with a Click-to-Run install. There is a great article on ODT options on TechNet.
Yoni: Next week we'll talk about the implications of a user-based Office model, demonstrate the user-based activation experience with Online Services IDs or Single Sign On with ADFS and we'll bring in special guest, Mark Russinovich, to talk about how Azure Active Directory is secured.
Jeremy: Be sure to tune in at 9am PST on April 3rd for the Garage Series Live! show where we'll bring in Paul Thurrott from winsupersite.com along with early adopters and engineers to discuss their experiences with the new Office with live Q&A.
See you next week!
In this blog post, our adventurous hosts Yoni Kirsh and Jeremy Chapman explain the differences between Windows Installer Package (MSI) and Click-to-Run package types, how to download Click-to-Run builds for use with software distribution tools, when its necessary to provision user accounts in Office 365 and Yoni tests whether Office 365 ProPlus can be installed before our skydiver, Fully Sik, hits the ground.
<a title="The new Office: Garage Series for IT Pros - Who Moved My MSI?" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=670e3969-0509-4d3a-a8a6-ffbe526d3e6f&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=670e3969-0509-4d3a-a8a6-ffbe526d3e6f&src=v5:embed:syndication:">Video: The new Office: Garage Series for IT Pros - Who Moved My MSI?</a>
Jeremy: So last week we stayed at the surface level to explain the high-level differences between traditional installations of Office 2013 using MSI packages and the new Office 2013 and Office 365 ProPlus Click-to-Run installations. In this episode we go quite a bit deeper into the differences.
Yoni: One thing to remember is Click-to-Run is the default installation for Office 2013. Whether you buy Office at your local retailer, on Office.com or anywhere else that sells Office, you are installing via Click-to-Run. This is the same whether it is perpetual or subscription activation - or whether it is an Office 2013 suite or an Office 365 suite. The only way you can get an MSI package of Office 2013 is if you have a volume license agreement for Office Professional Plus 2013 or Office Standard 2013. Everything else is Click-to-Run - even if you live somewhere that offers Office on a DVD, you are installing via Click-to-Run from the DVD.
Jeremy: I think the similarities between the two installation types will surprise people and after Office is installed they are both virtually indistinguishable to a normal user. So we attempted in the show to describe the differences between package types on the massive PPI display - and in case you couldn't read our chicken scratches on the PPI we captured a better diagram with more descriptors below.
Yoni: You can also find a great feature comparison between Office Professional Plus 2013 and Office 365 ProPlus on TechNet. The things we tend to care about on the IT pro side - automated deployment capabilities, imaging support, Group Policy configuration management, application and file compatibility, etc. are roughly the same with both package types.
Jeremy: Despite lengthy explanations and the huge degree of similarity between these install types, I tend to get the same two questions:
1. What if I can't ensure a persistent connection to the Internet for Office 365 ProPlus?2. How much bandwidth does Office 365 ProPlus consume?
The first question is really a trick question, because it's just a local install like the traditional MSI. Once Office is installed, you can use it offline. The "365" part in the name doesn't mean we are remoting into a hosted set of applications like Remote Desktop Services or Terminal Services as we used to call it 5+ years ago. Don't get fooled by terms like "streaming" or "virtual", it's still a local install. The "streaming" aspect is really just allowing you to use Office apps before they are fully-cached on the local disk - and we all know what happens if you try to launch EXEs from an MSI install before they complete installation. The only thing we really need a periodic Internet connection for is to see whether my IT department has deprovisioned my account and I can stay offline for 30 days at a time if I need to.
Yoni: I don't know if you can call these trick questions as much as jumping to conclusions. When people think of software in the cloud, they think about things like RemoteApp or Citrix XenApp and don't really equate it to a traditional install over a network.
But how much network bandwidth does an Office 365 ProPlus install consume?
Well, if you download the Click-to-Run package for 32-bit en-us build 15.0.4454.1511, it's 994 MB total. The MSI package for Office Professional Plus 2013 is 710 MB. The problem is we aren't comparing apples to apples here. You see the Click-to-Run package is actually a "Mondo" Office build containing Visio and Project binaries. If you install Office 365 ProPlus (without Visio and Project) over a network connection, you will consume around the same 700 MB as the MSI package because you are not installing Project and Visio. So it consumes about the same amount of bandwidth as the Office Professional Plus 2013 MSI package.
Jeremy: The secondary question we tend to get after the install is, "how big are updates then?" That, as with the MSI, depends on the number of things we update in a given period of time. I've downloaded and extracted all of the Office 2013 32-bit updates to date (minus Visio, Project and SharePoint Designer) and there have been around 397 MB of MSP files since 15.0.4420.1017 was signed off on October 10, 2012 to now March 6, 2013. If you upgrade a Click-to-Run package of that 4420.1017 vintage to a current build - say 15.0.4454.1511 - you'll see a little less in terms of the packet traffic going over the network. This is because the MSP files may overwrite some of the binaries they've updated over time.
Yoni: The main takeaway here is that the network bandwidth consumption of an initial Click-to-Run install is about the same as a network install of the traditional MSI package. Roughly the same goes for your updates. And if you are totally network-constrained - like 56k dial up modem slow, you can install Click-to-Run from USB or DVD media just like the MSI.
Jeremy: One other cool benefit of Click-to-Run is the ease, size and time of the initial installation. With an MSI, you would install 4420.1017 and you would probably have the 397 MB of MSP files in the "updates" folder of the install source. That would make for about a 10 minute install of the core 4420.1017 build, then the 30 updates delivered since release to manufacturing would install for the next 10 minutes or so. The total package size in that case is about 1.1 GB and would grow month over month. With Click-to-Run each build is cumulative and contains all the updated binaries to date, so the overall package size doesn't really change. Regardless of where you are in the release lifecycle of Office, your install times will consistently be about 2 minutes to launch applications and around 4-5 minutes to be fully-cached under normal circumstances.
Yoni: All of this is well and good, but we should mention how you download the Click-to-Run bits. With MSI packages, you keep going to the Volume Licensing Service Center (VLSC) and if you have the log in credentials for you org, you log in and get your installation files and keys. With Click-to-Run, getting the bits is a little easier because there are no login requirements gating Office bits access. You just download Office Deployment Tool for Click-to-Run (ODT), make a few edits to the configuration.xml file and you can start downloading Office 365 ProPlus. Best thing is it is open to anyone, no logins required.
Jeremy: By the way, if you already have an Office 365 tenant with Office desktop apps that hasn't been upgraded yet (it's still white and orange), you can download Office and install it for your users with the ODT. The new Office 365 ProPlus apps will activate against your pre-upgrade Office 365 tenant. And if you want Office for Mac 2011 for use with your pre-upgrade tenant, you can get the Mac bits as well and activate them against your tenant. Download Office for Mac 2011 by clicking this link.
Yoni: So here is a sample configuration.xml file you would use to download the latest version of 32-bit en-us language builds of Office 365 ProPlus:
<Add OfficeClientEdition="32" > <Product ID="O365ProPlusRetail"> <Language ID="en-us" /> </Product> </Add>
</Configuration> You would just use the ODT and run setup.exe /download [path to your XML]. Likewise, to install you could use the same XML and just run setup.exe /configure [path to your XML]. Of course there are many more knobs and dials you can configure Office in the XML and more information is found here.
Jeremy: And if you want to go further with configuration of the clients you can download the Office 2013 Administrative Template files (ADMX/ADML) which apply to Office Professional Plus 2013, Office Standard 2013 and Office 365 ProPlus.
Yoni: With the Office Deployment Tool, Click-to-Run bits and ADMX files, you can test deployment and automation tools. Office 365 ProPlus gives you 5 days of activation grace period to make sure all of your automation is working. But if you want to use Office 365 ProPlus longer, you'll need a trial tenant.
Jeremy: Yes, once you get past your scripting and automation testing and get those things working and assuming you want to run Office a little longer than 5 days and get rid of that red bar under the Office ribbon, you need to get a trial tenant, add users and give them the rights to Office apps. You can do all of that here. That will give you 30 days of trial time to test your add-ins, dependent apps and start user testing.
We also talked about differences in activation types and when you can use subscription-based activation versus when you have to use volume activation bits. The cases requiring volume activation installations of Office apps are:
- Remote Desktop Services
- Windows To Go
- Closed Networks
In those cases, you can't actually use Office 365 ProPlus native Click-to-Run packages with subscription activation. These are technical limitations. Fortunately, for the first two cases there are exceptions in Office 365 ProPlus licensing allowing you to use Office Professional Plus 2013 as one of the 5 installs per user with RDS and Windows To Go. If you are in a completely closed network with zero connection to the outside world, there is no way to assign Office usage to a specific user to give him rights on personally-owned computers, roam settings, etc., so you're more in line with a hardware-based license and would need to use volume activation with a Key Management Service (KMS).
Yoni, speaking of the outside world... you tested the limits of Office this week in the air. Tell us about it.
Yoni: Yes, I wanted to figure out if a Click-to-Run install could be ready for use between the time it takes to jump out of an airplane to the time our skydiver, Fully Sik (his legal name), hits the ground. You'll have to watch the video to find out if he could...
Jeremy: Before we sign off this week, I wanted to call out our upcoming April 3rd, 9am PST Garage Series Live! show where we'll bring in Paul Thurrott from winsupersite.com along with early adopters and engineers to discuss real world deployments - the good and the bad - of the new Office. Also tune in next week when we go under the hood with the configuration controls for Office Click-to-Run clients.
See you soon.
Garage Series for IT Pros Archive
In this blog post, our desktop specialist hosts Jeremy Chapman and Yoni Kirsh, walk us through the differences between the Click-to-Run and MSI-based Office versions, the new IT Pro capabilities, and the premise of the new Office including a demo of user based multi-device support.
<a title="The New Office: Garage Series for IT Pros - What’s in it for IT" href="http://www.bing.com/videos/browse?mkt=en-us&vid=c8393a2a-b03d-450f-a54d-fcfc070a178c&from=shareembed-syndication&src=v5:embed:syndication:&from=dest_en-us" target="_new" data-mce-href="http://www.bing.com/videos/browse?mkt=en-us&vid=c8393a2a-b03d-450f-a54d-fcfc070a178c&from=shareembed-syndication&src=v5:embed:syndication:&from=dest_en-us">Video: The New Office: Garage Series for IT Pros - What’s in it for IT</a>
Add a reminder to your calendar to tune in each Wednesday 9am PST:
Jeremy: Welcome, so if you have not seen yet, we just made available the new commercial service for Office with Office 365 ProPlus. Consumers have had access to the new Office for little under a month now, with much fanfare. But not to be outshined and to break tradition of just posting a 50-page whitepaper that you print out and read to cure occasional insomnia (although we have that, too) we decided to launch a brand new weekly show dedicated to desktop IT professionals everywhere, called the Garage Series. In fact we built from scratch ourselves the 32 different demos that you’ll see during this season. If we can’t do the things that we show you ourselves, you can bet that we won’t stand in front of you and talk about it.
Each week we will be addressing the toughest questions around manageability, configuration, user provisioning, data access, security and much more. Additional resources on each show topic will be offered weekly, too, on this blog. See our trailer for a taste of what’s in store.
Yoni: We’ll go deeper on managing and configuring Office as we move through the show series but for today’s kick-off show we explain the two versions of Office: the MSI-based Office Professional Plus 2013 and the Click-to-Run-based, Office 365 ProPlus; speak to the chief architect for the setup and roaming settings experience, John Jendrezak, who discusses the genesis of the new Office which is now connected to the user versus the device; Jeremy demonstrates user based multi-device support and I show you installation and coexistence of a highly-customized Office 2010 with the new Office showing side-by-side capability and shared customizations.
Jeremy: As we discuss on the show, there are two primary packaging types for the new Office - Office Professional Plus 2013 and Office 365 ProPlus. Both share many of the same traits - both are local installs and the same extensibility, both use the same Group Policy templates, both can be monitored and managed with new Office Telemetry features and both share the same application experiences. Both package types share most of the same controls and we'll cover that in depth in March 13th's episode.
Office 365 ProPlus builds on the culmination of several technologies – from application streaming to services – to enable new user and administrative experiences to support Office as a Service. Unlike previous iterations of Office application suites, Office 365 ProPlus enables users to get to rich Office experiences quickly on any Windows 7 or newer PC and have their files and personalized settings follow them from PC to PC. Office is now connected by the person using Office, not by the device – that means each user can install Office on the computers they own or use (up to five installs across PCs and Macs).
You would have seen in my multi-device demo that I used mostly Windows based devices but I could have equally used non-windows based devices to log into SharePoint to access my files from the browser using Office Web Apps. We are actually doing more than just roaming the most recently used document list in this demonstration. We are roaming:
These settings are loaded into the Office applications as the applications launch. Because the files (documents, spreadsheets, presentations, notes, etc.) themselves are not roaming and we are just injecting a tiny amount of information as the apps launch, there isn’t a measurable impact on performance.
Another thing to note is that the Office 365 ProPlus installation does not require you to uninstall or upgrade from previous Office versions, instead it streams Office down to you PC alongside your existing Office applications. Streaming enables you to start using Office in a fraction of the time needed for older generation Office installations – you can use Office while it continues to stream in the background.
Yoni: Yes, so I hope that you like what you saw in terms of the side-by-side installation. It’s now a lot faster to get users up and running and as you saw there’s no need to re-build the configuration – Ribbon and settings just port over. Net result, it’s faster for you to provision as the IT Pro and your end users get to have all their customizations making it much easier for them to transition to the new experience. Office 365 ProPlus was designed to support existing extensibility models for Office, including Object Model APIs, Web services and protocols, VBA, Office Add-ins and document-level customizations. In fact, in side-by-side installations, Office 365 ProPlus will examine desktop application customizations existing from previous installations of Office and load those when Office 365 ProPlus programs are executed. Customizations are found in %AppData%\Local\Microsoft\Office such as OFFICEUI custom ribbon extensions and CUSTOMUI files.
And, if you tried the side-by-side installation in the preview timeframe and experienced Office versions fighting for default file associations, Microsoft updated the Office 2007 and 2010 client applications a few months back to avoid them running repair operations and winning default associations with each software update.
Jeremy: We also tackled some of the most common misconceptions today. Probably the one I hear the most, is the one that Yoni clarified, in that you actually have control over where your data resides with the Office 365 ProPlus just like any other local install of Office. You can use it without storing your data in the Cloud if you want, but storing off the local drive enables you to roam from device to device like we saw in the demo. We'll cover these themes in more depth in episode 4, March 20th when we have Mark Russinovich on the show. Equally, we hope that you now know that whichever version of Office you choose, it’s still a local install, the bits stream and cache to your machine in the case of Office 365 ProPlus.
Yoni: Exactly, as I found out, as the stunt guy for our XStream install segments where we put the new Office install through its paces in the Air, on Land and Water where there is no internet connectivity. In fact, next week we cover “Who moved my MSI” and our first XStream Install skydiving and test if we can install Office before our skydiver reaches the ground.
Jeremy: So see you next here on microsoft.com/garage. Also check out these additional articles and resources.
So what does skydiving, aerobatics, Ferraris or wakeboarding have to do with the new Office? Well what are the most XStream Installs that you can think of on air, land and water with Office 365 ProPlus?
<a title="The New Office: Garage Series for IT Pros" href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=9e0fcce2-1b52-433d-bad7-edfb47501c8e&src=v5:embed:syndication:" target="_new" data-mce-href="http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=shareembed-syndication&VideoID=9e0fcce2-1b52-433d-bad7-edfb47501c8e&src=v5:embed:syndication:">Video: The New Office: Garage Series for IT Pros</a>
We are seriously passionate about technology and automation. So watch as we challenge ourselves to show you what's possible, including never before seen demos as we answer some of your toughest questions and even catch up with the engineers behind the new Office and Microsoft Technical fellow, Mark Russinovich.
So mark your calendars to watch every Wednesday starting February 27th, as we cover topics such as Who moved my MSI?, specific considerations for a user-based office, the ins and outs of managing an Office configuration, including virtual environments and much more.