The Microsoft 365 apps will generally always be installed on your endpoints if you are using the Microsoft product suite. It is your job as the administrator to ensure they are efficiently deployed and always available to the end user. While it isn’t best practice to deploy many apps during the Autopilot process, the Microsoft 365 apps will generally be deployed or pre-installed for end users prior to them receiving their device.
In this post, I will show you how to deploy the Microsoft 365 apps to your Windows 10 and 11 devices using Microsoft Intune and Autopilot.
Installation methods
There are two methods to deploy Microsoft 365 apps to devices using Microsoft Intune. Although they are somewhat similar, it is often said that one is more reliable than the other.
The first option is to deploy the apps through the built-in AppType setting in the app deployment wizard, named Microsoft 365 Apps for Windows 10 and later. This method utilises the Office configuration service provider (CSP) to assign the deployment policy to the machines. The machines will then download the office deployment tool from the Office content delivery network (CDN) to install the application with the specified configuration settings.
The second option is to manually deploy the Office Deployment Tools using a Win32 app in Intune. This is often deemed a more reliable installation method that will reflect in your deployments. The idea here is to either package the setup files into a .intunewin file and upload that, or to package a PowerShell script that will download the latest setup.exe file and run with your configuration settings. My preferred method is to use a PowerShell script to download the latest setup file.
Using the Microsoft 365 Apps for Windows 10 and later app
Deploying the M365 apps using the CSP settings built into Intune is by far the most convenient method. However, it has been highlighted that if you are deploying apps using this method during Autopilot, you could encounter some issues. Instead, you should use the second option.
Follow the below steps to deploy M365 using the Microsoft 365 Apps for Windows 10 and later app.
1. Log in to https://intune.microsoft.com/.
2. Select Apps > All Apps > Add.
3. From the App type drop-down list, under Microsoft 365 apps, select Windows 10 and later and click Select.
4. Leave the settings as default on the App suite information page and click Next.
5. On the Configure app suite information page, next to Configuration settings format, I recommend selecting Enter XML data.
6. Now open the Office Customization Tool at https://config.office.com/deploymentsettings and configure your desired office settings. When done, click Export and copy the information out of the XML document. Mine looks like this:
<Configuration ID="b981238e-12e5-44d2-9d41-a0b239b96fda">
<Add OfficeClientEdition="64" Channel="Current">
<Product ID="O365ProPlusRetail">
<Language ID="en-gb" />
<ExcludeApp ID="Access" />
<ExcludeApp ID="Groove" />
<ExcludeApp ID="Lync" />
<ExcludeApp ID="Bing" />
</Product>
</Add>
<Updates Enabled="TRUE" />
<RemoveMSI />
<AppSettings>
<User Key="software\microsoft\office\16.0\excel\options" Name="defaultformat" Value="51" Type="REG_DWORD" App="excel16" Id="L_SaveExcelfilesas" />
<User Key="software\microsoft\office\16.0\powerpoint\options" Name="defaultformat" Value="27" Type="REG_DWORD" App="ppt16" Id="L_SavePowerPointfilesas" />
<User Key="software\microsoft\office\16.0\word\options" Name="defaultformat" Value="" Type="REG_SZ" App="word16" Id="L_SaveWordfilesas" />
</AppSettings>
<Display Level="None" AcceptEULA="TRUE" />
</Configuration>
7. Paste this into the configuration file text box and click Validate XML. You should see a popup which states: The provided XML content is well-formatted. If you do, click Next.
8. On the Assignments page, choose your assignments and click Next. Then, on the file page, click Create.
Deploying Microsoft 365 Apps as a Win32 app
Deploying the M365 apps using a Win32 app has been proven to be the most stable deployment method. Below is a simple PowerShell script that will download the latest ODT setup file and run it with your specified configuration file.
Follow the steps below to deploy the M365 apps as a Win32 app with Intune.
If you are happy to use my pre-configured deployment file, download the .intunewin file from my GitHub and skip to step 5. (of-course test the deployment first)
1. Save the below script as Install-M365.ps1 and save it into a new folder on your workstation.
#Create path and define log file
$LogFile = "InstallLog-M365.txt"
$filepath = "$env:SystemRoot" + "\temp\m365\"
mkdir "$filepath\setup" -ErrorAction SilentlyContinue | Out-Null
#Write to log
Function LogWrite
{
Param ([string]$logstring)
$date = (Get-Date).tostring("yyyyMMdd-HH:mm")
Add-content "$filepath\$LogFile" -value "$date - $logstring"
}
#Download latest setup and install
try {
LogWrite "Downloading latest setup file.."
Start-Transcript -Path "$filepath\$Logfile" -Append
Invoke-WebRequest -uri "https://officecdn.microsoft.com/pr/wsus/setup.exe" -OutFile "$filepath\setup\setup.exe" -Verbose
Stop-Transcript
try {
$setup = "$filepath\setup\" + "setup.exe"
$configuration = $psscriptroot + "\configuration.xml"
Start-Process $setup -ArgumentList "/configure $($psscriptroot)\configuration.xml" -Wait -PassThru -ErrorAction Stop | Tee-Object "$filepath\$Logfile" -Append
LogWrite "Microsoft 365 apps successfully installed"
}
catch {
LogWrite $_
}
}
catch {
LogWrite "Failed to download office setup.exe. See next line for error..."
LogWrite $_
}
2. You will also need a script to uninstall the M365 apps. In this case, the script is fairly the same, instead I have replaced configuration.xml with uninstall.xml. To save pasting the full script twice, you can download it on my GitHub page, then save it to the same folder.
2. Now, use the Office Customization Tool at https://config.office.com/deploymentsettings to generate a new configuration file with your preferred settings. Save this in the same folder as the PowerShell script as configuration.xml.
You should also create an uninstall.xml file that contains the following code: (ensure you match the Product ID with your version of the apps). Save this in the same folder.
<Configuration>
<Display Level="None" AcceptEULA="True" />
<Property Name="FORCEAPPSHUTDOWN" Value="True" />
<Remove>
<Product ID="O365ProPlusRetail">
</Product>
</Remove>
</Configuration>
3. Download the Win32 Content prep tool from https://github.com/microsoft/Microsoft-Win32-Content-Prep-Tool and run IntuneWinAppUtil.exe
4. Define the source folder, setup file and output folder as I have below, then type N and click Enter.
The .intunewin file should output to the same folder. This is the file which you will upload to Intune.
5. Log in to https://intune.microsoft.com/
6. Select Apps > All apps > Add > Windows app (Win32).
7. On the App information page, upload the .intunewin file, enter the Publisher as Microsoft, upload the M365 apps logo and click Next.
8. On the Program page, enter the following for the Install command and Uninstall command.
powershell.exe -executionpolicy bypass -file Install-M365.ps1
Ensure you set Allow available uninstall to No and Install behaviour to System, then click Next.
powershell.exe -executionpolicy bypass -file Uninstall-M365.ps1
9. Define your Requirements as 64-bit and your preferred operating system version, then proceed to Detection rules.
10. Select Use a custom detection script for the rules format and upload the following script, then click Next.
$apps = (Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall") | Get-ItemProperty | Where {$_.DisplayName -match "Microsoft 365 "}
if ($apps) {
Write-host "M365 Apps Detected"
Exit 0
} else {
Write-host "M365 Apps not Detected"
Exit 1
}
11. Skip the Dependencies and Supersedence pages. Then, on the Assignments page, assign to your required groups and complete the wizard.
End result
Once the configuration is deployed, for new devices going through the Autopilot process, Office will be automatically deployed and available to them when they first sign in.
If you need to uninstall the Microsoft 365 apps, you can make uninstallation available through the company portal or assign the group to the uninstall assignment in Intune and the apps will begin to uninstall.
Wrapping up
There you have it. Two simple methods to deploy the Microsoft 365 apps to devices through Microsoft Intune while ensuring they are always up to date.