Use Group Policy to enable Office 365 updates via SCCM. In this post I will provide the required information about using Group Policy to enable Office 365 clients to receive update via ConfigMgr. I will show the Group Policy settings, related to updating the Office 365 clients, and I’ll show how those settings relate to the initial installation and configuration settings. Of course, once I know the registry keys, used by the Group Policy, I can also use Configuration Baselines to do something similar. However, that’s not part of the scope of this post, but I will mention a few Group Policy settings that are ideal candidates for that.
In my case, I enable “Automatic Updates” for some time to speed old Office updates for SCCM management. In “Update Channel” use “Branch” (see screenshot)!
Prerequisites:
Let’s start with a few important prerequisites for managing Office 365 client updates with ConfigMgr, mainly related to versions of products. Before enabling the Office 365 client to receive updates via ConfigMgr, make sure the following version requirements are in place:
- System Center Configuration Manager current branch 1602 or later;
- Office 365 client with version 16.0.6741.2014 or later;
- This functionality is now available for First Release for Deferred Channel and Current Channel. Deferred Channel is expected in June 2016.
Group Policy settings:
Before looking at the available Group Policy settings, make sure to download and install the Office 2016 Administrative Template files from the Microsoft Download Center. Once installed, the Office 365 client update settings can be found at Computer Configuration\Policies\Administrative Templates\Microsoft Office 2016 (Machine)\Updates.
Overview of Group Policy settings:
Below is an overview of the Group Policy settings, that can be used to configure the Office 365 client update settings, including how those settings translate to the settings in the installation and configuration files (configuration.xml) and the available values.
Setting | Value | XML example |
Enable Automatic Updates | Not Configured | Enabled | Disabled | Enabled=”TRUE” |
Hide option to enable or disable updates | Not Configured | Enabled | Disabled | N/A |
Hide Update Notifications | Not Configured | Enabled | Disabled | N/A |
Office 365 Client Management | Not Configured | Enabled | Disabled | OfficeMgmtCOM=”TRUE” |
Update Channel | Not Configured | Enabled | DisabledChannel identifier:[Specify one of the following Current | Business | Validation | FirstReleaseCurrent] | Branch=”Current” |
Update Deadline | Not Configured | Enabled | DisabledDeadline:[Specify UTC deadline format MM/DD/YYYY HH:MM] | Deadline=”08/05/2016 20:30” |
Update Path | Not Configured | Enabled | DisabledLocation for updates:[Specify location on the network, local on the device, or on Internet] | UpdatePath=”\\server\share” |
Target Version | Not Configured | Enabled | DisabledUpdate version:[Specify version number] | TargetVersion=”16.1.2.3” |
Note: The Group Policy settings are written in the registry in the following key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\office\16.0\common\officeupdate.
Configure end-user experience:
There are also a few Group Policy settings that can configure a little bit of the end-user experience. Enabling the Hide option to enable or disable updates setting, makes sure that the end-user can’t disable the update behavior of the Office 365 client and the combination of enabling the Enable Automatic Updates setting and disabling the Hide Update Notifications setting, makes sure that the end-user receives notifications about pending updates for the Office 365 client. That combination is definitely recommended.
Configure update channel:
There is also a Group Policy setting that can configure the update channel of the Office 365 client. Enabling the Update Channel setting, enables the channel identifier. That identifier can be used to configure the update channel, by specifying Current, Business, Validation or FirstReleaseCurrent. With configuring the update channel keep in mind that the following information is applicable to the updates delivered to the channels.
Channel | GPO/XML | Feature updates | Security updates | Non-security updates |
Current Channel | Current | Monthly | Monthly | Monthly |
First Release for Deferred Channel | Validation | Every four months | Monthly | Monthly |
Deferred Channel | Business | Every four months | Monthly | Every four months |
Other Group Policy settings:
The remaining Group Policy settings, the Update Deadline, the Update Path and the Target Version, are only relevant when ConfigMgr is not used for deploying Office 365 client updates.
Tanks to Peter van der Woude.