The default installation for Office 365 Professional Plus (Word, Excel, Outlook, PowerPoint, etc) will begin automatically upgrading this month (after February 23rd, 2016) to the Office 365 ProPlus (2016) version. In this article I list 8 things that you should carefully check before Office 2016 automatic upgrades begin this month.

Wait… What???

Microsoft began advising customers of the Office 2016 release date last September (here) so the availability should not be a surprise to most people who stay informed. But what’s truly new and different about this upgrade is that it is the first time in Office history where if no action is taken, that users will be prompted to upgrade to the next version. This can be an advantage to organizations that want to keep recent security updates deployed, but have overwhelmed or understaffed IT departments who are struggling just to keep the lights on.

Also, for organizations that allow their users to download Office 365 ProPlus from the software downloads section of the Office 365 portal, they should be informed that beginning February 9th, the version that gets installed from the portal will change from 2013 to 2016. [Update 2/9/2016: The announcement today is good news for customers, as they can now select which version will be the default download option)

For larger organizations, Microsoft provided the Office Deployment Toolkit or the Update Path Group Policy setting so that upgrades could be streamed from local file shares rather than the Internet. So I would expect that savvy organizations took advantage of this method and will be less impacted by these upgrades. However, even those larger organizations still have their work cut out for them as they also need to test for compatibility between applications and Office 2016 and to verify systems meet the minimum system requirements.

8 Things you should check for now

For organizations that have not yet validated compatibility with Office 2016 (for example the new minimum requirements are now 2GB Ram and a 1280×800 minimum screen resolution, and Office 2016 does not support Exchange 2007), then there may be only one choice: delay  the auto-upgrade to buy yourself some time (see that section below). However, it would not be wise to postpone the upgrade indefinitely, because Office 365 ProPlus (2013) will stop receiving updates in February of 2017. In other words, this is not a one-time issue; organizations that have embraced the cloud need to align their policies and procedures so that this doesn’t keep happening to them every year.

Here is a list of things to include in your planning for Office 2016

1. Do you have Exchange 2007? You will need to take action now to disable the auto-upgrade, otherwise your Outlook users will be unable to connect to your Exchange 2007 server.
2. Do your users use InfoPath? This will automatically be removed. See that section below for details.
3. Do you have the Office 365 ProPlus versions of Visio or Project installed? They will be automatically removed. See that section below for details.
4. Do you use language packs? See that section below for details.
5. Do you rely upon the side-by-side installation method of Office? See that section below for details.
6. Do you rely upon Volume Licensed editions of Visio or Project? See that section below for details.
7. Did you not change the default update path to point to a local file share, or did you stick with the default of streaming updates from the Internet? If you have more than 50 users, you may need to take action now to prevent your Internet circuit from being saturated when about 1GB of updates (per user) are streamed beginning this month.
8. Do you have any workstations with less than 2GB of Ram, or a screen resolution less than 1280×800?

Language Pack change for global organizations

There is a change to the way additional languages are deployed in the Office 2016 version of Office 365 ProPlus. Previously, in Office, you could deploy an MSI-based language pack after you installed Office 365 ProPlus, even though those language packs weren’t specifically designed to be used with Office 365 ProPlus. In Office 2016, using those language packs is no longer supported. Instead, with Office 2016, you install language accessory packs after you’ve deployed Office 365 ProPlus in one of its 40 base languages. These can be downloaded by the end-user from the Software page of the O365 Portal, or IT can distribute them with the Office Deployment Tool.

Side-by-Side is no longer supported

Previously, Office 365 ProPlus (2013) could be installed side-by-side with Office 2010. Beginning with this version of office, this has changed (or rather, it now goes back to how it was before, where this wasn’t possible between Office 2010 and 2007). You can’t have the Office 2013 and the Office 2016 version of Office 365 ProPlus installed on the same computer. Also, you can’t have a volume licensed version of Office 2016 installed on the same computer as the Office 2016 version of Office 365 ProPlus.

Conflicts with Volume Licensed versions of Office

You can’t have a volume licensed version of Visio 2016 or Project 2016 installed on the same computer as the Office 2016 version of Office 365 ProPlus.

Automatic Removal of Visio Pro and Project Pro

If there is a 2013 version of Visio Pro for Office 365 or Project Pro for Office 365 installed on the computer when you upgrade Office 365 ProPlus to the Office 2016 version, those versions of Visio and Project are removed from the computer. You won’t be able to reinstall them after the Office 365 ProPlus installation finishes. However, you can install the 2016 versions of Visio Pro for Office 365 and Project Pro for Office 365 on the same computer with the Office 2016 version of Office 365 ProPlus.

However, if you have a volume licensed version of Visio 2013 or Project 2013 installed on the computer, it won’t be removed from the computer during the upgrade of Office 365 ProPlus. You can continue to use the volume licensed version of Visio 2013 or Project 2013 on the computer with the Office 2016 version of Office 365 ProPlus.

Reference: https://technet.microsoft.com/en-us/library/mt422981.aspx

InfoPath is now removed automatically

InfoPath 2013 remains the current version and therefore won’t be included in the Office 2016 version of Office 365 ProPlus. When you upgrade an existing installation of Office 365 ProPlus to the Office 2016 version, InfoPath is removed from the computer. If your users still need to use InfoPath, the previous version will be available for installation on the Software page in the Office 365 portal.

What happens if I don’t take any action?

If you don’t take any action, then users will begin receiving prompts on or after 2/23/2016 to upgrade Office 2013 to Office 2016. This will cause approximately 1 Gigabyte of information to be streamed to each computer. For organizations with small internet bandwidth, just a handful of users could saturate an internet link, leaving little left over for critical business applications that may rely on external Software as a Service offerings (or make web browsing grind to a halt).

Another issue that can happen is that plug-ins that work with older versions of Office may not work with 2016. I’m not aware of specific examples, but this is just based on previous Office upgrades. The prudent thing to do is to develop a test plan to validate compatibility with Office plug-ins. To be fair, about 12 months ago, Microsoft committed (here) to not make any changes to the extensibility model for macros or add-ins, so most things that were compatible with 2013 should also work fine with 2016 (be sure to test it for yourself).

If you do not take any action, then Office 2016 will continue to receive monthly security updates. However, for organizations that want less change, Microsoft introduced a new software update model in Office 2016 that allows Office to only update itself once per quarter (called ‘Current Branch for Business) [Update 2/9/2016: This has been renamed to ‘Deferred Channel build’]. Whereas the default option will remain the same as Office 2013, dubbed just ‘Current Branch.’  Microsoft has also provided a way for beta testers to get in front of change to evaluate the security updates, this is called ‘First Release for Current Branch for Business’. [Update 2/9/2016: This has been renamed to  “First Release for Current Channel” and “First Release for Deferred Channel,” respectively. ]

If you do this, those users can install ‘First Release for Deferred Channel’ First Release for Current Branch for Business directly from the Software page in the Office 365 portal. Organizations can mix and match these branches for different sets of users within their organization. IT can control this with the Group Policy templates for Office 2016.

Change is Good!

There are several enhancements in Office 2016 that you will want. So I caution organizations to immediately rush to disable this upgrade. Carefully weigh the pros and cons and realize that when you adopt a cloud service, such as Office 365 Professional Plus, you are benefiting from innovation and enhancements. There is a great change management guide from Microsoft available (here). There are too many goodies in Office 2016 to list but some of the ones I already benefit from include:

-Real-time co-authoring within Microsoft Word (previously to do co-authoring, you had to keep clicking the save button to merge changes when others were working in the document at the same time).

-Office 365 Groups integration with Outlook 2016. Groups enable a team to have a shared calendar, inbox, cloud storage, OneNote, Planner, PowerBI, and more.

– Smart Links in Outlook. This allows any attachments I send to everyone on the TO: line to receive a hyperlink to the file in OneDrive for Business rather than attaching the file itself (if the file is synced locally to a folder from OneDrive). This solves a huge problem for recipient email systems that may not be able to handle large attachments. Now they can just click on a link to get the file. Brilliant.

– Background Intelligent Transfer Service (BITS) – Allows the security updates we talked about earlier to be throttled so that it doesn’t have a major impact on the Internet circuit. This is not turned on by default, so IT Admins will need to plan to take advantage of this.

– Data Loss Prevention. While this is not new for scanning email that is sent, what is new is that this can now happen in real-time while working within Office 2016 applications such as Word and Excel. In this world, we need all the help we can get when it comes to keeping information secure!

– Multi-factor authentication support. This prevents having to have a separate ‘application password’ for Office Applications when using MFA technology designed to work with this new modern MFA solution.

– Of course, the Office for Mac 2016 was released and is a huge improvement from the previous version.

There are lots more improvements to Office 2016.  And “GigJam” is coming at some point this year too.

https://blogs.office.com/2015/09/22/thenewoffice/

https://blogs.office.com/2015/09/10/admins-get-ready-for-office-2016-rollout-begins-september-22/

How to delay the upgrade

If you don’t want these users to be upgraded automatically, you have a few options. The original method was to configure ProPlus to get updates from a location on your internal network. You can configure this either by using the Office Deployment Tool or by using Group Policy and the Update Path policy setting. For offices with multiple branch offices and small WAN links, you can point the update path to a distributed DFS share so that WAN links are not saturated.

Another method is to set the ‘Enable Automatic Upgrade’ Group policy setting to Disabled. (click here for more info). This works for your domain-joined machines.

The last method I am aware of is to push out this registry update:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\office\15.0\common\officeupdate
Add the following value under the office update subkey:
“enableautomaticupgrade”=dword:00000000

Additionally, if you allow software downloads from the Office 365 portal, you may want to disable that temporarily until you have had the opportunity to make sure your organization is ready for the change. Just make sure you complete your evaluation before February 2017, as that is when the 2013 version of Office will stop receiving security updates.

Okay – I missed the “Memo” this time – what can I do to prevent this from happening again in the future?

If you’ve configured your users to get updates from a location on your internal network, then the upgrade to Office 2016 is under your control. What if you missed the memo on how to do this and you want to make sure you stay informed so that things like this don’t happen again? I recommend having someone in your organization stay focused on things like this by creating a position to discovery of upcoming changes, or hire a Cloud Architect to do this for you. If you do not have budget for a new position, or your existing staff is overwhelmed, then you may benefit from Cloud Advisory services from Patriot Consulting (visit our website by clicking here for more information).

Or you can always email us at Hello @ PatriotConsultingTech.com

If you own the E5 license within Microsoft Office 365, you may be wondering how to take advantage of all the features that you have purchased.

One of these features is called Advanced eDiscovery. This comes from an acquisition of a company called Equivio, that had specialized machine learning technology to reduce the time and costs for eDiscovery between 75% to 90%.

Equivio was designed to solve a problem where you have a million documents to analyze to determine whether they are relevant to a legal case. When dealing with large, unstructured data sets, this tool can be quite effective to reduce the total number of documents that need to be reviewed by a human.

In my opinion, this tool should be used in cases where you have a LOT of search results that come back from the initial search query. Otherwise, if you only have a handful of documents that are returned, it is not necessary to use this advanced tool since you don’t have the problem that the tool was designed to solve.

What data can it search?

Exchange Online, SharePoint Online, OneDrive for Business, and Skype for Business.

How does it work?

One of the features of Equivio is the use of ‘predictive coding’ which is a technique of watching how you tag documents as relevant to the case or not relevant on a small subset of search results, and then the machine learning algorithm can use this to filter out noise and reduce the total number of documents that truly need to be reviewed. In one case, defendants were able to reduce the number of documents that had to be reviewed by humans from 2 million documents to just 10 percent of that original number. Imagine the cost savings in legal fees!

The software also identifies duplicate files and email threads, which further reduces the costs involved in analyzing search results.

How do I find Advanced eDiscovery in Office 365?

At the time of this writing, Equivio Analytics (now dubbed Advanced eDiscovery) can be found in the Office 365 Compliance Center here:
https://compliance.protection.outlook.com

Then on the left navigation pane click eDiscovery. In the middle pane click ‘Go to Equivio Analytics.’ (as shown in screen shot below).

The first time you browse there, you will be prompted to submit a request to enable Equivio, and that it could take up to 24 hours for this to take effect.

In the future, this will be moved to the new Protection Center here:https://protection.office.com but at the time of this writing, Equivio is not yet accessible in the new Protection Center portal, so just use the existing Compliance Center for now.

Note: Before you get started, you need permissions. To access the eDiscovery cases page in the Compliance Center, you have to be a member of the eDiscovery Manager role group in the Compliance Center. For more information about permissions, see Permissions in the Office 365 Compliance Center.

In my next blog article, I will show you the user interface and integration with the Compliance Center. Click (here) for part 2 in this series.

Need help with your next Office 365 Project? Contact us at [email protected]

Your Office 365 Outlook connection will do a DNS lookup and Microsoft will use the GEO location of that lookup to connect you to your ‘nearest’ Microsoft Data-center. Outlook will connect to an Exchange CAS server based on the DNS query and use Microsoft’s fast Data-center to data-center backbone network to connect you to the data-center where your Exchange mailbox data is located. Generally, this works well, however, you may not always under all circumstances be connected to the closest data-center.

For example, from my network in Southern California, I was connecting to an Exchange CAS server in Asia Pacific!

Using the picture below, consider a case in an enterprise where users that will use Office365 are located in Dallas TX (BLUE), and an Office365 Tenant has been setup for them in the San Antonio data center (PURPLE).

However, all traffic external to the organization goes from Dallas to Phoenix (RED), on a private connection, before reaching the Internet.

Users in Dallas, when doing DNS lookups for hosts on the Internet end up using DNS servers in Phoenix (because that is where data leaves the company network).

Users in Dallas will receive IP addresses of the nearest Office365 data center as San Jose (ORANGE).  From there, the data travels all the way back to San Antonio (PURPLE) where the Tenant is hosted.

Problem

If the internal DNS servers are not adjusted to point “outlook.office365.com” to the San Antonio data center (PURPLE), users will have a horrible experience due to the many network hops and latency in between. 

For more information see http://blogs.technet.com/b/onthewire/archive/2014/06/27/dns-geolocation-for-office-365-connecting-you-to-your-nearest-datacenter.aspx

Solution

Changing the DNS servers will cause Dallas users to jump directly to the truly “nearest” Office365 data center.

Credits go to PRIASOFT for all of the above information.

Caveats

If you update your local DNS to force traffic to a particular data center, make sure to periodically check to see if Microsoft updates their DNS. Every organization will need to weigh the benefits of the speed increase with the overhead of having to maintain local DNS records from outlook.office365.com.

Free Download of tool to determine your closest MSFT Data Center based on TCP ping, courtesy of PRIASOFT.

Need help with your next Office 365 Project? Contact us at [email protected]

To activate the new E5 feature “Delve Analytics”, the Office 365 administrator must follow these steps:

1. Browse to the Office 365 admin center.
http://portal.office.com

2. Enable First Release. It can take up to 24 hours for the changes to take effect in Office 365.
b. After you enable First Release, click the Admin tile in the Office 365 admin center.
c. Click the link in the Ribbon on the top of the page “New Admin Center in the works – get a sneak peek” to use the Admin center preview.

3. In the Admin center preview, click the gear icon on the left side of the page to open the Settings menu and then click Apps.

4. On the Apps page, locate the Delve Analytics section and click Submit below the text “Submit a request to enable Delve Analytics for your organization“.

5. Wait for approval.

To see what it looks like after approval, click (here) to take a peak.

Need help with your next Office 365 Project? We can help you deploy any or all of the 21 features Included in Office 365 for a flat rate per month.  Contact us at [email protected].

Mandatory Anonymous Link Expiration is a new feature for SharePoint Online and OneDrive for Business. This feature started rolling out January 12th, 2016, and is scheduled to complete in the coming weeks.

With this feature, administrators can now set a mandatory expiration length for all anonymous links created in their company to help promote security and link hygiene. End users will be required to create links that match or are shorter than the stated expiration value.

There is no default value for anonymous link expiration. To begin using this feature, use the SharePoint Online Management Shell using the “RequireAnonymousLinksExpireInDays” parameter.

As an example, this will set expiry for 30 days:
Set-SPOTenant –RequireAnonymousLinksExpireInDays 30

This feature strikes the balance between productivity and security, allowing users to easily share content, while preventing shared content from endlessly being shared with potentially unauthorized people (for example, after a person leaves an organization, if they had a copy of an anonymous link, at least those can now expire).

On December 16th, Microsoft announced (here) the availability of the highly anticipated “Next Generation Sync Client (NGSC)” [for OneDrive for Business].

I have been beta testing the new client for months and it is super fast (4x) the speed of the old sync client. It has resolved most of the pain points of the original sync client based on the Groove engine (also previously known as SharePoint Workspace).

After reading through the release notes (here) and (here) I can state that most large companies should wait until April of 2016 before considering a large scale deployment of the NGSC to their enterprise. However, IT Departments can begin evaluating the NGSC now in preparation for a deployment in April.

Why wait until April, you may ask? First, if your organization has any Windows 8.1 devices, they have to wait until April anyway, because the NGSC client is not available until Q1 anyway. The second reason is because if your organization is currently using the existing sync client there is currently no automated, in-place takeover or migration of content to the Next Generation Sync Client. This will be added in the first quarter of 2016. Therefore, by April, this capability will be available. This is significant to point out, because if you deploy the NGSC before April, the end-user experience for transitioning to the NGSC is “high touch” as follows:

1. End-users must manually turn off syncing (this cannot be automated by the IT Department)

2. End-users must manually rename the old OneDrive sync folder.

3. At this point, the end-user must launch the setup program and select which folders to sync (this is the new “selective sync” feature in the NGSC client). Note: Several IT deployment options are available (here).

4. Finally, the selected folders are synced back down to the client. Here is the rub – that is a big network impact to your Internet circuit if you have more than just a handful of users. That is why the April date is so important, because the feature to “in-place takeover” of the existing local contents of the previous OneDrive folder avoids having to re-download all the content. I cannot emphasize enough how important this decision is to the overall project.

Recommendation 

The OneDrive for Business sync client brings many new features including 4x faster sync, the highly desirable selective sync feature, removing the 20,000 sync limit, supporting files up to 10GB in size, and the desirable promise of “unlimited” storage (Microsoft repeated this commitment following their announcement of pulling this from the consumer versions of OneDrive). Therefore, I am confident that organizations will eventually come to embrace the new sync client. However, the reality of large enterprises today is that they must wait for the in-place takeover feature to avoid a disruptive impact to their internet circuits. Alternatively, they could “stagger” the deployment into small batches, but at that point, that would cause the overall project to likely last beyond April anyway, so it makes more sense to me to wait until the takeover feature is available.

However, I encourage IT Departments to begin evaluating the new sync client right away. Tech-Savvy IT Users can follow these easy instructions to deploy the NGSC to their machines by following this article (here). However, those instructions don’t point out the recommendation to first stop syncing the current OneDrive folder and renaming the old folder, so just don’t forget those steps.