Because Microsoft will release security updates and feature updates to Microsoft 365 apps, we need to update Microsoft 365 Apps regularly to get the latest security updates and features and don’t want them to arrive to all users simultaneously, we must create update rings to achieve this. In the next blog post, we are going to do this.

Microsoft 365 updates

Microsoft 365 has a suite of productivity apps that includes Word, Excel, PowerPoint, Outlook, OneDrive, Teams, and more. These apps are constantly updated with new features and improvements to help you work smarter and faster. but more importantly, it is getting the latest security updates. However, you may not always get the latest updates automatically, depending on how you installed Microsoft 365 and what version of Windows you are using. In this blog post, we will explain why you need to update your Microsoft 365 apps and how to do it in update rings.

Why update Microsoft 365 apps?

Updating your Microsoft 365 apps has many benefits, such as:

  • Improving the security and performance of your apps by fixing bugs and vulnerabilities that may affect your data or device. For example, you can get the latest security patches that protect your apps from malware or phishing attacks, or get the latest performance improvements that make your apps run faster and smoother.
  • Get access to the newest features and capabilities that can enhance your productivity and creativity. For example, you can use the new voice typing feature in Word to dictate your documents hands-free or use the new Presenter Coach feature in PowerPoint to get feedback on your presentation skills.
  • Keeping your apps compatible with the latest Windows updates and other Microsoft products. For example, you can get the latest Windows 11 compatibility updates that ensure your apps work well with the new operating system, or get the latest integration updates that enable your apps to work seamlessly with other Microsoft products like Teams or OneDrive.

Security Updates Microsoft 365 apps

Security updates are important for Microsoft 365 apps because they help protect your apps from malicious attacks and improve their performance and stability. Security updates are released monthly by Microsoft and are applied automatically to your apps if you have enabled automatic updates. Because we want to control these updates we are going to create these updates in rings.

Some of the security updates that were released in September 2023 for Microsoft 365 apps can be found here Release notes for Microsoft Office security updates – Office release notes | Microsoft Learn

Microsoft 365 update channels

Microsoft 365 app channels are ways to control how and when your Microsoft 365 apps get updated with new features, improvements, and fixes. Depending on your needs and preferences, you can choose from three primary update channels: Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel.

ChannelUseRelease FrequencySecurity Updates
Current ChannelNew Office features as soon as they are readyNew Office features once a monthSecond Tuesday of the month
Monthly EnterpriseNew Office features once a monthSecond Tuesday of the monthSecond Tuesday of the month
Semi-Annual Enterprise ChannelSelect devices where extended testing is neededTwice a year (in January and July), on the second Tuesday of the monthOnce a month, on the second Tuesday of the month

We like to use Monthly Enterprise for our broad user group to give them a stable but secure experience as possible. Therefore we use the Current channel for testing everything and getting the adoption documents ready before releasing it to the monthly enterprise users.

Update concept

Within the Modern Workplace environments, we provide to our customers, we have the concept of Deployment/Update Rings. These deployment rings define the order in which we will deploy updates or policies to the environment. Currently, 3 deployment/update rings are determined to get a DTP process. Because we use an assignment of policies to users only, take in mind that these deployment rings can be created with device groups as well.

  • Deployment Ring 1, everyone with an IT-related function
  • Deployment Ring 2, a representative set of end users working within the business
  • Deployment Ring 3 (contains everyone)
RingChannelDelay in daysDeadline in days
Update Ring 1Current Channel00
Update Ring 2Current Channel25
Update Ring 3Monthly Enterprise75

Expedite update

You should use an expedited update policy if you want to deploy the most recent security updates as quickly as possible on devices you manage with Microsoft Intune. Expedited updates can help you address zero-day security vulnerabilities and fast-track installation of security updates. Expedited updates work by checking for updates more frequently than the normal Update scan frequency, and by ignoring and overriding any quality update deferral periods for the update version you deployExpedited updates also have the following characteristics:

  • The update downloads and installs as quickly as possible.
  • The update process overrides configured device policy settings, such as days until the device is forced to restart.
  • After the expedited update is installed, the device returns to the current policy settings.

If we need to expedite the update because of an emergency update we have 2 expedite policies.

RingChannelDelay in daysDeadline in days
Expedite (Ring 1 en Ring 2)Current Channel00
Expedite (Ring 3)Monthly Enterprise00

Update Microsoft 365 apps policies

Now we know why we need to update and what the concept is, we can take it to the Intune portal and our users/devices. First, we are going to the Intune portal

Here we will go to Devices | Configuration click + Create profile, choose Platform Windows 10 and later, and Profile type Settings catalog

Now we need several settings to achieve how to set the different rings for our users:

Microsoft Office 2016 (Machine) :

  • Enable Automatic Updates
  • Update Channel
  • Delay downloading and installing updates for Office
  • Update Deadline

Ring 1:

Update Microsoft 365 apps

Ring 2:

Ring 3:

Update Microsoft 365 apps

Now for the Expedite rings we need to create 2 policies

For Expedite Ring 1 and Ring 2

For Expedite Ring 3


Security updates are essential for maintaining the quality and safety of Microsoft 365 apps. They are released on a monthly basis and can be applied automatically or manually depending on the admin’s preference. In this blog post, we created several ring policies for updating Microsoft 365 apps. In these, we have created the possibility to test the new features and security updates delivered to the current channel. After these updates are tested these updates will arrive to the Monthly Enterprise channel.

One thought on “Update Microsoft 365 Apps with rings”

Comments are closed.