The new cloud-based policy management service for Office 365 ProPlus has been released!

Published 04-23-2019 04:27 PM 26K Views

The Office cloud policy service allows administrators to define policies for Office 365 ProPlus and assign these policies to users via Azure Active Directory security groups.  Once defined, policies are automatically enforced as users sign in and use Office 365 ProPlus.  No need to be domain joined or MDM enrolled and works with corporate owned devices or BYOD.


Get started today by visiting and signing into the Office cloud policy service


  • Build a policy configuration that includes the policies you want to enforce, configured for your organization’s needs.  The service is always up to date and includes the latest policies as they are released.
  • Target a group of users by assigning the policy configuration to a specific AAD security group.
  • Policies automatically enforced as users sign into Office 365 ProPlus.
  • Health reporting available for each of the policy configurations, letting administrators know that the policies are getting deployed to users and their devices.



This service is now generally available and supported for all Office 365 ProPlus customers.  If you are an administrator, you can start using this service today by signing into the Office client management portal and creating policy configurations.


We are also excited to announce the public preview for the security policy advisor feature; an intelligent policy recommendation engine being added to the Office cloud policy service.  Click here for more information on the security policy advisor feature.


This service is just one of many new services which the Office team will be releasing over the next 12+ months.  These services, which shape the foundation of the Office serviceability SDK, are designed to work with 1st and 3rd party management solutions to help administrators simplify and streamline Office deployment and management.


For additional documentation on how to use this new policy service and its capabilities take a look at this document.


As always, please provide feedback using the feedback button to help us improve the service.




  1. Does the Office client policy service replace Group Policy management options?
    No, this service provides an alternative to Group Policy management. Group Policy management enforces policies on Windows PCs joined to an Active Directory domain, while the Office client policy service only requires the user sign into Office using their corporate credentials (Azure Active Directory) along with a valid Office 365 ProPlus license.

  2. What are primary differences between the types of policies I can enforce using Office client policy service compared to Group Policy?
    Office client policy service manages only user-based policies for Office 365 ProPlus. Group Policy can manage both user-based and machine-based policies.

  3. How does the Office client policy service compare with the Office Customization Tool for Click-to-Run’s application preferences settings?
    The settings configured as part of Office installation using the Office Customization Tool for Click-to-Run – as well as previous OCT versions – are based on ‘preferences’, meaning that a user can change them. Office client policy service settings are enforced, like Group Policy enforcement.

  4. If I use Group Policy Management and the Office cloud policy service, how will conflicts be resolved?
    The policies configured in the Office cloud policy service take precedence over any policies configured via Group Policy Management. If there are conflicts, the values specified in the Office cloud policy service for the conflicting policies will be honored.


  1. Can I import policies from Group Policy Management to Office cloud policy service?
    At this time we do not have import capabilities, but we are looking at providing this functionality to help admins migrate.

  2. How is this different from the Administrative Templates feature in Intune for Device configuration
    The Office cloud policy service is built specifically for managing Office policies in non-domain joined and non-MDM managed scenarios.  Office cloud policy service is available to any customer that owns Office 365 ProPlus.  If used with Intune, the policies configured in Office cloud policy service take precedence over any Office policies managed via Intune.

I notice that this is for non-domain joined devices, yet the user requires a domain account and a license for Office, which kind of denotes managing company users?  Will this take the place of an on-prem User Policy management application?  From a corporate perspective I am not sure what the direction is with this?

Is there any timeframe for when this is coming to Australia?

Senior Member
@Chris Hopkins Are there any plans to expand support for cloud policy management to MacOS installations of Office 365 ProPlus? We already have Group Policies on Windows, but we have nothing on the Mac.... it would be great to have centralised control for both platforms.
Senior Member
Does these settings apply to Offie Online? Can I set like a path for a powerpoint template that points into a SPO site file?

@Robert James Reber - This policy feature is designed to be an alternative to traditional group policy management for customers that are moving to the cloud and no longer able to manage Office policies via group policy management.  The policies are targeted to users and not devices so it does not matter if the device they are using is AD joined, AAD joined or some other state.  If the user is signed into the Office 365 ProPlus apps and has a valid Office 365 ProPlus license assigned to their AAD identity this feature will apply the configured Office policies to that user.


@bobsys - These settings only apply as policies to the Office 365 ProPlus client installed on a Windows device.


@Loryan Strant - We are working on the plan to roll out this feature to customers in Australia and other regions but at this time I do not have a specific date that I can announce.


@stukey@bobsys - We do have plans to expand this policy service to other platforms but at this time I have no additional announcements. 

Frequent Contributor

Will these policies also apply to office installations that users can install on personal devices


@Ronald Meer - If the device is running Office 365 ProPlus...yes.  If the device is running some other SKU like Home and Student or Business then it will not.

Senior Member
@Chris Hopkins Thank you for th info


Does the Office client policy apply to Office 365 Pro Plus installed in Mac Computers and user is signed into the Office 365 ProPlus apps and has a valid license assigned to their AAD identity in Office 365?

Does the Office client policy apply to Office online also?



Established Member

Where are these policy configurations stored? How to access them via API?


@Thomas Haller 
The policies are written to the following registry location on the client:



Status of the cloud policy check-in is written to the following registry location on the client:



@Raj Krishnan Currently this service only supports Office 365 ProPlus clients on Windows devices.  Mac and Office Online are on the roadmap but at this time we do not have any dates to announce.

Established Member

@Chris Hopkins Thank you for the fast answer. Is there any API to the service? Don't see yet how we as a Microsoft partner should update a multitude of customers with these policies in an easy way...

Frequent Contributor

@Chris Hopkins: The service says - "Not available in tenants located in Australia, Brazil, Germany, India, or South Korea". Any indication on whether this "will" be made available at some time and if yes then when? This would be of great use to us, and if some kind of timeline is known, we can start planning. 


@Abhimanyu Singh we are currently working on rolling this out to these other regions.  We do not have an exact date but I expect to have this complete before the end of June.


@Abhimanyu Singh@Loryan Strant and others, this feature is now available for all users WW that are using the standard Office 365 service.

Frequent Contributor

@Chris Hopkins Thanks a lot. Yes we can now access the service! Yay! This is really useful for us.


A couple of questions:


1. Is the "" linked to from the admin center? Can't seem to find it.

2. What is the difference when we configure policies via "deployment config" as compared to via "policy configuration"?



@Abhimanyu Singh is currently a standalone site, it is not linked to the Office 365 admin center at this time.  The Application Settings section that you see in the "deployment config" allows admins to customize the user preference prior to deployment.  User's are allowed to change these preference, unlike policies which users are not allowed to change.

Occasional Visitor

Hi Chris, 


Is there anywhere on the local device that any logging is available for this? I am testing a very basic single policy against 4 users. All accounts show back to the portal as attempting to grab the policy. All 4 users (6 different machines) give an error message that links back to the Overview of the Office Cloud Policy, no explanation or codes etc. Troubleshooting steps only essentially point back to ensuring configuration is set up. No event logs? No log file? Nothing in Click to Run logging? 


@BKilduff can you email me directly at and we can take a look?

New Contributor

We are presuming here that this also includes Office E1, E3, E5 (not that we need it), MS 365 E1 etc...?  What about business and business premium or is this solely for 365 ProPlus?





@Gary Smith this is currently only supported for Office 365 ProPlus.

New Contributor

Can i ask why just pro plus (as its a limited service/product)?


@Gary Smith the other Office SKUs like Home and Business do not support policy.  Support for policy is shown in this table,

Senior Member

Any news/updates on support for Mac and Office Web app ?

Version history
Last update:
‎Apr 23 2019 04:51 PM
Updated by: