MicrosoftThanks for this article, but I need to challenge you on it I'm afraid. I'm struggling to understand why this advice for the Microsoft Office Click-to-Run Service deviates from previous best practice advice gathered by Eric_Lawrence for https://docs.microsoft.com/en-us/archive/blogs/ieinternals/understanding-web-proxy-configuration. Use user impersonation. Most other Microsoft PGs and 3rd parties, e.g, those based on the Omaha opensource project, like the Google Update Service, or your own Microsoft Edge Update Service accomplishes this just fine.
I'd really love some rationale please. Is this a general change in tack across Microsoft or just an Office Click to Run directional/workaround steer only?
Scalability in larger global enterprises of such a solution aside, from a security perspective you can't possibly expect an enterprise to directly proxy the WinHTTP service on all our clients in order to permit the Microsoft Office Click-to-Run Service to be able to reach the Office CDN? I'm sorry, in my view, user impersonation is broke with the Microsoft Office Click-to-Run Service. Proxied CDN downloads still fall flat for us, and it needs to be fixed please. Lean installs of ProPlus (which we'd love to adopt) and fallback to CDN for those missing bits we don't have on-prem cannot be for us I'm afraid until this is addressed.
Many thanks, I look forward to your response and perhaps some input from Eric_Lawrence and others!
