Deploying and updating Microsoft Office 365 ProPlus
Microsoft is a large enterprise, and deploying a new version of Microsoft Office to our global user base and managing monthly updates can be a complex process. In Core Services Engineering (CSEO), we serve more than 150,000 on-site and remote users with varying needs for how frequently new features are installed on their devices. Also, a few of our users need to keep previous versions of Office running, and some users have multiple devices with different versions on each one. We need to be sure to upgrade the right devices for the right users. In the past, this complexity created a lot of administrative overhead. However, when we upgraded our users to Microsoft Office 365 ProPlus, both deployment and update management became much easier.
Gaining control over Office upgrades and updates
To simplify the upgrade process, we used Microsoft System Center Configuration Manager (Configuration Manager) for our initial deployment. We configured it to automatically exclude certain systems and deliver upgrade packages in phases, so that different groups of users received the upgrade at different times. This preserved network bandwidth and also gave us the chance to apply lessons learned from early deployments to later ones.
Not only was the deployment easier, but managing updates has also become easier thanks to our Content Delivery Network (CDN). Most of our users are running Office 365 ProPlus and are receiving monthly feature updates. Although this update tempo works well for most users, some of them have business reasons to receive updates less frequently. Now, using update channels—which are now available for Office 365 clients—we can specify how often users receive new features. By default, users now receive feature updates on our Semi-annual Channel every six months. Having some of our users on this slower release cadence gives us more time to validate the release and application compatibility before users receive the update. Other users who want feature updates as soon as possible are configured to receive them from the Monthly Channel, so they receive updates monthly. Regardless of channel, all users receive monthly security updates.
Our CDN has also given us more control over update delivery. Users automatically receive updates from the CDN over Internet connections according to their update-channel schedule. For our on-campus users, we have an additional option: using Configuration Manager to deliver updates over our internal network (not currently in use). Configuration Manager is now integrated with our Microsoft Update service and can automatically deliver updates to our internal users. This reduces traffic through the firewall and gives us a consistent way to discover, view, deploy, and track available software updates—similar to how we manage other apps in our organization.
The following figure shows three different ways that we can deliver updates to our users with Office 365 ProPlus:
- With Option 1, we use the default configuration in which clients get updates from CDN according to their update channel.
- With Option 2, we use the Office Deployment Tool to configure clients to get updates from Universal Naming Convention (UNC) shares. Group Policy enforces the deadline for installing the update.
- With Option 3, Configuration Manager downloads the updates from Windows Server Update Service (WSUS) and then delivers updates to users’ computers through distribution-point servers.
Figure 1: Office 365 update options
Upgrading clients to Office 365 ProPlus
We incorporated the new options for delivering the upgrade and configuring an update tempo for users into our deployment planning. Our goals and strategies were to:
- Roll out the upgrade in phases. Configuration Manager helped us easily manage this phased rollout so that one group of users would receive the upgrade first, then another group, and so on. This way, if one user group experiences issues, we could quickly adjust our deployment methods for the next one.
- Mitigate network impact from the upgrade. Considering the size of the initial upgrade package, we needed to limit the impact on our internal network bandwidth. Phasing the rollout minimized this impact.
- Limit traffic through the Internet firewall. We used Configuration Manager to deliver the upgrade package to the local disks of most of the clients. This limited the amount of traffic that went through our firewall.
- Put users on a deferred update schedule as appropriate. Several years ago we shifted to a monthly release cycle for all users. When update channels arrived in the Office 2016 time frame, we were able to place some groups of users on a slower, Semi-annual Channel update schedule. The advantage of using the Semi-annual Channel update is that it gives us more time to validate the compatibility of line-of-business applications with the updated features before installing them on user’s systems. On the other hand, people who want the latest features as soon as possible, such as sales staff who need to show customers the latest innovations, are on the Monthly Channel, and receive monthly feature updates.
- Ensure user readiness. With the faster pace of feature release and innovation in Office 365, we wanted to alert our users to the new functionality and help them quickly get up to speed. We used several strategies for this, including in-app notifications, a SharePoint site with information on new features, and Yammer.
- Create effective support/listening channels. With the rapid deployment of new features, we wanted a dynamic view of Office client health. We needed effective listening channels, so that we could quickly learn of issues and adjust our approach as required. A community of early adopters gave us feedback. Office Telemetry Dashboard and other reporting tools helped us refine and improve each additional deployment phase.
- Help improve the software before release. CSEO plays a primary role in the “First and Best” program at Microsoft, where we deploy pre-release products to our employees. With Office 365 ProPlus, we learned about deployment and adoption, and helped the product team address issues before the public release.
The upgrade process
To manage the upgrade process, we used Configuration Manager, which supports both mandatory and user-initiated installations. We gave our users the option to initiate the upgrade at their convenience from Configuration Manager Software Center—it was up to them to decide when to install it. We also set an enforcement date on which Configuration Manager pushed out a mandatory upgrade to the systems that had not yet been upgraded. We communicated with our users ahead of time about these options and dates.
To upgrade Office clients, we used the following approaches:
- For Office clients on the corporate network, we used Configuration Manager to deliver the upgrade package to our worldwide network of Distribution Point servers. Clients then downloaded the package from the closest server. Different sets of clients received the download package at different times. The Configuration Manager feature “peer caching” also allowed designated clients that met specific criteria to be set as “super peers.” With the peer-caching feature enabled, these specific clients share their local Configuration Manager cache to other clients to reduce overall server and infrastructure traffic. This reduced traffic on our WAN and firewall, preserving bandwidth and increasing installation speeds. It also provided rich reporting through Office Telemetry Dashboard.
- For remote users, we used the Office Deployment Tool to configure clients to perform the upgrade directly from CDN.
- For new installations of Windows 10, we used our Windows Deployment Services servers to deliver the upgrade as part of the Windows 10 image. Now we use Windows Autopilot to run upgrades using Intune. We use Autopilot to set up and pre-configure new devices, getting them ready for productive use. In addition, we use Windows Autopilot to reset, repurpose and recover devices.
Users started the upgrade to Office 365 ProPlus with a single click. As soon as a new app was installed, it was available to use even while the rest of the upgrade was in progress. If a user attempted to start the app before it had finished installing, its installation was prioritized to li the app to open in the shortest time. On average, the complete upgrade took less than 30 minutes.
We used Configuration Manager to send notifications to users when the Office 365 ProPlus upgrade was available to install. The notification included the deadline for installation and a link to Software Center.
When a user selected the Install button from Software Center, the upgrade proceeded as follows, and it remains the technique we use today:
- The computer connects to Configuration Manager and initiates the installation.
- A policy request is sent to the management point.
- The packaged source files are downloaded to the local Configuration Manager cache. The download operates in the background, and visual notifications pop up to inform the user that the download has started.
- After the package is cached on the local disk, the bootstrapping application (Office Deployment Tool) is launched with a configuration.xml file that controls the upgrade.
- An upgrade progress bar displays. As each app is installed and is ready to use, it’s listed in a dialog box. If a user tries to start the app before installation has completed, the bootstrapping application re‑prioritizes the upgrade sequence to make the app available in the shortest time.
Figure 2: Office 365 ProPlus upgrade progress bar
If a user didn’t upgrade to Office 365 ProPlus by the deadline, Configuration Manager enforced the upgrade. To make sure that the user was informed in advance, the package displayed repeated warnings in the system tray and let the user run the upgrade at their convenience ahead of enforcement.
We have a complex Office environment at Microsoft, with a variety of versions in use. They include a mixture of traditional MSI-installed suites and 2013 Office Click-to-Run suites. To help create our target collection, we used Configuration Manager Inventory, ensuring that we upgraded all the older systems (any version earlier than Office 365 ProPlus). We also provided exceptions to upgrade systems that had business reasons to run earlier versions of Office.
Users with business reasons to opt out of the upgrade were given the opportunity to opt out before the enforcement date. All users received an email about the upgrade, which informed them of the enforcement date. Any user who needed to opt out of the mandatory upgrade could select a link in the email, which added them to a security group that was excluded from the upgrade. We created a detection logic system in Configuration Manager for those users who requested a last-minute opt-out.
Managing ongoing updates
With Office 365 ProPlus, we initially shifted to a monthly release cycle for new features and other updates. This required us to review and improve on all aspects of our technology adoption model, from support and user readiness to compatibility testing. We now have other options in these areas.
With the release of update channels, we can now select the pace of change for groups of users by specifying an update channel for them: either Monthly Channel or Semi-annual Channel. The default channel for organizations is Semi-annual Channel. Semi-annual Channel users get monthly security updates, but they only get new app features every six months. Each update is a rollup of the previous six months’ feature releases. We use this channel for users of line-of-business applications that have dependencies on Office, so that we can take longer to validate application compatibility. We also use it when we want more time to develop training and support materials.
To help prepare for a Semi-annual Channel release, we use the Semi-annual Channel Targeted. This channel is provided six months before the next Semi-annual Channel update. It includes new features, security updates, and hotfixes. This lets our pilot users and application compatibility testers work with the upcoming release. During this time, they identify possible issues with line-of-business applications, add-ins, or macros that need to be addressed before general release.
Monthly Channel users automatically get updates every month for security and hotfixes and new features as they’re released. We configure users for the Monthly Channel by using the Office Deployment Tool and can change this setting at any time by using the Update Channel setting of Group Policy.
As previously mentioned, in addition to selecting an update channel, we can opt to have clients either consume the updates directly from CDN over the Internet. Or we can add an additional layer of control by deploying the updates by using servers within the firewall.
Microsoft Update service is now integrated with Configuration Manager. Each time an Office 365 update is published, information is automatically sent to the Microsoft Update service. Configuration Manager receives notifications when updates are available and validates whether clients require the update. We then use the existing workflow engine to download and distribute the update.
Figure 3: Using Configuration Manager to deliver Office 365 updates
User readiness and support
Before the deployment, we evaluated what users would need to keep them productive throughout the process. We created SharePoint pages with support material, such as productivity guidance, feature descriptions, language packs, frequently asked questions, and known issues. As part of this, we create a helpdesk support document that provides guidance to support agents, troubleshoots issues, and escalations.
Users receiving Office 365 ProPlus received email notification of the upcoming upgrade. The notification included resources and described what to expect during the upgrade. Users were given the choice to upgrade at a time that was convenient for them or wait until the scheduled upgrade. The deployment was promoted internally on Yammer (social media) and using digital signage on high-traffic internal SharePoint sites.
Since the deployment, new features are being released on a regular cadence. When an app is updated with new features, an in-app notification appears. The What’s New window describes the new features and includes a “Learn more” link that opens a Microsoft.com page with more information. At any time, users can also view updates from the Office application backstage.
We use our SharePoint intranet site, Yammer, and user communications to ensure that users are unlocking the full potential of new features. We create productivity guides to help users learn how to use new features, and we partner with the helpdesk to train and prepare support staff for any support requests that come in.
Verifying application compatibility
As a best practice, we validate applications that interoperate with Office before upgrading Office apps or installing new features on clients. For this deployment, we tested the variations of the Office Suite that we would deploy: Office 2016 Professional Plus and Office 365 ProPlus in both 32-bit and 64-bit versions. We have approximately 257 line-of-business applications that have dependencies on Office. Of these, we tested only business-critical applications, especially ones that hadn’t been updated recently. We used those results to determine whether other similar applications (with shared code or similar design structure) needed to be tested. By understanding shared dependencies, we were able to test specific applications that represent several others in the application portfolio. If the application passed, we then hypothesized that similar ones would also pass. Using this approach, we reduced the number of applications tested by nearly 50 percent.
Because we were working with software that’s still in development, our testers sometimes discovered bugs in the pre-release features. These bugs were prioritized with the product team to be fixed. Some of them were due to issues with a line-of-business application rather than Office. For example, there might be a hard-coded check for a specific Office version that prevents an application from installing, or an application may use an incompatible Excel macro. In these cases, we addressed the issue in the line-of-business application before deploying the new Office feature to users.
We use product telemetry streams instead of telemetry dashboards now. Product telemetry streams are pulled into a PBI report to review the reliability and compatibility. We also use a readiness toolkit to identify compatibility issues with our Microsoft Basic for Applications macros and add-ins.
Virtual machines for testing
We no longer use physical computers for application compatibility testing. A few years ago, we set up a virtual machine farm for testing. Today we have more than 300 virtual machines running on 10 servers. This has allowed faster turnarounds for the results of a test pass, and it allows retests on newer builds.
Centralized and distributed testing
We use both centralized and distributed testing. The centralized test team is shared across the Microsoft Office early adoption products and programs that require testing. This small group of testers uses a combination of automation, test tools, and best practices for rapid release testing. They incrementally test the new features released each month and can go through the primary applications in about five days. This test team focuses on the golden scenarios that represent all of the facets of different applications that could be affected. This focus and automation causes centralized testing to be completed faster than testing by the application teams. It also frees up the application teams to focus on release cycles.
The distributed test teams are experts on Office apps and test them to a deeper level. In the distributed test model, application teams are given an extended window of time to complete the test pass due to the constraints of their own application’s release schedule. Three weeks has worked out to be right amount of time to allow the flexibility they need to participate in the test pass. CSEO application teams have moved to the agile methodology for developing their apps. The monthly cadence of application compatibility testing allows them to address issues found in their next development sprint. For the Office 365 ProPlus deployment, the distributed test teams were given three weeks to test the secondary applications and report results.
Getting user experience feedback
Getting early feedback from users lets us take action to fix issues. The earlier we get feedback about an issue, the fewer the users who will be affected by it. In addition to using Office Telemetry to gather data about the user experience, we use our community of early adopters and reporting tools.
Before we deployed Office 365 ProPlus broadly to Microsoft users, an early-adoption community of users helped us validate user scenarios and the upgrade experience. This community, part of the Microsoft Elite program, includes scores of Microsoft employees who enjoy being the first to install and use new technology. Microsoft Elite includes a highly engaged, moderated social community in which users share their experiences and seek assistance from other users. By watching social-media threads generated by this group, we were able to quickly identify issues as they surfaced.
The Microsoft Elite early adopters provided valuable feedback and helped us validate new and existing scenarios through the social community, our more formal support and feedback channels, and through scenario surveys built on the Microsoft Elite members SharePoint site. Members receive points and achievement badges for their participation in early-adoption programs, which provide an incentive to get involved and stay active throughout the program. This was particularly successful for the Office 365 ProPlus early-adopter program, which generated more than 15,500 survey responses and an 11-percent survey-response rate. An added benefit is that these early adopters often encourage other users to adopt the new products or technology faster than they normally would on their own.
Before product release, there were 18,000 users internally running the latest Office 2016 suite. We used flighting (delivering pre-release builds of Office 365 ProPlus through a custom Content Delivery server) to make sure that early adopters were running the latest builds as they became available.
Because users at Microsoft were using pre-release software, they faced challenges that Microsoft customers don’t have to deal with. The feedback we gave to the product team led to improvements. For example, we gained insight about the challenges of delivering new features each month and refined how the delivery process works to help users remain productive.
For the Office 365 ProPlus deployment, we used pivot views of both organizational and geographical adoption rates to report status and measure the success of regional or organizational unit initiatives, such as target-based competitions to encourage adoption. Using SQL Server Reporting Services, we combined organizational data with inventory information collected by Configuration Manager. We used dynamic queries to create organizational-only level pivot views. CSEO managers used Microsoft Office Excel to get detailed reporting that would help them resolve specific issues.
For ongoing reporting, querying incident data from helpdesk (when users reached out for support) helps us diagnose patterns and remediate issues. For example, if dozens of support calls come in for connection-related issues, we query to find out what the calls might have in common, such as whether they’re coming from a single building or geographic area. In addition to monitoring support reports, we use Configuration Manager to get an ongoing view of the client environment. We want to ensure that clients are being updated to the expected build at the expected frequency for their update channel. When necessary, we proactively address any issues with build adoption.
We learned these important lessons during the Office 365 ProPlus deployment:
- Building an early-adopter community was a good IT investment. Early adopters’ participation in installing, validating user scenarios, providing feedback, and sharing information in the moderated forums has been vital to the success of this and other product releases.
- Releasing updates in a phased manner across our various audiences by using update channels has allowed us to react quickly to any issues that arise and adjust our deployment model accordingly.
- By controlling which update channel users are configured for, we’re able to ensure that features are delivered at the right cadence to each user.
- After updates are deployed, using Group Policy and Desired Configuration Management in Configuration Manager to enforce when they’re applied through the update channel gives us an effective way to ensure build-to-build compliance and maintain our security baseline.
- We used Configuration Manager to notify users on their desktops that they would receive the upgrade installation at a defined point in the future. This helped prevent users’ overlooking the notice in their inboxes.
- Providing in-app notifications about new features with links to more information gives users a way to stay up to date with Office 365 ProPlus feature innovations. This saves CSEO the overhead cost of educating users on new features, and gives users easy access to helpful information from within the application.
These best practices will help you provide a smooth Office 365 ProPlus deployment.
Schedule feature updates to match user needs
You may have different segments of users with different needs for feature updates. Scheduling updates according to the business needs of different user segments may require some planning before you begin to deploy Office 365 ProPlus apps. Especially for users of line-of-business applications who have dependencies on Office, you may want to defer updates until after you test their applications for compatibility and address any issues. For other users, having app features updated monthly will be preferred, so they can benefit from continuous innovation in their Office apps.
Have an early-adoption audience
This will let you gain valuable insight before you initiate your broad deployment. Configure some of your users for First Release on the Semi-annual Channel, so that they can validate your line-of-business applications before the general Semi-annual Channel deployment.
Monitor your support channels
Put reporting and listening processes in place to keep you apprised of support incidents. By doing this, you can pinpoint trends and issues, and react quickly. Use this information for early deployment feedback and adjust your plans as needed.
Get baseline data
Use Configuration Manager to help gain an understanding of devices and applications in your environment.
Enforce upgrades as needed
Where required, use Configuration Manager to control an enforced upgrade. This will ensure that all systems are running the desired Office 365 ProPlus suite. Having as few users as possible running earlier versions of Office will simplify your environment and reduce problems. If you’re not using Configuration Manager, you can enforce updates from CDN by using Group Policy.
Also, if you have Configuration Manager, you can potentially deploy updates using that infrastructure. This lets you use the built-in workflow engine to natively distribute software updates.
Ensure application compatibility
Take these steps to ensure that your other applications are compatible with Office 2016:
- Enable Office telemetry on devices in your environment. This gives you a way to measure potential compatibility issues.
- Focus testing on key business applications. Use the results to broaden the testing pool to include other applications that have common technologies, as needed.
- Think about adding a centralized test team for line-of-business applications. They can perform faster, more efficient, and broader testing to augment deeper, more time-consuming testing by the distributed teams.
- Develop methods to test faster and use fewer test cases with the same coverage. Make the test cases scenario-based. Focus only on the aspects of the application that have dependencies on Office rather than the whole application.
A best-ever upgrade experience
The upgrade to Office 365 ProPlus went smoothly and delivered the following benefits:
- Seamless upgrade. Users had a smooth upgrade from earlier versions of Office 365 ProPlus with minimal impact on their work.
- Update cost reduction. By using CDN to deliver updates, we’ve removed the IT overhead of maintaining multiple Office installation sources each month on an internal product server.
- Update velocity control. With the new update channel capability, we’re able to control the speed at which new features are installed on users’ computers, matching that velocity to their business needs.
- Fewer helpdesk calls. We had a reduction in calls to the helpdesk versus older Office deployments.
For more information
Microsoft IT Showcase
© 2018 Microsoft Corporation. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.