Manage Office 365
- Note: If you use Outlook on the web, Microsoft 365 Groups are available to you.Microsoft 365 Groups are similar to distribution groups in that they allow you to communicate with multiple people in one email message, but they also come with a shared mailbox, calendar, document library, notebook, and more.
- Stay focused and productive wherever you go. Manage your action items in your master task list as you move between Microsoft 365 apps and devices.
- Collaborate for free with online versions of Microsoft Word, PowerPoint, Excel, and OneNote. Save documents, spreadsheets, and presentations online, in OneDrive. Share them with others and work together at the same time.
- Office 365 tenant management presents you with significant IT challenges due to the multiple workloads, admin consoles and data sources used in managing Office 365. These challenges are compounded by a very high rate of change and limited, native cross-workload management capabilities. As tenants grow larger, or as you add multiple tenants.
For all Microsoft 365 subscriptions and many newer non-subscription versions of Office (since 2013 and later), your Office product has an associated account. This is the account you use to sign in to Office.com so you can manage your subscription or install or reinstall Office when needed.
-->Microsoft Endpoint Configuration Manager has the ability to manage Office updates by using the Software Update management workflow. You can use Configuration Manager to update Microsoft 365 Apps for enterprise or Microsoft 365 Apps for business, as well as the subscription versions of the Project and Visio desktop apps.
When Microsoft publishes a new Office update to the Office Content Delivery Network (CDN), Microsoft simultaneously publishes an update package to Windows Server Update Services (WSUS). Then, Configuration Manager synchronizes the Office update from the WSUS catalog to the site server. Configuration Manager can then download the update and distribute it to distribution points selected by the administrator. The Configuration Manager desktop client then tells Office where to get the update and when to start the update installation process.
Here's an overview of the steps to enable Configuration Manager to manage Office updates:
After you perform these steps, you can use the software update management capabilities of Configuration Manager to deploy the updates. For more information, see Manage software updates in Microsoft Endpoint Configuration Manager.
Requirements for using Configuration Manager to manage Office updates
To enable Configuration Manager to manage Office updates, you need the following:
Microsoft Endpoint Configuration Manager (current branch)
Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, the subscription version of the Project desktop app, or the subscription version of the Visio desktop app.
Supported update channel version for Office. For more details, see Release information for updates to Microsoft 365 Apps
Windows Server Update Services (WSUS) 4.0
You can't use WSUS by itself to deploy these updates. You need to use WSUS in conjunction with Configuration Manager
The hierarchy's top level WSUS server and the top level Configuration Manager site server must have access to the following URLs: *.microsoft.com, *.msocdn.com, *.office.com, *.office.net, *.onmicrosoft.com, officecdn.microsoft.com, officecdn.microsoft.com.edgesuite.net. For more details, see Office 365 URLs and IP address ranges.
On the computers that have the Office installed, the Office COM object is enabled.
Enable Configuration Manager to receive Office 365 client package notifications
To start, you need to configure Configuration Manager to receive notifications when Office update packages are available. To do that, use the following steps:
In the Configuration Manager console, choose Site Configuration > Sites, and then select your site server.
On the Home tab, in the Settings group, choose Configure Site Components, and then choose Software Update Point.
In the Software Update Point Component Properties dialog box, do the following:
On the Products tab, under Office, select Office 365 Client.
On the Classifications tab, select Updates.
You can have other check boxes selected in the Products and Classifications tabs. But, Office 365 Client and Updates need to be selected for Configuration Manager to receive notifications when Office update packages are available.
Next, synchronize software updates. If you don't do that, you won't see the updates in the console and the updates won't be available to deploy. For more information about how to synchronize software updates, see Introduction to software updates in Microsoft Endpoint Configuration Manager.
Enable Office 365 clients to receive updates from Configuration Manager
For Configuration Manager to be able to manage Office updates, an Office COM object needs to be enabled on the computer where Office is installed. The Office COM object takes commands from Configuration Manager to download and install client updates.
You can enable the Office COM object by using client policy in Configuration Manager, Group Policy, or the Office Deployment Tool. If you use more than one method, the Group Policy setting determines the final configuration.
Method 1: Use client policy in Configuration Manager to enable updates from Configuration Manager
To enable Configuration Manager to manage Office updates on specific computers by using client policy, do the following:
- In the Configuration Manager console, click Administration > Overview > Client Settings.
- Open the client settings, click Software Updates and select Yes for the Enable management of the Office 365 Client Agent setting.
For more information, see client policy.
Method 2: Use Group Policy to enable updates from Configuration Manager
You can enable Configuration Manager to manage Office updates on specific computers by using Group Policy. You can apply this setting to multiple computers, an organizational unit (OU), or a domain.
To use Group Policy, do the following:
Download and install the Administrative Template files (ADMX/ADML) for Office from the Microsoft Download Center.
Enable the Management of Microsoft 365 Apps for enterprise policy setting. You can find this policy setting under Computer ConfigurationPoliciesAdministrative TemplatesMicrosoft Office 2016 (Machine)Updates.
Method 3: Use the Office Deployment Tool to enable updates from Configuration Manager
You can use the latest version of the Office Deployment Tool to configure Office to receive updates from Configuration Manager.
To configure this capability, use a text editor, such as Notepad, to modify the configuration file for the Office Deployment Tool. In the Add element, include the OfficeMgmtCOM attribute and set its value to True, as seen in the following example.
We recommend that you also set the value of the Enabled attribute to True in the Updates element (note that this is the default setting). When OfficeMgmtCOM and Updates element are both set to true, updates are still delivered only by Configuration Manager. Note that the scheduled task Office Automatic Updates 2.0, which is registered during Microsoft 365 Apps installation, must remain enabled. That task initiates product configuration tasks such as channel management.
Enable Office 365 clients to receive updates from the Office CDN instead of Configuration Manager
If it meets your business and technical requirements, we recommend updating your client devices automatically from the Office CDN. To enable a device to receive updates from the Office CDN instead of from Configuration Manager, use one of the following methods:
Method 1: Use client policy in Configuration Manager to enable updates from the CDN
- In the Configuration Manager console, click Administration > Overview > Client Settings.
- Open the appropriate device settings to enable the client agent. For more information about default and custom client settings, see How to configure client settings in Microsoft Endpoint Configuration Manager.
- Click Software Updates and select No for the Enable management of the Office 365 Client Agent setting.
For more information, see client policy.
Manage Office 365 Add Ins
Method 2: Use Group Policy to enable updates from the CDN
Download and install the Administrative Template files (ADMX/ADML) for Office from the Microsoft Download Center.
Disable the Management of Microsoft 365 Apps for enterprise policy setting. You can find this policy setting under Computer ConfigurationPoliciesAdministrative TemplatesMicrosoft Office 2016 (Machine)Updates.
Important
The Microsoft Office Click-to-Run Service is responsible for registering and unregistering Office COM application during service startup. Change domain policy or Configuration Manager client settings require explicit Disable selection for Office COM to be successfully deregistered and restore default configuration. Toggling Management of Microsoft 365 Apps for enterprise via Group Policy or Client Settings for Configuration Manager from Enabled to Not Configured is not sufficient.
Contents of the Office 365 client update package for WSUS
The update package that Microsoft publishes to WSUS only appears in the WSUS catalog. It doesn't contain a copy of the updated version of Office that's on the Office CDN. Instead, it contains information that Configuration Manager needs to be able to download and distribute the updated version of Office.
The package contains a file named noop.exe. But, that file doesn't contain any code and shouldn't be downloaded or run.
For each update release there are different packages for each architecture and for each update channel. For example, for the May update release, there is a package for the 32-bit edition of Current Channel and a package for the 64-bit edition of Current Channel. In June, there will be two new packages for Current Channel, one for each architecture. The packages contain information so that Configuration Manager knows which packages are more recent than other packages. For example, that the June package supersedes the May package.
There aren't separate packages for the different Office clients. For example, an update package for the 32-bit edition of Current Channel has information about Microsoft 365 Apps for enterprise and Microsoft 365 Apps for business, as well as the subscription versions of the Project and Visio desktop apps.
-->You can manage Microsoft 365 user accounts in several different ways, depending on your configuration. You can manage user accounts in the Microsoft 365 admin center, PowerShell, in Active Directory Domain Services (AD DS), or in the Azure Active Directory (Azure AD) admin portal.
As soon as you purchase Microsoft 365, the Microsoft 365 admin center and PowerShell can be used to manage accounts. When managing cloud identities, every person in your organization has a separate user account name and password. If you want to integrate with your on-premises infrastructure and have user accounts synchronized with Microsoft 365, you can use Azure AD Connect to provide synchronization of identities and passwords for single sign-on (SSO) functionality.
Plan for where and how you will manage your user accounts
Where and how you can manage your user accounts depends on the identity model you want to use for your Microsoft 365. The two overall models are cloud-only and hybrid.
Cloud-only
You create and manage users in the Microsoft 365 admin center. You can also use PowerShell or the Azure AD admin center.
Hybrid
User accounts are synchronized with Microsoft 365 from AD DS, so you must use on-premises AD DS tools to manage user accounts.
Manage Office 365
Managing Accounts
When deciding which way your organization will create and manage accounts, consider the following requirements:
The directory synchronization software needs to be installed on servers within your on-premises environment to connect the identities between Microsoft 365 and your AD DS.
Any directory synchronization option, including SSO options, requires that your AD DS attributes meet standards. The specifics of what attributes are used in your directory and what cleanup (if any) is needed are described in Prepare for directory synchronization to Microsoft 365.
Plan how you are going to create Microsoft 365 accounts.
The following table lists the different account management tools.
Manage Office 365 Home Users
| Tool | Notes |
|---|---|
| Microsoft 365 admin center | Add users individually or in bulk Provides a simple web interface to add and change user accounts. Can't be used to change users if directory synchronization is enabled (location and license assignment can be set). Can't be used with SSO options. |
| Windows PowerShell | Manage Microsoft 365 with Windows PowerShell Allows you to add users in bulk users by using a Windows PowerShell script. Can be used to assign location and licenses to accounts, regardless of how the accounts are created. |
| Bulk import | Add several users at the same time Allows you to import a CSV file to add a group of users to Microsoft 365. Can't be used with SSO options. |
| Azure AD | You get a free edition of Azure AD with your Microsoft 365 subscription. You can perform functions like self-service password reset for cloud users, and customization of the Sign-in and Access Panel pages by using the free edition. To get enhanced functionality, you can upgrade to the basic edition, Azure AD Premium P1, or Azure AD Premium P2. See Azure AD editions for the list of supported features. |
| Directory synchronization | Integrating your on-premises identities with Azure AD For directory synchronization with or without password synchronization, use Azure AD Connect with express settings. For multiple forests and SSO options, use Custom Installation of Azure AD Connect. Provides the infrastructure that's necessary to enable SSO. Required for many hybrid scenarios such as staged migration and hybrid Exchange Synchronizes security and mail-enabled groups from your AD DS. |
Manage Office 365 Subscription
Regardless of how you intend to add the user accounts to Microsoft 365, you need to manage several account features, such as assigning licenses, specifying location, and so on. These features can be managed long-term from the Microsoft 365 admin center or you can also create user accounts with PowerShell.
If you choose to add and manage all your users through the admin center, you will specify the location and assign licenses at the same time as creating the Microsoft 365 account. As a result, not much planning is required.
Important
Creating accounts in Microsoft 365 without assigning a license (to SharePoint Online, for example) means that the account owner can view the Microsoft 365 center but can't access any of the services within your company's subscription. After you assign a location and the license, the account is replicated to the service or services that you assigned. The user can sign in to their account and use the services that you assigned to them.
Manage Office 365 Users
See also