Deploying Office on the desktop with Microsoft 365

Microsoft 365 has handy functionality to help administrators roll out software to Windows 10 machines that are connected directly to Office 365. One of these tools is the ability to roll out Office desktop software automatically. Here’s how you make it happen.

You’ll firstly need to have licensed Microsoft 365 in your tenant. Next, you’ll need to have user Windows 10 machines directly joined to Office 365.

You’ll then need to login to the Office 365 portal as an administrator and navigate to the Admin center as shown above.

In the Admin center you’ll find a Device actions tile as shown above.

In that tile you’ll see an option Manage Office Deployment. Select that.

If this is the first time you have configured these deployment options you’ll need to select the + Add a group at the top of the page.

In this case, the All Users group will be selected but you could certainly target the deployment at specific groups of users.

Click the Select button at the bottom of the page to continue.

Next you want to install or uninstall Office for the selected group of users. Here, we’ll select Install Office as soon as possible.

Click Next to continue.

Check that the configuration is correct and select the Confirm button at the bottom of the page.

Select Close on the next dialog to continue.

If you now move to the user’s Windows 10 machines that is connected to Office 365 and launch the Task Manager you’ll be able to see how the process is executed on the desktop.

After a short time you’ll see an Office Deployment process kick off.

A short time later you’ll see a Microsoft Office Click-to-Run (SxS) process commence.

You may see multiple versions of this process running throughout.

Next, you’ll see the Microsoft Office Click-to-Run Integrator process kick off.

If you continue to monitor the running processes you’ll see installation processes for Office applications like OneDrive and Skype for Business run.

When the user runs an Office application for the first time they will prompted to Accept some terms and conditions then continue as shown above.

When the Office software launches it will automatically be logged in as the user so there is nothing more for the user to do.

The whole deployment process is completely silent and user receives no prompts until they run an Office application for the first time. If you want to see what’s happening you’ll need to look in the Windows Task Manager as shown here.

So, if you use Windows AutoPilot you can also deploy Windows 10 automatically to a desktop. Thus, with Microsoft 365, an administrator can automatically deploy both Windows 10 and Office software to an Office 365 user’s desktop without the need to even see the desktop or the user!

This is just the beginning of what you can do with Microsoft 365 so stay tuned for more articles on how using Microsoft 365 makes it easier for IT Administrators.

Introduction to Windows Autopilot

Microsoft has introduced a new technology called Windows Autopilot that allows you to easily deploy Windows 10 Professional and Enterprise machines with nothing more than just an Internet connection.

A good way to get a feel of how all this works in practice is to use a Virtual Machine (VM) as a test bed which is what I’ll show you here.

The first thing is that you are going to need to get some information about the machine so that it can be recognised by Windows Autopilot when it is provisioned. Normally, this information will be provided directly by the manufacturer of the PC, but here’s how it actually works behind the scenes.

For this test process we start by running up a new clean virtual machine with Windows Professional installed.

Once the machine is running (we don’t need to worry about connecting to Azure or a domain just yet), we need to run PowerShell as an administrator so we can extract the required information.

The first PowerShell command that needs to be run is:

wmic bios get serialnumber

record the number that it produces.

Next, run the PowerShell command:

Get-ItemPropertyValue “hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DefaultProductKey\” “ProductId”

once again, record the number that is output.

Finally, run these two commands:

$wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter “InstanceID=’Ext’ AND ParentID=’./DevDetail’”

$wmi.DeviceHardwareData | Out-File “$($env:COMPUTERNAME).txt”

This will create a file containing machine identification information, basically a hash.

This file will be written to the location from which the PowerShell command was run. By default this will be c:\windows\system32.

If you open the text file created (which has the name of the machine) it should appear like that shown above.

With all the information safely recorded, you can now run SYSPREP to generalise the machine and reboot or blow away the version of Windows (but not the actual VM. That needs to be retained so it is correctly identified during the coming provisioning process).

You need to now create a .CSV file to upload so that the machine can be identified at boot and provisioned. You can see the format of the file above.

Basically, the machine configuration file has at least 2 lines. The first is a heading line:

Device, Serial Number, Windows Product ID, Hardware Hash

The second line are the results from your PowerShell commands above separated by commas.

Ensure that you save the file as .CSV not .TXT!

You’ll now need to upload this file to the web. Navigate to:

https://businessstore.microsoft.com/

and login there with the Office 365 global administrator account for your tenant. This will typically be a tenant with Microsoft 365 licenses installed.

Once logged in the screen should appear like that shown above. Select the Manage option from the menu across the top of the page.

This should then take you to a screen like shown above. From the menu on the left hand side select Devices.

If this is the first device you’ve added to Windows Autopilot, you won’t see any existing devices.

Select the + Add devices menu option just under the Search devices box.

Navigate to the location of the .CSV file you created earlier that contains the information about your test VM. Select the file to upload it to the portal.

Since there are currently no deployment groups you’ll be asked to add a new one as shown above. Simply enter a group name and select Add.

The file should successfully upload to the portal and you’ll see a message telling you that it is being currently processed and you should refresh your screen to see the progress.

When the process is complete, you’ll get a happy green bar across the top and you’ll also see you machine listed below as shown above.

You’ll now need to create a profile for the deployment of Windows. Select the menu option AutoPilot deployment from the menu just above the list of devices as shown. From the menu that appears select Create new profile.

Give the new profile a name (here Test-Policy) and select any other desired settings.

Select the Create button when complete.

That will take you back to the list of devices. You’ll now need to apply the new profile you just created to the machine you have just added.

To do this, select the machine from the list.

Then select the option to Apply the appropriate policy.

Most of what we have just done will actually be done by the PC supplier down the track. They will basically get the details of each PC prior to shipment and upload that into the portal where you can then create and apply policies. We have stepped through the whole process here because we are using a virtual machine and to show you what actually happens.

The idea at this point is the new Windows 10 machine is shipped out to the end user. The only requirement the user needs to have is their Office 365 login details plus an Internet connection.

If we now re-provision the original machine it will boot to a point and ask the user to confirm their regional preference.

Make a select and press Yes.

They will then be prompted for a keyboard layout.

Make a selection and press Yes.

The use will also be prompted for any additional keyboard configuration. In most cases the user will select Skip here.

At this point the new machine will check to see whether it is connected to the Internet. If it detects a wifi network it will prompt the user to login. This means the machine can be provisioned ANYWHERE there is an internet connect (i.e.at home, at a coffee shop, etc). It doesn’t need to be connected to the corporate LAN.

The next prompt will ask the user to login with their Office 365 account. This is their Azure AD account which is the same as they use to login to the Office 365 portal.

The user will now be prompted for their password.

The machine will now add itself to the Office 365 Azure AD and apply any policies that have been configured. I’ll cover the deployment of custom policies and application deployment in another article.

After a few moments the user will be logged into the Windows 10 machine and will display the information from their Office 365 account as shown above.

You will also find that the machine has been joined to Azure AD as shown above.

If you dig into the user accounts on the machine you will find that there are no local accounts enabled as we elected back when we set up the initial AutoPilot profile in the portal.

Now, thanks to Windows Autopilot, we have quickly and easily deployed a new Windows 10 machine without the need for administrative intervention (such as joining to a domain). This machine is now directly connected to Azure AD and any Office 365 user can now login.

Although this process has been done using a virtual machine it can be done with any Windows 10 Pro or Enterprise machine. The main requirement is to get the machine information into the web portal so that it can be identified and provisioned at boot. Obtaining that information is as simple as a few PowerShell commands so you can try it for yourself to get a feel of how well it works.

For more information on Windows Autopilot visit – https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot

CIAOPS Need to Know Office 365 Webinar–October 2017

laptop-eyes-technology-computer

October is going to be very busy and hopefully not unlucky as I am scheduling this month’s free Office 365 webinar on Friday the 13th of October from 11am – 12pm. There is heaps of news to cover from the recent Microsoft Ignite conference in Orlando but we’ll also be taking a closer look at OneDrive during our deep dive section.

You can register for free at:

October Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – October 2017
Friday 13th of October 2017
11am – 12am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

There of course will also be open Q and A so make sure you bring your questions for me and I’ll do my best to answer them.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session.

Introduction to Microsoft 365

Introduction to Microsoft 365 from Robert Crane

Here’s a brief introduction to Microsoft 365. Inside you’ll learn what the product is and how it is important for customers and resellers.

An introduction to Microsoft 365

At the Microsoft Inspire conference back in July 2017 Microsoft 365 was announced. In essence, it is a combination of 3 core products – Office 365, Windows 10 and part of the Enterprise Mobility Suite.

Microsoft 365 will come in two flavours – Business and Enterprise with different capabilities an inclusions as you can see from the following table.

The Microsoft 365 Enterprise plans are further broken up to an Microsoft 365 Enterprise E3 and Enterprise E5 offering. The prices shown in this table are US$.

Currently, the Microsoft 365 Enterprise offerings are available for purchase while it is expected the Microsoft 365 Business plans will be available before calendar (2017) year’s end. You can however, apply to obtain a trial of Microsoft 365 Business and you should do so through your distributor.

The power of Microsoft 365 is that it extends the functionality of Office 365 to environments that are moving more and more to the cloud. Doing so means many of the devices that access information are no longer inside or connected to a traditional network. This means a different set of tools and capabilities needs to be adopted to manage and secure this environment.

Likewise, customers expectations are to be up and running quickly with the latest software, no matter where they are and no matter what device they are all on. IT also expects to be able to manage and secure these devices and information from a single location. These are the benefits Microsoft 365 brings users and IT.

Technology is no longer about single monolithic solutions loosely coupled together. It is about making life easier and more productive for users and IT. It means being able to do all this via a single login and from a single console. That is what Microsoft 365 provides.

You’ll still get all the flexibility of Office 365, like the ability to mix and matches licenses with Microsoft 365. You’ll also get access to the latest updates and features of the products now and into the future and if you are a reseller you’ll also get the opportunity to help your customers solver more business challenges from within the Microsoft stack. This means more opportunity for your business.

I really like that Microsoft 365 brings together the best of Office 365 and Azure for customers. It does all this via a single identity and a feature set that continues to improve. If you haven’t as yet, take a look at Microsoft 365.