The default installation for Office 365 Professional Plus (Word, Excel, Outlook, PowerPoint, etc) will begin automatically upgrading this month (after February 23rd, 2016) to the Office 365 ProPlus (2016) version. In this article I list 8 things that you should carefully check before Office 2016 automatic upgrades begin this month.

Wait… What???

Microsoft began advising customers of the Office 2016 release date last September (here) so the availability should not be a surprise to most people who stay informed. But what’s truly new and different about this upgrade is that it is the first time in Office history where if no action is taken, that users will be prompted to upgrade to the next version. This can be an advantage to organizations that want to keep recent security updates deployed, but have overwhelmed or understaffed IT departments who are struggling just to keep the lights on.

Also, for organizations that allow their users to download Office 365 ProPlus from the software downloads section of the Office 365 portal, they should be informed that beginning February 9th, the version that gets installed from the portal will change from 2013 to 2016. [Update 2/9/2016: The announcement today is good news for customers, as they can now select which version will be the default download option)

For larger organizations, Microsoft provided the Office Deployment Toolkit or the Update Path Group Policy setting so that upgrades could be streamed from local file shares rather than the Internet. So I would expect that savvy organizations took advantage of this method and will be less impacted by these upgrades. However, even those larger organizations still have their work cut out for them as they also need to test for compatibility between applications and Office 2016 and to verify systems meet the minimum system requirements.

8 Things you should check for now

For organizations that have not yet validated compatibility with Office 2016 (for example the new minimum requirements are now 2GB Ram and a 1280×800 minimum screen resolution, and Office 2016 does not support Exchange 2007), then there may be only one choice: delay the auto-upgrade to buy yourself some time (see that section below). However, it would not be wise to postpone the upgrade indefinitely, because Office 365 ProPlus (2013) will stop receiving updates in February of 2017. In other words, this is not a one-time issue; organizations that have embraced the cloud need to align their policies and procedures so that this doesn’t keep happening to them every year.

Here is a list of things to include in your planning for Office 2016

Do you have Exchange 2007? You will need to take action now to disable the auto-upgrade, otherwise your Outlook users will be unable to connect to your Exchange 2007 server.
Do your users use InfoPath? This will automatically be removed. See that section below for details.
Do you have the Office 365 ProPlus versions of Visio or Project installed? They will be automatically removed. See that section below for details.
Do you use language packs? See that section below for details.
Do you rely upon the side-by-side installation method of Office? See that section below for details.
Do you rely upon Volume Licensed editions of Visio or Project? See that section below for details.
Did you not change the default update path to point to a local file share, or did you stick with the default of streaming updates from the Internet? If you have more than 50 users, you may need to take action now to prevent your Internet circuit from being saturated when about 1GB of updates (per user) are streamed beginning this month.
Do you have any workstations with less than 2GB of Ram, or a screen resolution less than 1280×800?

Language Pack change for global organizations

There is a change to the way additional languages are deployed in the Office 2016 version of Office 365 ProPlus. Previously, in Office, you could deploy an MSI-based language pack after you installed Office 365 ProPlus, even though those language packs weren’t specifically designed to be used with Office 365 ProPlus. In Office 2016, using those language packs is no longer supported. Instead, with Office 2016, you install language accessory packs after you’ve deployed Office 365 ProPlus in one of its 40 base languages. These can be downloaded by the end-user from the Software page of the O365 Portal, or IT can distribute them with the Office Deployment Tool.

Side-by-Side is no longer supported

Previously, Office 365 ProPlus (2013) could be installed side-by-side with Office 2010. Beginning with this version of office, this has changed (or rather, it now goes back to how it was before, where this wasn’t possible between Office 2010 and 2007). You can’t have the Office 2013 and the Office 2016 version of Office 365 ProPlus installed on the same computer. Also, you can’t have a volume licensed version of Office 2016 installed on the same computer as the Office 2016 version of Office 365 ProPlus.

Conflicts with Volume Licensed versions of Office

You can’t have a volume licensed version of Visio 2016 or Project 2016 installed on the same computer as the Office 2016 version of Office 365 ProPlus.

Automatic Removal of Visio Pro and Project Pro

If there is a 2013 version of Visio Pro for Office 365 or Project Pro for Office 365 installed on the computer when you upgrade Office 365 ProPlus to the Office 2016 version, those versions of Visio and Project are removed from the computer. You won’t be able to reinstall them after the Office 365 ProPlus installation finishes. However, you can install the 2016 versions of Visio Pro for Office 365 and Project Pro for Office 365 on the same computer with the Office 2016 version of Office 365 ProPlus.

However, if you have a volume licensed version of Visio 2013 or Project 2013 installed on the computer, it won’t be removed from the computer during the upgrade of Office 365 ProPlus. You can continue to use the volume licensed version of Visio 2013 or Project 2013 on the computer with the Office 2016 version of Office 365 ProPlus.

Reference: https://technet.microsoft.com/en-us/library/mt422981.aspx

InfoPath is now removed automatically

InfoPath 2013 remains the current version and therefore won’t be included in the Office 2016 version of Office 365 ProPlus. When you upgrade an existing installation of Office 365 ProPlus to the Office 2016 version, InfoPath is removed from the computer. If your users still need to use InfoPath, the previous version will be available for installation on the Software page in the Office 365 portal.

What happens if I don’t take any action?

If you don’t take any action, then users will begin receiving prompts on or after 2/23/2016 to upgrade Office 2013 to Office 2016. This will cause approximately 1 Gigabyte of information to be streamed to each computer. For organizations with small internet bandwidth, just a handful of users could saturate an internet link, leaving little left over for critical business applications that may rely on external Software as a Service offerings (or make web browsing grind to a halt).

Another issue that can happen is that plug-ins that work with older versions of Office may not work with 2016. I’m not aware of specific examples, but this is just based on previous Office upgrades. The prudent thing to do is to develop a test plan to validate compatibility with Office plug-ins. To be fair, about 12 months ago, Microsoft committed (here) to not make any changes to the extensibility model for macros or add-ins, so most things that were compatible with 2013 should also work fine with 2016 (be sure to test it for yourself).

If you do not take any action, then Office 2016 will continue to receive monthly security updates. However, for organizations that want less change, Microsoft introduced a new software update model in Office 2016 that allows Office to only update itself once per quarter (called ‘Current Branch for Business) [Update 2/9/2016: This has been renamed to ‘Deferred Channel build’]. Whereas the default option will remain the same as Office 2013, dubbed just ‘Current Branch.’ Microsoft has also provided a way for beta testers to get in front of change to evaluate the security updates, this is called ‘First Release for Current Branch for Business’. [Update 2/9/2016: This has been renamed to “First Release for Current Channel” and “First Release for Deferred Channel,” respectively. ]

If you do this, those users can install ‘First Release for Deferred Channel’ ~~First Release for Current Branch for Business~~ directly from the Software page in the Office 365 portal. Organizations can mix and match these branches for different sets of users within their organization. IT can control this with the Group Policy templates for Office 2016.

Change is Good!

There are several enhancements in Office 2016 that you will want. So I caution organizations to immediately rush to disable this upgrade. Carefully weigh the pros and cons and realize that when you adopt a cloud service, such as Office 365 Professional Plus, you are benefiting from innovation and enhancements. There is a great change management guide from Microsoft available (here). There are too many goodies in Office 2016 to list but some of the ones I already benefit from include:

-Real-time co-authoring within Microsoft Word (previously to do co-authoring, you had to keep clicking the save button to merge changes when others were working in the document at the same time).

-Office 365 Groups integration with Outlook 2016. Groups enable a team to have a shared calendar, inbox, cloud storage, OneNote, Planner, PowerBI, and more.

– Smart Links in Outlook. This allows any attachments I send to everyone on the TO: line to receive a hyperlink to the file in OneDrive for Business rather than attaching the file itself (if the file is synced locally to a folder from OneDrive). This solves a huge problem for recipient email systems that may not be able to handle large attachments. Now they can just click on a link to get the file. Brilliant.

– Background Intelligent Transfer Service (BITS) – Allows the security updates we talked about earlier to be throttled so that it doesn’t have a major impact on the Internet circuit. This is not turned on by default, so IT Admins will need to plan to take advantage of this.

– Data Loss Prevention. While this is not new for scanning email that is sent, what is new is that this can now happen in real-time while working within Office 2016 applications such as Word and Excel. In this world, we need all the help we can get when it comes to keeping information secure!

– Multi-factor authentication support. This prevents having to have a separate ‘application password’ for Office Applications when using MFA technology designed to work with this new modern MFA solution.

– Of course, the Office for Mac 2016 was released and is a huge improvement from the previous version.

There are lots more improvements to Office 2016. And “GigJam” is coming at some point this year too.

https://blogs.office.com/2015/09/22/thenewoffice/

https://blogs.office.com/2015/09/10/admins-get-ready-for-office-2016-rollout-begins-september-22/

How to delay the upgrade

If you don’t want these users to be upgraded automatically, you have a few options. The original method was to configure ProPlus to get updates from a location on your internal network. You can configure this either by using the Office Deployment Tool or by using Group Policy and the Update Path policy setting. For offices with multiple branch offices and small WAN links, you can point the update path to a distributed DFS share so that WAN links are not saturated.

Another method is to set the ‘Enable Automatic Upgrade’ Group policy setting to Disabled. (click here for more info). This works for your domain-joined machines.

The last method I am aware of is to push out this registry update:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\office\15.0\common\officeupdate
Add the following value under the office update subkey:
“enableautomaticupgrade”=dword:00000000

Additionally, if you allow software downloads from the Office 365 portal, you may want to disable that temporarily until you have had the opportunity to make sure your organization is ready for the change. Just make sure you complete your evaluation before February 2017, as that is when the 2013 version of Office will stop receiving security updates.

Okay – I missed the “Memo” this time – what can I do to prevent this from happening again in the future?

If you’ve configured your users to get updates from a location on your internal network, then the upgrade to Office 2016 is under your control. What if you missed the memo on how to do this and you want to make sure you stay informed so that things like this don’t happen again? I recommend having someone in your organization stay focused on things like this by creating a position to discovery of upcoming changes, or hire a Cloud Architect to do this for you. If you do not have budget for a new position, or your existing staff is overwhelmed, then you may benefit from Cloud Advisory services from Patriot Consulting (visit our website by clicking here for more information).

Or you can always email us at Hello @ PatriotConsultingTech.com

Instance Level IP addresses (ILPIP) are distinct from other types of IP addresses in Azure and have a very specific purpose and benefit. They are limited to 5 per Azure Subscription and intended to permit applications such as passive FTP to function, which requires a lot of open ports. They bypass the load balancer and firewall, allowing direct access to the VM. They do not take the place of the VIP assigned to the load balancer, but they can only be added alongside a VIP. At this time, an ILPIP cannot be added to VM’s that have multiple NICs (yet?).

Instance Level IP’s cannot be reserved and therefore are lost when the VM is shut down. They can dynamically register to a hostname that can be used in a CNAME record, so that if the IP changes, you are still fine as long as you point things to the CNAME record and not the IP address. Another benefit is that the source IP address comes from the VM rather than from the IP of the load balancer.

Something to be aware of is that ILPIP’s do not use the Endpoints feature in Azure, and therefore all internet ports are open – requiring the use of a host-based firewall to be running on the VM to filter traffic.

You can assign ILPIP to an existing or new VM by piping set-AzurePublicIP as follows:

Get-AzureVM -ServiceName ftp01 -Name ftp01 | Set-AzurePublicIP -PublicIPName ftp01pip01 -IdleTimeoutInMinutes 4 -DomainNameLabel ftp01pip01 | Update-AzureVM

Then the CNAME record would point to the PublicIPFQDNs that is revealed when you run a get-AzureVM command. For example: ftppip01.ftp01.cloudapp.net

To request an ILPIP during VM creation you would use this command:

New-AzureService -ServiceName FTPService -Location "Central US"
$image = Get-AzureVMImage|?{$_.ImageName -like "*RightImage-Windows-2012R2-x64*"}
New-AzureVMConfig -Name FTPInstance -InstanceSize Small -ImageName $image.ImageName `
| Add-AzureProvisioningConfig -Windows -AdminUsername adminuser -Password MyP@ssw0rd!! `
| Set-AzurePublicIP -PublicIPName ftpip | New-AzureVM -ServiceName FTPService -Location "Central US"

References:

https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-instance-level-public-ip/

http://blog.siliconvalve.com/2015/06/29/setting-instance-level-public-ips-on-azure-vms/