Presentation is loading. Please wait.

Presentation is loading. Please wait.

Solving Office 365 Client Deployment Scenarios

Published byClaud Reynolds Modified over 6 years ago

Similar presentations

Presentation on theme: "Solving Office 365 Client Deployment Scenarios"— Presentation transcript:

1 Solving Office 365 Client Deployment Scenarios
Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers

2 Course Topics Solving Office 365 Client Deployment Scenarios
01 | System Center Configuration Manager (SCCM) Deployment Best Practices 02 | Multi-language Deployment Considerations for Office 365 ProPlus 03 | Office 365 ProPlus with Azure Rights Management Services for IRM/Encryption 04 | Controlling access to Office 365 ProPlus & Services 05 | Office 365 and Exchange Migration Troubleshooting Common Gotchas 06 | New Office 365 ProPlus Customizations via Group Policy or XML 07 | New Updating and Repair Command-Line Options for Office 365 ProPlus

3 New Office 365 ProPlus Customizations via Group Policy or XML
Module 6: New Office 365 ProPlus Customizations via Group Policy or XML Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers

4 Module Overview Security Compliance Manager
Critical/Important vs EC & SSLF* Commonly-set Group Policies by large Enterprises Group Policies for Managing Updates Excluding apps XML, App-V and AppLocker Shared computer activation *We’ll define and explain EC & SSLF.

5 Security Compliance Manager

6 Security Compliance Manager
Security Baselines for Office 2007, 2010, 2013/Office 365 ProPlus Includes Office Security Guide covering the areas of Data Confidentiality, Integrity, Availability and Implementation Security in Office 365 Whitepaper Critical/Important security settings vs Enterprise Client (EC) & Specialized Security – Limited Functionality (SSLF) Where do I find the latest Office 2013/Office 365 ProPlus baselines? Security Compliance Manager Key SCM Features: (From: Baselines based on Microsoft security guide recommendations and industry best practices: These baselines are designed to help you manage configuration drift, address compliance requirements, and reduce security threats. Centralized security baseline management features: These include a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies. Updated security guides: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks, to help reduce the most important security risks for your organization. Understanding the new Security Classifications The recommended settings for Critical (formerly Enterprise Client (EC)) environments are for organizations that seek to balance security and functionality. Typical security-conscious enterprises, government departments, and other organizations should start with the Critical recommendations and customize them to meet their individual circumstances and requirements. The recommended settings for Important (formerly Specialized Security - Limited Functionality (SSLF)) environments are for organizations with very stringent security standards, and for which security is more important than application functionality. These settings are designed for organizations and departments with national security responsibilities or that handle highly classified information. You may choose to apply the Important settings to a subset of the computers in your organization, or balance the Critical and Important recommendations to fit your needs. Where to obtain the latest Office 2013/Office 365 ProPlus Security Compliance Manager Baselines (as of this writing): (baseline) (attachments)

7 a look at the security compliance manager
demo As of this writing, you may not immediately find the Office 2013 / Office 365 ProPlus Security Compliance Manager Baselines. In this demo, we’ll show you how to obtain and review the new security baselines and reference material. Where to obtain the latest Office 2013/Office 365 ProPlus Security Compliance Manager Baselines (as of this writing): (baseline) (attachments) a look at the security compliance manager

8 Commonly-set Office Group Policies seen in the field

9 Commonly-set Group Policies seen in the field
Common customer question, but no two environments are the same Always consider all security-related settings Beyond that, consider these common settings ~2200 settings available, here are the top 40 we most commonly see Best practice tip! – Always check for the latest Office Administrative Templates monthly With so many diverse customer environments, it is difficult to come out with a single article that describes which Microsoft Office group policy settings should be enabled. With that in mind, we must set the expectation that this section is not an official recommendation nor mandatory requirement. This section is an unofficial collection of the most common settings that we see customers implement. Always consider all security-related settings and then consider the settings discussed here. In no particular order, consider the following commonly-set settings to enable or disable: (Search these keywords in the Administrative Templates spreadsheet included in the admintemplates.exe download) Default UI Theme* Disable Opt-in Wizard on first run Show OneDrive Sign In Automatically activate Office with federated organization credentials Block signing into Office (ie. allow Organizational Accounts only) Disable First Run Movie Enable Automatic Updates Turn on telemetry data collection Turn on data uploading for Office Telemetry Agent Online Content options Service Level options Enable Customer Experience Improvement Program Automatically receive small updates to improve reliability Hardware graphics acceleration Update Path, Target Version, Update Deadline Display enterprise themes only (PowerPoint only) Prevent users from adding PSTs Prevent users from adding new content to existing PST files PST Absolute maximum size PST Size to disable adding new content Best Practice Tip! - Always check for the latest Office Administrative Templates monthly*: And update all of your administrative template locations. *If you do not have the latest Administrative Templates, you might not find all settings referenced above.

10 Which group policies do customers frequently enable?
demo NOTE: With so many diverse customer environments, it is difficult to come out with a single article that describes which Microsoft Office group policy settings should be enabled. With that in mind, we must set the expectation that this section is not an official recommendation nor mandatory requirement. This section is an unofficial collection of the most common settings that we see customers implement. Always consider all security-related settings and then consider the settings discussed here. In no particular order, consider the following commonly-set settings to enable or disable: (Search these keywords in the Administrative Templates spreadsheet included in the admintemplates.exe download) Default UI Theme* Disable Opt-in Wizard on first run Show OneDrive Sign In Automatically activate Office with federated organization credentials Block signing into Office (ie. allow Organizational Accounts only) Disable First Run Movie Enable Automatic Updates Turn on telemetry data collection Turn on data uploading for Office Telemetry Agent Online Content options Service Level options Enable Customer Experience Improvement Program Automatically receive small updates to improve reliability Hardware graphics acceleration Update Path, Target Version, Update Deadline Display enterprise themes only (PowerPoint only) Prevent users from adding PSTs Prevent users from adding new content to existing PST files PST Absolute maximum size PST Size to disable adding new content Which group policies do customers frequently enable?

11 Group Policies for managing updates for Office 365 ProPlus

12 New Group Policy settings for managing updates

13 new group policy settings for managing updates
demo new group policy settings for managing updates

14 Excluding apps in Office 365 ProPlus

15 Excluding apps in Office 365 ProPlus
Via the Configuration XML With App-V 5.0 SP2 AppLocker Azure RemoteApp* Note: When excluding apps with configuration.xml, an online repair will add the excluded app back. For ultimate enforcement, use App-V or AppLocker. Azure RemoteApp* is in preview mode. As of this writing, search for the Azure RemoteApp trial/preview to test it out yourself!

16 excluding apps in office 365 proplus
demo Note: When excluding apps with configuration.xml, an online repair will add the excluded app back. For ultimate enforcement, use App-V or AppLocker. Azure RemoteApp* is in preview mode, as of this recording. As of this writing, search for the Azure RemoteApp trial/preview to test it out yourself! excluding apps in office 365 proplus

17 Shared computer activation

18 Shared computer activation
Office 365 ProPlus subscription license is valid for up to 5 device-activations Previously not ideal for shared computer environments such as most municipalities (hospitals, police/fire stations) When enabled, shared computer activation does not decrement from the user’s 5 device-activation allotment

19 shared computer activation
demo Prior to shared computer activation, a nurse in a hospital environment may log into 10 different shared computers in the course of an average work day. The 5 device-activation limit would likely be reached in a single day! In this demo, we will show you how the new shared computer activation works. Better yet, with ADFS, this is seamless to the user. Without ADFS, the user will be prompted for the subscription license address. With ADFS, activation will automatically utilize their logged-in credentials in passing the ADFS token to Azure AD and back. shared computer activation

20 Resources

21 Resources Office 365 ProPlus Deployment for IT Pros
Additional MVA course: Office 365 ProPlus Deployment for IT Pros it-pros Office Blogs and Garage Series for IT Pros Additional MVA course: Office 365 Deployment for IT Pros Office Blogs and Garage Series for IT Pros

22

Download ppt "Solving Office 365 Client Deployment Scenarios"

Similar presentations

Business Development Suit Presented by Thomas Mathews.

Business Development Suit Presented by Thomas Mathews.
Office 365 ProPlus Managing Updates.

Office 365 ProPlus Managing Updates.
Office 365 ProPlus: Expanding Your Deployment Skills Yoni Kirsh Ben Fletcher OSS301.

Office 365 ProPlus: Expanding Your Deployment Skills Yoni Kirsh Ben Fletcher OSS301.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
Module 7: Fundamentals of Administering Windows Server 2008.

Module 7: Fundamentals of Administering Windows Server 2008.
Managing User Desktops with Group Policy

Managing User Desktops with Group Policy
Module 9 Configuring Messaging Policy and Compliance.

Module 9 Configuring Messaging Policy and Compliance.
New SharePoint 2016 Features

New SharePoint 2016 Features
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Module 7 Planning and Deploying Messaging Compliance.

Module 7 Planning and Deploying Messaging Compliance.
Alessandro Cardoso, Microsoft MVP Creating your own “Private Cloud” with Windows 10 Hyper- V WIN443.

Alessandro Cardoso, Microsoft MVP Creating your own “Private Cloud” with Windows 10 Hyper- V WIN443.
Michael Niehaus Using the Windows Store for Business: New Capabilities for Managing Apps in the Enterprise WIN335.

Michael Niehaus Using the Windows Store for Business: New Capabilities for Managing Apps in the Enterprise WIN335.
Terry Roe Technical Specialist. About your Presenter 3 yrs with Microsoft 20 yrs in Enterprise Software 12 in Finance, Operations and Marketing in Industrial.

Terry Roe Technical Specialist. About your Presenter 3 yrs with Microsoft 20 yrs in Enterprise Software 12 in Finance, Operations and Marketing in Industrial.
Microsoft Virtual Academy Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers.

Microsoft Virtual Academy Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers.
Microsoft Virtual Academy Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers.

Microsoft Virtual Academy Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers.

Similar presentations

Ads by Google