Monday, August 17, 2020

Deploy Office.com/setup 365 ProPlus to remote workers

This blog post will address the enterprise IT admin’s challenge on how to deploy Office.com/setup 365 ProPlus to remote workers without saturating the company’s VPN connections. It will show you how to implement a tactical approach that allows an IT admin to stay in control and quickly relieve the pain of VPN congestion by offloading content distribution to the Microsoft Content Delivery Network (CDN). Maybe you are in the process of moving off legacy versions of Office and want to keep the pace with e.g. the Office 2010 end-of-support approaching fast. There are multiple strategic solutions available (e.g. Intune and Windows Autopilot), but for now, we focus on a quick fix.

 

Overview of blog post series

This blog post is part of a series, which is brought to you by the Office Rangers Team at Microsoft, a group of senior deployment experts. The series provides guidance on how to address scenarios around working-from-home across the lifecycle of an Office.com/setup 365 ProPlus installation:

 

We hope this will help you to minimize the impact of deploying, servicing, and managing Office 365 ProPlus on your own network and your user’s VPN connections.

 

The Concept

With the approach described below, we want to achieve two things:

  • Keep IT, admins, in control what happens when by continue using your enterprise management solution like Microsoft Endpoint Configuration Manager (formally known as System Center Configuration Manager (SCCM))
  • Offloading the content distribution to Microsoft’s CDN to allow a remote user to leverage their local internet connection instead of pulling large source files from your ConfigMgr Distribution Points over VPN connections

We will walk you through the process on how to adjust an existing Office.com/setup 365 ProPlus deployment package for a hybrid approach, update your sources, and ensure that the source file download will bypass your VPN.

 

Step 1 – Adjust your deployment package

To allow remote users to leverage their local internet connection for source file access, we have to remove the source files from the Configuration Manager application. Navigate to the folder which is holding your software sources, locate the “office” folder, and delete it:

Deploy_O365PP_to_Remote_workers_2.jpg

In the above example, 11 Language Packs were included in the deployment package, bumping the size up to 6+ gigabytes. Keep the setup.exe as well as any configuration files located in the folder. This reduces the size of your deployment package to less than 10 megabytes. That’s a huge saving on your VPN connections.

In case you don’t have an Office.com/setup 365 ProPlus installation package yet, you can use the built-in wizard to create one. Maybe you want to adjust the handling of languages, instead of hard-coding those you might want to use MatchOS or MatchPreviousMSI. After that, apply the steps above.

 

Step 2 – Update the content sources

If your application was already synced to Distribution Points, those still have the larger package cached. Navigate to Software Library > Application Management > Applications, select your application, switch to the Deployment Types tab, right-click the appropriate entry, and click Update Content.

Deploy_O365PP_to_Remote_workers_3.jpg

This will re-sync any changes to your Distribution Points, so those will now also have the smaller deployment package ready to sync to devices.

 

Step 3 – Verify VPN configuration and deploy

Once a client has received the smaller deployment package through ConfigMgr and kicks off the installation, it will download the source files directly from the Microsoft CDN. It is important to ensure that your devices can actually reach out to those endpoints directly and don’t backhaul through the VPN tunnel. We published guidance on how to enable so-called VPN split-tunneling, the endpoints relevant for Office.com/setup 365 ProPlus source file download are listed at Office.com/setup 365 URLs and IP address ranges as entry #92.

If you already have an active deployment of the newly-updated package, clients will start receiving it after the Distribution Points have finished syncing the changes. If you want to start with a fresh deployment, just follow the regular guidelines in your organization.

 

Step 4 - Leverage peer caching to reduce on-prem traffic (optional)

The following step is not required but highly recommended. In order to use the same deployment package for your remote and on-premises workers, we recommend to configure and enable Delivery Optimization for Office in combination with Connected Cache. This will enable your on-prem devices to share content which is no longer included in the deployment and greatly reduce the load on your corporate internet connection.

No comments:

Post a Comment