Best practices: Management for enterprise managed
The Best Practices Guide includes deployment recommendations and real-world examples from the Office 365 Product Group and delivery experts from Microsoft Services. For a list of all the articles, see Best practices.
Enterprise Managed wants to apply GPO management to their Office 365 ProPlus systems and to test specific scenarios that they are likely to encounter.
The items are:
Roll back a build
Group Policy for desktops
Additional Group Policy objects for VDI
Group Policy for OneDrive for Business
Configure infrastructure and maintain network, ports, and protocols
Office 365 is a cloud service; therefore, it requires Internet access. If you manage by URL, then updates are less frequent and typically only needed when new products or features are released. However, if you manage by IP address range, then changes occur more often. The following page should be referenced and subscribed to in an RSS feed: Office 365 URLs and IP address ranges.
The ProductID="LanguagePack" element lets you add languages to an existing Office 365 client install without needing to know its existing configuration settings.
<Configuration> <Add OfficeClientEdition="32"> <Product ID="LanguagePack"> <Language ID="es-es" /> </Product> </Add> </Configuration>
The remove element lets you remove a language from an existing Office 365 client install.
<Configuration> <Remove> <Product ID="O365ProPlusRetail"> <Language ID="es-es" /> </Product> </Remove> </Configuration>
<Configuration> <Remove> <Product ID="LanguagePack"> <Language ID="es-es" /> </Product> </Remove> </Configuration>
By removing the application exclude statement from the install XML file, it will include the application when it is re-run.
<Configuration> <Add OfficeClientEdition="32" Channel="Current" OfficeMgmtCOM="TRUE"> <Product ID="O365ProPlusRetail"> <Language ID="en-us" /> </Product> </Add> </Configuration>
Roll back a build
Enterprise Managed can leverage their existing software distribution tool, System Center Configuration Manager, to perform a client rollback. For step-by-step guidance on performing a rollback using the OfficeC2RClient.exe update engine, see Channel management.
To change a user's channel membership, see Channel management.
We highly recommend that you periodically check for new GPO templates. As new Office features are rolled out, GPOs are often updated and new Office management GPOs are released.
Additional Group Policy for VDI
An additional GPO should be considered for Outlook and Cached Mode for VDI. Enterprise Managed has set the value to 3 days.
Group Policy for OneDrive
Enterprise Managed Mac Client Updates
Similar to Office 365 ProPlus, Microsoft provides new builds that contain application updates. This means that individual security or feature updates cannot be downloaded or installed. However, with a locally managed deployment, admins can select which applications to apply updates to. Office 2016 for Mac has a program named Microsoft AutoUpdate to automatically check for updates daily. Microsoft AutoUpdate can be configured to daily, weekly, monthly, or manually depending on preferences.
Because Enterprise Managed has an existing Mac software distribution tool, Microsoft AutoUpdate should be configured to manually download the updates to the local network. They can then use the existing software distribution tool to deploy the updates to the Mac clients.