The following post was contributed by Cliff Jones a Consultant working for Microsoft.
Background
Recently I was asked by a few of my customers on how to simplify the deployment of Office 365 ProPlus updates in their environment to keep within support but at the same time take advantage of the latest features available with each release.
Both Windows 10 and Office 365 have adopted the servicing model for client updates. This means that new features, non-security updates, and security updates are released regularly, so your users can have the latest functionality and improvements. The servicing model also includes time for enterprise organizations to test and validate releases before adopting them.
By default, Office 365 ProPlus is set to use Semi-Annual Channel, which is also what a lot of customers deploy.
In this blogpost I will focus on the setup of the Automatic Deployment Rule that will be used for the servicing of Office 365 ProPlus configured to use the Semi-Annual Channel.
Solution
System Center Configuration Manager has the ability to manage Office 365 client updates by using the Software Update management workflow. First we need to confirm all the requirements and prerequisites are in place to be able to deploy the O365 updates.
If you still need to create the O365 Package in SCCM you can have a read through This Blog from Prajwal Desai with all the required steps..
High Level steps to deploy Office 365 updates with Configuration Manager:
- Verify the requirements for using Configuration Manager to manage Office 365 client updates:
- System Center Configuration Manager, update 1602 or later
- An Office 365 client - Office 365 ProPlus, Visio Online Plan 2 (previously named Visio Pro for Office 365), Project Online Desktop Client, or Office 365 Business
- Supported channel version for Office 365 client. For more details, see Release information for updates to Office 365 ProPlus
- Windows Server Update Services (WSUS) 4.0
You can't use WSUS by itself to deploy these updates. You need to use WSUS in conjunction with Configuration Manager
- The hierarchy's top level WSUS server and the top level Configuration Manager site server must have internet access.
- On the computers that have the Office 365 client installed, the Office COM object is enabled.
Enable Office 365 clients to receive updates from Configuration Manager. Use Configuration Manager client settings or group policy to enable the client.
Method 1: Beginning in Configuration Manager version 1606, you can use the Configuration Manager client setting to manage the Office 365 client agent. After you configure this setting and deploy Office 365 updates, the Configuration Manager client agent communicates with the Office 365 client agent to download the updates from a distribution point and install them. Configuration Manager takes inventory of Office 365 ProPlus Client settings.
-
In the Configuration Manager console, click Administration > Overview > Client Settings.
-
Open the appropriate device settings to enable the client agent. For more information about default and custom client settings, see How to configure client settings in System Center Configuration Manager.
-
Click Software Updates and select Yes for the Enable management of the Office 365 Client Agent setting.
Method 2: Enable Office 365 clients to receive updates from Configuration Manager by using the Office Deployment Tool or Group Policy.
Create Automatic Deployment Rule to deploy the updates using the below steps:
Step 1 – Create Office 365 ProPlus Collections
First we will create a few collections to assist with the management of Office 365 updates. These Collections include: each possible Office Channel, versions released of the Semi-Annual channel and Semi-Annual servicing rings which will be used for the deployments later in the post.
Office 365 Channels
Each Collection is defined by the CDNBaseURL which gets populated upon installation. This property is leveraged over other options as it provides the most consistent and accurate definition of the Office Channel.
The following query rule should be used for each of the Channels. Be sure to update each with the proper CDNBaseURL value:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OFFICE365PROPLUSCONFIGURATIONS on SMS_G_System_OFFICE365PROPLUSCONFIGURATIONS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_OFFICE365PROPLUSCONFIGURATIONS.CDNBaseUrl = "http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114"
-
Monthly Channel
(formerly Current Channel):
CDNBaseUrl = http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 -
Semi-Annual Channel
(formerly Deferred Channel):
CDNBaseUrl = http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114 -
Monthly Channel (Targeted)
(formerly First Release for Current Channel):
CDNBaseUrl = http://officecdn.microsoft.com/pr/64256afe-f5d9-4f86-8936-8840a6a4f5be -
Semi-Annual Channel (Targeted)
(formerly First Release for Deferred Channel):
CDNBaseUrl = http://officecdn.microsoft.com/pr/b8f9b850-328d-4355-9145-c59439a0c4cf
Office 365 Versions
To maintain compliance and understand current supported and unsupported clients it is recommended to keep an updated Collection based on the versions of the Semi-Annual Channels.
When a channel reaches the unsupported time frame the Collection name is updated to reflect this. A new Collection is then created representing the new Semi-Annual release.
Each Collection query is based on the property call VersionToReport with the Collection limited to All Semi-Annual Channel Clients created in the previous section. The build numbers can found here. The Collection query is structured as:
Office 365 ProPlus Semi-Annual v1708:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OFFICE365PROPLUSCONFIGURATIONS on SMS_G_System_OFFICE365PROPLUSCONFIGURATIONS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_OFFICE365PROPLUSCONFIGURATIONS.VersionToReport like "16.0.8431%"
Note: you can also take advantage of this great script to create the collections which also includes some other very useful operational and maintenance collections for SCCM.
Semi-Annual Channel Servicing Rings
Depending on the customer, their deployment needs, and timing, the number of Rings will differ. This example will showcase 3 servicing rings each allowing 1 month of deployment availability. This provides time for an Administrator to delay a deployment if an issue is identified.
The availability date is based on the date when the new version of Semi-Annual Channel is released (Every six months, in January and July) and when the ADR rule is scheduled to run.
Example servicing breakdown:
|
Phase |
Identified Reason |
Availability Date |
Install After Available Date |
|
Phase 1 |
Pilot - IT Organization |
Immediately |
1 Months |
|
Phase 2 |
Identified Office addon\macro Application owners |
+1 Month |
1 Months |
|
Phase 3 |
Remaining machines in the environment |
+2 Months |
1 Months |
|
Step 2 - Create Automatic Deployment RuleSo the last step is now to create the ADR rule that will be used to deploy the O365 updates.
This ADR will be scheduled to run every 6 months on the 3rd Wednesday of the month. This gives the IT Administrator the necessary time to update this rule to reflect the most recent version of Semi-Annual Channel released build.
Select the below criteria for the version to be released
Set the schedule to run every 6 months on the 3rd Wednesday of the month
For the Pilot group it will be available immediately and with deadline of 1 month
Select ‘Display In Software Center and show all notifications’
Create the deployment package that will contain the O365 updates
Step 3 - Create Additional DeploymentsOnce the rule has been created add additional deployments for each of the required phases
And this will be the end result:
ConclusionWith the increased update cadence, upgrading Office 365 ProPlus improperly is a key concern as it could result in a Customer accidently deploying a Feature Update resulting in unexpected issues – so PROPER testing is critical!! So I hope that the above process will help to simplify the deployment of O365 updates as much as possible. Maybe there might be some new features in upcoming SCCM releases to even further automate it completely. Till the next blog.… Cheers |
