How to get a smooooooth Office365 ProPlus deployment in your org
Office deployment nowadays is not that hard.
You can use the Office Customization Tool to specify your desired configuration and then use the
setup.exe /configure config.xml command to deploy the installation.
But there are still some considerations you can make while choosing to deploy O365 ProPlus in your environment.
Below you will find a few examples:
Removal of old Office versions
Remember that when you specify to delete older versions of Office you are only able to remove MSI versions (https://docs.microsoft.com/en-us/deployoffice/upgrade-from-msi-version#additional-information-about-using-removemsi).
So Click-To-Run versions (which your users maybe downloaded via office.com/setup in the past) are not removed through this option. One way to achieve this is to use solutions like uninstalling the previous version with a script which uses the setup.exe and accompanied source files of an Office 2010 copy on a network share (https://blogs.technet.microsoft.com/odsupport/2014/11/03/how-to-uninstall-office-2010-and-move-to-office-2013-click-to-run-or-volume-license/).
After the process completes you can then start the setup.exe with the switches stated above.
Automatic activation of Outlook combined with modern authentication
Don’t forget to check if you’re Exchange Online has modern authentication enabled. This allows you’re Outlook to use your account with SSO, which is explained in the next sections, to configure and activate the installed copy of Office. Also modern auth is required when you use an account with MFA enabled.
Join devices to Azure AD – cloud only
Also a huge win while you’re setting up deployment is joining your workstations to Azure AD (with Intune).
Being an Office365 and therefore Azure linked product, O365 ProPlus is narrowly integrated with Azure.
When you install ProPlus it will ask you to “join this device to your organisation”, this means that your device will be Azure AD registered. Or, if you select “this app only” it will register Office as a managed app in your Azure account. When you register the device in Azure AD you can then use SSO for all the cloud applications. Also conditional access can use this “device state” as a condition for logging into the Office365 suite.
Join devices to Azure AD – hybrid
Another possibility is to use Hybrid Azure AD join for company owned devices which are also joined to a local AD. This will give you the possibility to use SSO for cloud AND on-premise resources. If you combine this with Seamless SSO you will have a smooth experience for Office sign-in and activation because it uses your local AD account for this process through modern authentication. You can activate it in Azure AD Connect combined with the hybrid device registration option to get a complete hybrid SSO experience.
BE ADVISED: When a Windows 10 device with a build number earlier then 1803 is aleady Azure AD registered it will not automatically change to the Hybrid joined state. You must first remove the registration or upgrade to at least the 1803 build version to get a succesfull join. Referral: https://docs.microsoft.com/nl-nl/azure/active-directory/devices/hybrid-azuread-join-plan#review-things-you-should-know