In supporting customers in the field, we receive many questions about Office 365 ProPlus update process. The objective of this blog is to provide context around end user behavior during update scenario and clarify when and how Office updates are applied.
Office ProPlus was designed to be a cloud first product…. What does that mean? It means that by default, Microsoft recommends you update Office 365 ProPlus directly from Microsoft Content Delivery Network (CDN). While IT Pros are always in control, Office 365 ProPlus is automatically kept up-to-date via evergreen model. IT Pros can offload servicing aspect of Office 365 ProPlus to Microsoft so they can focus on other duties removing repetitive tasks. At present, while we lead with CDN as our recommendation, the vast majority of Enterprise customers I work with prefer to manage updates from System Center Configuration Manager (SCCM) for a variety of reasons. (too many to list here such as network, governing process or political etc.)
Let’s compare and contrast both scenarios below to see which approach is best to address your business requirements. Regardless, the goal is to ensure Office 365 ProPlus is serviced every month to address security and deliver features based on cadence suitable for our customers.
Quick refresher of Office ProPlus channel cadence -Simplified
Current Channel: Provide users with the newest features of Office as soon as they're available. This could be three or four builds per Month. (Updates should be delivered by CDN)
Monthly Enterprise Channel: Provide your users with new Office features only once a month and on a predictable schedule. (Updates can be delivered by CDN or ConfigMgr)
Semi-Annual Enterprise Channel (Preview): Provide pilot users and application compatibility testers the opportunity to test the next Semi-Annual Channel. Features\fixes delivered every six months, in March and September
Semi-Annual Enterprise Channel: Provide users with new features of Office only a few times a year. Features\fixes delivered every six months, in January and July (Updates can be delivered by CDN or ConfigMgr)
(Official Link is here Overview of update channels)
The point of the channels is to define the timing when those cumulative builds include features and fixes in addition to security. If you would like more information about channel management please see my other posting for more information called How to manage Office 365 ProPlus Channels for IT Pros
*This blog will focus primarily on update process. Deployment of Office 365 ProPlus is out of scope and will assume Office 365 ProPlus is already installed on the machine.
Note: On idle is very interesting trigger condition in that it can check for criteria such as user absence and lack of resource consumption to determine opportunistic time to retry updates (no reboots required when Office applications are closed).
Reference Links for next section: Update history for Office 365 ProPlus (listed by date) and Download sizes for updates to Office 365 ProPlus
Let’s imagine Office 365 ProPlus has June 2019 build installed which is Version 1808 (Build 10730.20348). “Patch Tuesday” rolls around and on July 9th 2019 July build is released which is Version 1902 (Build 11328.20368). Based on the trigger assigned the scheduled task “Office Automatic Updates 2.0” will detect a newer build applicable. Upon initial release to CDN, a new build is temporary throttled until signals are received ensuring highest quality release have been verified. As a result, IT Pros may observe updates may not occur on Day 0 to all machines but rather over a period of days. Alternatively, IT Pros can intervene and enable policy “delay downloading and installing updates for Office” and simply define installing update based on number of days. (*GPO is still subject to throttle) This mirrors servicing plans feature in SCCM for delivering Windows Feature Updates and makes it easy to build rings as long as the delay defined isn't shorter than throttle.
Since the build installed is most recent version we can leverage a feature called binary delta compression to help reduce the size of the files further. Therefore, keeping Office ProPlus up-to-date is friendlier on network. Office will download deltas and will stage in C:\Program Files\Microsoft Office\Updates\Download. After download Office Automatic Updates 2.0 will attempt to update Office 365 ProPlus. If no Office applications are open, it will update. If Office applications were open at the time of update request a series of notifications will occur of period of days. (Officially documented here)
We receive frequent questions around deadlines and delivery of end user notifications. While the CDN only experience doesn't include Configuration Manager, the dialogs from Office overlap with Configuration Manager scenario 2 below. Therefore, examples of the Office notifications (the white dialogs which say "Office will update in X minutes" can be found below in a single place of reference.
When Office stages a build for installation, in app notifications within Office will occur in the following manner:
*Business bar is defined as the yellow in app notification which says "Update now". See picture below in scenario 2.
Notifications and Countdown Dialogs
Toast notifications (system tray "Office Updates Available") delivered by Office and their potential timing
Countdown dialogs (Office delivered white countdown dialogs )
30mins + postpone (2hrs)
30mins + postpone (2hrs)
30mins + enforced
Overwhelming majority of enterprise customers use SCCM to deliver Office 365 Client updates for compliance and distribute content from Distribution Points. Microsoft is always working hard to provide customers additional options including the new feature Delivery Optimization and Office 365 ProPlus which is now in (Preview). Please read article for full details but one-liner is customers will be able to install AND update Office 365 ProPlus sourcing content from peers without infrastructure requirements which we're super excited about. (no more "thick packages" or distributing loads of content to support a simple language pack). If you enabled OfficeMgmtCom for SCCM integration, this action must be reversed in order to use Delivery Optimization (DO). The Microsoft Office Click-to-Run Service is responsible for registering and unregistering OfficeC2RCom (OfficeMgmtCOM) application during service startup. Changing domain policy or SCCM client settings for Office 365 Client Management from ‘Enabled’ to ‘Not configured’ is not enough. Domain Policy or SCCM Client settings require explicit ‘Disable’ selection for OfficeC2RCom to be successfully deregistered and restore default configuration. Further, any custom update path configuration must also be removed.
If the deployment is Available only, the user will only see a toast notification in the system tray for a few seconds, Office update will never be deployed automatically. The problem is this notification isn’t context sensitive so it simply takes end user to Software Center and it also doesn’t ensure security compliance. Therefore, approach isn’t used often in my experience.
This scenario is a good fit for customers who desire faster compliance, no Windows reboots for Office 365 ProPlus updates and are comfortable with additional Office 365 ProPlus end user toast notifications, also in app notifications as well as Office 365 ProPlus countdown dialog leading up to deadline. If the SCCM deployment is Available with future Installation Deadline, Office 365 ProPlus working with OfficeC2RCom application will download the necessary Office build pieces (not the entire build) and stage for installation pulling content from Distribution Point. When content is prestaged, there are a number of potential notifications, please review bullet items in blue from page Manage Office 365 ProPlus with Configuration Manager to review all details as there are many or reference the list from CDN section above.
Once build is staged, a toast notification might not display until the user clicks the icon in the notification area which is easy to miss.
Examples of "Countdown dialogs"
Important to note, countdown from SCCM and Office countdown are not synchronized in any way, they work on separate timers. Specifically, SCCM will stamp in the Office side of the registry the deadline date and time. From that point on, Office and SCCM notifications will in effect work independently based on deadline defined in Software Update Group. For pre-stage scenario its normal for Office to attempt to apply updates before the SCCM defined deadline or allow user to temporarily extend beyond deadline based on countdown dialog section above.
This scenario is best for IT Pros who want to minimize notifications to end user unless deadline has been reached.(Office content is not pre-staged) If the software deployment Available time and Installation Deadline have the same date, SCCM Client will determine that deadline has been missed and therefore make the deployment immediate. Typical notification workflow will be presented to user.
In this case since deadline has passed, download will begin automatically.
Once content has been downloaded, SCCM will immediately initiate Office update with following logic:
The end user will begin to see SCCM “Restart Window” below which shows countdown until restart is forced. The countdown frequency of notification are controlled solely by SCCM Client and can be configured within Client Settings node within SCCM Console.
Is there a simple way to hide all notifications in Office such as the “Biz Bar” with button “Update Now?”
Yes. Use “Hide Update Notifications” GPO or registry
Is there an Microsoft official page which talks about this topic?
If the download is supposed to only contain deltas and stage to C:\Program Files\Microsoft Office\Updates\Download, why in my environment is it staged in C:\Windows\ccmcache and full build? (~2GB)
This means SCCM “Peer Cache” feature is enabled and content is available to be shared with other peers. Windows is leveraging a NTFS feature called “Sparse Files”. Looking closely at size on disk details, you can compare the differences between the full data and the one on the right using peer cache. (Peer cache really only downloaded 80 MB.)
I’ve done everything I can think of and OfficeC2RCom application never shows within MMC console. In fact, when I browse COM applications from within dcomconfg.exe, My Computer has a red down arrow?
This means COM, part of .NET may be corrupted on machine. Office cannot register application as COM itself is broken. Typically this is edge case and requires rebuild of Windows :(
You mentioned On idle update feature in CDN section but was omitted for SCCM, why?
"By design", feature is enabled only for CDN scenario.
Users who launch Office immediately after logon receive message "Updating Office, please wait a moment". Why?
This means Office update was attempted while applications were open which cannot succeed. Therefore, build was staged to retry update by Microsoft Office Click-to-Run Service on Windows startup. In this edge case, the user was able to access desktop and launch a Office application while Office update process is in progress. If easily reproducible, this is often a reflection of slow boot process and Windows startup performance. Best to troubleshoot by removing 3rd party filter drivers and or startup items.
I've tried everything and Software Center never shows Office 365 Client build applicable to my machine?
Review how Office 365 ProPlus determines priority:
1st Priority : GPO "UpdatePath" - HKLM\software\policies\microsoft\office\16.0\common\officeupdate!updatepath
2nd Priority : GPO "UpdateChannel" - HKLM\software\policies\microsoft\office\16.0\common\officeupdate!updatebranch
3rd Priority : "UpdateURL" or UpdatePath="\\Server\Share" HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
*4th Priority: UnmanagedUpdateURL - HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\UnmanagedUpdateURL
5th Priority : CDNBaseURL - HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\CDNBaseUrl
*This value is new May 2020, official documentation
Reflecting on priority list above, have you intentionally or unintentionally set a GPO "UpdatePath" - HKLM\software\policies\microsoft\office\16.0\common\officeupdate!updatepath or included an element inside configuration.xml during initial installation for UpdatePath HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\UpdatePath="\\Server\Share"? This in effect breaks native updates via SCCM as they take precedence. To resolve, remove these values and reset HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration UpdateChannelChanged to False, run Automatic Updates 2.0 scheduled task manually (or be patient and allow it to run) and then perform Software Updates Deployment Evaluation Cycle from SCCM Control Panel Applet.
You didn't mention updating from on-premises file share, why?
Updating Office 365 ProPlus from File Shares has been deemphasized as a strategy. Initially Office 365 ProPlus didn't support update workflows such as SCCM or Delivery Optimization and therefore customers used this approach. However, this is resolved with SCCM Current Branch and modern versions of Windows 10 this is no longer necessary. (still supported just less adopted)
08/14/2020 Added Notifications and Countdown Dialogs section for more detail.
This blog post is brought to you by Dave Guenthner, a Senior Premier Field Engineer and “ProPlus Ranger” at Microsoft. Feel free to share your questions and feedback in the comments below.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.