Since a couple of months Microsoft Intune offers the possibility to use ADMX templates to configure Microsoft Office 365 Pro Plus. Earlier on this was possible via scripting to configure Microsoft Office. This is not ideal because our managed services department had a hard time controling this. When I read about the ADMX templates I was eager to start testing. I will share my experiences with you.
In the examples I assume that the users that you configure these options for work on fat clients.
Preparation for Intune
For the examples I will elaborate on these parts of the Microsoft Office 365 suite:
First things first, let’s start with an example to configure a profile with an ADMX template:
1. Log on to https://devicemanagement.microsoft.com/ to enter Microsoft Endpoint manager.
2. Go to devices and configuration profiles:
3. Click on create profile:
4. Set the profile name, set the plaform, the configuration type and click on create:
The new configuration profile is now created. After that, there are 3 options available:
You can use the properties option to change the name and description for configuration profile.
The settings option is for the ADMX settings.
With the assignment option you can add the profile to users or devices.
Example for Microsoft Office 365 Outlook
Firstly I will start with Outlook since this application has the most impact for the most users.
I would start with these options:
Automatically configure profile based on Active Directory Primary SMTP address once. – “Set to enabled”
Disable First Run Movie – “Set to enabled”
Disable Office First Run on application boot – “Set to enabled”
Calendar week numbers.- “Set to enabled”
Turn off Coming Soon – “Set to enabled”
Disable Opt-in Wizard on first run – “Set to enabled”
Disable shared mail folder caching – “Set to enabled”
Download shared non-mail folders – “Set to disabled”
I would disable the shared folder caching because Outlook doesn’t handle this well when multiple users make a lot of changes to same mailbox. For example: When 5 users work in the same shared mailbox and they catagorize e-mail, it takes a while to sync when using cache mode. If you don’t use cache mode for the shared mailboxes the changes are visible instantly for all 5 users.
It is always possible to configure more options. The option that I suggest form a basic configuration for Outlook which I find fitting for our users. There are always specific cases for clients.
Example for Microsoft Office 365 OneDrive
Secondly we are going to configure OneDrive via a policy. In addition, I would advise you to create a seperate policy for OneDrive since not all users can or may use OneDrive.
I would start with these options:
Coauthor and share in Office desktop apps – “Set to enabled”
Disable the tutorial that appears at the end of OneDrive Setup – “Set to enabled”
Prevent users from changing the location of their OneDrive folder – “Set to enabled”
Prevent users from redirecting their Windows known folders to their PC – “Set to enabled”
Require users to confirm large delete operations – “Set to enabled”
Silently move Windows known folders to OneDrive – “Set to enabled” (Don’t forget to enter your tenant ID)
Silently sign in users to the OneDrive sync client with their Windows credentials – “Set to enabled”
Use OneDrive Files On-Demand – “Set to enabled”
These options form a nice basis for the OneDrive configuration and help the user get rid of all the first run movies and such. Furthermore these policy’s help protect their data and help them to collaborate with their co-workers.
We have created a new configuration profile for Windows 10 devices which we use to configure Microsoft Outlook and Microsoft OneDrive. I have shown some examples and elaborated on that.
In conclusion, I think you will agree that configuration profiles are a nice addition for Microsoft Intune and if you have any questions don’t hesitate to ask.