Microsoft Office 2010 Engineering

Click-to-Run: Delivering Office in the 21st Century

Introducing Click-to-Run

If you’re the type of person who likes to test-drive the latest and greatest software (or you’re the type of person who reads an Office Engineering blog…), then you’re probably familiar with the pain that can be part of trying out new software for the first time. My name is Paul Barr, Lead Program Manager for the Click-to-Run team in Office 2010, and we’ve built Click-to-Run with you in mind. What follows is a more in-depth post on the technology introduced in the New Ways to Try and Buy Microsoft Office 2010 announcement.

Delivering rich programs like Office over the internet hasn’t changed much in the last decade. Sure, we have self-extracting executables, securely signed files, and download managers, but all of these fall short of solving what we think are the biggest problems with downloading and installing large applications:

1. It’s slooooowwww. Office has a lot of great features and content, but it’s also very big, and it takes a long time to get the whole thing downloaded, installed, and running. This prevents users from getting the products in any sort of context to the current task they’re trying to perform.
2. Applications are often out of date. How many times have you downloaded new software only to be prompted to update it immediately?
3. Installing a new version can sometimes mean uninstalling the old one, or it might be disruptive to other software you have installed on the System.

What is Click-to-Run?

Click-to-Run is a new software delivery mechanism built by the Office product team. It’s based on core virtualization and streaming technologies from the Microsoft App-V team in Cambridge, MA. Click-to-Run is optimized for home users on broadband connections (at least 1Mbps), and there are three key pillars of the investment:

1. It’s fast.  Home users can stream Office and be running their apps in as little as 90 seconds (under 5 minutes on average), or about 10% of the time it would take otherwise. The products still run locally utilizing the PC’s resources, they don’t “run in the cloud”.
2. With Click-to-Run, it’s easier to always be running the latest and most secure version of Office.  Click-to-Run users get the latest bits right away (rather than old bits that need to be patched immediately, which can take another 60 minutes over the internet).  Click-to-Run users also get updated automatically over time, with no need to download or install patches.  The product seamlessly updates itself in the background.
3. It’s low impact, and co-exists with other software on the machine.  Click-to-Run products are virtualized, so they don’t conflict with other software.  For instance, users can run Office 2007 for their production scenarios while they evaluate a trial of Office 2010. This addresses a major user pain point. 

Click-to-Run products also take up about half the disk space of normal products, they repair more completely, and they won’t break other software installed on the PC because they have private copies of all of their files and registration.

Click-to-Run is not a new Office “product”, it’s a new way of delivering and updating the products with which you are already familiar. Click-to-Run delivery is available for both the Office Home and Student 2010, and Office Home and Business 2010 products. It has full language support, and will work on both 32-bit and 64-bit Operating Systems (although only the 32-bit version of Office is actually run on both platforms).

How does Click-to-Run work?

Products delivered via Click-to-Run execute in a virtual application environment on the local Operating System. This means that they have private copies of their files and settings, and that any changes they make are captured in the virtual environment. The effect is they don’t end up modifying any other software installed on the System. With few exceptions, only user data actually passes through the virtual environment to the local System. Click-to-Run users may notice that they have a virtual Q: drive on their PCs, this is the virtual file system used by Office.

Click-to-Run products also support streaming. Think of this in the same way you think about streaming video. You get to watch the first part of the video before the entire file downloads. With Click-to-Run, users can start using their Office programs before the entire suite or product has been downloaded, enabling them to get to work much faster. While the user is running their application, the rest of the products are being downloaded in the background. The initial installation process is very different than what users may be used to. The experience of getting Click-to-Run Office is more like downloading a big web control than doing a traditional Office install:

If a user tries to use a feature or application that is not yet downloaded, Click-to-Run retrieves the required functionality from the internet immediately. In this case, the application may pause briefly, and users might see an experience like the below:

Users can see the current progress of the product download by launching the Click-to-Run Application Manager in Windows Control Panel:

Once fully downloaded, the product is cached locally, and users are free to disconnect from the internet and continue using their Office products:

Click-to-Run in the Office 2010 Beta and beyond…

Users will see that the Office Home and Business 2010 Beta product is available to download using the Click-to-Run technology. This option is optimized for high bandwidth connections (low bandwidth users should download the Office Professional 2010 Beta). When Office 2010 releases, Click-to-Run delivery will be available for a wider range of Office products. Users who download an Office 2010 product using Click-to-Run delivery also have access to the “normal” self-extracting version, as well as the native 64-bit version if those better suit their needs.

Home users may notice that a handful of things behave differently when using a Click-to-Run version of the Office 2010 products. For instance, there is a Click-to-Run specific destination in the Backstage for each application in the product. This section gives details about the status of applied updates, and links to more information about Click-to-Run:

It’s also possible that users will notice that some add-ins, or other integration points with the Office client, behave differently or are broken when using a Click-to-Run product. The vast majority of these will have no issues. All macros, in-document automation, and cross-Office application interoperability work fine. But sometimes the Office product group must make changes that cause some integrated solutions to require updating (building 64-bit versions of the applications is another good example of this). In some cases, add-ins might have trouble locating the Click-to-Run Office products on the machine, or they might have issues communicating with Office products when they are running in the virtual environment.

We expect these issues to be limited in scope. You will see more from us on how to resolve these both for users, and developers that wish to extend Office. In the Beta timeframe, if you are a developer, or are having issues with an add-in that you believe is compatible with Office 2010, you may want to obtain the Professional version of the Office 2010 Beta.

Wrapping it up…

As you’ve seen through the other posts on this blog, the Office 2010 rich clients bring a great new set of features and functionality to users. Click-to-Run is about getting that value into the hands of users easier, faster, and safer than ever. We’re very excited to pioneer the next generation of software delivery over the internet, and we look forward to your feedback.

Data Driven Engineering: Tracking Usage to Make Decisions

Hello, my name is Peter and I work in the Office Trustworthy Computing (TWC) team. One of my team’s areas of focus is collecting data on how various applications are being used so we can make informed decisions. You’ve probably seen, and based on the comments received to date, have used our Send-a-Smile feedback tool. In addition to that type of qualitative feedback, the last 3 versions of Office have included telemetry through the Customer Experience Improvement Program (CEIP) to help us understand how applications are being used. The combination of qualitative and quantitative data provides valuable insights for making informed design decisions.

What is the Customer Experience Improvement Program?

In short, the CEIP is an anonymous opt-in program that helps us improve Office. If you opt-in to the CEIP, anonymous data about how you use Office are uploaded to Microsoft occasionally in the background.

When you run an Office 2010 application for the first time you are asked about what settings you want to apply to ‘Help Protect and Improve Microsoft Office’ and the CEIP is included in the Recommended Settings. You can also find this in the Privacy Options of the Trust Center. In previous versions, opt-in was through a “Help Make Office Better” balloon that would pop up the first time you ran Office.

Of course, we respect your privacy and don’t collect any information that could identify you or your data personally. Your anonymous data is combined with millions of other users to provide us a broad picture of how people use Office.

What do we collect?

We collect a lot of information on our applications, too much to enumerate in a blog post. The engineering teams have defined data points that they are interested in learning about, and added those to the software for data collection. They typically fall in the following categories:

• Usage. The bulk of the data points fall into this category and they tell us how the software is used. Some of the information collected includes the commands that are on the Ribbon, general feature usage, actions taken in wizards, etc. It allows us to answer general questions like ‘how many users do X’ and ‘how often does X happen’, as well as specific questions like ‘how many documents contain pictures or what is the average size of a Word document’.
• Reliability and Performance. We want to make sure that our software performs as expected and have as much information as possible in the event it doesn’t. For example, to measure Reliability developers put assertions in the code that tell us when there is a logical inconsistency (e.g., something that was expected did not happen) – knowing how often these happen helps us focus on improving the product in future releases. In the case of Performance, we expect applications to boot and load documents fast – collecting basics like document size and load time allows us to verify how well we’re doing.
• Hardware/Software Configuration. What kind of hardware people have and how they have configured their various Office applications helps us interpret the data by providing context. For example, if we see a slow document load time, does this happen only on machines with low RAM or a particular processor speed? How do video card characteristics affect transitions in PowerPoint? How does usage differ across languages and locales?

The TWC team provides the expertise and guidance for the different application teams to get high quality telemetry on their particular usage. Since we receive over a billion sessions in a month, we rely heavily on data aggregation and provide several analysis and reporting tools so teams can access the data more easily when they want to know how their customers are using their software.

How do we use the data?

Before we had the data from customers participating in the CEIP, design decisions were quite often based on consulting people who had worked on the product for a long time (opinions) or personal observations of, say, someone’s family members (anecdotes). If you were lucky, you had some data from the researchers in the Office Design Group or a survey done by the Planning team. There was data, but it was from a constrained sample of users, rarely data from real users, doing real work. Throughout the development of the Office 2003 release, the Office teams began leveraging the CEIP data to better understand how real users used the Office applications. With every release, we’ve grown our toolset and have a richer understanding and appreciation of real-world usage data.

For many of the Office 2010 design decisions, we leveraged this usage data to answer questions based on how real customers actually use the applications. To provide a single example, take the question on whether the Ribbon should be collapsed when users were in a particular view in PowerPoint – the discussion was on whether users could still figure out how to start a slideshow. We have a few different entry points to start a slideshow and the reporting tool showed how often each was used.

Based on the Command Name and the ID, we know that the one showing 65.9% is not on the Ribbon, but still a significant number of users (25.6%) click the Ribbon. We can drill down even further and see that the vast majority of users access the Slideshow command through the status bar instead of using a hotkey.

While the design process involves more than just data, this example shows how your participation in the CEIP can replace the opinions and anecdotes from ‘experts’. Knowledge about actual usage is extremely valuable and ultimately puts us in the position to make intelligent decisions and create a better product for you.

In future posts we will give you an overview of other feedback mechanisms we use to improve the product, such as error reporting to find and fix reliability issues, as well as a tool to collect data for performance and responsiveness issues.

I look forward to reading your comments and questions on how we use data during the development cycle.

Thanks,

Peter Koss-Nobel, Senior Program Manager Lead, Office Trustworthy Computing

UI Extensibility in Office 2010

When introducing the Ribbon UI in Office 2007, we also introduced the RibbonX (Ribbon extensibility) model, a new way to programmatically customize the Office UI. RibbonX enables 3^rd party developers and solution providers to build on top of the Ribbon by authoring custom tabs and groups, targeting scenarios unique to and optimized for their customers.

Office 2010 extends the span of the UI extensibility platform by providing support for customization of the new Backstage view. It also adds several new, powerful features to the existent RibbonX platform.

Extending the Backstage View

The Backstage view is a new integral part of the Office UI. It elevates the file-level features (printing, sharing, distributing, collaborating, etc.) the way the Ribbon elevated document creation features. Making it easy for 3^rd parties to extend the Backstage view’s immersive UI in meaningful ways is a large area of our extensibility focus in Office 2010.

One may ask – “when is it appropriate to extend the Ribbon and when the Backstage view?” If you are building a solution that targets document editing and content generation scenarios (i.e. your features will be helping customers when working in the document), extending the Ribbon is the way to go. If, on the other hand, your customers need a solution that helps them work with documents, processes and custom workflows that those documents are associated with, extending the Backstage is the recommended approach.

Example 1 – Efficient Project/Process Management via Custom Backstage Tab

More than ever in the past, today’s documents evolve via collaborative efforts, shifting through various stages and cycles. Processes that those documents are tied to are often highly customized and organization-specific. The Backstage view offers a great place to expose custom info about documents and those idiosyncratic processes, and enable users to “move” those documents through various stages.

Below is an add-in that adds a custom Contoso Process tab to the Backstage view; all of the custom UI in the example is built using the new Backstage extensibility model. Contoso Process tab displays relevant metadata about the spreadsheet and the phase it is in, as well as remaining steps that need to be taken for the spreadsheet to progress to the next stage. Schedule For Design Phase and Open Design Issues groups are red, indicating issues that require immediate attention. The graph on the right provides “bigger picture,” a summary of where in the process all of the other related spreadsheets are. It is easy to imagine how all of this custom metadata could be pulled from a SharePoint library which hosts the spreadsheets.

The Contoso Process UI displays custom metadata and contextually-aware custom UI for process management

Once all of the open design issues are resolved, Exit Design Phase button on top of the tab can be enabled programmatically. Clicking it moves the spreadsheet into the legal review phase and the tab updates its content dynamically to show the new status and the requirements for the new phase.

The Contoso Process UI updates dynamically to reflect the new phase spreadsheet has been moved to

Example 2 – Integrating Custom Features with Built-in Backstage Tabs

Imagine you are a solution developer, and sharing documents is a common scenario for your customers. They like the capabilities of the built-in Share tab in the Backstage view, but they also want a direct way to exchange their documents via Windows Live Hotmail and Facebook. Backstage extensibility empowers you to create and integrate both of these custom features into the built-in Share tab.

Here is what the customized Send Using E-Mail form would look like with the Send via Hotmail group added (the bottom right of the picture):

Custom Send via Hotmail group is integrated into the built-in Send Using E-mail form

And, here is what the customized Share tab would look like with the new Post to Facebook task (and the associated form) added:

Built-in Share tab is extended with a custom Post to Facebook task

Example 3 – Adding Quick, Custom File-Level Commands to the Backstage View

Now imagine you are a developer and your customers do a lot of intense data editing in multiple documents simultaneously. They open and close documents frequently, and they don’t want to be prompted to save changes when closing documents.

With the Backstage view extensibility, you can easily replace the built-in Close command with a custom Save and Close control which automatically saves the document before closing it.

Navigation pane in the Backstage before and after the change to replace built-in Close with custom Save & Close

Backstage View Extensibility – High-Level Overview for Developers

Backstage customizations are defined in the same markup file that contains Ribbon and context menu customizations; the Backstage is just another top-level node. Its internal hierarchy is in many ways similar to the Ribbon’s. Primarily, just like the Ribbon, the Backstage uses tabs as its core building blocks. Backstage tabs can contain either one or two columns of groups. The custom Contoso Process tab from the earlier example contains two columns:

Unlike the Ribbon, the Backstage can also host buttons at the top level – they show up as fast commands in the navigation pane, like the Save and Close command from our earlier example.

While groups in the Ribbon and the Backstage have different spatial organization of content, they can host numerous identical control types, with callbacks (custom functions that define unique control behaviors and which are being called by Office code) for those controls being same across the two.

More details on the Backstage extensibility, its structure and features will be provided in the upcoming Beta documentation. As the Beta build of Office 2010 becomes publicly available, the documentation will be published at the Office Developer Center on MSDN, and will include the full Backstage XML schema, the list of built-in control IDs, a comprehensive introductory article on Backstage extensibility, as well as numerous Backstage extensibility code samples.

Office Menu Customizations from Office 2007

If your solution customized the Office Menu in Office 2007, it will keep working in Office 2010. All of the custom functionality that was added to the Office Menu shows up in the Add-Ins flyout in the Backstage’s navigation pane:

Custom Office Menu additions (from Office 2007) show up in the Backstage’s navigation pane

RibbonX Platform Improvements

Tab activation and group auto-scaling are frequently requested features we hear from developers who create Ribbon solutions. Tab activation enables developers to activate a tab on demand; this brings the tab to the foreground (as if it were selected) in response to some event. Group auto-scaling enables custom Ribbon groups to adapt their layout to best match the horizontal window size. Improving context menu extensibility is another feature request we hear often. We addressed all these requests in Office 2010.

Tab Activation Support

Imagine a scenario in which you have built an Excel solution with several custom tabs. If each of your custom tabs pertains to a particular type of data, you may want to ensure that the appropriate tab is brought to the foreground when the user interacts with corresponding data type. You achieve this using the ActivateTab method on the IRibbonUI object (passing to it a String-type parameter specifying the custom tab to activate):

IRibbonUI.ActivateTab(String tabID).

You can use a “parallel” ActivateTabMso method to activate a built-in tab and ActivateTabQ method to activate a tab shared between multiple add-ins (ActivateTabQ requires an extra String-type parameter that specifies the namespace of the target add-in).

Custom Group Auto-Scaling

You have probably noticed that built-in Ribbon groups change their layout when you resize the window. When the window is larger, groups in the Ribbon use the space to show labels or “grow” the size of some commands; as the window shrinks down, groups adapt and “pack” more functionality into less space.

Imagine if customers of your solution want to run with non-maximized windows so they can have multiple applications visible simultaneously. However, when they make the application window smaller, they don’t want commands in your custom group to immediately resize into a single button and be an extra click away. Without having to define when or exactly how your custom group scales, in Office 2010 you can just indicate that the group should adaptively change its layout (by setting its autoScale property to “true”), and Office will ensure that it best fits within the changing window size.

Here is an example that shows how an add-in group would scale using autoScale=true; note that you should assign an icon to the group itself as the icon will be used when the group finally transforms into a single button:

In Office 2010 a custom group can change its layout to best fit within the resized application window

Context Menu Extensibility

If you are building solutions on top of Office and efficient access to frequently-used, contextual functionality is important for users of your solutions, you have probably considered customizing right-click menus. Some context menus have been extensible via the CommandBars Object Model. However, there are context menus that can’t be changed this way; for example, PowerPoint 2007 contains context menus that aren’t accessible via the CommandBars OM. And, several control types (galleries, split-buttons) can’t be added to context menus via the CommandBars OM.

In Office 2010, you can rely on the familiar RibbonX model to also customize context menus. All of the control types supported in built-in menus can now be added to customized context menus. Context menus are accessible in Office 2010 as a new top-level node in the custom UI markup, the same markup that already hosts the Ribbon.

Customized cell context menu in Excel with a custom split-button, gallery and a separator added

Conclusion

The new Backstage extensibility platform and Ribbon extensibility enhancements empower you to build Office 2010 solutions that are even richer than the ones you could build in the past. We hope that you have already started using these features in the Technical Preview build of Office 2010 and we greatly appreciate your continuous feedback.

Further Reading

• Microsoft Office 2010 Developer Center
• Microsoft Office 2007 Fluent UI Developer Center
• John Durant’s Office Development Blog
• Brian Jones and Zeyad Rajabi’s Office Solutions Blog
• Developer Resources on Jensen Harris’s Microsoft Office 2007 UI Blog

- Mirko Mandic, Office User Experience Program Manager

Updated 11/3: Links to more resources has been added in a “Further Reading” at the end of the post.

UX Research Tools and Techniques

Hi, let us introduce ourselves. I’m Tim Weber (UX Researcher) and I’m Tricia Fejfar (UX Research Manager) in the Office Design Group (ODG). As Shawn indicated in his “Designing with Customers in Mind” post, ODG includes UX Researchers who work to understand user needs and to integrate user feedback into our software design process.  We want to tell you a little bit about some of our research for Office 2010 and how it’s made the overall experience better for users like you.

Tell me again, what is UX Research?

UX research is complementary to other types of research that Microsoft does, including market research and product planning research.  While there is overlap among these different types of research, you could think of UX research as providing information to help create the Office experiences you have in Excel, Word, SharePoint, PowerPoint, Visio, Project, etc. As UX Researchers, we answer questions such as:

• How well do the scenarios we’re building map to customer needs and expectations?
• In choosing a feature set to work on, what will be most useful for Office users? 
• In designing an experience, what is the best design, and what tweaks do we need to make to help our users be more productive?

Throughout the product cycle, UX researchers answer these (and many more) questions.  Basically, we get to do the fun stuff of interacting with our customers and see obvious impact in our product from the customer feedback we collect.

When most people think of UX research, they think of Usability studies or as we call them – Lab Studies. While we do conduct lab studies there are many other methods we use to collect data from users around the globe.  Some examples are cognitive walk-throughs, multi-user remote studies, eye tracking, field studies, workshops, focus groups, and surveys.

So, how do we decide which research method to use?

It really depends on the research questions that we have and how much time we have to answer the question. For example, in a typical lab study we are working closely with the UX Designers in our group and Program Managers from the product teams to iterate on feature designs. We bring people from outside of Microsoft into a small room (a.k.a., the lab) that contains a desk and a PC so they can work with our software. Inside the lab, there are some cameras and a piece of one-way glass so the researcher, the designers, PMs, testers and developers can all monitor whether or not the software being studied is meeting the needs of the user. We conduct these lab studies in order to find problems that affect the usability of our software and we typically do a few thousand hours of these studies for each release of Office.

One of our favorite pieces of equipment to use in the lab is the eye tracker. The eye tracker allows us to see what people are looking at while they are using our software. This is incredibly useful when building new UI like the Ribbon and the Backstage because the mouse pointer doesn’t always tell an accurate story about where people are looking on the screen. Below is an example of output (a heat map on the left and gaze plot on the right) from one of our eye tracking studies conducted on the Backstage view using an early prototype. 

The heat map on the left tells us where people spent most of their time looking for something. The longer someone looks at a specific location, or the more times someone’s gaze returns to a specific location, the hotter the color on the heat map. The gaze plot on the right tells us the path the eyes followed to get to a particular location.

The study participants’ goal was to open a recently used file. To complete the task successfully, a participant needed to open a specific file – the third in the Most Recently Used (MRU) list shown in the middle pane (of the 3 panes displayed on the screen). All participants were successful on this task. What we learned from the pictures above, however, was that while people eventually located the correct file, they spent a lot of time searching through the templates section in the right pane before going to the MRU.

This finding made us reconsider our design and we decided to split the MRU and templates sections into separate places with their own tabs in the left navigation pane. The screens below show what these places look like today (Recent and New):

Eye Tracking, however, is only one of many research tools used by the Office Design Group to help prepare our software for your use. Another way we gather research broadly is through our Send-a-Smile feedback. You may have read an earlier blog on Send-a-Smile (SaS).  If not, we encourage you to take a look so you can start using it today! 

We really do take your feedback seriously.  Our researchers spend hours and hours a week to deeply analyze SaS user experience comments, look for trends, and triangulate with other data.  For example, SaS comments sent in during the Technical Preview led to several changes in Outlook:

• In the Technical Preview, the Send/Receive button was located in the QAT (below top image), and on the Send/Receive tab, but based on SaS feedback that indicated it was difficult to find, it has been moved to the Ribbon (below bottom image) when connected to an IMAP or POP account. (Note: The Send/Receive button is not on the Home Tab when connected to an Exchange account because Exchange servers push new mail to Outlook as it is received, so the Send/Receive button does not impact when e-mail is delivered in Exchange environments.)

• In the Technical Preview, the title of a private appointment is not shown in the To Do bar. Instead, subject lines are shown simply as Private Appointment (below left). The option to hide the title of private appointments was added to Office 14 because it was a common feature request, but when the feedback from the Technical Preview started rolling in it turned out that a larger percentage of people actually wanted to see the subject of their private appointments, so the change was made for the Beta release (below right) to change the option to default to off (you can turn it back on by going to the View Tab, then clicking To-Do Bar, then Options).

• An updated feature in Outlook that has generated a lot of buzz is the Conversation arrangement. In the Technical Preview, double clicking on some types of conversations opened a message in the Reading Pane, but did not open the message in a separate window. An overwhelming amount of feedback from users, however, indicated that double-clicking a conversation should always open a message in a separate window. Based on that feedback, this is the new behavior in the upcoming Office 14 Beta release.

Did we mention our work is global?

Besides having researchers based in the US and in some of our Remote Development Centers, we also have the technology to do virtual multi-user remote studies. This technology was developed by members of our group.  We call this setup our Virtual Research Lab (VRL for short), which allows up to 100 remote participants to simultaneously log into our servers and run through specific tasks on our software. We are able to recruit people from across the U.S. and internationally to participate in our studies from the comfort of their home, office, or anywhere they have access to the internet. With this technology, we can gather data from more users in a shorter period of time and we’re also able to expand our participant population. All of this is good for Microsoft and you the end user.

Another technique that we’ve used a lot more in this product cycle to get more early validation is what we call “kitchens”. Kitchens are weeklong events where small teams of people from multiple companies around the globe come to our Microsoft campus to “play” around with working builds of our software.  For these events we typically invite people from the IT or Developer community and ask them to build their real-world solutions on top of our early working code.  Participants in the kitchens get access to an advanced preview of our new release of Office and are able to provide in depth feedback during a concentrated effort.  Also, participants and our engineering team (including Developers, Testers, Program Managers, UX Researchers and Designers, Product Planning and User Assistance) get lots of face-to-face time with each other to better understand concerns and answer questions. These Kitchens are held several times throughout the product release cycle and are valuable to us because they allow us to address user feedback early and fix missing gaps before we release more broadly during the Beta timeframe.

What’s next?

As we mentioned earlier, these are just some of the research tools and techniques we use throughout the Office development cycle to better understand user needs.  We hope you enjoyed reading about them.  We couldn’t do any of it without great people like you!  Look for one of our upcoming posts on Design Tools and Techniques used in ODG.  We look forward to hearing what you think! Thanks for reading.

Access Web Databases and The Access Show

Greetings Office Engineering readers—Clint here from the Access program management team. In partnership with Channel 9 the Access team is launching a new show called The Access Show. It will feature Ryan McMinn, myself and others from the team. We will talk in-depth about what is new in Access 2010 and Access Services and share feedback from the community.

Additionally, at the SharePoint Developers Conference we recently disclosed more details about the new server capability of Access 2010 called Access Services. Access Services is a new SharePoint 2010 feature that allows users to create browser accessible databases with the Access desktop application and host them on SharePoint. Through Access 2010 and Access Services you can keep your organization agile and your data secure:

1. Provide users a manageable solution to create, share, and collaborate on team databases.
2. Save money through lower development and maintenance costs.
3. Get started faster with one-click community templates.

Here is the inaugural episode and a short demo where Ryan creates an Access Services application that runs in the browser:

You can learn more about this release at the Access 2010 Intro Series RSS feed.

Enjoy!

Bloggers to Experience Olympic Games Live from Vancouver

On February 11, all eyes will be on Vancouver, British Columbia as we watch top athletes compete for the gold in the 2010 Olympic Winter Games.

To show what people can do with Office 2010, Microsoft is launching a new contest that will give two ‘blogathletes’ the ability to showcase their blogging talents and highlight power of Office to help you get your work done no matter where you are. The contest will showcase how Office 2010 technology lets you easily connect, share and collaborate across the PC, phone and browser.  You can learn about some of these cool new features by checking out these blog posts:

• OneNote 2010 Overview
• Demo of the Office Web Apps
• Co-Authoring in Word 2010

People from all walks of life use Office everyday to work, keep up with school projects, and stay in touch with friends and family. With Office 2010 we are adding new features and functionality that will take collaboration and the ability to work from anywhere to the next level. We are excited to share that, and the Vancouver Games, with everyone.

Additional details on the contest

The Microsoft Office team, with support from U.S. Olympic Committee, is sending one female blogger and one student blogger to the Games, as winners of our Office Winter Games online contest. The winning bloggers will use the latest Microsoft technologies, including Microsoft Office 2010, to report daily right from the Olympics, alongside members of the credentialed press corps.

Winners will have access to places normally off-limits to spectators, including the hospitality center for the USOC, called the USA House, where athletes and their families are, and the official Olympic Media Centers. In addition to a week at the Olympics, they will also get the technology (including a new Acer Aspire 4810 Timeline laptop) and the press access needed to report from the Games - plus a trip to the International Consumer Electronics Show in Las Vegas.

If you’re a blogger, enter the contest by going to www.officewintergames.com before November 1, and submit a short, 250 word blog post telling us why you should go to the Olympics. Our panel of judges, including Olympic gold-medal speed skater Bonnie Blair and CollegeHumor.com stars Jake Hurwitz and Amir Blumenfeld, will select the top candidates. The semi-finalists will be posted to contest site where everyone will have the chance to vote to send their favorite bloggers to the Vancouver Games.

You have less than six days to enter, so submit your entry today.

May the best blogathletes win!!

An Overview of Project 2010

Introducing Project 2010

In the Project 2010 client release, we’ve concentrated on making it easier to get started, easier to plan, and easier to report. This post gives a few quick highlights of Project 2010 and you can find more detailed posts on the Project team’s official blog.

Easier to Get Started

One of the first things you’ll notice is that the menus and toolbars have been replaced by the Office Fluent UI, which makes frequently used commands easier to find. Here is the Task tab of the Project ribbon:

Additionally, we’ve improved copy/paste so now when you paste a bulleted list into Project, we maintain the hierarchy and formatting. Also, take note of task 11 - yes, we now support word wrap.

Easier to Plan

Nope, your eyes aren’t playing tricks on you. The tasks in the above picture really don’t have durations or dates. That is because we’ve added a new feature called User-controlled Scheduling. User-controlled scheduling brings together control and ease of use so you can now be completely in control of your schedule. If you don’t know all the information about a task, Project won’t force you to enter values. If you don’t want a task to move, Project won’t move it but will warn you when there are potential scheduling issues.

In Project 2010, tasks can be automatically scheduled or manually scheduled (using the new user controlled scheduling feature). Auto scheduled tasks behave exactly like tasks in the previous releases. Manually Scheduled tasks (designated with the pushpin icon) won’t move unless you explicitly tell them to.

In the picture:

• Task 1 is a Top Down Summary task which means you can set the duration/dates to a value different from the rollup value. The blue bar designates the subtask rollup. This way you can easily view the difference but it is not enforced. This is handy when you are in the early planning phase and know you have x days for a phase.
• Task 2 is an auto scheduled task which will behave just like tasks in earlier versions of Project.
• Task 3 is a manually scheduled task which means it won’t move even if it’s predecessor does. See the below picture. Use this to quickly fix events in place.
• Task 4 and 5 are placeholder tasks. Placeholder tasks let you enter the information you currently have on hand at the time as reminders to yourself. They give you the flexibility of Excel but the power of Project. For Task 4, you know it has to end on 10/28 but you need to work with Jon to figure out the rest of the information. You can now type this information directly into the duration and date cells. Task 5 is a lighter color since you just know that the task will be 2 days but you haven’t determined when this work will happen yet.

As I said above, task 3 won’t move even if task 2 does. In this case, task 2 has increased in length and while task 3 doesn’t automatically move out, Project does warn you that the task needs attention by adding a red squiggly to the finish date and updating the bar style. From here you can decide what needs to be done – move the task out, ignore the warning, etc.

Additionally, we’ve added a new view called the Team Planner. You can think of this as a resource Gantt chart. It allows you to easily see how your team’s work is laid out over time, quickly spot problems, and drag and drop to resolve those problems.

Easier to Report

We’ve added another view to Project 2010 called the Timeline View which allows you to summarize your project quickly and then share the timeline into other Office apps. Using the above schedule, I can create a simple timeline in Project:

And then when I paste it into another Office app such as Outlook or PowerPoint to share it with others, the tasks are pasted as individual shapes so I can then apply additional formatting and polish.

The final feature I’d like to call out is Sync to SharePoint. You can synchronize the tasks from within a project plan into a SharePoint tasks list, or open a tasks list directly in Project. Any changes to the plan in Project can by synced to SharePoint and vice versa. This allows you to share your plan with users who don’t have project or to collect status updates automatically from your team.

This really is only the tip of the iceberg when it comes to features we’ve added/updated in Project this release and I haven’t even mentioned Project server yet. Continue to check out the Project team blog to learn more about the updates we’ve made to Project 2010 this release. Additionally, sign up now at www.microsoft.com/project/2010 and be notified when the Project 2010 beta is available!

Introducing the Business Connectivity Services Team Blog

SharePoint Conference 2009 is underway and the Business Connectivity Services (BCS) team is getting ready to talk about the new capabilities in SharePoint 2010 that we’ve been working on. Taken from Brad Stevenson’s overview post:

“BCS is an evolution of the Business Data Catalog (BDC) capabilities of SharePoint 2007 that enhances the capability of SharePoint as a platform for developing composite applications. It provides out-of-box features, services and tools that streamline development to deeply integrate external data and services. BCS provides the capability to connect SharePoint 2010 and Office 2010 applications to any external system, whether it be a Line-of-Business (LOB) system, (such as Microsoft Dynamics, Oracle, or Siebel) a web 2.0 service, or a custom home-grown application.“

Brad Stevenson,

Sr. Lead Program Manager

Check out the rest of the overview post on the BCS Team Blog. Be sure to bookmark the blog and subscribe to the RSS feed to get informative “How To” guides, insight into features, and demos of what we’ve been building. In the following weeks you’ll find updates from our sessions at SharePoint Conference and a guide on how to get your current Web services ready for BCS, with more to come.

- Lionel Robinson, Program Manager

The Magic of Background Removal

Hi, I’m Tucker Hatfield and I’m a Program Manager on the Office Graphics team.

Pictures are great – worth 1,000 words they say – so it’s a great idea to use them to spice up a document or add some flair to a presentation. The problem is that they usually end up being self-contained rectangles in the middle of things, and they don’t really flow into the content. You can put borders or effects on them to make them look more artistic, but up until now the only way to isolate part of the picture was to go into an expensive photo editing package and learn the cumbersome process of selecting and removing portions of the image.

Background Removal is a new feature in Word, Excel, PowerPoint and Outlook that makes this process quick and easy for any picture. Unlike similar tools, the Office Background Removal tool doesn’t just select color ranges or trim to a border you draw. Background Removal uses new capabilities and algorithms from the Microsoft Research and Development team in Cambridge, UK to achieve better results automatically with very little effort or fine tuning from the user.

So, how does it work?

Even though I can’t explain the deepest secrets of how the code works, I can show you how to use it effectively. Let’s start with this picture and assume that we want to remove the background and keep only the flower.

Clicking the Remove Background button in Picture Tools will start the process. First off, Background Removal tries to figure out what portion of your picture is the foreground, the portion to keep, and which is the background, the portion to remove. The first step in this process is the marquee selection area that gets drawn when you first start Background Removal. When you first start the tool, you’ll see the marquee and portions of the image are overlaid with magenta. Everything marked with magenta is what Background Removal has marked as the background. The normally colored portions are foreground, and will be kept.

You’ll probably notice that the marquee is inset slightly by default. Why is that? Well, it’s rare that the subject of a photo fills the picture completely, and insetting the marquee slightly makes it easier for Background removal to figure out what is the foreground and what is the background. In general, the less background included inside the marquee the more accurate Background Removal will be.

As you can see above, if the goal is to isolate the flower, the default marquee size doesn’t really get the desired result. As it stands, the result would look like this:

To further refine what we get, we’ll need to adjust the shape and size of the marquee. The important rule to remember is that you want the marquee to contain everything you want to keep. It’s okay if there are portions of what’s in the marquee that you don’t want to keep – the magic will do its best to figure out what to keep and what to ignore – but nothing that sticks very far outside of the marquee will be kept, so it’s important to make sure everything you want is inside. Let’s size the marquee so that it is just slightly bigger than the flower. The marquee is sized just the same as any shape or image, by grabbing the handles and resizing or dragging the whole shape to a new location.

Background removal figures out what you wanted and isolates the flower, which results in everything but the flower being removed.

Since the system Background Removal uses to isolate foreground objects from the background isn’t simply based on color choices or contrast values, it can extract even similarly-colored objects from the background.

Or you can even choose to keep something other than the obvious…

Of course, no matter how good the logic is that’s trying to figure out what the foreground of the picture is, there will always be some cases where simply adjusting the marquee can’t figure out what should be kept and what should be discarded. For those cases Background Removal has some simple tools to mark up and refine your selection. We’ll talk about how to use those tools remove the background from an image that presents a problem in a future post. For now, let me close with a couple of quick illustrations of how you might use that flower we removed in the first example.

Enabling password rules for Office 2010

Hi, my name is Alan Myrvold, and I am a security tester on the Office Trustworthy Computing Team (TWC). This post introduces the new password rules feature in Office 2010.

Word, Excel, and PowerPoint have been able to password protect documents for several versions by setting the “password to open”. What we felt could be improved was the ability to enforce password strength rules, similar to what may be required when logging into your computer at work.

In Office 2010, the encryption password can be set using the Office Backstage View:

This password can also be set on the General Options dialog from the Save As dialog, as the “Password to open”, just like in previous versions of Office.

Password encryption is just one way to protect sensitive information. Depending on your business needs and risks, using IRM or BitLocker might be better choices.

Why is password complexity important?

Although historically Word and Excel used 40-bit RC4 encryption, faster computers mean that 40-bit keys are now considered weak. The Office Open XML format (*.docx, *.xlsx, *.pptx) introduced in Office 2007 provided an opportunity for us to improve our mechanism and algorithms used for password based encryption of documents. The Office Open XML format uses 128-bit AES encryption. We also use a slower key derivation algorithm to make brute force password cracking slower. RC4 is still used when saving in Office 97-2003 binary formats. For encrypted Office Open XML documents, the password is the weakest link. A short or commonly used password makes the document less secure, since it is easier for an attacker to guess it.

If an attacker needed to try all possible passwords of 5 lowercase letters from a-z, there are only 26⁵, or about 11 million total passwords to guess during a brute force search. Searching dictionary words might even more quickly find the password. An 8 character password, chosen from lowercase and uppercase a-z, plus digits 0-9 is a much larger space of passwords to guess by brute force, 62⁸ or about 200 trillion, and is more difficult to find with dictionary attacks too. These are all worst case efforts, and NIST estimates far less entropy in user chosen passwords. Having less entropy means that attackers can use heuristics to search the password space more intelligently than brute force.

Attackers can also harness the parallel processing power of graphics cards to help with their attack.

But, for brute force attacks, assuming 10,000 password attempts per second, the length and character set of the passwords can make a big difference.

Enforcing a minimum password length and character set complexity requirements can make passwords more difficult for attackers to guess.

How do I enable password complexity?

By default, complexity settings are not enforced, and registry settings are used to control this feature. Although I am describing the registry keys here, the Office Customization Tool (OCT) will be the easiest mechanism to deploy these policies within an organization, but these settings aren’t present in the OCT yet.

There are 2 registry settings to control this, PolicyLevel and MinLength.

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Security\PasswordComplexity
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Common\Security\PasswordComplexity

• Value name: PolicyLevel
• Value type: DWORD
• Value data: [ 0 | 1 | 2 | 3 ]
• Use 0 to for no complexity (default), 1 for minimum length, 2 for minimum length plus requiring 3 of 4 character groups, and 3 for all these checks plus enforcing Windows domain password rules.

• Value name: MinLength
• Value type: DWORD
• Specifies the minimum length of password required.

When the policy level is 2 or 3, then the password must contain characters from at least three of four character sets, lowercase a-z, uppercase A-Z, digits 0-9, or non-alphabetic character. When this complexity is enforced, the minimum password length needs to be at least 6, but can be more depending on the MinLength.

Why not just use the Windows domain password policy?

When the policy level setting is 3, then Office will use the Windows domain policy as well as all the settings at level 2. This allows a custom password filter that is installed for Windows passwords to be used. If you are offline or a domain controller cannot be contacted, then the Windows password settings aren’t used, and only the level 2 settings are used. If you don’t have a custom password filter, then using level 2 saves a trip across the network, and would be the best choice.

What if my password doesn’t meet the complexity requirements?

Depending on whether the password is too short, or not complex enough, an error dialog will appear

and then you can re-enter the password.

What if I forget my password? Or the user leaves the company?

Oh dear. We’ve designed the Office Open XML password encryption to be strong and difficult for attackers to crack, which makes password recovery slow. There is no back door, no key escrow, and the 128-bit AES key makes guessing the password the best option.

Unfortunately Microsoft support cannot assist you, as described in KB article 189126.

Microsoft support engineers cannot help you retrieve passwords of files and features in Microsoft products that are lost or forgotten.

Because a forgotten password might result in the loss of critical business information, it is possible to disable setting new passwords in Word, Excel, and PowerPoint, using the DisablePasswordUI setting.

HKEY_CURRENT_USER \Software\Microsoft\Office\14.0\Common\Security
HKEY_CURRENT_USER \Software\Policies\Microsoft\Office\14.0\Common\Security

• Value name: DisablePasswordUI
• Value type: DWORD
• Value data: [ 0 | 1 ]
• Use 0 to enable the password UI, or 1 to disable the password UI.

This setting only prevents new passwords from being set. Existing password protected documents can still be opened. The DisablePasswordUI setting, along with the password complexity settings are designed to help balance the need to secure information with the risk of information loss.

The password rules feature is just one security enhancement in Office 2010, and future blog posts will cover more improvements we’ve made.

Thanks.
Alan Myrvold
Security Tester, Office Trustworthy Computing

Functions and Solver Improvements in Excel 2010

There have been several improvements made in Excel 2010 to the function library and the Solver add-in. The function improvements have been made to address issues reported in academic papers as well as customer feedback. To quote the Excel team blog:

“In Excel 2010, we made many improvements to Excel's function library. Excel 2010 will feature an accurate and consistent function library while remaining compatible with previous versions of Excel. “

In addition to the accuracy improvements, we also have introduced various new functions to the Excel function library to ensure that users have a consistent function library with implementations that match standard practices. As are result of these improvements, we have also made some UI changes to help users adopt the new functions.

Here are the blog posts that describe the function work in detail:

• Function Improvements in Excel 2010
• Function Consistency Improvements in Excel 2010
• New Functions Bring New UI

Excel 2010 will also provide an updated version of the Solver add-in:

“In Excel 2010, we have made a number of improvements to Solver that make it easy for beginners to get started and more advanced ones to find solutions to all types of problems. “

The Excel 2010 Solver will offer a new user interface, new solving methods and new reports. The UI for the Solver Parameter dialog has been improved to make it easier for users to navigate.

In addition to the UI changes, the new Solver will also feature 3 solving methods for solving spreadsheet optimization problems:

• Simplex Method
• GRG Nonlinear Solver
• Evolutionary Solver

New reports added in the Excel 2010 Solver are:

• Linearity Report
• Feasibility Report
• Population Report

Enjoy!

New Ways to Try and Buy Microsoft Office 2010

We’re thrilled about the growing number of people who are using Microsoft Office every day to get things done at work, at home, at school and on the go. For instance:

• 500 million people worldwide use Microsoft Office
• From July, 2008 through June, 2009 – Office 2007 experienced 92% year over year growth in trials, equating to 23 million trial downloads
• Office 2007 Home and Student edition has been the top selling PC software title at US retail for the last two years

On the heels of such positive momentum, we’re excited to talk about big improvements in the way we’ll deliver the next version of Office to consumers.

Along with the great product innovations we’re delivering in Office 2010, we’re introducing even more choice and flexibility for consumers in how they can try, buy and experience Office 2010 on new and existing PCs. This includes:

Product Key Card and Microsoft Office Starter 2010

For consumers who purchase a new PC, Microsoft is working with major PC manufacturers and our retail partners to make it simpler than ever to try and buy Office 2010.

Through our retail partners, Microsoft is introducing an all-new Product Key Card to help consumers more easily access and experience Office 2010 on new PCs that have been pre-loaded with Office 2010. The Product Key Card is a single license card (with no DVD media) that will be sold at major electronic retail outlets.

An added bonus: The card’s packaging is smaller than the full package (DVD) product, and is eco/retail-friendly. The key number contained on the card will unlock Office 2010 software that has been pre-loaded by the PC manufacturers on their PCs, and enables a simpler and faster path for consumers to begin using any one of three full versions of Microsoft Office – Office Home & Student 2010, Office Home & Business 2010, or Office Professional 2010.

As part of Office 2010 software that will be pre-loaded by the PC manufacturers on their PCs, we’re introducing Microsoft Office Starter 2010. Office Starter 2010 is a reduced-functionality, advertising-supported version of Office 2010, available exclusively on new PCs. Office Starter 2010 will provide new PC owners with immediate exposure to the Office 2010 experience on new PCs right out of the box.

Office Starter 2010 will include Office Word Starter 2010 and Office Excel Starter 2010, with the basic functionality for creating, viewing and editing documents. Office Starter 2010 will replace Microsoft Works, offering a consistent Office user experience, such as the Ribbon, with a simple path to upgrade to a fully-featured version of Office 2010 directly from within the product.

Click-To-Run technology for downloading trial and purchasing Office 2010

For people who want to try or buy Office 2010 on existing PCs, Microsoft is unveiling Click-to-Run, a new and enhanced download experience for consumers. Click-to-Run makes it easier than ever for customers to try or buy Office digitally by significantly reducing the time and effort required to download Office 2010 over the Internet. Click-to-Run automatically downloads and installs any software patches when connected to the Internet, helping people maintain and keep their Office software up-to-date. Click-to-Run uses virtualization technology so it allows customers to maintain multiple versions of Office. This enables them to try Office 2010 side-by-side with the existing version of Office.

We will have the broad beta of Office 2010 later this year and invite people to become familiar with Office 2010, in the way that works best for them, and then easily upgrade to a full version of Office Home and Student 2010, Office Home and Business 2010, or Office Professional 2010 when they’re ready to buy. To find out more information about Office 2010 visit www.microsoft.com/office2010.

Takeshi Numoto, Corporate Vice President, Office

Designing With Customers in Mind

Office 2010 User Research & Design

My name is Shawn Lipstein and I work in Microsoft’s Office Design Group (ODG) as a User Experience Research Lead. I wanted to take the opportunity in today’s post to both introduce ODG and share a bit about what we do. I’ll also give you a peek at future posts we’ll be writing.

Who is ODG and what do we do?

The Office Design Group is made up of both User Experience Designers and User Experience Researchers. Our job is to represent you, the end-user of our software products. We partner with product teams within Office to identify user needs and create compelling experiences. By understanding who you are and how you work we can build better software.

We identify user needs and create compelling experiences in a number of ways. For example, User Experience Researchers work to understand user needs early in the product development cycle using methods such as Field Visits. A field visit is when Researchers visit with users in their own environment and observe how they work with software to get their tasks done. Researchers also utilize methods such as Lab Studies (see image below) where we bring users into controlled lab environments and have them work through real world scenarios. While doing so, we use prototypes as primitive as paper drawings to actual working builds; depending on the phase we are at in the product development cycle.

As another example, User Experience Designers work to solve difficult design issues in innovative ways by using methods such as Wire Framing where the basic idea of a design is blueprinted. Designers also produce many iterations of a solution using high fidelity drawings and even working prototypes to ensure that all possibilities around the interaction, visual look and feel, and animations have been considered.

The images below show an example of the ‘Office 2010 Backstage’ going from a sketch to a working build (click on the images for a larger version).

4. A screenshot of the final build shows the accuracy that is achieved in relation to the high fidelity rendering.

As you’ve read above, the Office Design Group - made up of both Designers and Researchers - use a number of techniques to identify user needs and create compelling experiences. I’m excited to get feedback from a broader set of customers as we begin to make 2010 available. This feedback helps to ensure our software is intuitive and usable.

What is the Office Design Group (ODG) planning to post here in the future?

ODG plans to post more topics in a series on this blog about ‘Office 2010 User Research & Design.’ Some questions that my colleagues are planning to answer are:

• What Research Tools and Techniques does ODG use? Find out about the different Research tools and techniques we used in order to deliver Office 2010.
• What Design Tools and Techniques does ODG use? Find out about the different Design tools and techniques we used in order to deliver Office 2010.
• What process does ODG go through to develop Visuals and Branding? Discover the process that we go through to ensure that we have a great visuals and branding story for Office 2010.
• How does ODG Understand User Usage? The Customer Experience Improvement Program is one way that we understand how users are using the Office programs. Join us as we explain how we understand user usage which in turn helps us make design decisions as we develop Office 2010.

I look forward to reading your comments and questions about this and subsequent posts.

Introducing Visio 2010

Visio 2010 brings many new features that make Visio more powerful and easier to use. This post gives a few quick highlights on Visio 2010, along with links to more detailed posts on the Visio team’s official blog.

One of the first things users of Visio 2010 will notice is that menus and toolbars have been replaced by the Office Fluent UI, which makes frequently used commands easier to find. Here is the Home tab of the Visio Ribbon:

The new Ribbon UI is accompanied by a redesigned Shapes Window—shown below in both expanded and collapsed mode—which lets you easily combine your favorite shapes from multiple stencils into one view.

Visio 2010 also includes many enhancements to the diagram creation experience. One such enhancement is the Quick Shapes Mini Toolbar, which allows you to hover over a shape and click to AutoConnect a new shape, as shown in the below screenshot. This is one of the ways Visio has integrated Live Preview into the diagramming experience.

For more information on Visio 2010’s features for editing and organizing the information in diagrams, see the following posts:

• Inserting and Deleting Shapes in Visio 2010
• Cross-functional Flowcharts in Visio 2010
• Organizing Diagrams with Containers

Visio 2010 makes it easier to give a polished, professional look to your diagrams. The “Auto Align & Space” command is one of our new layout features; it cleans up your diagram’s layout while preserving its basic arrangement, as illustrated below:

For more information on how Visio 2010 makes it easier to create visually appealing diagrams, see the following posts:

• Improved Flowchart Routing in Visio 2010
• Applying a Background or Border Design in Visio 2010
• Themes and Live Preview in Visio 2010

The above are only a taste of the new features in Visio 2010. Head on over to Visio Insights and stay posted for more exciting updates!

Trusted Documents

Hi, my name is Maithili Dandige. I am a Program Manager at Microsoft working in the Office Security team. For this release, I’ve worked on several security and privacy-related features such as Office File Validation, Recommended Settings, improvements to Document Inspector, and Trusted Documents. I will be talking about all these in the upcoming months. Today, I am here to give you some insight to the Trusted Documents feature, a simple enhancement that improves the user experience when interacting with our security features. You can go here if you are interested in reading about other security features on our team. Trusted Documents alleviates my personal long-term frustration as an end user by reducing the number security prompts seen when working with Office documents containing Macros, ActiveX controls, Data Connections and other types of active content that are blocked by Office Trust Center.

Why Trusted Documents?

Before we go into the details of how Trusted Documents work, I’d like to spend a few minutes on why we built this feature. Versions of Office before Office 2007 showed you modal prompts for macros and other types of active contents before opening documents. Those dialogs were useful but problematic; you were shown the prompt that said - “Do you want to enable macros?” before letting you interact with the file. Many users who didn’t need to enable those macros also ended up enabling them, although often all they wanted to do was read the document.

In Office 2007 we fixed that. We didn’t show you the modal prompt before opening the document; instead we showed you what we call the Message Bar. This was a significant improvement as you could read or edit your document safely and deal with the security warnings later. Unfortunately, for a document with macros you created, or a workbook with data connections that you worked on every day, you’d need to enable the content every single time from the Message Bar. This could be a frustrating user experience because now not only did it take you two additional clicks to get to your next task, it didn’t seem to provide any real security benefit for a document. This is why:

a) First, how likely are you to change your mind about trusting a document? If you enable content once, you are almost certainly going to again do it the next time round as you need your document to work properly.

b) Second, if there was malicious intent that created the macros or other type of content, your machine was probably compromised by it the first time you enabled the macros, so prompting you the next time for the same file does not add any additional security benefit.

So this motivated us to provide users with a better security experience which we call the Trusted Documents feature: In Office 14 we now remember which active content you have enabled, and don’t prompt you again the next time you open the same document.

What are Trusted Documents?

So what are Trusted Documents? – Trusted Documents provides a simple one click step to always enable active content (e.g. Macros, ActiveX controls etc.) in a document. We remember your trust decision on the file and don’t show you the security prompt the next time you open the file.

It more closely reflects how people work. If I create a document with a macro in it, I don’t want to be prompted to enable the macro the next time I open it. Or, if I get a document with daily reports from my co-worker that has a pivot table, I don’t want to enable the data connection to our trusted server every time I want updated numbers. Also, I may be opening documents from multiple folders (SharePoint, network shares, desktop, attachments received in email). I don’t necessarily want to put them into a trusted folder every time I open them. Trusted Documents helps with all the above. It remembers the first time you enabled the content and unless the trust record for that document changes, it doesn’t bother you with a security notification for the content anymore.

With Trusted Documents, the trust is recorded on a per file basis. The trust record is added to the Current User section of your local registry and contains the file’s full path along with other data such as the created time for a document. Note that because ‘trust records’ are stored on a specific machine you’ll get prompted again if you open the file on another computer. Also since the trust record consists of more than just the file’s path it protects against social engineering attacks such as replacing existing trusted documents with malicious documents that have the same name.

Protected View helps us create a good security boundary between documents that are on your machine which you may have trusted vs. new incoming untrusted documents opened from the Internet, attachments, etc. For example, an attachment containing macros is first opened in Protected View. If you trust the file and exit Protected View we do not enable the macros automatically. Instead we show another Message Bar to enable the macros. By disallowing macros from running automatically while exiting Protected View we prevent opening up the computer to additional risk where the user may have intended to just reply to the document with comments and not run the macros. Now, if you explicitly save the attachment and also enable the macros we make it trusted and the next time you open the document it does not open in Protected View and active content is enabled for that document.

Trusted Documents: Security User Experience

In Office 2010, you will continue to see the Message Bar when a macro, data connection, ActiveX control or other type of active content is in the document. Here is the Message Bar that comes up when more than one type of active content is disabled (e.g. macros and ActiveX controls).

There are two entry points to make a document Trusted. If you click Enable Content on the Message Bar the document will be automatically added to Trusted Documents list in your registry. Second, you can click the Message Bar for details; it will take you to the Backstage view. In the Backstage view you can click the Enable Content button which will bring up two options.

a) You can enable all the content and make it a trusted document. This will enable macros and ActiveX controls in the document and add the document to your list of trusted documents in the registry. This option provides you with a simple one-click option to enable all the content at once and make it a trusted document. The next time you open this document you will not be shown the security warning.

b) If you are an advanced user who wants more control over the types of content to enable/disable then you can click the Advanced Options button, which brings up the Security Notifications dialog that has options for enabling content for one time (this is similar to Office 2007).

Trusted Documents – Security settings

Similar to Trusted Locations we have security restrictions and settings around trusted documents. For example, we do not allow users to trust documents from untrusted locations such as Temporary Internet Files (TIF) or TEMP.

Trusting documents on a network share is riskier than trusting documents on your local hard drive as other users who have access to the network locations can modify the contents of your file. For this reason, we show you a security warning the first time you try to trust a document on a network location. In Trust Center, you can disallow documents on a trusted location to be trusted, causing Office to show you the security notification every time you open a document from a network location. We also provide you with more options in the Trust Center, such as disabling all trusted documents completely or purging the documents you have trusted. All these options can be found under Trust Center settings for an application. Similarly all these settings can also be configured by an administrator of an IT organization via group policy (e.g. an administrator can configure for disallowing trusted documents to be created on network shares thus limiting the use only to your local hard drive).

To summarize, the main security UX goal we are striving to reach in Office 14 with Trusted Documents and other security features is to make unnecessary prompts go away and to only prompt users when necessary. By reducing ‘prompt fatigue’ we hope to enable users to make better, more informed decisions when they do encounter security prompts