The little-(un)known Secrets of using Microsoft 365 Apps (previously Office 365 ProPlus and Office 2019) on a Virtual Desktop environment – survival guide


The year 2018 started with rumors around RDmi and ended with Microsoft announcing Azure Virtual Desktop, releasing Windows 10 1809, and, perhaps most importantly, making important changes to how Office is delivered. This article will give you a clear view of the changes and what you can expect in 2019. Read more about Azure Virtual Desktop over here.

Besides this, Microsoft also announced changes in support for Office 2019 and Office 365 ProPlus – and now changed the name to Microsoft 365 Apps and Enterprise – on a Virtual Desktop environment. It’s maybe a good idea to write this down in an article to give you a clear view of what’s going on and what’s changed in the next versions.

Change before you have to…

This article will help you to understand what version you need to use in your environment – based on the Operating System that you’re using – so you know what to do proactively when you change to a complete Office 365 licensing model for your Office subscription-based licenses.

Note: This article applies to every Virtual Desktop solution that uses a Windows OS, such as Citrix, VMware, Nutanix Frame, Parallels, Nerdio, and NetApp VDS.

IMPORTANT NEWS: Based on customer feedback, we’re now introducing Monthly Enterprise Channel. This update channel provides new Office features to Microsoft 365 Apps once a month, on the second Tuesday of the month. While we still recommend Monthly Channel (to be renamed Current Channel), if you need a more predictable release schedule for monthly feature updates, Monthly Enterprise Channel can provide that for you. These once-a-month updates will also include, as needed, security updates and non-security updates.

Read more about it here: https://docs.microsoft.com/en-us/deployoffice/update-channels-changes

Microsoft acquires FSLogix

First, let’s start with some good news! Most of you already know, but for the people who were offline in the last couple of weeks, Microsoft bought FSLogix – the company that I currently work for. Our Digital Workspace vision now continues as part of Microsoft!

“Being part of this company was a great learning experience. The acquisition is the reward of doing awesome work as a team and having an exceptional product that addresses challenges in the most simple way possible, combined with excellent work from our supporting partners around the globe!”  – Christiaan Brinkhoff

Read the complete – and official – announcement article here.

This acquisition takes place at a perfect moment, as Microsoft is changing the way of approaching Office for every Windows platform, and–obviously – for the release of the new Azure Virtual Desktop service on Azure!

FSLogix adds the following features to the Microsoft portfolio:

  • Outlook caching + Windows Search support
  • OneDrive for Business (and Files On-Demand) support
  • Native SharePoint support in Windows Explorer
  • Office 365 ProPlus computer activation license roaming
  • Skype for Business GAL caching
  • OneNote caching
  • Microsoft Teams support for Virtual Desktops

The reason why FSLogix supports OneDrive and Teams is the underlying technology. FSLogix Apps are using an advanced filter-driver technology, which lets the operating system think that there is no redirection active to a persistent container (VHDx) location. This approach makes it possible to use OneDrive and Teams, because those applications are too sensitive for roaming profile solutions.

Furthermore, the other change is leaving the volume licensing version of Office, which always came in very handy on non-persistent/stateless environment due to the activation of Office. For example, when a Virtual Machine reboots, the Office activation process could connect to an internal KMS server, which remembers the activation count based on the computer ID, and automatically activate Office each time.

Within Office 365 ProPlus, which is part of several different Office 365 E3 and above licenses, this isn’t possible anymore, so we need a new approach.

I’ll explain them later in the article. But first…

FSLogix for almost everyone! 

All the FSLogix products, such as Profile and Office container, but also AppMasking, and Java Redirection will become part of the core technology of Windows (and Azure Virtual Desktop). Additionally, if you own or subscribe to anything on the following list, you’ll also be entitled to FSLogix (it’s a pretty broad list, so there’s a good chance you are entitled!).

Note: Please use this follow up article to get to know more on FSLogix Profile Container, and how it improves your end-user experience!

You are eligible to access FSLogix Profile Container, Office 365 Container, Application Masking, and Java Redirection tools if you have one of the following licenses:

  • Microsoft 365 E3/E5
  • Microsoft 365 A3/A5/ Student Use Benefits
  • Microsoft 365 F3
  • Microsoft 365 Business
  • Windows 10 Enterprise E3/E5
  • Windows 10 Education A3/A5
  • Windows 10 VDA per user
  • Remote Desktop Services (RDS) Client Access License (CAL) – SA not required
  • Remote Desktop Services (RDS) Subscriber Access License (SAL) – SA not required

FSLogix is available for download here

VDILIKEAPRO 2020 Preview results: A closer look at the field

The following VDILIKEAPRO 2020 survey results show a large growth in Office 365 usage via Enterprise Agreement. Customers who leverage Office 365 services mostly have an E3 or higher license, so why should you buy them again simultaneously prior to KMS/Volume due to only MSI installation support for a non-persistent environment?

Microsoft changed the way of supporting Office for Windows 10 as well as Windows Server 2019. In my personal opinion, this will drive the adoption of the use of Office 365 ProPlus, which effectively means that this number within the graphic will increase even more next year!

“Which Office version is the current standard in the VDI/SBC (on-premises and cloud) environment?”

The differences between Office 2019 and Office 365 ProPlus (now Microsoft 365 Apps)

As mentioned at the beginning of this article, Microsoft announced the change in Office support/release management at the Ignite Conference in September 2018. However, not everyone knows the differences between the versions, so I hope to give a good explanation of what the major differences are.

Microsoft 365 Apps (Previously Office 2019) – is a perpetual based – annual term license – Click-to-Run (C2R) installer  – includes Key Management Service (KMS) and Multiple Activation key (MAK) support

Microsoft 365 Apps Enterprise (Previously Office 365 ProPlus) – is a – user-based – subscription licenses – Click-to-Run (C2R) installer – with user and shared computer activation (explain the complete process for Virtual Desktops later on in the article)

Microsoft will provide security and reliability patches for Office 2019, however, it will have no new features added to it. Office 365 ProPlus will get major and minor new features added to it on a weekly basis.

See below how the different versions apply to either Server and Desktop OS. 

Keep in mind that Office 365 ProPlus is the way to go for future on-premises or Cloud Virtual Desktop implementations. And as well as Windows 10 Multi-User implementations as part of Azure Virtual Desktop on Azure!

Microsoft 365 Apps Enterprise (Previously Office 365 ProPlus) is NOW also supported on Windows Server 2019 !

Changes to update channels for Microsoft 365 Apps has been announced on the 9th of June, 2020. 

IMPORTANT NEWS. Based on customer feedback, we’re now introducing Monthly Enterprise Channel. This update channel provides new Office features to Microsoft 365 Apps once a month, on the second Tuesday of the month. While we still recommend Monthly Channel (to be renamed Current Channel), if you need a more predictable release schedule for monthly feature updates, Monthly Enterprise Channel can provide that for you. These once-a-month updates will also include, as needed, security updates and non-security updates.

Read more about it here.

What previous Office version(s) will be supported in the future and what not?

Note: There might be some changes to this in the future on customer feedback results. Stay tuned!!

Interesting notes are:

  • Service products stay in sync with each other
  • Azure Virtual Desktop only supports Microsoft 365 Apps Enterprise (Office 365 ProPlus)
  • Microsoft 365 Apps Enterprise (Office 365 ProPlus) will always be supported with Windows 10 SAC
  • Microsoft 365 Apps Enterprise (Office 365 ProPlus) on Windows Server 2016 will be supported through October 2025
  • Microsoft 365 Apps (Office 2019) perpetual is only supported on Windows Server 2019 and Windows 10 SAC
  • Microsoft 365 Apps Enterprise (Office 2019 ProPlus) is NOW supported on Windows Server 2019

Last updated on 2.20.2021 – Source: RE2OqRI (microsoft.com)

The challenge: How do we need to approach Office in the future on Virtual Desktop environments?

As mentioned in the previous section, we used (and still do) use normal, perpetual licenses based on Key Management Services (KMS) activation for Office Professional (volume licensing), or Multi Activation Key (MAK) based on VDI – especially non-persistent environment.

The new approach is all about online activation – all based on the specific user license within the Office 365 subscription model. Downloading Office 365 ProPlus from the Office portal will result in a Click-to-Run Online installer of Office. Though it works great for physical PCs, laptops, and Surface devices, it wasn’t originally designed for non-persistent Virtual Desktop environments.

The software can be found in the Office 365 dashboard portal under the option “Install Office.”

The installation process looks like this, and it’s doing a lot of stuff on the background…

Troubleshooting

Are you getting the error “Administrative Privileges Required” when Installing Office 365 Click-To-Run as local Administrator? The error can occur in any version of Windows, up to and including Windows 10 Multi-User Build for Azure Virtual Desktop. The issue appears to pertain to the default Administrator account that is created on the operating system and can be observed occurring when creating a new Windows 10 Virtual Machine on Azure. 

Solve the issue by creating a new local user with local administrators rights – or just use a domain administrator account rather than the local administrator account of the Virtual Machine.

Run the Click-to-Run installation as that new user

The installation takes place in the following 5 different stages

The installation takes about 5 – 10 minutes, obviously depending on your internet connection.

Another important thing to mention about Office 365 ProPlus is that you’ll get the following error if you install Office 365 out-of-the-box after downloading the bits from portal.office.com on an RDS (or Citrix, VMware, etc.) server. (See also this official Microsoft support article about Office licensing on terminal services)

A similar error like below will show up your screen in your RDS/TS environment

The only way to solve this is by using computer-based (designed for TS environments) activation rather than user-based activations (designed for single user environment). You can configure the licensing token to roam with the user’s profile or be located on a shared folder on the network, which is especially helpful for non-persistent/stateless VDI scenarios.

See the process to solve this – and to make Office 365 ProPlus licensing roaming possible – through one of the steps below.

What are my options for Office 365 ProPlus on Virtual Desktop Environments?

The first option is by using a configuration.xml with the Click-to-Run installation through the Office Deployment Toolkit (ODT). The process works as follows:

Note: Make sure you assign each user a license for Office 365 ProPlus and that users log on to the shared computer with their own user account.

The Office Deployment Tool, combined with a simple text file, is used to install Office 365 ProPlus on the shared computer, and to enable shared computer activation for that computer.

Add the following lines when you create the XML file.

<Display Level="None" AcceptEULA="True" />

<Property Name="SharedComputerLicensing" Value="1" />

An example of a complete configuration.xml file, including the lines above:

<Configuration>
  <Add OfficeClientEdition="64" Channel="MonthlyEnterprise">
    <Product ID="O365ProPlusRetail">
      <Language ID="en-US" />
      <Language ID="MatchOS" />
      <ExcludeApp ID="Groove" />
      <ExcludeApp ID="Lync" />
      <ExcludeApp ID="OneDrive" />
      <ExcludeApp ID="Teams" />
    </Product>
  </Add>
  <RemoveMSI/>
  <Updates Enabled="FALSE"/>
  <Display Level="None" AcceptEULA="TRUE" />
  <Logging Level=" Standard" Path="%temp%\AVDOfficeInstall" />
  <Property Name="FORCEAPPSHUTDOWN" Value="TRUE"/>
  <Property Name="SharedComputerLicensing" Value="1"/>
</Configuration>

Perform the ODT installation, and include the configuration.xml as a parameter

Setup.exe /configure “configuration.xml”

Remember that a user is allowed to activate Office 365 ProPlus on 5 other devices.

Note: Using Office 365 ProPlus with shared computer activation enabled doesn’t count against that limit!

Are you experiencing any troubles during the setup, please check this troubleshooting article to put you in the right direction.

What if you’ve got an existing Office 365 ProPlus installation?

If you’ve already deployed Office 365 ProPlus, you can enable shared computer activation on a computer by using Registry Editor to add a string value of SharedComputerLicensing with a setting of 1 under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration

The Office 365 ProPlus License will now be shared/roamed through your RDS/TS environment without the need to reactivating every single time!

Other best practices on using Office 365 ProPlus on Virtual Desktops

Single sign-on (SSO) recommended: SSO delivers a better user experience and reduces the number of times a user is prompted to sign in for activation. With SSO configured, Office activates with the credentials the user uses to sign in to Windows if the user is also licensed for Office 365 ProPlus – all automatically without user interaction!

Note: This can be accomplished by either using Federation with ADFS as well as Pass-through authentication within AzureAD Connect.

Without SSO activated, the user always needs to sign in to the first Office 365 product they launch through the manual setup screen below.

When the activation is finished, you’ll see the following line added in the options – about Office – menu.

When you switch to portal.office.com– the Office 365 Portal.

Go to accounts, followed by Install status.

You’ll see your RDS/TS Computer Activation listed as one of the 5 activations that are possible within your Office 365 user license.

Other Office 365 – Teams and OneDrive – services on Virtual Desktops

Microsoft changed how they approach installing software on a Desktop and Server OS machine. As an example, OneDrive and Teams are two applications that are completely installed in the users profile rather than in the all users profile (Program Files). This is all going to change – Microsoft just released a Per-Machine for OneDrive – and now as well for Teams!

Old installation locations are:

Teams installation folder location – %userprofile%\AppData\Local\Microsoft\Teams

OneDrive installation folder location – %userprofile%\AppData\Local\Microsoft\OneDrive\

New Per-Machine installation locations are:

Teams installation folder location – %ProgramFiles(x86)%\Microsoft\Teams\current

OneDrive installation folder location – %ProgramFiles(x86)%\Microsoft OneDrive

See below screenshots of the folder locations.

Install Microsoft Teams per-machine

First we must create the following registry key in the image

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Teams\IsAVDEnvironment]
Type: REG_DWORD Value: 1

Download Teams and run the command below to install Teams per-machine

Note: To use the WebRTC AV redirection client, you must use Teams version 1.3.00.4461 or later – the 64-bit version is highly recommended.

msiexec /i c:\install\Teams_windows_x64.msi /l*v c:\install\Teams.log ALLUSERS=1 ALLUSER=1

If everything ran perfectly you will see Teams showing up in the Program Files directory.

Activate AV Redirection media optimizations (AVD only)

Install the WebRTC – Teams WebSocket Optimizations client – in your AVD image

Note: When you run into installation issues, please make sure to install the latest Microsoft Visual C++ Redistributable below and try the WebRTC installation again.

Open Apps & features to check if the installation ran successful.

When everything goes as expected. Please start Teams – go to the About settings of your Teams Client inside your session host.

Check if AVD Media Optimizations is activated – just like highlighted below.

(Update) Office improvements – OneDrive Files On Demand support for Server 2019! 

Using OneDrive Files On-Demand, people can access all their files in OneDrive while only downloading the ones they’re using to save hard drive space on their devices. In the coming months, Windows Server 2019 will support OneDrive Files On-Demand for virtualized Office apps users. This support will couple the fast access to files that users love, with reduced User Profile Disk storage requirements and cost savings that businesses need. Learn more about how to take advantage of this new capability with Windows Server 2019.

OneDrive Files On-Demand helps you access all your files in OneDrive without having to download all of them and use storage space on your Windows device. When you turn on Files On-Demand, you’ll see all your files in File Explorer and get new information about each file. New files created online or on another device appear as online-only files, which don’t take up space on your device. When you’re connected to the Internet, you’ll be able to use the files like every other file on your device.

Read the full announcement here: https://www.microsoft.com/en-us/microsoft-365/blog/2019/07/01/improving-office-app-experience-virtual-environments/ 

(Update) Office improvements – OneDrive per-Machine now available! 

By default, the OneDrive sync client installs per user on Windows, meaning OneDrive.exe needs to be installed for each user account on the PC under the %localappdata% folder. With the new per-machine installation option, you can install OneDrive under the “Program Files (x86)” directory, meaning all profiles on the computer will use the same OneDrive.exe binary. See the exhibit below.

You can download the per-machine version of OneDrive here:

https://go.microsoft.com/fwlink/?linkid=2083517

Make sure to re-install the application by using the following command.

OneDriveSetup.exe /allusers

Also, when running this on a Multi-User environment, this means that on that same session host, all the different user-profile – OneDrive versions will update simultaneously – which can get messy in terms of network throughput. This is also solved with the per-machine version.

The per-machine version will update itself by a service/account which injects itself during the installation. Therefore, you always need to run the installation as local administrator with UAC privileges.

Migrating to the per-machine client is optional, but it can be helpful for multi-user machines and when you don’t want exe files running from the user profile. When setup completes, OneDrive will start. If accounts were added on the computer, they’ll be migrated automatically.

The new per-machine sync client provides:

  • Automatic transitioning from the previous OneDrive sync client (Groove.exe)
  • Automatic conversion from per-user to per-machine
  • Automatic updates when a new version is available

Using this in conjunction with the new enhanced group policy options of OneDrive makes it a lot easier to manage the OneDrive application on a VDI environment. The new setting SilentAccountConfig makes it possible to use the primary windows account credentials (the account used to join the PC to the domain) can be used without manually entering the credentials at the initial configuration screen of Windows.

Users will still be shown OneDrive Setup so they can select folders to sync and change the location of their OneDrive folder.

Enabling this policy sets the following registry key value to 1.

[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"SilentAccountConfig"="dword:00000001"

Note: Silent account configuration won’t work on devices for which you’ve required multi-factor authentication. Select third-party identity providers (IdPs) are supported.

OneDrive automated installation

This script only applies to the per-user version of OneDrive. And use it only for Multi-User environments with the per-user version of OneDrive installed. Windows 10 single user automatically installs OneDrive in the User Profile at the first logon – so that’s not needed.

If you have to deal with large OneDrive implementations, you definitely want to automate this process rather than doing it yourself for every user. There are several scripts active in the Community for doing this. One of them is the originally created OneDrive script from Chris Twiest. I’ve made some edits to it and will post it here. The script now includes a check if the VHD location is available – to avoid overloading the local drive when it’s not available, and has some enhancements around the profile path.

When you have no UEM or advanced management solution, there is also a possibility to run the script silently by using the command below as part of the Run registry location. 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 

C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -sta -WindowStyle Hidden -File “C:\TEMP\OneDriveSetup.ps1”

Note: Keep in mind that the script needs to be performed after the initial logon process to not involve the initial logon speed. 

### User Parameters 
$OneDriveSetupPath = "C:\tmp\OneDriveSetup.exe" ### Change to location of OneDriveSetup.exe 
$ContainerUNCPath = "\\fsl-fs01\Containers\" ### Change to location of VHD Location path 

### Script Parameters 
$appdata = $env:LOCALAPPDATA 
$OneDrivePath = "$appdata\Microsoft\OneDrive\OneDrive.exe" 

### Check OneDrive and Install or startup 
$testPath = Test-Path $OneDrivePath  
$testUNCPath = Test-Path $ContainerUNCPath 

if (!$testPath -and $testUNCPath){ 
$arguments = "/Silent" 
$process = Start-Process -FilePath "$OneDriveSetupPath" -ArgumentList $arguments -Wait -PassThru -NoNewWindow 
Start-Process -FilePath $OneDrivePath 
} else { 
Start-Process -FilePath $OneDrivePath -ArgumentList "/background"}

Why using OneDrive Known Folder Move on Virtual Desktop environments?

Not so long ago, the OneDrive team added the Known Folder Move functionality support to OneDrive, which is very useful to create the same end-user experience for our users on Virtual Desktop environment as well as on a Modern Desktop – OEM device – rich client, because it redirections all the profile folders, such as My Documents, Pictures, Favorites, Desktop etc. to OneDrive.

Note: Files On-Demand is now also supported on Server 2019! Read the complete article here https://www.microsoft.com/en-us/microsoft-365/blog/2019/07/01/improving-office-app-experience-virtual-environments/.

While using Known Folder move on different devices or VDI environments in conjunction with the same OneDrive account. You ensure to always have your Office 365 documents on the same location, everywhere you go! Even on your mobile device, without any notice 😊

Activating Kown Folder Move is relatively easy. You can use the manual approach by opening the OneDrive client from the startmenu and click on Update Folders.

You can also use the automated approach

Enabling this policy sets the following registry keys:

[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"KFMSilentOptIn"="1111-2222-3333-4444"

(where “1111-2222-3333-4444” is the AzureAD Directory – tenant ID, which you can find in the Azure Portal – under the properties menu of your Azure AD tenant)

In the end, your profile folders will look like this, and are completely in sync with your OneDrive account.

Office on Virtual Desktop performance impact over the years

A newer version of Office always has an impact, just for the simple reason that new features are added and asking for more resources, and the latest Office version 2019 has almost the same performance decrease as the previous version, Office 2013.

Note: Office 365 ProPlus isn’t part of the list. However, I expect that the density impact of Office 365 ProPlus will be similar to Office 2019. The impact is based on a vanilla virtual machine without any optimizations. It’s based on the impact on the vanilla image of the virtual machine compared to the previous version of Microsoft Office in Office version row of the table.

*The following results are based on previous LoginVSI measurements with the different products on the same specific hardware.

What if you are running Office 2019, and want to use Office 365 ProPlus?

If you run Office 2019, and want to In-place upgrade from 2019 to Office 365 Pro Plus, you can do so by using a new ADMX setting which is provided in the latest Office 365 ProPlus ADMX feature set.

Note: You can download the ADMX key, which includes the setting below, over here.

Are you experiencing any troubles during the setup, please check this troubleshooting article to put you in the right direction.

I hope this helps to have a better understanding of the different options for Office 365 in a Virtual environment.

Hope to see you back soon – and feel free to leave a comment if you’ve any questions.

Cheers,

Christiaan Brinkhoff