All posts by Author

Whats new in Microsoft 365 Roadmap today? 15th Decemeber 2020

Additions : 7
Updates : 7

New FeaturesCurrent Status
Excel: Notes in Excel on the webIn Development
Outlook for Windows: Send email from your proxy email address (alias)In Development
Excel: Use ink and highlighter to annotate in Excel on the webIn Development
Excel: Change Regional Format settings in Excel for the webIn Development
Excel: Switch Office themes automatically to match Windows 10In Development
Microsoft Teams meeting recordings saved to OneDrive & SharePoint for GCC-High and DoDIn Development
Excel: Ink editor support in Excel OnlineIn Development
Updated FeaturesCurrent StatusUpdate Type
Microsoft Teams: Meeting Attendee DashboardIn DevelopmentTitle, Description
Microsoft Search: PowerBI results with Microsoft Search in SharePoint and Office.comLaunchedStatus
Microsoft Teams: Custom Meeting ImagesRolling OutDescription
One Drive: Create Shared LibraryLaunchedStatus
Microsoft Teams: Include computer sound when sharing a Desktop or Window on MacIn DevelopmentTitle
Microsoft Teams: Include computer sound when sharing a Desktop or Window on MacIn DevelopmentTitle
Windows Virtual Desktop: IT admins can use MSIX app attach from the Azure portal to reduce image management overheadLaunchedStatus

Regards
The Author – Blogabout.Cloud

OneDrive: Exclude specific files from sync

Admins can exclude “newly added files” (key words there) from syncing to the cloud by file name or extension. So how do we achieve this?

Install the OneDrive sync app for Windows. (To see which builds are releasing and download builds, go to the release notes.) Installing the sync app downloads the .adml and .admx files.

Browse to %localappdata%\Microsoft\OneDrive\BuildNumber\adm\ (for per-machine sync app browse to C:\Program Files (x86)\Microsoft OneDrive\BuildNumber\adm), to the subfolder for your language, as necessary (where BuildNumber is the number displayed in sync app settings on the About tab).

Copy the .adml and .admx files.

Paste the .admx file in your domain’s Central Store, \\domain\sysvol\domain\Policies\PolicyDefinitions (where domain is your domain name, such as corp.contoso.com), and the .adml in the appropriate language subfolder, such as en-us. If the PolicyDefinitions folder does not exist, see How to create and manage the Central Store for Group Policy Administrative Templates in Windows, or use your local policy store under %windir%\policydefinitions.

Launch yout Group Policy Management Editor, either create or modify an existing GPO Object.
Broswe to Computer Configuration –> Policies –> Administrative Remplate Policy Definitions –> OneDrive

Here you will find the new Exclude specific kinds of files from being uploaded policy

From here you can enable

then specifiy files or extensions you want to exlude from being synchronized using OneDrive.

Important Note

Once the Group Policy Object is applied it will only exclude “NEW FILES ONLY” and Microsoft Office files are currently not supported.

Thank you Hans Brender for point this out, please check out his blog post https://hansbrender.com/2020/11/23/onedrive-update-exclude-specific-kinds-of-files-from-being-uploaded/

This configuration policy has yet to be released for Microsoft Endpoint Manager 🙁 but no doubt Microsoft will include this in the future to keep the Cloud-First approach rolling.

Regards
The Author – Blogabout.Cloud

Improvements for PowerShel scripts in Microsoft Endpoint Manager – Good or Bad?

As a big adovcate of PowerShell Scripts in Microsoft Endpoint Manager, I definitely welcome the recent changes which Microsoft have implemented. This will have some positive effects on most organisations but maybe not as welcomed by others and heres why?

In my experience some organisations like to leverage PowerShell to modify applications that have been installed using Win32 apps. An example I have experience within this space is Java ( Oh the horror ). This organisation still required a fat install of java to run a legacy application and Java was inserted using GPO with reg hive modified to prevent the regular and annoying pop up for updates.

So to address this we installed Java via W32 apps and used a PowerShell script from Microsoft Endpoint Manager to modify the key.

What you will probably need to do is allow your script to fail. Once the script has failed, the Win32 apps will then be installed, and If the script fails, the Intune management extension agent retries the script three times for the next three consecutive Intune management extension agent check-in. The check in period is every 60 minutes so in that time you should have succesfully installed all Win32 apps.

Here is the new channges for PowerShell scripts.

PowerShell scripts execute before apps, and time out reduced

There are some updates to PowerShell scripts:

  • Microsoft Intune management extension execution flow is reverted back to processing PowerShell scripts first, and then running Win32 apps.
  • To resolve an Enrollment Status Page (ESP) time out issue, PowerShell scripts time out after 30 minutes. Previously, they timed out after 60 minutes.

For more information, see Use PowerShell scripts on Windows 10 devices in Intune.

Regards
The Author – Blogabout.Cloud

Whats new in the Microsoft 365 Roadmap from the weekend? 12/13th December 2020

Additions : 3
Updates : 3

New FeaturesCurrent Status
Outlook: Outlook on the web – Share to Microsoft TeamsIn Development
Microsoft Teams: Simplified Global Notification Settings for GCC-High and DoDIn Development
Forms: Default alert policies for phishing activities added to Microsoft 365 security and compliance centerIn Development
Updated FeaturesCurrent StatusUpdate Type
Microsoft Teams: Simplified Global Notification Settings for GCCIn DevelopmentTitle
Microsoft Teams: End-of-meeting notificationsRolling OutStatus
Microsoft Search: Dynamic height for resultsRolling OutStatus

Regards
The Author – Blogabout.Cloud

HowTo: Defining your Password Expiration from your Office 365 tenant

Sometimes you may come across special cases where either your customer or your own organization might need to implement a solution that increases your security footprint. This post is no different and is inspired by the MS-100 exam which I have recently taken and passed.

During the lab questions I was asked how would you change the Password expiration policy to 180 days. So lets get to it…

Launch http://admin.microsoft.com and select Setting + Org Settings and then Securiy & Privacy.

Select Password expiration policy

Tick Set user passwords to expire after a number of days

Specify your requirement for each field and press Save.

Regards
The Author – Blogabout.Cloud

Whats new in the Microsoft 365 Roadmap today? 11th December 2020

Additions : 1
Updates : 7

New FeaturesCurrent Status
Microsoft Planner: Sync Message Center posts to Planner – Government CloudsIn Development
Updated FeaturesCurrent StatusUpdate Type
Microsoft Teams: Outlook Email IntegrationsCancelledStatus, Description
Microsoft Teams: Virtual Breakout RoomsLaunchedStatus
OneDrive: Exclude specific files from syncRolling OutStatus
Microsoft Teams: new Teams meeting pre-join experienceLaunchedStatus
Forms: Specific User Sharing for Response CollectionRolling OutStatus
Microsoft Teams: Full screen support in new meetings experienceLaunchedStatus
Microsoft Teams: EHR connector for virtual visits in healthcareRolling OutStatus

Regards
The Author – Blogabout.Cloud

HowTo: Ensure your end user are prompted for MFA when enrolling Windows 10 devices. Conditional Access to the rescue

Sometimes you may come across special cases where either your customer or your own organisation might need to implement a solution which increases your security footprint. This post is no different and inspired from the MS-100 exam which I have recently taken and passed.

During the lab question I was asked how you would implement MFA for end user who want to enroll Windows 10 devices. So lets get to it…

Launch http://endpoint.microsoft.com and select Device + Conditional Access

Select New Policy

Provide your policy a “Name”
Select the user(s) or group(s) you want to apply the policy to
Click Cloud apps and actions – Click Select Apps and search then select Microsoft Intune Enrollment.

Under Grant – Select Require multi-factor authentication

Select on to enable the policy

Heres the process I had to go through to join a Windows 10 device to my tenant with MFA.

In the below screenshot is a configuration setting I have in my tenant for defining if devices are Corporate or Personally owned

All my corporate apps are now available for install.

Regards
The Author – Blogabout.Cloud

Whats new in the Microsoft 365 Roadmap today? 10th Decemeber 2020

Additions : 2
Updates : 10

New FeaturesCurrent Status
Microsoft Information Protection: Office 365 Advanced Message Encryption – Email revocation by end userIn Development
Microsoft Teams: Share System Audio on MacIn Development
Updated FeaturesCurrent StatusUpdate Type
SharePoint: Enable modern communication site experience on classic sitesLaunchedDescription
Microsoft Information Protection: Double Key EncryptionLaunchedDescription
Microsoft Teams: Customizable Praise BadgesLaunchedStatus
Microsoft Teams: Multi-Window ChatIn DevelopmentStatus
SharePoint: Site Performance Page for Site Owners and EditorsLaunchedStatus
Microsoft Teams: Link thumbnail preview in AssignmentsRolling OutStatus
Cortana: Briefing Email support for SpanishRolling OutStatus
Microsoft Teams: Theme and icon updatesIn DevelopmentStatus
SharePoint admin center: OneDrive settingsCancelledStatus, Description
Microsoft Teams: PowerPoint File Sharing in DODIn DevelopmentTitle

Regards
The Author – Blogabout.Cloud

Dealing with Missing Languages Packs in Microsoft Apps for Enterprise

Sometimes, you may come across an issue the required language pack is missing from your specified SourcePath location. As an administrator for your network may have not downloaded it or removed it by accident. In the event this may or may not happen, Microsoft recommends that you specify a backup language and allow the Office 365 Deployment Tool to use the Office CDN (Content Delivery Network) for missing files.

To do is you will need to ensure that the required languages are specified in the XML and AllowCdnFallback is set to true, as the ODT will use source files from the Office CDN to complete the installation successfully.

<Add SourcePath="\\Server\Share" 
     OfficeClientEdition="32"
     Channel="SemiAnnual" 
     AllowCdnFallback="True">
  <Product ID="O365ProPlusRetail">
      <Language ID="en-us" />
      <Language ID="ja-jp" />
  </Product>
</Add>

Regards
The Author – Blogabout

Microsoft Apps for Enterprise Part 1 – Understanding the core Configuration.xml

Microsoft Apps for Enterprise (formally known as Click to Run) has been a massive part of my consultancy / implementation career going back to the very first day I implemented it for a customer in 2013. Since then I have earned a number of scars from implementations where things have always gone to plan due to the limitations within the product at the time or because a customer network just couldn’t handle the download of an .OST file 50 users.

So lets begin with a typical configuration.xml file as shown below;

<Configuration>
  <Add SourcePath="\\Server\Share" 
       OfficeClientEdition="32"
       Channel="SemiAnnual" >
    <Product ID="O365ProPlusRetail">
      <Language ID="en-us" />
    </Product>
    <Product ID="VisioProRetail">
      <Language ID="en-us" />
    </Product>
  </Add>
  <Updates Enabled="TRUE" 
   UpdatePath="\\Server\Share" />
   <Display Level="None" AcceptEULA="TRUE" />  
</Configuration>

Lets dive in by first saying, when modifying the configuration.xml you need to be careful of the following;

Case – One thing I have seen many times where people have been caught out is where case has been changed for example;

Add to add, Product ID to product id

So lets look at the Add Element of the configuration.xml

SourcePath

This defines where the installation files for Microsoft Apps for Enterprise are stored using the /download switch. In many of my deployments, organisations have specified a network location. The reasoning behind this allows the organization to control the update of Features/Functionality as many organizations have 3rd party add-ins that maybe affected by a newer release.

“\\Server\Share”

One of the best parts of SourcePath, its optional. If you blank out the path like below;

<Configuration>
  <Add SourcePath=""        
</Configuration>

Once all the installation files are pulled down into the SourcePath if a modification happens to the configuration.xml and the /download switch is ran. The Office Deployment Tool will conserve your network bandwidth by downloading only the missing files.

OfficeClientEdition

This defines whether the 32-bit or 64-bit edition of Microsoft 365 Apps is downloaded or installed. If Office is not installed on the device and OfficeClientEdition is not specified, the ODT will default to the 64-bit edition, unless the device is running a 32-bit edition of Windows or has less than 4 GB RAM.

If Office is installed and OfficeClientEdition not specified again, the Office Deployment Tool will match the architecture of the existing installation of Office.

If Office is installed and OfficeClientEdition is specified, then it must match the already installed architecture. If it doesn’t, the installation will fail, since mixed architectures are not supported.

Allowed values:

  • OfficeClientEdition=”64″
  • OfficeClientEdition=”32″

Again following an on going theme which you will see throughout this post. Is option is again, Optionally and will use the intelligence above.

Channel

This defines which channel to use for installing Office. If Office is not installed on the device, the default setting for the Channel attribute is Current. If Office is installed on the device and the channel attribute is not specified, the Office Deployment Tool will match the channel of the existing installation.

Now in my experience, the allowed values are not set in stone, Microsoft loves changing the name to fit their approach. So as of December 2020 the below names are currently valid.

Allowed values:

  • Channel=”BetaChannel”
  • Channel=”CurrentPreview”
  • Channel=”Current”
  • Channel=”MonthlyEnterprise”
  • Channel=”SemiAnnualPreview”
  • Channel=”SemiAnnual”

Important Note

– To use these attribute values, you need to be using at least version 16.0.12827.20268 of the Office Deployment Tool, which was released on Tuesday June 9, 2020.

– Previous allowed values for each update channel can still be used, which means you don’t have to update your older configuration XML files.

– Beta Channel (sometimes referred to as Insider Fast) is not a supported build so should only be used in test environments and by a small group of select users, such as IT staff or application developers.
Current ChannelMonthly Enterprise ChannelSemi-Annual Enterprise Channel
Recommended useProvide your users with new Office features as soon as they are ready, but on no set schedule.Provide your users with new Office features only once a month and on a predictable schedule.For select devices in your organization, where extensive testing is needed before rolling out new Office features. For example, to comply with regulatory, governmental, or other organizational requirements.
Release frequency1At least once a month (likely more often), but on no set scheduleOnce a month, on the second Tuesday of the monthOnce a month, on the second Tuesday of the month
Feature updates2As soon as they’re ready (usually once a month), but on no set scheduleOnce a month, on the second Tuesday of the monthTwice a year (in January and July), on the second Tuesday of the month
Security updates3

(if needed)
Once a month, on the second Tuesday of the monthOnce a month, on the second Tuesday of the monthOnce a month, on the second Tuesday of the month
Non-security updates2

(if needed)
Usually at least once a month (possibly more often), but no set scheduleOnce a month, on the second Tuesday of the monthOnce a month, on the second Tuesday of the month
Support duration for a given version4Until the next version is released with new features, which is usually about one monthTwo monthsFourteen months

1 For a list of release dates for these update channels, including version and build numbers, see Update history for Microsoft 365 Apps.

2 For information about what feature updates and non-security updates are included in a given release of these update channels, see Release notes for Microsoft 365 Apps releases.

3 For a list of security updates included in a given release of these update channels, see Release notes for Microsoft 365 Apps Security Updates

4 For a table that shows which version and build is currently supported for each of these update channels, see Update history for Microsoft 365 Apps.

So lets look at the Product ID Element of the configuration.xml

Now this is one of the most important elements understanding what version of Microsoft Office needs to be installed and as you can see the most install will be O365PlusRetail however, there many a need for other versions.

Product ID

Office 365 PlanProduct ID
Microsoft 365 Apps for enterpriseO365ProPlusRetail
Office 365 Enterprise E3O365ProPlusRetail
Office 365 Enterprise E4O365ProPlusRetail
Office 365 Enterprise E5O365ProPlusRetail
Office 365 MidsizeO365ProPlusRetail
Office 365 BusinessO365BusinessRetail
Office 365 Business PremiumO365BusinessRetail
Office Small Business PremiumO365SmallBusPremRetail
Microsoft 365 E3O365ProPlusRetail
Microsoft 365 E5O365ProPlusRetail
Microsoft 365 BusinessO365BusinessRetail

But how do you install other non-Microsoft 365 product IDs which are supported

AccessRetailProjectProXVolume
Access2019RetailProjectPro2019Retail
Access2019VolumeProjectPro2019Volume
ExcelRetailProjectStdRetail
Excel2019RetailProjectStdXVolume
Excel2019VolumeProjectStd2019Retail
HomeBusinessRetailProjectStd2019Volume
HomeBusiness2019RetailProPlus2019Volume
HomeStudentRetailPublisherRetail
HomeStudent2019RetailPublisher2019Retail
O365HomePremRetailPublisher2019Volume
OneNoteRetailStandard2019Volume
OutlookRetailVisioProXVolume
Outlook2019RetailVisioPro2019Retail
Outlook2019VolumeVisioPro2019Volume
Personal2019RetailVisioStdRetail
PowerPointRetailVisioStdXVolume
PowerPoint2019RetailVisioStd2019Retail
PowerPoint2019VolumeVisioStd2019Volume
ProfessionalRetailWordRetail
Professional2019RetailWord2019Retail
Word2019Volume

For those with a keen eye, Skype for Business was not listed above but heres the supported IDs

Skype for Business 2016SkypeforBusinessRetail
Skype for Business Basic 2016SkypeforBusinessEntryRetail
Skype for Business 2019SkypeforBusiness2019Retail
Skype for Business 2019 (volume licensed)SkypeforBusiness2019Volume
Skype for Business Basic 2019SkypeforBusinessEntry2019Retail

Language ID

When installing Office for any organisation getting the language is one of the most important elements.

Example values

  • ID=”en-us”
  • ID=”ja-jp”
  • ID=”MatchOS”
  • ID=”MatchPreviousMSI”
  • ID=”MatchInstalled”

Check out the following URL for a list of all Languages, culture codes, and companion proofing languages.

Check out the following URL for the support of MatchPreviousMSI value as you need to Remove existing MSI versions of Office when upgrading to Microsoft 365 Apps.

MatchOS and MatchInstalled cannot install the operating system languages if Office doesn’t support that language or if the ODT cannot find the correct language pack in the local source files.

MatchInstalled can be used only if there is at least one Click-to-Run product already installed. It can’t be used with the /download switch for the Office Deployment Tool.

Updates Enabled

If set to TRUE, Office will check for updates and If set to FALSE, Office won’t check for updates, but the user can check for updates by going to File > Account > Update Options > Update Now.

Allowed values:

  • Enabled=”TRUE”
  • Enabled=”FALSE”

This is also optionally and the default value is TRUE if not specified.

UpdatePath attribute (part of Updates element)

This defines where the updates for Office come from. UpdatePath can specify a network, local, or HTTP path of a source for Office installation files. Environment variables can be used for network or local paths.

If you use Group Policy with the Administrative Template files (ADMX/ADML) for Office, you can set UpdatePath by using the Update Path policy setting. You can find this policy setting under Computer Configuration\Policies\Administrative Templates\Microsoft Office 2016 (Machine)\Updates.

Example values:

This is also optionally and defaults to the CDN if not specified.

Level attribute (part of Display element)

If Level is set to None, Office is installed with no user interface: no progress bars, completion screens, error messages, or other user interface are displayed.

If Level is set to Full, Office is installed with the normal installation experience.

Allowed values:

  • Level=”None”
  • Level=”Full”

AcceptEULA attribute (part of Display element)

If AcceptEULA is set to TRUE, the user does not see a Microsoft Software License Terms dialog box. If this attribute is set to FALSE or is not included, the user may see a Microsoft Software License Terms dialog box. We recommend that administrators set AcceptEULA to TRUE.

Allowed values:

  • AcceptEULA=”TRUE”
  • AcceptEULA=”FALSE”

This is also optionally and default is set to FALSE if not specified.

This completes the understanding of the core configuration.xml, in the next part I will look at all options available under the Add Element.

Regards
The Author – Blogabout.Cloud