Microsoft has delivered new updating capabilities for admins to help them automate monthly updates for its core Microsoft 365 apps via Azure Active Directory (AD).
"Servicing profiles" let admins automatically deliver monthly Word, Excel and other Office suite updates for specific users or groups. Microsoft has now delivered tooling that allows admins to align these updates with Windows Patch Tuesday updates.
The new capabilities, described as 'top customer asked capabilities', updated servicing profiles to cover customization, rollbacks, device exclusions, blanket and exclusion targeting, and the ability to control deployments to devices with a smaller disk space than the 5GB lower threshold previously available.
"You spoke, we listened. Based on input from admins from around the world, we added and extended controls for Servicing profiles. The overall goal remains unchanged: Provide a modern and easy way to manage your Microsoft 365 Apps updates," says Microsoft's Martin Nothnagel.
Microsoft thinks admins' suggestion of "wave customization" was a good idea. The feature lets admins roll out updates to users in consecutive waves to target priority devices instead of the default of deploying updates randomly to selected devices over the course of four days.
"With Rollout waves, you can customize which devices/users should get the updates first, second, etc. This allows you to build deployment rings for e.g. testing, piloting and full release by simply adding Azure AD groups to the respective waves. Servicing profile will then execute the update deployment according to your settings each Patch Tuesday," says Nothnagel.
Rollback gives you an extra safety net in case an update is causing issues in your environment. "It allows you to easily roll a selection of devices back to a previous release. Now, instead of manually selecting individual devices, you can now also specify Azure AD groups with devices or users," says Nothnagel.
Admins can also exclude specific devices via Azure AD or target all of them.
Excluding some devices might be useful for admins that need to update certain devices manually, through alternative processes such as Remoted Shared Desktop (RDS) hosts. Admins can add the users or devices to Azure AD groups, and then specify them in the profile for exclusion.
For those who need to target updates for all devices, servicing profiles gives admins a way to control updates for Microsoft 365 apps based on update channels, the use of macros, and other filters.
"There is a new toggle in the Servicing profile which simplifies the configuration. Just disable the use of additional selection criteria and all your devices will be serviced (Azure AD group filtering is still available).
It has also changed disk space control. Previously the lower limit of the disk space selection criteria was five gigabytes which meant devices with less free disk space were excluded from Servicing profiles managing the monthly updates: "Most Microsoft 365 Apps updates require less space on disk during the update process, that's why we adjust the lower limit. Now you can bring it down to zero, meaning an update attempt will always be performed."