6 Feb.

Office 365 Desktop Applications And Azure RMS

A scenario that is being raised more often now that Microsoft is pushing it’s Enterprise Mobility Suite through the SMB channel is whether or not the version of the Office 365 desktop applications included with the Business and Business Premium plans can interoperate with Azure Rights Management Service. The answer is yes, but with an asterisk.

What’s the asterisk? The Business and Business Premium desktop applications do allow you to open rights protected content, but they don’t allow you to apply rights management to new files you are creating, or to new emails you are sending. This isn’t something that is obvious from the following tablet that I copied from Requirements for Azure Rights Management.

Device operating system Word, Excel, PowerPoint Protected PDF Email Other file types
Windows Office 2010

Office 2013

Office Mobile apps (Azure RMS only) [footnote 1]

Office Online [footnote 2]

Gaaiho Doc

GigaTrust Desktop PDF Client for Adobe

Foxit Reader

Nitro PDF Reader

RMS sharing app

Outlook 2010

Outlook 2013

Outlook Web App (OWA) [footnote 3]

Windows Mail [footnote 4]

RMS sharing application for Windows: Text, images, pfile

Siemens JT2Go: JT files (Windows 10 only)

iOS Office for iPad and iPhone [footnote 5]

Office Online [footnote 2]


Foxit Reader

RMS sharing app [footnote 1]


NitroDesk [footnote 4]

Outlook for iPad and iPhone [footnote 4]

OWA for iOS [footnote 3]


RMS sharing app [footnote 1]: Text, images, pfile

TITUS Docs: Pfile

Android GigaTrust App for Android

Office Online [footnote 2]

GigaTrust App for Android

Foxit Reader

RMS sharing app [footnote 1]

9Folders [footnote 4]

GigaTrust App for Android [footnote 4]

NitroDesk [footnote 4]

OWA for Android [footnote 3 and 6]

Samsung Email (S3 and later) [footnote 6]

TITUS Classification for Mobile

RMS sharing app [footnote 1]: Text, images, pfile
OS X Office 2011 (AD RMS only)

Office 2016 for Mac

Office Online [footnote 2]

Foxit Reader

RMS sharing app [footnote 1]

Outlook 2011 (AD RMS only)

Outlook 2016 for Mac

Outlook for Mac

RMS sharing app [footnote 1]: Text, images, pfile
Windows RT Office 2013 RT

Office Online [footnote 2]

Not supported Outlook 2013 RT

Mail app for Windows

Windows Mail [footnote 4]

Siemens JT2Go: JT files
Windows Phone 8.1 Office Mobile (AD RMS only) RMS sharing app [footnote 1] Outlook Mobile [footnote 4] RMS sharing app [footnote 1]: Text, images, pfile
Blackberry 10 Not supported Not supported Blackberry email [footnote 4] Not supported

Footnote 1: Supports viewing protected content.

Footnote 2: Supports viewing protected content in SharePoint Online, OneDrive for Business, and Outlook Web Access.

Footnote 3: If a recipient has a mailbox in Exchange on-premises, and receives a protected email, this content can be opened only in a rich email client, such as Outlook. This content cannot be opened from Outlook Web Access.

Footnote 4: Uses Exchange ActiveSync IRM, which must be enabled by the Exchange administrator. Users can view, reply, and reply all for protected email messages but users cannot protect new email messages themselves.

If a recipient has a mailbox in Exchange on-premises, and receives a protected email from another organization who is using Exchange, this content can be opened only in a rich email client, such as Outlook. This content cannot be opened from a device that uses Exchange Active Sync IRM.

Footnote 5: Supports viewing and editing protected documents. For more information, see the following post on the Office blog: Azure Rights Management support comes to Office for iPad and iPhone

Footnote 6: For more information, see the following post on the Office blog: OWA for Android now available on select devices

As you go scroll through the Requirements for Azure Rights Management article you then hit the following list.

Microsoft Office applications (Word, Excel, PowerPoint, and Outlook) from the following suites can protect content by using Azure RMS:

  • Office 365 ProPlus
  • Office 365 Enterprise E3
  • Office 365 Enterprise E4
  • Office 365 Enterprise E5
  • Office Professional Plus 2016
  • Office Professional Plus 2013
  • Office Professional Plus 2010

Other editions of Office (with the exception of Office 2007) can consume protected content.

Note: Azure RMS with Office Professional Plus 2010 or Office Professional 2010:

  • Requires the Rights Management sharing application for Windows
  • Not supported on Windows 10

The reason why I’ve put this post up is that many SMB partners I’ve spoken to are always looking for additional clarification around what the Office 365 E3 or higher plans include versus the SMB targeted plans.

^ Scroll to Top
 31 Jan.

Preparing For Upcoming Office 365 Pro Plus Upgrades

One of the things that has been quietly happening behind the scenes for Office 365 customers is that they have been receiving updates in a very efficient manner via Click-To-Run, rather than through traditional Microsoft/Windows Update. The monthly updates are pulled down as a delta, and can be deployed with very little impact to user productivity. In February 2016 there are some changes coming, and for those that are doing upgrades directly from Office 365 they will be automatically updated to a Pro Plus version of Office 2016, replacing their Office 2013 based edition. This only affects those who haven’t disabled automatic updates from the web, whereas those that are managed to pull from alternate sources or have upgrades disabled, this won’t immediately impact them.

Up until now, you’ve been able to allow selected or all users to get access to Office 2016 installs via the First Release option.

First Release Office 365

Below you can see a user who has the option to install Office 2013 and Office 2016 based versions of Pro Plus.

First Release Office 365 2

There are some additional things that you need to be aware of, including a move towards a servicing model similar to what the Windows 10 team is doing with a Current Branch and Current Branch For Business options for separating feature updates out from security updates.

Updates Coming Feb 2016: Understanding the new servicing options for Office 365 ProPlus

Office 2016 will appear for many Office 365 users in February 2016 and you can control how, when and if these updates are applied. In this episode we explain the new Office 2016 servicing options and when feature updates will appear for your users. We recommend Office 365 admins get familiar with this process and update timelines.

In this demo, Jeremy Chapman explains changes to how Office receives updates with the release of Office 2016, including:

– How the current update model works with Office,
– New options for deferring feature updates while still receiving security updates, and
– The controls you have for managing Office software updates

Office 2016 setup and deployment updates demo

Office 365 ProPlus now includes the 2016 apps, and if you are an Office 365 administrator you’ll want to know how everything is getting rolled out and what you can do.

In this short demo, Amesh Mansukhani from the Microsoft Office engineering team will show you the options for getting Office 2016, including:

– Your options for downloading & deploying the 2016 Apps
– Updates that you’ll want to hear about with the servicing model, and
– What your users will see and when.

You should check out the Prepare to upgrade Office 365 ProPlus to the Office 2016 version page TechNet website, which should connect you to whatever additional information you need.

^ Scroll to Top
 31 Jan.

Useful Azure RemoteApp Resources

Azure Remote App Pricing

How Many Users Are Assigned To Each RemoteApp Virtual Machine?

Try Azure RemoteApp on your device in 3 minutes or less

What kind of collection do you need for Azure RemoteApp?

How to create a cloud collection of Azure RemoteApp

How to create a hybrid collection for Azure RemoteApp

Remote Desktop Preview now available on Windows 10 Mobile and Continuum

December updates to Azure RemoteApp

Using Microsoft Outlook in Azure RemoteApp

Fundamentals of Azure RemoteApp management and configuration

Advanced Azure RemoteApp deployment and configuration

Microsoft Azure RemoteApp Deployment, Management and Administration

^ Scroll to Top
 31 Jan.

Controlling Windows 10 Upgrades In Managed Environments

Knowing that many of you manage the networks of your SMB customers here are some important updates for controlling the advertisement, and obviously the roll out, of Windows 10 to Windows 7 and Windows 8.1 devices.

FIrst up is a post on the Windows for IT Pros blog – Making it Easier for Small Businesses to Upgrade To Windows 10. Customers in the US are initially targetting US customers later in January, with other geos, including Australia, to follow. It’s important to note that if your customers are currently using WSUS or Configuration Manager for update management the Get Windows 10 App won’t be received, instead they need to be updating directly from Windows Update. The big change is that domain joined PCs will start receiving notifications.

The second piece to check is the KB How to manage Windows 10 notification and upgrade options This article has more details on the requirements that need to be met, as well as operating systems that are excluded from being offered the notification, such as Embedded and Enterprise editions of WIndows 7 and 8.1.

Some of the important pieces from the KB article are how to obtain the necessary updates to prevent the download, required registry changes, and a script to check if your devices meet the necessary prerequisites for the updates.

Hopefully you’ve already had the chance to start working with your customers who qualify for the free upgrade offer as to how they can leverage it and working through any potential hardware or software compatibility issues well in advance of the expiration of the upgrade offer. Don’t forget that you have a month to roll back if you do find issues post roll out, but over time I’ve seen upgrade blockers eliminated as I’ve revisited older machines that weren’t allowing upgrades to occur, so hopefully if you’ve had issues early on they may already be addressed.

^ Scroll to Top
 30 Jan.

Windows 10, Azure Active Directory Join and Microsoft Intune Enrolment

Again, a few more resources for an upcoming course.

Windows 10, Azure Active Directory Join and Microsoft Intune Enrolment Part 1

Windows 10, Azure Active Directory Join and Microsoft Intune Enrolment Part 2

Coming soon: New features for managing Windows 10 and iOS devices

Coming soon: New Intune features including Windows 10 EDP policies

Coming soon: Support for new Windows 10 features, Apple VPP for Business, and more



^ Scroll to Top
 30 Jan.

RDS Enhancements in Windows Server 2016

Again, just a quick post to highlight some resources for upcoming courses I’ll be delivering. These are sessions from Ignite last year, and also cover the RDS deployment and best practices.

RDS Improvements in the Next Version of Windows Server

In the next release of Windows Server we have made significant performance and API investments in RemoteFX. If you’re interested in understanding the value of Hyper-V VDI for your organization, this session provides you an in-depth look into the key improvement we’re introducing in RemoteFX. We cover topics such as new graphics APIs (OpenGL and OpenCL), VRAM configuration and H264 CODEC improvements. In addition we share some demos from key partners to showcase the performance capabilities for engineering class application workloads.

Deploying Remote Desktop Services (RDS) Roles in Microsoft Azure and Partner Hosted Clouds

This session walks through the architecture of Remote Desktop Services (RDS) hosted in Microsoft Azure as well as partner hosted and private clouds. We will also discuss new features in the next version of Windows Server that enhance desktop and application hosting in cloud computing environments. The discussion includes high availability considerations and capacity planning, as well as connectivity to corporate Active Directory and network resources.

An Insider’s Guide to Desktop Virtualization

Ready to drink from a fire hose? In this highly energized session, learn about insights, best practices, and hear unfiltered thoughts about Desktop Virtualization, VDI, vendors, and solutions. Discussion topics include: VDwhy, VDCry, VDI Smackdown, building and designing a Microsoft VDI solution, and 3D graphics. Experience the Microsoft and Citrix Virtual Desktop solution with a huge amount of videos and demos. With unique content and insights, this session is fun and packed with great content for everyone interested in Desktop Virtualization—and some nice giveaways. A session you don’t want to miss!

^ Scroll to Top
 30 Jan.

Windows 10 Hyper-V Articles

Just a quick post pointing to some posts covering Hyper-V in Windows 10 as a resource for an upcoming class.

Introduction to Hyper-V in Windows 10 Part 1

Introduction to Hyper-V in Windows 10 Part 2

Introduction to Hyper-V in Windows 10 Part 3

What’s New in Hyper-V for Windows 10

Hyper-V and PowerShell

Introduction to Hyper-V


^ Scroll to Top
 28 Jan.

Internet Explorer 11 and Edge Migration And Mitigation Resources

This post is a reference for some courses I’m running next week that have a section on Internet Explorer 11 and Edge content that I need to provide some additional resources for.

Support for older versions of Internet Explorer ends on January 12, 2016

This page addresses some of the frequently asked questions that customers ask, and how to address them.

Reasons to upgrade to Internet Explorer 11

This article covers the benefits of upgrading to Internet Explorer 11, and then moves on to some of the steps involved in getting the migration started.

Microsoft Support Lifecycle

This includes a FAQ for the Internet Explorer support lifecycle

Microsoft Edge Blog

This blog doesn’t just cover Edge, it also covers Internet Explorer and SmartScreen, amongst others.

Microsoft Edge Home Page

For those with customers running Windows 10, a strong awareness of the capabilities of Edge helps your customer understand why they now have two browsers included with the operating system.

Tips and tricks to manage Internet Explorer compatibility

This article focuses on how to leverage the Enterprise Mode Site List for better backwards compatibility with legacy web apps that may have kept earlier versions of IE deployed. The general guidance is of course to upgrade to Internet Explorer 11 on versions of Windows that on the desktop and server that support it, but the article gives some advice on how to approach things depending on whether you are currently on IE 8, 9 or 10.

What is Enterprise Mode?

Enterprise Mode is a compatibility mode that runs on Internet Explorer 11 on Windows 8.1 Update and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.

Turn on Enterprise Mode and use a site list

Before you can use a site list with Enterprise Mode, you need to turn the functionality on and set up the system for centralized control. By allowing centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 won’t look for an updated list again until you restart the browser.

Enterprise Mode Site List Manager for Windows 7 and Windows 8.1

This tool lets IT Professionals create and update the Enterprise Mode Site List in the version 1.0 (v.1) XML schema. The v.1 Enterprise Mode XML schema is supported on Windows 7, Windows 8.1, and Windows 10.

Internet Explorer 11 (IE11) – Deployment Guide for IT Pros

Use this guide to learn about the several options and processes you’ll need to consider while you’re planning for, deploying, and customizing Internet Explorer 11 for your customer’s and employee’s computers.

Internet Explorer TechCenter

This page has five main categories for resources related to Explore, Plan, Deploy, Manage and Support stages of IE 11 assessment and deployment.

Web Application Compatibility Lab Kit

This lab includes two options, a lite version, weighing in at 180MB, or the full version, weighing in at 21GB. The full version incluces the necessary virtual machines to run through the labs, whereas the lite version requires you to provide your own WIndows 7 and Windows 10 clients.

In the final post of this series I’ve embedded a number of videos related to the topics that have been covered in the last few posts for those of you who prefer to learn via video based material rather than reading online.

(Part 1) Windows 10 and App Compat: What about my Windows Apps?

Kevin Remde welcomes theApp Compat Guy” himself, Chris Jackson to the show, as they kick off a 3 part series on Windows 10 and App Compatibility. Tune in for part 1 where they address concerns surrounding application or scenario compatibility during the move to Windows 10.

(Part 2) Windows 10 and App Compat: How do I get to IE11?

Kevin Remde and “The App Compat Guy” Chris Jackson are back for part 2 in their Windows 10 and App Compatibility series and in today’s episode they discuss Internet Explorer and what to do about compatibility concerns for your web applications.

(Part 3) Windows 10 and App Compat: How do I get to the Edge?

In part 3 of their Windows 10 and App Compatibility series, Kevin Remde and “The App Compat Guy” Chris Jackson discuss the enigma that is the Edge web browser found in Windows 10. Why is it here, Why do we need a new browser and more importantly, will it work with my web applications?

Microsoft Edge (formerly “Project Spartan”) Overview

Windows 10 features Microsoft Edge, the first browser with “DO” in mind. It’s personal, productive, and responsive—but most important, it takes you beyond browsing to doing. Learn more about Microsoft Edge in this overview session, and attend the Windows 10 Browser Management session for a deeper dive on managing Internet Explorer 11 and Microsoft Edge.

Enterprise Web Browsing

Support for older versions of Internet Explorer expires on January 12, 2016, so upgrade to Internet Explorer 11 today to continue receiving security updates and technical support. Windows 10 also includes Internet Explorer 11, so upgrading can help ease your Windows migration. Learn about the browser roadmap, upgrade resources, Windows 10 browser options, and Microsoft’s new approaches to web app compatibility and interoperability with the modern web.

Enterprise Mode for Internet Explorer 11 Deep Dive

Enterprise Mode helps customers upgrade to Internet Explorer 11, which can ease Windows 10 migrations. This session is a deep-dive on deploying and managing Enterprise Mode, Enterprise Site Discovery, and other tools. By upgrading to the latest version of Internet Explorer, customers can stay up to date with Windows, services like Microsoft Office 365, and Windows devices.


^ Scroll to Top
 14 Jan.

Latest downloads from the Enterprise Client Management documentation team

There have been a few updates posted here recently, here are some links to the Intune related ones.

Guide for Managing Mac OS X devices with Microsoft Intune MDM

This document provides preview details on managing Mac OS X devices using Microsoft Intune MDM. This feature set is currently available only to select customers using an Intune standalone deployment. Please email intunemacbeta@microsoft.com to request this feature be enabled for you. This feature set will also be available to customers using Intune with Configuration Manager as part of the next System Center Configuration Manager update.

Azure Hybrid Identity Design Considerations Guide

This guide helps you understand how to design a hybrid identity solution that best fits the unique business and technology needs for your organization. This guide details specific design steps and tasks and presents relevant technologies and feature options available to organizations to meet functional and service quality (such as availability, scalability, performance, manageability, and security) requirements.

Guided Intune Enrollment for Android Company Portal

The PDF file available in this download contains an updated preview of the guided Intune enrollment experience that the Android Company Portal team has been working on. The user experience presented in this document is not final, but we wanted to share this upcoming change with our users early on. We will also share any future changes as they become available.

Mobile Device Management Design Considerations Guide v2

With all of the different design and configuration options for mobile device management (MDM), it’s difficult to determine which combination will best meet the needs of your organization. This design considerations guide will help you to understand mobile device management design requirements and will detail a series of steps and tasks that you can follow to design a solution that best fits the business and technology needs for your organization. Throughout the steps and tasks, this guide will present the relevant technologies and feature options available to organizations to meet functional and service quality (such as availability, scalability, performance, manageability, and security) level requirements.

Specifically, the goals of this guide are to help you answer the following questions:

  • What questions do I need to answer to drive a MDM-specific design for a technology or problem domain that best meets my requirements?
  • What is the sequence of activities I should complete to design a MDM solution for the technology or problem domain?
  • What MDM technology and configuration options are available to help me meet my requirements, and what are the trade-offs between those options so that I can select the best option for my MDM requirement?

Microsoft Intune Step By Step eBook (pdf) English

This isn’t from the ECM documentation team, but from Mai Ali, a System Center MVP, and it weighs in at 245 pages.

^ Scroll to Top
 15 Dec.

MCSA: Windows 10 Certification Is Now Live

Last week on the Born To Learn site it was announced that a new MCSA certification for Windows 10 would be going live this week, and I’m pleased to see that it has. Why? Well, for a start, I’ve already met the pre-requisites, so I get it automatically (an early Christmas present!), but it also highlights some of the things I’ve been telling people around the best way to prepare for the Windows 10 exam which I’ll discuss briefly below.


As discussed in post linked above, achieving MCSA in Windows 8/8.1 is a requirement, the reason provided being that the exams required for this complement the skills being tested in the 70-697 exam. I usually recommended that people wanting to do the 70-697 exam use the Windows 8/8.1 MCSA material as the basis for the core skills needed for Windows 10.


For those who haven’t already done Windows 8.1 or the new Windows 10 exam, I’d recommend starting with Windows 8.1. At this point there is much more preparation material out there, which always helps, and then all you need to do to prepare for the Windows 10 exam (or exams if you count the 70-398 enterprise focused exam currently in beta) is focus on what’s new in Windows 10, as well as any additional inclusions in the exam requirements, such as Azure RemoteApp, and the stronger focus on Microsoft Intune.

I’ll be writing a more comprehensive resource guide for the 70-697 and 70-398 exams over the next month as things slow down a bit, and if you have any resources you would like to share let me know and I’ll include them.

^ Scroll to Top

%d bloggers like this: