Todays blog post is to make you aware of the possibilities the Cloud update feature of Microsoft offers us in managing Microsoft 365 Apps (the Office suite). The cloud update feature is found in the Microsoft 365 Apps admin center and seems pretty unknown to a lot of IT admins. And to be honest, it was also unknown to me 😊
Cloud update
provides advanced management capabilities, offers more comprehensive insights, and gives you better control over your Monthly Channel, and Current Channel updates. This streamlined solution ensures an optimized experience when managing your devices.
Cloud update currently supports the Enterprise Monthly and Current Channel Office installations. Support for Semi-Annual Channel is planned, and hopefully released soon.
Cloud update provides us an inventory of all our devices running Microsoft 365 Apps. The inventory information show the Office version, Build and Channel per device. Besides that it shows an inventory of (COM and CSTO) add-ins. And as last it shows if macros are present on the device.
Besides that, the feature offers us rollout waves for Monthly Enterprise channel. And this is actually the reason cloud update got my attention!
Cloud update provides as a way to have more control over the updates for the M365 apps. We can compare it a bit with Windows Update for Business.
With cloud update we have the option to deploy updates for the office suite in several rings (the rollout waves). This means we can deploy updates first to our own department, in the next wave to our application owners for example and in the third wave to our end-users. We can configure the days between waves and a deadline.
Besides that we have an option to rollback an update with just a few clicks. And we have the option to configure exclusion dates. Update exclusions can be created to prevent devices downloading security and feature updates during specific dates.
Before you get started with Cloud update, it is good to note the compatibility with other management tools information in the documentation of Microsoft, as Cloud updates takes priority over other management tools.
Sounds useful, right? Let’s see how this is all configured!
Requirements
Before we are going to dive into Cloud update, let’s first check the requirements for this feature.
The feature is available for admins with a Office Apps Administrator, Security or Global Administrator role.
Our users need to be licensed with a Office 365 license. This can be part of for example a Microsoft Business Standard license.
For the most up to date information on the requirements read the Microsoft documentation.
Enable cloud update
Cloud update is found in the Microsoft 365 admin center, that is available via config.office.com.
Cloud update is one of the sections found via the left menu (1).
To make use of the feature we first need to enable it (2).
When enabled the home tab shows the number of enabled devices (which is of course none directly after enabling the feature).
On the Overview page we find a summary of cloud update. It shows a percentage of the devices updated. And from the overview page we can view all the unmanaged devices (2) and all cloud update managed devices (2).
When we have just enabled cloud update all our devices show up in the inventory (accessed via the previous View unmanaged devices option). It shows the Cloud update status of the devices. The devices first show a status of Onboarding to and the channel specified.
After some time the status shows with which channel the device is managed. This status could continue until the next update is released, usually on the upcoming patch Tuesday.
Configure rollout waves
Waves are found on the the settings page, of the Monthly Enterprise tab section. With waves we can make a ring deployment, like we can implement for Windows Updates. How you implement the number of waves, deadlines and days between waves of course differs per environment.
You could for example have a number of user run Current channel and implement different waves for Monthly Enterprise.
By default when you enable waves, wave 1 is the validation wave with a 7-day validation (deadline). You have the option to opt out of update validation.
You can add three waves yourself with an additional fourth wave containing all remaining devices, not assign one of the waves.
Click Add waves to add the number of waves you’d like to implement.
Waves can be assigned to Microsoft Entra groups.
When waves are added, we can configure the number of days between waves.
On the next tab we configure the update deadline (a number between 0 and 14 days).
Monitoring rollout waves
Now we have configured our rollout waves, we need to monitor those waves and the progress of our devices/ M365 apps.
On the Monthly Enterprise tab (1) get an overall overview of the number of devices in the waves and the percentage of updated devices.
We also have the option View Waves overview (2) on this tab.
The waves overview shows us the start date (1) of every wave.
It shows the waves status (2), Completed or In progress.
And it shows the device status (3), like completed, failed or roll back.
Device actions
We have a couple of actions we can take on devices. We can roll back the M365 application version and we have the option to switch devices between update channels.
When we are on the Inventory tab (1) we can browse to All devices.
Here we have the option to switch the device update channel (2).
Select the targeted update channel to which the device needs to be switched and click Move devices.
We can also switch devices in bulk by selecting an Entra group.
Be aware of the time it can take to process the channel switch.
On the Monthly Enterprise tab, we have the option to roll back devices to a previous M365 version/ build.
Search for a device on device name. Select the version to which the application should be rolled back.
The rollback will be applied within 12-24 hours.
Via the Monthly Enterprise tab, View all devices option, we can check the rollback status.
Inventory
On the Inventory tab we have information available about the different Office builds and channels. We have an overview of the Office architecture and an overview of the add-ins.
The builds inventory shows the different builds in the environment, including information if these builds are supported or not.
The channels inventory shows the different builds and number of devices on these builds.
The devices inventory shows an overall overview of all devices and includes a lot of information.
It shows the cloud update status, to determine if the device is managed and by which channel.
But is also shows the Office architecture, version, build and other additional information.
As last we have the inventory of the add-ins used in the environment.
Per add-in you can drill-down to get more information about that particular Office add-in.
That’s it for this blog post to introduce you to Microsoft cloud update.
I hope you find it informative.
Thanks for reading!
1 Comment
Great to see more info about this little known feature out there!
I stumbled on it about a year ago when it was called Service Profiles and have 100 or so users testing it on the MEC. Main takeaway for us was that update is now virtually invisible in that in just occurs in the background most of the time when M365 Apps aren’t running or (more likely) the device is restarted. We were/are using SCCM to update on the SAEC and it works fine but prompts for a restart which can be pretty annoying if you’ve just done one for the monthly OS updates etc. As you say, its very similar to WUfB with very little admin overhead. I’m planning on using the same groups for both when I roll it out to the whole company 🙂
Would be nice to have it integrated into the Intune portal though to make life even easier!