Hey Team, in this post I'm going to cover how we're doing our Self Service Deployments for the Microsoft 365 Apps. We're controlling it via Active Directory Group Membership.
Our Deployment team can add users into these groups in AD that then will access to the Apps
Each User Collection has a direct rule of the AD Group
The rest of the collections only have one deployment, the deployment for the corresponding application. The Microsoft 365 Self-Service Notification Baseline I'll be going over in depth in the next post.
Microsoft 365 Content is a required deployment, ASAP, so that it gets the M365 Installer Content down to the machines as soon as it can. I go over the content a bit more in a previous Post
The Microsoft 365 Office - Semi-Annual Enterprise Channel is a required deployment set out 10 years.
It is also hidden:
We don't want to force the software down, we want it to be available for them to install themselves. However, we don't want it to show up until the required content is completely downloaded, so we keep it hidden until it's downloaded, then we have that Baseline come along and flip some properties in WMI to change it from Hidden and Required, to Show in Software Center and be Available. I'll cover that more in the next post as well.
As a Bonus, here is the script I used to create the AD Groups and User Collections.
It looks through CM, finds all of the Applications that start with Microsoft 365 (excluding anything with Content in the name) then using that name to base the AD Group and CM User Collections on.
Check it out on GitHub, I plan to add the lines that will automatically create the deployments as well. Note, I created it in about 10 minutes and used it once in my lab, so no real testing has been done... be warned.
Thanks for checking out the post and after this series, if you have questions, please let me know and I'll see where I can fill in any blanks. - Gary
Check out the other posts in this series: