Because Microsoft will release security updates and feature updates to Microsoft 365 apps, we need to update Microsoft 365 Apps regularly to get the latest security updates and features and don’t want them to arrive to all users simultaneously, we must create update rings to achieve this. In the next blog post, we are going to do this.
Microsoft 365 updates
Microsoft 365 has a suite of productivity apps that includes Word, Excel, PowerPoint, Outlook, OneDrive, Teams, and more. These apps are constantly updated with new features and improvements to help you work smarter and faster. but more importantly, it is getting the latest security updates. However, you may not always get the latest updates automatically, depending on how you installed Microsoft 365 and what version of Windows you are using. In this blog post, we will explain why you need to update your Microsoft 365 apps and how to do it in update rings.
Why update Microsoft 365 apps?
Updating your Microsoft 365 apps has many benefits, such as:
- Improving the security and performance of your apps by fixing bugs and vulnerabilities that may affect your data or device. For example, you can get the latest security patches that protect your apps from malware or phishing attacks, or get the latest performance improvements that make your apps run faster and smoother.
- Get access to the newest features and capabilities that can enhance your productivity and creativity. For example, you can use the new voice typing feature in Word to dictate your documents hands-free or use the new Presenter Coach feature in PowerPoint to get feedback on your presentation skills.
- Keeping your apps compatible with the latest Windows updates and other Microsoft products. For example, you can get the latest Windows 11 compatibility updates that ensure your apps work well with the new operating system, or get the latest integration updates that enable your apps to work seamlessly with other Microsoft products like Teams or OneDrive.
Security Updates Microsoft 365 apps
Security updates are important for Microsoft 365 apps because they help protect your apps from malicious attacks and improve their performance and stability. Security updates are released monthly by Microsoft and are applied automatically to your apps if you have enabled automatic updates. Because we want to control these updates we are going to create these updates in rings.
Some of the security updates that were released in September 2023 for Microsoft 365 apps can be found here Release notes for Microsoft Office security updates – Office release notes | Microsoft Learn
Microsoft 365 update channels
Microsoft 365 app channels are ways to control how and when your Microsoft 365 apps get updated with new features, improvements, and fixes. Depending on your needs and preferences, you can choose from three primary update channels: Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel.
|Channel||Use||Release Frequency||Security Updates|
|Current Channel||New Office features as soon as they are ready||New Office features once a month||Second Tuesday of the month|
|Monthly Enterprise||New Office features once a month||Second Tuesday of the month||Second Tuesday of the month|
|Semi-Annual Enterprise Channel||Select devices where extended testing is needed||Twice a year (in January and July), on the second Tuesday of the month||Once a month, on the second Tuesday of the month|
We like to use Monthly Enterprise for our broad user group to give them a stable but secure experience as possible. Therefore we use the Current channel for testing everything and getting the adoption documents ready before releasing it to the monthly enterprise users.
Within the Modern Workplace environments, we provide to our customers, we have the concept of Deployment/Update Rings. These deployment rings define the order in which we will deploy updates or policies to the environment. Currently, 3 deployment/update rings are determined to get a DTP process. Because we use an assignment of policies to users only, take in mind that these deployment rings can be created with device groups as well.
- Deployment Ring 1, everyone with an IT-related function
- Deployment Ring 2, a representative set of end users working within the business
- Deployment Ring 3 (contains everyone)
|Ring||Channel||Delay in days||Deadline in days|
|Update Ring 1||Current Channel||0||0|
|Update Ring 2||Current Channel||2||5|
|Update Ring 3||Monthly Enterprise||7||5|
You should use an expedited update policy if you want to deploy the most recent security updates as quickly as possible on devices you manage with Microsoft Intune. Expedited updates can help you address zero-day security vulnerabilities and fast-track installation of security updates. Expedited updates work by checking for updates more frequently than the normal Update scan frequency, and by ignoring and overriding any quality update deferral periods for the update version you deployExpedited updates also have the following characteristics:
- The update downloads and installs as quickly as possible.
- The update process overrides configured device policy settings, such as days until the device is forced to restart.
- After the expedited update is installed, the device returns to the current policy settings.
If we need to expedite the update because of an emergency update we have 2 expedite policies.
|Ring||Channel||Delay in days||Deadline in days|
|Expedite (Ring 1 en Ring 2)||Current Channel||0||0|
|Expedite (Ring 3)||Monthly Enterprise||0||0|
Update Microsoft 365 apps policies
Now we know why we need to update and what the concept is, we can take it to the Intune portal and our users/devices. First, we are going to the Intune portal
Here we will go to Devices | Configuration click + Create profile, choose Platform Windows 10 and later, and Profile type Settings catalog
Now we need several settings to achieve how to set the different rings for our users:
Microsoft Office 2016 (Machine) :
- Enable Automatic Updates
- Update Channel
- Delay downloading and installing updates for Office
- Update Deadline
Now for the Expedite rings we need to create 2 policies
For Expedite Ring 1 and Ring 2
For Expedite Ring 3
Security updates are essential for maintaining the quality and safety of Microsoft 365 apps. They are released on a monthly basis and can be applied automatically or manually depending on the admin’s preference. In this blog post, we created several ring policies for updating Microsoft 365 apps. In these, we have created the possibility to test the new features and security updates delivered to the current channel. After these updates are tested these updates will arrive to the Monthly Enterprise channel.