1. Introduction
When a client workstation is a member of an Active Directory domain, the Office suite can be managed with GPOs based on ADMX files.
The Office Apps suite (MS365 version of the Office suite) can also be managed by GPOs but it is also possible to manage this Office suite using policies configured inside the MS365 cloud. These type of policy apply only to the user (who activates an Office license) and can manage Office even with client workstations that are not members of a domain or hybridjoin.
2. Use Apps Admin Center
An Office policy can apply to a user or to a security group. Nested groups are supported.
Start by creating a security group and then apply an Office policy to it.
Create a group with EntraAD administration tool.
Once the group created, sign in to the Apps Admin Center: https://config.office.com/
Go to the “Office Policies” section.
Create a new policy and start by specifying what type of account it will apply to. It is possible to apply it to users or groups or for the Office Web App to anonymous accounts.
Specify the settings you want to configure per policy. Thousands of parameters are available. It is not necessary to manage ADMX files, Microsoft automatically manages the integration of new parameters.
For example with Teams, it is currently possible to manage 3 parameters.
Specify the parameters that the policy will manage (like a GPO) among the thousands of parameters offered.
It’s easy to test with global Office settings. For example, deny access to the Office Store.
Once the policy has been created, the Office “click-to-run” service will take charge of reading these policies and their application on the client workstation . After a few hours, on the client workstation, the settings are applied.
As specified in the introduction, this system similar to the GPO system works even if the client is in Workgroup. So if a user activates his Office license on a personal PC, the parameters defined in these policies will apply.
Lionel TRAVERSE
Microsoft 365 Certified Administrator Expert
Microsoft Certified Trainer
lionel.traverse@admin365.fr