Office 365 – Mass Deployment made easy!

If your business is finally making the switch to Office 365 there’s probably one issue you’re facing as the deadline closes: How can I get this installed quickly on all of our computers?

This guide is best utilized when:

  • Computers are centralized (E.g. You have an office building)
  • More than 10 computers to install Office on or you have low internet speeds
  • You have an existing file server/NAS with a share

Office Deployment Tool

We will be utilizing the Office Deployment Tool, going forward this will be referenced as ODT

Grab the download from: https://www.microsoft.com/en-us/download/details.aspx?id=49117

Setup on the File Server/NAS

  1. Extract the files from the file above and place it on your File Server/NAS in a properly labeled path – EX: \\FileServer01\Apps$\Microsoft\Office\
  2. Verify that the share is accessible from the computers that are receiving the install.
  3. Delete the XML files that are included in the ZIP file you extracted

Configure your XML file

  1. Go to http://config.office.com
  2. Choose your relevant product arch (Microsoft now recommends the 64-bit installation as default)
  3. Choose your relevant product(s)
    1. If you purchased Business licensing choose Office 365 Business
    2. If you purchased Enterprise licensing choose Office 365 ProPlus
  4. Choose which apps you want installed, I typically change “OneNote 2016” to ON
  5. Choose your update channel
    1. I recommend the semi-annual channel – This will be the most stable and reliable build
    2. The monthly channel will provide new features each month, but possibly at the cost of confused employees and unstable builds.
  6. Choose your version – I recommend choosing latest
  7. Choose your language – Typically English
  8. Choose your installation
    1. Set it to local source
    2. Change the path to your share you created earlier – In our case it is \\FileServer01\Apps$\Microsoft\Office\
    3. I recommend “Show installation to user” being on – This allows you or your users to visually see the progress of installation, otherwise turn it off for a silent install
  9. Choose your Update and Upgrades options – I recommend leaving all the default options here
  10. Choose Licensing and Activation options
    1. Check “Automatically accept the EULA”
  11. Choose your General options – You do not need to fill out these options
  12. Choose your Applications Preferences – I recommend not touching these for Domain Joined computers
  13. Click Finish – You’re almost done!
  14. Review all changes you’ve made on the right hand side
  15. Choose “Export” in the top right
    1. Accept the agreement
    2. I typically name the XML file relevant to product + arch
      1. EX: O365BusinessX64
      2. EX: O365ProPlusX64
  16. Download your XML file and drop it into your share that you created earlier, it should be in the same folder as the Setup.exe

Create your Batch File for Download/Update

  1. Open Notepad
  2. Input %FileShare%\setup.exe /download %FileShare%\%XMLFile%.xml
  3. File > Save As > Update Local Office Source.bat
  4. Change “Save As Type” to “All Files (*.*)”
  5. Save it in the same folder as your Setup.exe
Example of what your “Update Local Office Source.bat” should be

Create your Batch File for Installing

  1. Right click on the batch file you just made and choose “edit”
  2. Replace “/download” with “/configure”
  3. File > Save As > Install O365.bat
  4. Change “Save As Type” to “All Files (*.*)”
  5. Save it in the same folder as your Setup.exe

Example of what your “Install O365.bat” should be

Start the initial download of Office

  1. Double click your “Update Local Office Source.bat” file – CMD Prompt should open with the same text you put in your .bat file
  2. You will not see any progress in the CMD Prompt – that is normal!
  3. If you’d like to check on the progress of the download, you can right click the new folder that was created in your file share > Properties and check the size of the folder. This will end up being 2GB+ depending on your options and additional programs
  4. Wait until the initial download is finished

Test your first install manually

  1. Login to a computer with an account that as Administrator rights
  2. Browse to the share containing your Install O365.bat file and double click it
  3. You should see CMD prompt open up, followed by the installation progress bar (if you chose to show that during the XML configuration phase)
  4. Verify the install encounters no issues, and that Office is working correctly

Start your deployment

There are several ways to handle this, here is a couple:

  1. Put your “Install O365.bat” file on a USB drive, walk to each computer and double click on it
  2. Create a GPO for a Logon Script to run your “Install O365.bat” – you should modify your Install O365.bat to first check for O365 already being installed the computer to prevent looping of installation

Pro Tip:

If you installed O365 ProPlus you can manage O365 settings via Group Policy!

https://www.microsoft.com/en-us/download/details.aspx?id=49030

Office365 – Use DKIM to validate outbound email

By default Microsoft will only enable DKIM signing on your “Initial Domain”

Why use DKIM when you already utilize SPF? It’s simple! They will work in tandem.

SPF adds information to a message envelope but DKIM actually encrypts a signature within the message header.

When you first sign up as a Tenant within Microsoft Office 365 you are greeted with an “Initial domain” that ends in .onmicrosoft.com – For example, mine is D3V1N.OnMicrosoft.com

As you go through the verification process to verify the domains you own, or purchase domains from Microsoft or Microsoft Partners, you will see your domain(s) start populating in your Microsoft 365 Admin Center

Once your domain has been verified, you can start the process of using DKIM

In this guide we will keep it simple – We will utilize the Microsoft Office 365 Admin Center to change the DKIM settings, however an alternative method exists in which you can use PowerShell to accomplish the same end goal.

 

Let’s begin!

 

  1. Navigate to your Domain DNS settings – In this case I am hosting this website with GoDaddy. We will be adding two CNAME records to our domains DNS.
  2. Generic - Please Refine to fit your domain!

    HostnamePoints To AddressTTL
    selector1._domainkey.selector1-domainGUID._domainkey.initialDomain 3600 (1 Hour)
    selector2._domainkey.selector2-domainGUID._domainkey.initialDomain3600 (1 Hour)
    Three things need to be changed to fit your domain: <domain> — <domainGUID> — <initialDomain>
    1. Domain: Your domain name
    2. domainGUID: domainGUID is the same as the domainGUID in the customized MX record for your custom domain that appears before mail.protection.outlook.com (HINT: Check your DNS records for MX entries)
    3. initialDomain: The domain you created when joining O365 – Look for the OnMicrosoft domain!
  3. Here is my configuration for D3V1N.NET as an example: 

    D3V1N.NET Specific DNS Settings

    HostnamePoints To AddressTTL
    selector1._domainkey.d3v1n.netselector1-d3v1n-net._domainkey.d3v1n.onmicrosoft.com3600 (1 Hour)
    selector2._domainkey.d3v1n.netselector2-d3v1n-net._domainkey.d3v1n.onmicrosoft.com3600 (1 Hour)
  4. BREAK! You may need to wait up to 48 Hours for DNS to update – Once you verify DNS has been updated, proceed to the next step.
  5. In the left navigation, expand Admin and choose Exchange.
  6. Go to Protection > dkim.
  7. Select the domain for which you want to enable DKIM by left clicking it, and on the right you should see “Sign messages for this domain with DKIM signatures” – choose Enable.

 

Send an email to an outside domain in which you can receive it to inspect the message header to verify DKIM is working!

 

 No Fields Found.