Best practices: Management for enterprise managed

The Best Practices Guide includes deployment recommendations and real-world examples from the Office 365 Product Group and delivery experts from Microsoft Services. For a list of all the articles, see Best practices.

Enterprise Managed wants to apply GPO management to their Office 365 ProPlus systems and to test specific scenarios that they are likely to encounter.

The items are:

  • Configure infrastructure

  • License users

  • Add languages

  • Remove languages

  • Add OneDrive

  • Roll back a build

  • Switch channels

  • Configure policy

    • Group Policy for desktops

    • Additional Group Policy objects for VDI

    • Group Policy for OneDrive for Business

Configure infrastructure and maintain network, ports, and protocols

Office 365 is a cloud service; therefore, it requires Internet access. If you manage by URL, then updates are less frequent and typically only needed when new products or features are released. However, if you manage by IP address range, then changes occur more often. The following page should be referenced and subscribed to in an RSS feed: Office 365 URLs and IP address ranges.

License users

See Assign licenses to user accounts with Office 365 PowerShell.

Add languages

The ProductID="LanguagePack" element lets you add languages to an existing Office 365 client install without needing to know its existing configuration settings.

<Configuration>
  <Add OfficeClientEdition="32">
    <Product ID="LanguagePack">
      <Language ID="es-es" />
    </Product>
  </Add>
</Configuration> 

Remove languages

The remove element lets you remove a language from an existing Office 365 client install.

<Configuration>
  <Remove>
    <Product ID="O365ProPlusRetail">
      <Language ID="es-es" />
    </Product>
  </Remove>
</Configuration> 

OR

<Configuration>
  <Remove>
    <Product ID="LanguagePack">
      <Language ID="es-es" />
    </Product>
  </Remove>
</Configuration> 

Add OneDrive

By removing the application exclude statement from the install XML file, it will include the application when it is re-run.

<Configuration>
  <Add OfficeClientEdition="32" Channel="Current" OfficeMgmtCOM="TRUE">
    <Product ID="O365ProPlusRetail">
      <Language ID="en-us" />
    </Product>
  </Add>
</Configuration> 

Roll back a build

Enterprise Managed can leverage their existing software distribution tool, System Center Configuration Manager, to perform a client rollback. For step-by-step guidance on performing a rollback using the OfficeC2RClient.exe update engine, seeChannel management.

Switch channels

To change a user's channel membership, see Channel management.

Configure policy

We highly recommend that you periodically check for new GPO templates. As new Office features are rolled out, GPOs are often updated and new Office management GPOs are released.

Office 2016 Administrative Template files (ADMX/ADML) and Office Customization Tool.

Additional Group Policy for VDI

An additional GPO should be considered for Outlook and Cached Mode for VDI. Enterprise Managed has set the value to 3 days.

Group Policy for OneDrive

See Administrative settings for the OneDrive for Business Next Generation Synch Client.

Enterprise Managed Mac Client Updates

Similar to Office 365 ProPlus, Microsoft provides new builds that contain application updates. This means that individual security or feature updates cannot be downloaded or installed. However, with a locally managed deployment, admins can select which applications to apply updates to. Office 2016 for Mac has a program named Microsoft AutoUpdate to automatically check for updates daily. Microsoft AutoUpdate can be configured to daily, weekly, monthly, or manually depending on preferences.

Because Enterprise Managed has an existing Mac software distribution tool, Microsoft AutoUpdate should be configured to manually download the updates to the local network. They can then use the existing software distribution tool to deploy the updates to the Mac clients.