The Office cloud policy service allows administrators to define policies for Office 365 ProPlus and assign these policies to users via Azure Active Directory security groups. Once defined, policies are automatically enforced as users sign in and use Office 365 ProPlus. No need to be domain joined or MDM enrolled and works with corporate owned devices or BYOD.
Build a policy configuration that includes the policies you want to enforce, configured for your organization’s needs. The service is always up to date and includes the latest policies as they are released.
Target a group of users by assigning the policy configuration to a specific AAD security group.
Policies automatically enforced as users sign into Office 365 ProPlus.
Health reporting available for each of the policy configurations, letting administrators know that the policies are getting deployed to users and their devices.
This service is now generally available and supported for all Office 365 ProPlus customers. If you are an administrator, you can start using this service today by signing into the Office client management portal and creating policy configurations.
We are also excited to announce the public preview for the security policy advisor feature; an intelligent policy recommendation engine being added to the Office cloud policy service. Click here for more information on the security policy advisor feature.
This service is just one of many new services which the Office team will be releasing over the next 12+ months. These services, which shape the foundation of the Office serviceability SDK, are designed to work with 1st and 3rd party management solutions to help administrators simplify and streamline Office deployment and management.
For additional documentation on how to use this new policy service and its capabilities take a look at this document.
As always, please provide feedback using the feedback button to help us improve the service.
Does the Office client policy service replace Group Policy management options? No, this service provides an alternative to Group Policy management. Group Policy management enforces policies on Windows PCs joined to an Active Directory domain, while the Office client policy service only requires the user sign into Office using their corporate credentials (Azure Active Directory) along with a valid Office 365 ProPlus license.
What are primary differences between the types of policies I can enforce using Office client policy service compared to Group Policy? Office client policy service manages only user-based policies for Office 365 ProPlus. Group Policy can manage both user-based and machine-based policies.
How does the Office client policy service compare with the Office Customization Tool for Click-to-Run’s application preferences settings? The settings configured as part of Office installation using the Office Customization Tool for Click-to-Run – as well as previous OCT versions – are based on ‘preferences’, meaning that a user can change them. Office client policy service settings are enforced, like Group Policy enforcement.
If I use Group Policy Management and the Office cloud policy service, how will conflicts be resolved? The policies configured in the Office cloud policy service take precedence over any policies configured via Group Policy Management. If there are conflicts, the values specified in the Office cloud policy service for the conflicting policies will be honored.
Can I import policies from Group Policy Management to Office cloud policy service? At this time we do not have import capabilities, but we are looking at providing this functionality to help admins migrate.
How is this different from the Administrative Templates feature in Intune for Device configuration The Office cloud policy service is built specifically for managing Office policies in non-domain joined and non-MDM managed scenarios. Office cloud policy service is available to any customer that owns Office 365 ProPlus. If used with Intune, the policies configured in Office cloud policy service take precedence over any Office policies managed via Intune.