Americas

  • United States

Asia

Oceania

sbradley
Contributing Writer

Microsoft 365 Apps update changes: What security admins need to know

Feature
Jun 10, 20205 mins
Patch Management SoftwareSecurityWindows Security

Microsoft has renamed its Office 365 update channels and added options. You might have to make changes in your configuration and deployment tools.

As more organizations move to the Microsoft 365 platform, Microsoft has acknowledged that we need a more stable monthly update platform for the Office suite. Microsoft has made changes in naming and the patching cadence in response to customers’ concerns.

Until May 2020, Office 365 applications were updated using click-to-run technology under three difference schedules and a choice of three patching channels. Microsoft has made additional cadence releases along with their new naming for Office 365. The naming change is merely new paint on the same product. The name for Office 365 ProPlus is now Microsoft 365 Apps for Enterprise. This rebranding aligns the naming with the Microsoft 365 suite.

In May 2020, Microsoft released a new patching channel called Monthly Enterprise Channel. This allows the Microsoft 365 administrator to choose a once-a-month release cadence. You’ll still have new features on a planned basis, but you won’t have the weekly churn of changes that may cause issues in your organization.

The naming of the updating channels is changing as well. The Insider, Monthly and Semi-Annual channels are now called:

Beta Channel: This channel is for early adopters, IT pros, and developers who join the Insider community to get access to the earliest build. It will allow you to see what new features and settings will impact your user base. You might want a few users or members of your IT staff on this channel on at least one computer to know what changes will be coming.

Current Channel (Preview): This channel is for enterprises to have early access to upcoming Current Channel releases and for fans or early adopters who want early access but also more stability. If you don’t want to be on the Beta Channel for testing purposes, this channel would be your next best option.

Current Channel: This channel provides your end users with the most current Office features and latest security value as soon as they are ready. This is the default channel if you make no changes to your cadence settings. This channel will still update more often than once a month.

Monthly Enterprise Channel: This channel is new and recommended if you want the latest features on a predictable monthly cadence. It balances the need to have feature releases with only a once a month update change. The installation provides the best balance for most enterprises.

Semi-Annual Enterprise Channel (Preview): This channel allows enterprises to preview the experience for the upcoming Semi-Annual Enterprise Channel release. If you want to test upcoming feature releases on a slower schedule, this would be the release to choose.

Semi-Annual Enterprise Channel: The final channel allows you to choose the longest lead time for releases. This allows you to do extensive testing before rolling out new Office features (e.g., to comply with regulatory, governmental or other organizational requirements). You will still receive monthly security updates, but the feature releases will be on the slowest cadence.

How to select update channels for users

Go to the Microsoft 365 admin center, then to Settings, then to Office software download settings and choose the frequency of the feature updates.

bradley 365 update 1 Susan Bradley

Choose your default installation channel

The Monthly Enterprise Channel was available starting May 12, 2020. Starting June 9, new channel attributes will be used in deployment.

cso new channel attributes chart CSO / IDG

You will need to download a new Office Deployment Tool on that date to use the new attribute value in your deployment.

bradley 365 update 2 Susan Bradley

Edit the Office Deployment Tool to choose your channel

Here are a few things to keep in mind when deploying Microsoft 365 Apps:

  • Office has release build numbers, similar to Windows 10. These build numbers indicate what features you have.
  • Follow this page to keep track of Microsoft 365 Monthly Enterprise Channel once-a-month changes to features and security releases.
  • Follow this page to keep track of when releases come out for the Current (also called Monthly Channel) and what changes are included.

Use Delivery Optimization to share update bandwidth

With Microsoft 365 Apps, you can use Delivery Optimization to share bandwidth when deiivering updates among the workstations in your organization. The Microsoft 365 App requirements include:

  • At least Version 1808 for background updates
  • At least Version 1908 for installing or for user-initiated updates
  • Configured to install or receive updates directly from the Office Content Delivery Network (CDN)

Delivery Optimization is enabled by default on devices running Windows 10 Enterprise or Windows 10 Education.

  • For Version 1912 or later of Microsoft 365 Apps, no additional configuration is needed.
  • For Version 1908 through Version 1911, you need to configure a registry key on devices in your organization before installing Microsoft 365 Apps on those devices. You can use the following reg add command to configure the registry key:  reg add HKLMSOFTWAREPoliciesMicrosoftoffice16.0commonofficeupdate /v SetDOAsPrimary /t REG_DWORD /d 1

This name change may impact some of your workflows and deployment tools. The title of an update package for Office 365 ProPlus begins with “Office 365 Client Update”. After June 9, the title will begin with “Microsoft 365 Apps Update”.

  • Naming prior to 6/9/2020: Office 365 Client Update – Semi-annual Channel Version 1908 for x64 based Edition (Build 11929.20648)
  • Naming after 6/9/2020: Microsoft 365 Apps Update – Semi-annual Channel Version 1908 for x64 based Edition (Build 11929.50000)

In particular, if you have built any rules/tools/scripts that approve patching based on the old names, your rules are broken. If you use an automatic deployment rule (ADR) to deploy updates by using Configuration Manager, you’ll need to make changes to your ADRs if they rely on the “Title” property.

After June 9, re-review your Office applications update cadence and channel. Review your current settings using the Office Deployment Tool and decide your update channel.

sbradley
Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Askwoody.com, is a moderator on the PatchManagement.org listserve, and writes a column of Windows security tips for CSOonline.com. In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at https://www.askwoody.com/tag/patch-lady-posts/ and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

More from this author