Configure Office Apps with MS365 policies

1. Introduction

When a client workstation is a member of an Active Directory domain, the Office suite can be managed with GPOs based on ADMX files.

The Office Apps suite (MS365 version of the Office suite) can also be managed by GPOs but it is also possible to manage this Office suite using policies configured in the MS365 cloud. This type of policy apply only to the user (who activates an Office license) and can manage Office even with client workstations that are not members of a domain.

The MS365 policies also allow you to manage Office Web App which is not manageable with GPO.

2. Use Apps Admin Center

An Office policy can apply to a user or to a security group. Nested groups are supported. Start by creating a security group and then apply an Office policy to it.

Create a group with AzureAD administration tool.

Once the group created, sign in to the Apps Admin Center: https://config.office.com/

Go to the “Office Policies” section.

Create a new policy and start by specifying what type of account it will apply to. It is possible to apply it to users / groups or for the Office Web App to anonymous accounts.

In the case of management by user, then specify the name of the security group. A user can be in more than one group affected by Office policies and the priorities will determine which settings will apply.

Specify the settings you want to configure per policy.

Thousands of parameters are available. It is not necessary to manage ADMX files, Microsoft automatically manages the integration of new parameters.

For example with Teams, it is currently possible to manage two parameters.

Specify the parameters that the policy will manage (like a GPO) among the thousands of parameters offered.

It’s easy to test with global Office settings. For example, deny access to the Office Store.

Once the policy has been created, the Office “click-to-run” service will take charge of reading these policies and their application on the client workstation . After a few hours, on the client workstation, the settings are applied.

As specified in the introduction, this system similar to the GPO system works even if the client is in Workgroup. So if a user activates his Office license on a personal PC, the parameters defined in these policies will apply.