In this post I will go through the process of how to deploy Office 365 updates using SCCM. There are few configurations to be made before deploying Office 365 updates in environment. Once the configuration is done, we can deploy patches like any other patches / cumulative updates for Windows 10 & Windows 11 devices.

Pre-requisites to configure Office 365 updates for SCCM

We need to make sure to configure the requirements for Office 365. We will be discussing and configuring it now:

Software Update Point (SUP) should be configured

Software Update Point role on Configuration Manager server should be installed and configured. SUP role requires WSUS, we need to have Windows Server Update Services (WSUS) 4.0 installed. WSUS alone cannot be used to deploy updates.


We have an existing SUP role configured, make sure to make following changes to download Office 365 metadata.

Navigate to \Administration\Overview\Site Configuration\Sites, Select Configure Site Components> Software Update Point.

Software Update Point

Under Classifications tab, Updates should be selected

Classifications Updates

Under Products tab, Office > Microsoft 365 Apps/Office 2019/Office LTSC should be selected.

Microsoft 365 Apps/Office 2019/Office LTSC

Once changes have been made, Synchronize Software Updates through \Software Library\Overview\Software Updates\All Software Updates

Synchronize Software Updates

Enable Office 365 Client Agent settings

Enabling of Office 365 settings can be achieved through multiple ways. Enabling this option will make sure to download the update from Configuration Manager distribution Point.

Using SCCM – to enable Office 365 settings

We need to configure and enable Office 365 client settings which can be done through \Administration\Overview\Client Settings. Create Custom Client Device Settings or modify an existing one. Under Software Updates, select Yes for Enable management of the Office 365 Client Agent.

Note: If you select this value as No, Microsoft 365 apps clients will receive updates from Office CDN instead of Configuration Manager. This is Microsoft’s recommendation which require clients to directly download the updates from Windows Update hence skipping SCCM / WSUS configuration to download it from Distribution Point.

Enable manageent of the Office 365 Client Agent

Enable Office 365 client using Group Policy

We can also use Group Policy Management console to configure it. This group policy setting can be found under Computer Configuration\Policies\Administrative Templates\Microsoft Office 2016 (Machine)\Updates. Select Enabled for Management of Microsoft 365 Apps for enterprise

Management of Microsoft 365 Apps for enterprise

This policy is part of Administrative Template files (ADMX/ADML) for Microsoft 365 Apps for enterprise/Office LTSC 2021/Office 2019/Office 2016 and the Office Customization Tool for Office 2016. You must need to import admin templates to see this this policy.

Note: if you disable or not configure this policy, Configuration manager update workflow will not be able to manage Microsoft 365 apps for enterprise. Also, you configure any policy over here, it will override settings specified by Configuration manager Client settings as Configuration Manager policies act as local policies and is always overwritten by Group policy.

Enable Office 365 client settings using Office Deployment Tool (OSD tool)

This is another way of enabling Office 365 client settings. When we create Office 365 application which requires xml file. We need to make sure OfficeMgmtCOM should be set to true. This is a sample xml file showing the value showing True.

OfficeMgmtCOM=True

Synchronization of Microsoft 365 updates

Synchronization of updates can be verified through wsyncmgr.log located under <Configuration Manager installation directory>\logs, in my case D:\Program Files\Microsoft Configuration Manager.

Under wsyncmgr.log we can see:

Syncing all updates
Requested categories: Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=Windows 11, Product=Windows 10, Product=Windows 10, version 1903 and later, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates
Synchronizing update 4cfd5455-1c7d-4f0f-bd3c-d4ad084de6e8 - Microsoft 365 Apps Update - Current Channel Quality Update for x86 based Edition Version 2109 (Build 14430.20298)
Synchronizing update aad9f574-f021-4adc-b396-4b68a743f416 - Microsoft 365 Apps Update - Current Channel Feature Update for x64 based Edition Version 2109 (Build 14430.20234)
wsyncmgr.log Microsoft 365 Apps

Allow it to complete the sync, once done we can see the list of updates available under \Software Library\Overview\Office 365 Client Management\Office 365 Updates

Office 365 Updates

Lets not download any update yet as Required update might show 0. We need to wait for next Software Update Deployment Evaluation Cycle / Software Update Scan Cycle to be initiated on client or we can initiate it manually.

Once done, we can see the update available. The best way to see this is by adding Add Criteria and selecting is greater than or equal to as 1.

Saved searches Add criteria

Download and deploy Software Update for Microsoft 365 updates

Lets Download and deploy the update Microsoft 365 Apps Update – Current Channel Quality Update for x64 based Edition Version 2110 (Build 14527.20234).

Right click the update and select Deploy which will perform download and deploy (both the task).

Deploy Updates

This will launch Deploy Software Updatew Wizard page, specify the Deployment Name and specify Software Update / Software Update Group, target it on a collection and click Next.

Select the Type of deployment as Available or Required, for demonstration purpose I am going with Former one, click Next.

Deployment Settings

On Scheduling page specify Software available time and click Next.

Scheduling

On User Experience page, click Next.

User Experience

On Alerts page, click Next.

Alerts

On Deployment Package page, select Create a new deployment package and specify the name and Package source location where update will be downloaded, click Next.

Deployment Package

On Distribution Points page, add distribution point for content distribution and click Next.

On Download software updates from the internet page, click Next.

Download software updates from the Internet

On Specify the languages of the updates page, click Next.

Speify the languages of the updates

On Download Settings page, click Next.

Download Settings

Verify the summary and click next to initiate downloading of patch.

We can see downloading of patches through Patchdownloader.log. which is located under %userprofile%\AppData\Local\Temp\patchdownloader.log

Patchdownloader.log showed the content downloaded:

Download http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/16.0.14527.20234/stream.x64.en-us.dat.cat in progress: 89 percent complete
Download http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/16.0.14527.20234/stream.x64.en-us.dat.cat in progress: 100 percent complete
Download http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/16.0.14527.20234/stream.x64.en-us.dat.cat to C:\Users\ADMINI~1.MAN\AppData\Local\Temp\CAB189D.tmp.cat returns 0
Successfully moved C:\Users\ADMINI~1.MAN\AppData\Local\Temp\CAB19D6.tmp.dat to \\sccm01\source\Software Update\Office 365 version 2110 - 14527.20234\1cf9d930-3133-4873-b2ae-a9cc1f0c424e.1\office\data\16.0.14527.20234\stream.x64.en-us.proof.dat
Renaming \\sccm01\source\Software Update\Office 365 version 2110 - 14527.20234\1cf9d930-3133-4873-b2ae-a9cc1f0c424e.1 to \\sccm01\source\Software Update\Office 365 version 2110 - 14527.20234\1cf9d930-3133-4873-b2ae-a9cc1f0c424e
Successfully moved \\sccm01\source\Software Update\Office 365 version 2110 - 14527.20234\1cf9d930-3133-4873-b2ae-a9cc1f0c424e.1 to \\sccm01\source\Software Update\Office 365 version 2110 - 14527.20234\1cf9d930-3133-4873-b2ae-a9cc1f0c424e
PatchDownloader.log

Initiate Office 365 patch installation on Workstation

Navigate to workstation (Windows 10 / Windows 11) with Office 365 installed. Launch Configuration Manager Properties (Shortcut: Control smscfgrc) and click on Actions. Run the actions
Machine Policy Retrieval & Evaluation Cycle
Software Updates Deployment Evaluation Cycle

Software Updates Deployment Evaluation Cycle

Within few minutes update will be visible under Software Center to execute. You may also run PowerShell command to see list updates missing for Office 365 updates, run following PowerShell command:

Get-CimInstance -Namespace root\ccm\softwareupdates\updatesstore -ClassName CCM_UpdateStatus | select status,title | Where-Object {$_.Title -like '*365*' -and $_.Status -eq 'missing'}

root\ccm\softwareupdates\updatesstore

Missing Microsoft 365 Apps Update – Current Channel Quality Update for x64 based Edition Version 2110 (Build 14527.20234)

Currently I am on Version 2110 (Build 14527.20226 Click-toRun), which can be verified by launching any office application such as Microsoft Word > File > Account > Product Information > About Word

About Word

The targeted patch is Missing Microsoft 365 Apps Update – Current Channel Quality Update for x64 based Edition Version 2110 (Build 14527.20234). Initiate the install through Software Center.

Installation of patch can be verified through one of the 2 important log files:

Software Center Updates

UpdatesDeployment.log: This log files will show you granular level installation instruction, including downloading and installing each patch. Starting with detecting, downloading, installing, verifying and finally updating the result.

Update (Site_A01E8F68-CD81-4C08-80FA-477C0E10623B/SUM_012f2d0e-52fe-4338-b4d8-2aaac6a96f37) Progress: Status = ciStateDownloading, PercentComplete = 50, DownloadSize = 100, Result = 0x0
CEvalO365ManagementTask::Execute()
Update (Site_A01E8F68-CD81-4C08-80FA-477C0E10623B/SUM_012f2d0e-52fe-4338-b4d8-2aaac6a96f37) Progress: Status = ciStateInstalling, PercentComplete = 100, DownloadSize = 100, Result = 0x0
Update (Site_A01E8F68-CD81-4C08-80FA-477C0E10623B/SUM_012f2d0e-52fe-4338-b4d8-2aaac6a96f37) Progress: Status = ciStateVerifying, PercentComplete = 0, DownloadSize = 100, Result = 0x0
Raised update (TopicID) (Site_A01E8F68-CD81-4C08-80FA-477C0E10623B/SUM_012f2d0e-52fe-4338-b4d8-2aaac6a96f37) enforcement state message successfully. TopicType = STATE_TOPICTYPE_SUM_CI_ENFORCEMENT, StateId = 10, StateName = CI_ENFORCEMENT_SUCCESSFULL, StateCriticality = 0, TopicIdVersion = 200
RefreshTopO365Update - Empty top O365 updateId, no need to refresh
No other installations in pipeline. No reboot required.
UpdatesDeployment.log

The patch is installed now.

We can see one of the Office application showing Version 2110 (Build 14527.20234 Click-to-Run), the patch what we targeted.

Important Links

Manage updates to Microsoft 365 Apps with Microsoft Endpoint Configuration Manager – Deploy Office | Microsoft Docs

Configure classifications and products – Configuration Manager | Microsoft Docs