2. Work Better Bring Ideas Use Office The Practical
Together to Life Anywhere Productivity Platform
E
Collaboration Without Insights from PC, Phone & Security,
Compromise Information Browser Manageability &
Performance
3. The Practical Productivity Platform for IT
Simplify Everyday Safeguard Your Enterprise Connect Without
Challenges Environment Compromise
Simple. Easy. Connecting. Control.
Peace of mind.
• Improving Performance • Office Anywhere
• Layered Security
• Improving Deployments • Office Web Apps
• Protected View
• Getting Ready • Office Mobile
• Reducing Risk
• Realizing 2010 • The Best User Experience
• Volume Activation • SharePoint
• App-V • LOB Systems
• Training & Support Content • Services
4. The Practical Productivity Platform for IT
Simplify Everyday Safeguard Your Enterprise Connect Without
Challenges Environment Compromise
Simple. Easy. Connecting. Control.
Peace of mind.
• Improving Performance • Office Anywhere
• Layered Security
• Improving Deployments • Office Web Apps
• Protected View
• Getting Ready • Office Mobile
• Reducing Risk
• Realizing 2010 • The Best User Experience
• Volume Activation • SharePoint
• App-V • LOB Systems
• Training & Support Content • Services
8. Quarterly Desktop Deployment
Tracker Survey to IT Pros
End user 32%
training 26%
Doc 30%
compatibility 29%
Patch/update 29%
mgmt 26%
New version 26%
migration 24%
Troubleshooting 21%
26%
End user 21%
support 16%
Securing Office 18%
24%
Backing up 14%
Office docs 21%
Mobile device 14%
mgmt 21%
Deploying to 11%
desktops 8%
Managing 10%
desktops 10%
Major Office Minor Office
40. Thinking about Microsoft Office in
general, what, if any, are the biggest areas of pain
or frustration you have with Microsoft Office? (Top
3/N=552)
18. Planning Excitement Deployment Adoption
Training customer IT Help the customer Delivering focused Ongoing training &
group on 2010 to develop end user training and support at support helps drive to
prepare for Office awareness leveraging deployment is key to a complete adoption
2010 Microsoft assets & SA making a customer and success with
benefits like HUP. successful. Office 2010.
Enterprise Getting Office
Tools & Online
Learning Started Learning Site
Resources Framework
Excitement
Guides (On Premise)
Email
Planning Posters, One Office Ribbon
Content resources Pagers Guides
templates, Tip
s & Tricks
19.
20. The Practical Productivity Platform for IT
Simplify Everyday Safeguard Your Enterprise Connect Without
Challenges Environment Compromise
Simple. Easy. Connecting. Control.
Peace of mind.
• Improving Performance • Office Anywhere
• Layered Security
• Improving Deployments • Office Web Apps
• Protected View
• Getting Ready • Office Mobile
• Reducing Risk
• Realizing 2010 • The Best User Experience
• Volume Activation • SharePoint
• App-V • LOB Systems
• Training & Support Content • Services
23. Newer is Better
% of vulns affecting Office 2007 since Jan 2007
28% Vulnerable
72% Not Vulnerable
Fuzzing Iterations Completed
>10x!
2x!
Office 2007 Office 2007 Office '14' so
SP2 far...
24. • Design Tenets • File Validation • Protected Viewer • Immediate view
oSecurity oFile structure validation oIsolate data • View before prompt
oMinimize the threats oLooks for unknown oPrevent harmful actions • Remember Trust
oBetter UI issues oMake informed
oLeverage new design decisions
• File Block decisions
• Reduces number of
oIT Control oLimit old file format
issues
clicks
oMaintain user
productivity
25.
26.
27.
28.
29.
30.
31. The Practical Productivity Platform for IT
Simplify Everyday Safeguard Your Enterprise Connect Without
Challenges Environment Compromise
Simple. Easy. Connecting. Control.
Peace of mind.
• Improving Performance • Office Anywhere
• Layered Security
• Improving Deployments • Office Web Apps
• Protected View
• Getting Ready • Office Mobile
• Reducing Risk
• Realizing 2010 • The Best User Experience
• Volume Activation • SharePoint
• App-V • LOB Systems
• Training & Support Content • Services
32.
33. Office Web Apps Include:
Word Web App
Excel Web App Office Web Apps are licensed
PowerPoint Web App with Office Standard 2010 and
OneNote Web App Professional Plus 2010
Viewing Editing
34. Windows Live On Premises Online
For Personal Use For Businesses For Businesses
Office Web Apps in IT can host Office Web Apps Office Web Apps
Windows Live at no on SharePoint for additional hosted for
cost as an ad- management and control organizations by
supported service options Microsoft
35. Microbrowsers on Phones and
PDAs Supports:
• WAC viewer* enables viewing • IE on Windows Mobile 5/6/6.1/6.5
for: • Safari4 on iPhone 3G/S
• BlackBerry 4.x and newer versions
• Word
• Nokia S60
• Excel • NetFront 3.4, 3.5 and newer versions
• PowerPoint • Opera Mobile 8.65 and newer
• Enables users to view versions
PowerPoint broadcasts • Openwave 6.2, 7.0 and newer versions
*For SharePoint hosted web apps
36. Office Mobile 2010 Supports:
View & Edit Office files • Windows Mobile
Word, Excel, PowerPoint, & OneNote 6.5
SharePoint Workspace Mobile • Nokia E-Series*
Enables content sync with SharePoint Libraries
Supports:
Office Communicator Mobile 2007 R2 • Windows Mobile 6.x
View presence & send /receive IMs • Motorola Razr V3xx
• Select Nokia Phones
Manage with System Center Configuration Manager
*Future support
37.
38. Servers Extensible Services Extensible UI
Office 2010 features become richer Utilize Office services to improve Leverage the extensible UI in
when connected to server manageability of user created Backstage and the Ribbon to improve
components content and build solutions support for users
SharePoint 2010 Access
• Easy sharing (save to) • Host database on SP 2010 Backstage
• Co-Authoring – • Brings manageability to Access • Customize the backstage view
Word, Excel, PowerPoint, OneNote • Provides agility for users • Enforce required document process
• PowerPoint Broadcasting • Client/browser access & design • Provide business process support
• Workspaces • Link to custom document process
• Exposing SP workflow Excel
• Tagging • Excel as a service on SP 2010
• And more • Publish from client
• Maintain control of content
• Dash boarding with SharePoint Excel Ribbon
Exchange 2010 Services web service API • Provide user centric views
• Mail tips • Enable custom ribbon functions
• Security rules InfoPath • Provide optimized views
• Retention rules • Enables central store age and
management of forms and templates
• Bring form date into control
OCS 2010
• Embedded presence Word
• Application sharing • Word as a service on SP 2010
• Enables server side automation
• File conversions, merging, printing
55. Client Server
Communicator OCS 2010
Share an Office application with others in one click 2010 SharePoint 2010
Unified Word 2010
See presence and contact others from within your Communicator OCS 2010
Communications shared document with IM, voice or video 2010
See voice mail transcripts and faxes right in your inbox Outlook 2010 Exchange 2010
Business Consolidate & quickly analyze and vast amounts of Excel 2010 with
data. Share & Refresh powerful BI models in Project Gemini SharePoint 2010
Intelligence SharePoint add-in
Word 2010 SharePoint 2010
Edit the same document at the same time PowerPoint 2010
SharePoint
Use & update SharePoint documents and lists when Workspace 2010 SharePoint 2010
Collaboration you’re not connected (formerly Groove)
Quickly broadcast a slideshow right from within PowerPoint 2010 SharePoint 2010
PowerPoint
Avoid sending sensitive mail to the wrong people with
help from Mail Tips and keep security a priority with Outlook 2010 Exchange 2010
Retention Policy and Automated Policy Application
Enhance content management with smart templates Word 2010 SharePoint 2010
Enterprise that populate document metadata
Content Easily access rich client/server capabilities with the Office 2010 SharePoint 2010
Backstage view in Office 2010
Management
Publish Databases using SharePoint Access Services
Access 2010 SharePoint 2010
where Data, Forms, Code supported in the Cloud
56.
57.
58. Office Office 2010 Office Migration
Environment Compatibility Planning Manager Content
Assessment Tool Inspector Tool
• Integrates into
• Scanning tool. Office VBA and • File Scanning and • “Analysis and
• Currently installed VSTO reporting tool Remediation Guide”
applications • Simple text search • Provides detailed • Guide to an
• Add-ins. properties and migration environmental
• Interacting methods in the information assessment.
Unregistered Office OM • Command-line • Per Product
programs • User option to scanner • Per product list of
• Environmental comment/mark known issues with
• Remote or local
assessment code. possible solutions
running
• Add-ins assessment • “definitions” and • Top OM changes.
• Database
remediation • Macros & VBA
updated from a Aggregated
information migration articles
central location
• Summary of • Defines compatibility
completed scans challenges
• Detailed • Detailed bulk macro
report, produced scanning
59. The Practical Productivity Platform
Challenge: Unlocking the data stored in legacy
documents to retain critical IP, while improving
manageability of end user applications and data
Office and SharePoint Platform: Design Access applications
and present them to users via a browser with Access Services.
Utilize new (x) in Excel and Excel Services to present a single
version of the truth. Leverage open formats for mining legacy
with the Open XML. Build applications in Office using
standards: LINQ, REST, XML and more.
Potential savings/efficiency gains: Integrating Office
applications using common standards simplifies and
shortens development cycles and improves sustainability.
Using Office to publish Access & Excel to the Web improves
data governance & IT visibility into data utilization. LOB Systems
Notes de l'éditeur
Let’s take a look at some of the performance improvements provided in Office 2010 – Office 2010 was built with the principle to leverage the latest hardware capabilities but improve the perf on existing hardware to allow customers to leverage their existing investments.
Emphasis no need to upgrade hardware, and that the Office team have taken the idea from the O/S team with making 2010 faster than 2007 on the same hardware.However footprint for diskspace has changed, now requires 3.5GB, see the system requirements for the Beta version for specifics.Netbooks – Office 2010 runs well on netbooks, however due to the limited display you might note we don’t meet the suggested display setting of 1024x768. Well Office 2010 addresses the small screen real estate issue by making the ribbon customizable so a user has the option to optimize the specific view for the given hardware.Boot Experience – boot application faster than it has been The new Office is optimised for multi-core processors. Additionally there are 2 versions 32 bit and 64 bitintroducing a 64-bit client of Office – BUTNote the support OS systemWhat does 64-bit Office provide?Key question for customers – do they really need it?Only primary gain is within the Excel Client. Unless heavy users with massive calculations there is no current advantage – you really need large datasets to make the 64 bit version shine.More likely to be more pain than gain due to compatibility issues in early adoptions32 bit Active –X controls don’t work.VBA issues with long data typesMajor access printing issuesPrint to OneNote issuesAnd more32 bit runs fine on 64 bit O/SHardware acceleration advances are greater than the advantages in moving to 64-bitVideo acceleration for PowerPoint, show this with embedded videos in PPTService efficiencies – all about moving to change level synching – i.e. SharePoint workspace only sends the changed content blocks not entire fieldsSimilarly use of services such as Word co-authoring will help the overall network as users can collaborate real-time with emailing large documents back and forth or creating multiple copies on your document repositories.
Video of Excel plotting a 10000 point scatter plot in 2007, 2003, and 2010Video shows user experience when charting in 2007 (note this is an extremely larger dataset selected to amplify the results).Excel 2003 is notably faster than 2007, Ultimately 2010 challenges that title and further improves the experience and add excellent performance results while performing even complex formatting changes.
Microsoft regularlyexecutes a research study to get the pulse of IT Pros and get their input on all things for desktop deployments. One important data point is highlighted here and indicates areas IT Pros feel are the biggest areas of pain or frustration with Microsoft Office. Surprisingly the issues and pain are not focused on the technical deployment, but rather it focuses on concerns of how user will be trained and supported and how Office can be managed.This data is helpful when a partner considers what service offerings should be offered to customers and what the primary issues exist at the customer which need to be addressed. The next few slides link us back to the partner opportunities and outline some basic concepts to help address concerns raised by the customers and provide ample opportunity for partners to develop IT services support Office 2010.
Getting Ready for Office 2010 – This is an opportunity area for partners to help customers get ready for Office 2010 At a high level there are 3 key areas to begin planning an Office installation – System, Application, and FilePartners have an opportunity to develop a packaged service offering to enable the customers to readily carry out a complete assessment and planning exercise.Several tools are made available to start the planning process, both technical planning and project planning resources. In the system readiness we can inventory the current Office applications and determine the readiness of the system hardware and operating systems. This assessment is facilitated by the Microsoft Assessment and Planning Toolkit (MAP). This tool supports several scenarios, but from an office deployment focus this is a great place to begin assessing your environment. We will take a closer look at this tools in the next slides.The outcome of a system readiness provides input to begin application and file assessments.File readiness is very important for customers migrating from Office 2003 or earlier versions as the Office file format has been migrated to use the OpenXML format (.docx, etc.) from the prior binary formats. Each customer will need to determined the files which potential issues and prioritize critical business files for mitigation. The Office Migration Planning Manager tool (OMPM) is available to support these activities – in additionally provides insight (in the upcoming release) to the potential risks that exist in the macro files. Note that even if organizations are migrating from Office 2007 this is critical area of concern if they are opting to migrate to 64-bit Office.Application compatibility with Office covers add-ins and other applications that make calls to the office applications – this is a critical area for assessment during the deployment planning to determine what add-ins and applications are used in the environment that have a dependency on the Office applications. We will take a more in-depth look at this tool later. Files identified by the OMPM scan are the initial target areas for mitigation with the OCCI tool.GuidanceSA Benefits can leverage DDPS service to build plan and leverage training vouchers to obtain training for IT Pros on Office – assumes customers has purchased SA benefits.TechNet Content – ORK and resource centersOver 80 Office Resource Kit (ORK) library articles at beta, with weekly updates (i.e., more articles) through RTM and beyondResource Centers are mini-portals within the TechNet experience that provide us the capability of bringing various resources and media form factors together on specific topicsThere are two Resource Centers in place this week at Beta launch (“Getting Started” and “Volume Activation”)Seven more by RTM (no particular order)1. Application Compatibility – At Beta, there is a highlight of the existing application compatibility tools and content 2. Office Web Apps – At Beta, web apps will have their own separate callout box highlighting the IT Pro call to action to download and evaluate the bits in a SharePoint Foundation environment.3. End-Adoption Content 4. Assessment & Planning5. Configuration & Deployment6. Feature Changes7. Migration & UpgradeOther channels to considerForums – The Office 2010 TechNet forumsare a primary location for Office Beta feedback & questions. There will be a forum for each major application as well as forums for topics deemed important (e.g., Volume Activation).The Product team has is increasing their support of the TechNet forums – this is a big win for our customers and partners The UA team will be aggressively looking for forum posts for which ORK content already exists, and respond in kind by pointing to appropriate articlesProduct Management will conduct a bi-weekly review of forum posts/activity/responses/open discussionsBlog - The Office 2010 Engineering blog is the specific blog the IT Pro PMG is getting behind (e.g., with cross-promoting) to support the extra content that we believe will be of use to the IT Pro audience. The product bloggers are working hand in hand with us to add the right amount of depth to their entries that will appeal to the IT Pro community.
The Microsoft Assessment Planning Toolkit is updated to provide better assessments for Office 2010. This slide is offered to provide a snapshot of MAP provides – the tools drill down module provides additional details on the tool.In the case of an Office deployment this a very good high level tool to begin the assessment and planning. This is the suggested starting point as you being the planning for the Office 2010 deployment. Secure and Agentless Inventory: MAP provides secure, agentless, and network-wide inventory that scales from small business to large enterprises. It collects and organizes system resources and device information from a single networked computer. Its unique agent-less inventory technologies allow remote assessment of clients, servers, applications, devices and roles – all without deploying any software agents to the machines on your customer’s network. Assessment tools often require users to first deploy software agents on all computers to be inventoried, but this tool does not. MAP uses technologies already available in your IT environment to perform inventory and assessments. These technologies include Windows Management Instrumentation (WMI), the Remote Registry Service, Active Directory Domain Services, and the Computer Browser service. Supported platforms (for reference only): * Windows 7 * Windows Vista * Windows XP® Professional * Windows Server 2008 or Windows Server 2008 R2 * Windows Server 2003 or Windows Server 2003 R2 * Windows 2000 Professional or Windows 2000 Server * VMware ESX * VMware ESXi * VMware Server Initial Readiness: Reviews hardware and inventories current software within the scope of the scan – it does not inventory this data, but it interprets the current data set with recommendations for the next step. Output: Output provides a starting point for both hardware adjustments and an understanding of current Office products, i.e. have all machines really been upgraded to 2007, etc. The output provides a detailed inventory with concrete next steps. Comprehensive Data Analysis: MAP performs a detailed analysis of hardware and device compatibility for migration to Windows 7, Windows Server 2008 R2, Windows Server 2008, Microsoft Office 2007, Microsoft Application Virtualization, and Windows Vista. The hardware assessment looks at the installed hardware and determines if migration is recommended. If migration is not recommended, the reports will explain why. The device assessment looks at the devices installed on a computer and reports availability of drivers for those devices. Device assessment is provided for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista migration scenarios. For customers interested in server consolidation and virtualization through technologies such as Hyper-V and Virtual Server 2005 R2, this tool helps to gather performance metrics and generate server consolidation recommendations that identify the candidates for server virtualization and how the physical servers might be placed in a virtualized environment. In-Depth Readiness Reporting: MAP generates reports containing both summary and detailed assessment results for each migration scenario. The results are provided in Microsoft Excel workbooks and Microsoft Word documents. Reports are generated for the following scenarios. Reports are generated for the following scenarios: * Identification of currently installed Windows client operating systems, their hardware, and recommendations for migration to Windows 7 and Windows Vista. The tool also reports if desktops have anti-virus and anti-malware programs installed and if the Windows Firewall is turned on. * Identification of currently installed Windows Server operating systems, their hardware, and recommendations for migration to Windows Server 2008 R2 and Windows Server 2008. * Identification of currently installed Microsoft Office software and recommendations for migration to Microsoft Office 2007. * Detailed assessment and reporting of server utilization gathered using the Performance Metrics Wizard. * Recommendations for server consolidation and virtual machine placement using Hyper-V or Virtual Server 2005 R2. * Assessment of client machines, servers, and the technology environment for the implementation of Microsoft Application Virtualization (formerly SoftGrid). * Identification of machines where Microsoft SQL Server components are installed. * Identification of virtual machines, their hosts, and details about each. * Power Savings Assessment: Create a proposal to identify server and client machines running in your environment and understand the power management capabilities available. In the case of the current MAP tool (MAP 4.0) only the Excel report is generated. 1. What’s Available Today: The current MAP 4.0 can be used in the Office 2010 planning, as you have the option to manipulate the system requirements. The scan will continue to indicate 2007 migrations but technically this can be used as your 2010 assessment. Use the Office 2007 assessment at this time to begin your Office 2010 deployment planning. When using this assessment you can adjust the requirements to meet the Office 2010 requirements during the analysis. The report will only show upgrade to 2007 but in this case will provide an initial readiness for 2010. It is important to note this is NOT APPLICATION COMPATIBILITY – you must use the OEAT/CI tools for these purposes. 2. Benefits: * Offer Fast, Scalable and Agent-less Inventory * Auto-Generate Actionable Assessments and Proposals * Shorten IT Planning Time * Plan for Multiple Microsoft Products from One Tool – not just office Top Questions: 1. Is this tool secure? MAP requires the user to enter local admin credentials for the client machines and servers; non-admin user cannot gain access to the machines and will get no results from the MAP tool. MAP encrypts the data traffic from the MAP machine to the assessed server and client machines. MAP does not persist or store any credentials required for WMI to remotely gather information on the server and client machines. 2. How much data traffic do we get? A typical network of desktops would typically see 300kB to 1MB per PC of data traffic generated by MAP. 3. What’s the impact on each computer? Very minimal. The MAP tool only pings about 30 machines at any given instance.
The Office Migration Planning Manager (OMPM) is a resource provided by Microsoft to help customers and partners size up potential file migration issues.This slide is offered to provide a snapshot of what OMPM provides – the tools drill down module provides additional details this tool and how it can be leveraged.OMPM is a collection of tools that enables you to prepare your environment for migration to the 2010 Microsoft Office system. OMPM checks for, and reports on, file properties to help you analyze your environment and determine any issues that you might experience converting from Office 97-Office 2003 file formats to the new 2010 Office system file format. OMPM includes the following features: OMPM focuses primarily on converting old files to the new file formats. When OMPM shows an error or highlights a warning on a file; That does not mean the file will not open in the 2010 Office system (almost all older files can open in compatibility mode). It only means that saving it into the new Open XML format might cause problems. OMPM has 4 components discussed in more detail below: 1. Scanner 2. Database 3. Reporting Tools Seehttp://technet.microsoft.com/en-us/library/cc179179.aspx for additional information (Note only the Office 2007 is available until near Office 2010 RTM – this version can be used to begin assessments)
The Office Environment Assessment Tool is part of the App Compat kit located on TechNet.This slide is offered to provide a snapshot of OEAT provides – the app compat drill down module provides additional details this tool and others in the app compatibility kit.OEAT is a new tool being made available with Office 2010, which enables a comprehensive assessment of the installed add-ins and programs which interface with the Office applications. OEA Tool is not intended to run as a complete inventory analysis on all desktops, but should be used to sample and gather statistics. Add-in compatibility verified by centralized list. *note scans can be performed with non-admin permissions. Not only does it scan and inventory but it offers a service to identify add-ins and applications that have been documented as being supported with Office 2010 via a service (xml file) compiled and hosted by Microsoft.
Realizing Office 2010 – This is an opportunity area for partners to help customers package, deploy, and manage Office 2010At a high level there are 3 key areas to begin planning an Office installation – System, Application, and FilePartners have an opportunity to develop a packaged service offering to enable the customers to readily configure and management an Office 2010 deployment.Configuration of Office 2010 (focused on VL skus) enables partners to build a custom deployment package to fit the specific needs of the customer – this enables a consistent package of Office and supporting elements to be installed in a consistent manager. The Office Configuration Tool is the primary tool used to build these packages – additionally the config.xml element can be leveraged for some packaging such as MUI language packs. OCT is only offered with VL products – but it can activate features, enter MAK keys, set Outlook profiles, and more. The next slides will look at the tool in a bit more detail. Partners have the ability to help customers build or at least understand the options for using the OCT tool and help them design the best package.Controlling the environment is something to consider at time of deployment but also ongoing to keep system required actions in place – it can range from setting up trusted locations to automatically trust documents to de-activating select features of the Office applications. These settings are enforced for the user allowing the admin to keep the environment well managed.The actual deployment of Office, if well planned, is a very simple activity that can be carried in with various mechanisms. The selection of the method will be based on the size and scope of the deployment and the tools available for use. It is important to note that the more advanced methods used SCE or SCCM will make it possible to easily track the deployments in an environment.The partner has an opportunity to offers services to package these activities in a single seamless process for customers, enabling them to keep focused on their core business.
The Office Customization Tool (OCT) is used to create patches that customize the Office 2010 installation. The OCT patches are slipstreamed in at the install time, or can be applied post install for maintenance of existing installations: * Using the Office Customization Tool (OCT) * Using the Config.xml file as an override feature * Setting up command-line options * Enabling group policies Using the OCT to configure user settings establishes the initial default values for the settings. Users can modify most of the settings after Office is installed. You can use the OCT to provide default user settings for the following Office applications: * Microsoft Office Access 2010 * Microsoft Office Outlook 2010Printing Assistant * Microsoft Office Excel 2010 * Microsoft Office Groove 2010 * Microsoft Office InterConnect 2010 * Microsoft Office InfoPath 2010 * Microsoft Office 2010 system * Microsoft Office OneNote 2010 * Microsoft Office Outlook 2010 * Microsoft Office PowerPoint 2010 * Microsoft Office Project 2010 * Microsoft Office Publisher 2010 * Microsoft Office SharePoint Designer 2010 * Microsoft Office Visio 2010 * Microsoft Office Word 2010
Group Policy Admin templatesBy setting policies, you can define and maintain a particular Office 2010 configuration on users' computers. Unlike other customizations, such as default settings that are distributed in a transform (also known as an .mst file), policies are reapplied every time that a user logs on to the network. Alternatively, policies can be reapplied at some other interval that is set by the administrator. Users cannot edit the registry to change the policies. You can set policies that apply to the local computer (and to every user of that computer), or you can set policies that apply only to individual users. You set per-computer policies under Computer Configuration in the Group Policy snap-in. Per-computer policies are applied the first time that any user logs on to the network from that computer. You set per-user policies under User Configuration in the Group Policy snap-in. Per-user policies are applied when the specified user logs on to the network from any computer. To use an Office 2010 policy template, you must load the template in the Group Policy Microsoft Management Console snap-in.
Office Activation TechnologiesOffice Activation Technologies provide methods for activating products licensed under Microsoft Volume Licensing programs. Most Office Volume Licensing customers are familiar with Volume License Keys (VLKs) that were issued under a specific license agreement. This key effectively "bypassed" activation. For Office 2010, Office Activation Technologies help automate and manage the activation process while addressing the piracy and product key management problems that arose with keys issued for Office Enterprise 2007. You can use the following methods to activate Office 2010 by using Office Activation Technologies, which are the same methods used for Windows Vista and later versions of Windows.Key Management Service (KMS). KMS uses a KMS host key to activate a KMS host computer and establish a local activation service in your environment. Office 2010 connects to the local KMS host for activation.Multiple Activation Key (MAK). With a MAK, clients activate Office 2010 online with Microsoft’s hosted activation servers or by telephone.A combination of KMS and MAK.KMS enables organizations to perform local activations for computers in a managed environment without each PC connecting to Microsoft individuallyThis Product Key allows multiple activations against the Clearing House or via a Proxy Activation Server. It is useful where customers do not want or require a Key Management Service In 2007 activation was only required for Retail and OEM.Now, ALL editions must be activated (physical and virtual)Privacy is of utmost importance. Data that is sent during activation is NOT traceable back to the computer or user. It is used to confirm you have a legally licensed copy of the software then aggregated for statistical analysis. It is NOT used to identify or contact you.Office Activation Technologies provide methods for activating products licensed under Microsoft Volume Licensing programs. Most Office Volume Licensing customers are familiar with Volume License Keys (VLKs) that were issued under a specific license agreement. This key effectively "bypassed" activation. For Office ”14”, Office Activation Technologies help automate and manage the activation process while addressing the piracy and product key management problems that arose with keys issued for Microsoft Office Enterprise Key Management ServiceA solution where an organization installs a Key Management Service onto their server infrastructure. The KMS is authenticated against the Microsoft Clearing House once. Special KMS Licenses are included in SKUs that support KMS which cause the Client (or Server) product to activate against the KMS instead of the Clearing House. Each product must re-activate against the KMS after a set period to ensure the product is still being used in the same licensed environment. Multi Activation Product KeyThis Product Key allows multiple activations against the Clearing House or via a Proxy Activation Server. It is useful where customers do not want or require a Key Management Service. The customer purchases one MAK Product Key per agreement. The number of activations per MAK can be increased during the life of the agreement up to a set limit. The process of increasing the MAK activation count is managed by OSIT and is outside the scope of this Spec.
Often sold as silver bulletStill a maturing technology – related to consumer versions via Click to RunNote – The Microsoft Deployment Tracker Survey for H2 FY09 indicates that following interest levels for Breadth customers:Have Already Implemented:19.6%Plan on Implementing in the next year: 2.3%Plan to in 1-3 years: 5.4%Plan in more than 3 years: 1.6%No plans: 71.1%This is not a virtualized desktop solution – this is just virtualizing the apps, which means a better experience for userEnables coexistingSingle maintenance/deployment scenarioFYI - Core of work might be referred to as “office redistributable”Improvements to custom code at setupCreated a redistributable to facilitate volume activation when Office is virtualizedPerformance improvements that accrue to virtualized OfficeAlso, as a result of work done to build Click to Run offer, improved the App-V experience (also recognized through locally installed redistributable):
As noted in the customer research user training and support are key pain points for customers when they consider Office. Microsoft provides a set of tools and content which can leveraged to build a service offering to meet the concerns raised by the customer. These resources are not only for post-installation support but it can start very early with education for IT admins as they begin the planning process.
These are samples of the content provided online and packaged in the Office portal for on premise deployment. Services can help improve this content and ensure it is targeted to the right users.
This figure is an interpretation from the SANS Top Cyber Security Risks article shows the number of vulnerabilities in Network, OS and Applications. You can see that the number of vulnerabilities discovered in Applications is far greater than the number of vulnerabilities discovered in operating systems.On the rise are quiet attacks on desktop programs, which means that application desktops are under threat. An example; there are a number of email attacks are targeted at commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office.Microsoft have taken these attacks seriously and have made a great investment on minimising these attacks in the Office 2010.
Let’s set the stage by looking at the Office Security Bulletin, which looks back to when Office 2003 was shipped. You can see the trend line was looking good up until around 2 years later where there was a significant rise. This is when the fundamental landscape of security changed and attacks in the industry and world as a whole changed. Microsoft had improved operational security and defending servers, but by making the server infrastructure better the attackers decided to look elsewhere. They moved onto the client space.So in Office 2007 Microsoft made some changes. They had done a lot of work on the engineering fundamentals – raising bugs, fixing bugs, raising the security level bar as a whole. This included educating the testers and having people work on finding bugs and then raising it with Microsoft to fix. They also changed the file format. This made huge improvements and as you can see in this pie graph that 72% of the vulnerabilities did not effect Office 2007. Although this is great, there is still the 28% that needs to be worked on.One of the security engineering areas that have been worked on is the fuzzing iterations which we will talk in more detail about later in this presentation. You can see in this graph that it was introduced in Office 2007 and has increased significantly in Office 2010.
Layered securityThis model means attacks have multiple layers to crack to impact the systemIn Office 2007 there were changes in the security engineering push which has helped move 2010 in the right direction for security. In Office 2010 Microsoft have developed a tier approach to security that we call the layered defence. Harden the Attack Surface:The aim for 2010 is to reduce the number of points to defend which helps to harden the attack surface. This is realized in the core guiding design tenets for Office 2010. First security is an overall theme for Office 2010 and considered throughout the product design. This security approach is aimed at minimizing the threats which exist in the world today as the attacks on applications continues. The UI is a key principle to help users make the right decisions with minimizing the impact and potential for confusion. Office 2010 takes advantage of what the operating system provides for protection by integrating Office 2010 with it. Support for Data Execution Prevention (DEP)/No Execute (NX) – Malicious executable codes will be prevented from executing. In order for malware to be able to run, it would need to find a way around DEP, Address space layout randomization (ASLR) and GS (buffer over run) and then find a way to break out of the protected view.Leverage new image Parsers – Built from more recent code rather than legacy codeRobust & Agile Cryptography – Supports different algorithms loaded on OSIT Control – with the new security design Office 2010 offers IT admins the ability to better enforce and control the environment such as the ability to enforce domain password protection complexity for Office documents.Reducing the Attack Surface:Office 2010 works with existing file block functionality and also a new file validation tool to reduce the attack surface. File validation has been implemented to look for anomalies in the file definition against our known standards and block unexpected variations from being loaded and processed – thus it is looking for the issues we have not yet singled out.File block enables the user to access content but limit exposure, thus users remain productive while the environment remains secure.Mitigate the exploits:The impact on systems are minimised as 2010 introduces the ‘Protected viewer’ which allows files to be opened without causing harm to the system. This approach offers a sandbox to isolate the impacts a file can have on the system & it provides the user the ability to make an informed decision about trusting a document.Improve User Experience:The security changes should not impact the user’s experience in a negative way. Users will not have to think about whether to open the file as it may not be safe because it will open from within protected viewer automatically. This view happens automatically w/out the user being asked to take actions. This reduces the number clicks the user will need to take to view and edit a file. Additionally once a decision has been made the action is recalled for future access to the same file, thus a user doesn’t keep answering the same trust question.
Demo of protected viewerOpen document from internet locationAs doc opens doc is initially placed in protected view sandbox –however user has the ability to review document and only needs to take action if they intended to edit or take action on the document.Once the user has made the decision the same doc can be opened from that location again – the trust decision is recalled and the user can immediately have full access.Secondary Demo – Outlook Preview – frame with dicsussion about preview in Office 2007 where user had to first make a decision to see the document in the preview.
Document is opened from an untrusted location – in this example an external email attachment. The doc is immediately opened for view but it is sandboxed so any harmful code would be contained. Note users can view the document, even copy content from the document w/out taking any additional actions.The user can get more details if they wish – displayed in the backstage – this step is optional.Once the user clicks Enable editing button the doc is made available for edit with all of the application features. If the user opens the same doc again the selection is recalled and it will automatically open w/out the protected viewer.
Office 2010 offers several features that help reduce the risks for the your enterprise – this covers compatibility, data integrity, access, and data retention
Office 2010 offers “checkers” in the backstage viewChecker’s use can be configured and controlled by GPOAccessibility Checker – helps aid doc compliance with accessibility standards – combines standards into a universal checker – applies word, PowerPoint, excelCan be forced to runRisk level is assessed in the check – errors and tipsNote that as we move to more Office content being posted on line compliance with these standards will become increasingly important.Definitions: 508 – refers to section 508 of US law - Section 508 requires that Federal agencies' electronic and information technology is accessible to people with disabilities. IT Accessibility & Workforce Division, in the U.S. General Services Administration's Office of Government wide Policy, has been charged with the task of educating Federal employees and building the infrastructure necessary to support Section 508 implementation. Using this web site, Federal employees and the public can access resources for understanding and implementing the requirements of Section 508. http://www.section508.gov/WCAG 2.0 - Web Content Accessibility Guidelines (WCAG) 2.0 - http://www.w3.org/TR/WCAG20/
Info Control – is now more extensible in 2010New feature is the document inspector, leverages fact that doc is open xmlUnique rules can be implemented to fit specific business checking needsThis is important to keep your data controlled to check and inform users of unintentional data before a document is shared – examples include email/contact info in the document properties, hidden comments, or even hidden data columns.Enforcing these checks can ensure data is safe and sanitary before it is published widely.Compatibltiy inspector will indicate a document’s compatibility with prior versions and provide specific guidance on the impacts of the compatibility feature that could be impacted – this is a great feature as organizations work to deploy or collaborate with orgs which do not have the latest Office versions deployed.Office 2010 will be your friend with the feature that allows users to recover drafts – even after you said you didn’t want to save the document – in the versions area.We also need to note very rich rights management capabilities can be leveraged with the coupling of a Windows rights management server – Office even allows federated rights to be utilized to keep documents restricted across federated organizations.Group policy objects can be leveraged to manage these features and many more.Suggestion – doc inspector and accessbility checker in action by simply using 2010 to check this document.
The Retention policy is a flexible archiving tool that can be configured centrally (?) to ensure that email is retained as per a company’s compliance policies. Retention can be organised down to the item level.Note that the UI elements are native to Outlook, however notes and options require Exchange 2010
Office Web Application Companions (WACs), were announced this year Key component in our “Access Anywhere” message In this release, adding the ability to access content on a SP site and edit it through the browser! UE that is very similar to the Rich-Client experience Major selling-point for low functionality scenarios or a remote/mobile workforceWeb Apps available for:Microsoft® Office PowerPoint® Microsoft® Office OneNote®Microsoft® Office WordMicrosoft® Office Excel®Web apps are licensed with Office Standard or Pro Plus for on premise deploymentsWeb apps enable both quick in browser high fidelity viewing and light weight edit from the browserNote that Outlook Web Access is NOT a office web app
We are the “only” web-based productivity apps that you can host in your on-premises. To be clear not that we will offer the web apps publicly on Windows Live (they can try it out with SkyDrive) but it will also be available as a hosted service.The on premise deployment of office web apps is based on SharePoint – thus to deploy Office Webs you must install the web apps on a SharePoint server or SharePoint Foundation sever. The on premise deployment option provides local administrators the ability to control the use of the web apps to best support the business needs.The web apps are focused on:Providing a familiar Office Experience – the web apps retain the UI Ribbon them used in the Office applications to provide a consistent user experience.High Fidelity – users should expect documents to appear as they intended regardless of the medium – web apps providing a clear representation of the document in the browserRound tripping – in short if you edit docs in the web apps data won’t be lost – if objects are not supported for edit, i.e. embedded videos, a place holder is shown – the app doesn’t strip your content – thus if you return the client application your information is retained
Web Apps can be taken to the phone with select phone micro browsers – this enables viewing of the Office documents. This greatly expands the audiences which can access your documents. Note that the content is coming from your SharePoint server, thus the user must have access to reach that site to utilize this feature.It is important to note this support is for the SharePoint on premise WACs only at this time.Additionally in a similar fashion PowerPoint broadcast is supported for the phones as well, thus enabling authorized users to view broadcasts from a mobile device.
Office Mobile 2010Applications includedSharePoint Workspace Mobile: New!PowerPoint Mobile: All new version featuring EditingWord Mobile: Office 2010 compatibility, Touch gesturesExcel Mobile: Office 2010 compatibility, Touch gesturesOneNote Mobile: Office 2010 compatibilityAccess Documents Over the Air Open documents directly from SharePoint; edit them and save back to the server easilyView Document Libraries & Lists Quickly connect to a SharePoint server and access content right from phoneSync document to phone and Access Offline Sync documents to phone to access them later; edit them offline and save them back to server when reconnectedApps designed to support high fidelity round trippingQ:What are the requirements for Office Mobile 2010? Do I need SharePoint or Exchange?A: Office Mobile 2010 Requires a phone running WinMo 6.5OM 2010 supports Word, Excel, PowerPoint files 97-2010SharePoint Workspace Mobile 2010 requires SP 2010 server & Universal Access Gateway server be deployed for Mobile VPN connectivityExchange is not requiredCommunicatorThe 2007 R2 version of Microsoft® Office Communicator Mobile is an enterprise application for mobile devices that helps you quickly find and communicate with your colleagues. The application is designed to make communication easier and more accessible and includes real-time presence information, single number reach support and rich instant messaging (IM) capability all with a familiar look and feel similar to the desktop version of Microsoft Office Communicator. Systems Center Config Manager (SCCM) can be leveraged to manage the apps and enforce policies
Office 2010 can leverage servers, services, and an extensible UI to make the Office client become richer:Servers: Office 2010 features become richer when connected to server componentsThese are example servers which the Office client readily connects to light up advanced features – this not a full list of features or server components are covers the most frequent ones. It is important to see how the client can continue to deliver more advanced features as the organization becomes more advanced overtime and the needs of the customer evolve – we are plugging into the platform for the best experience and a single platform IT services platform.
Example of how the services are exposed and how the ribbon can be customized to meet the needs of the business.
Enhance connectivity to servers and services. With Office 2010, use Backstage, Office Web Apps, and SharePoint Workspace to connect with important business information and services, online and offline, without having to leave the familiar Microsoft Office environment.2010 – making is drop dead simple to connect to SharePoint using the backstage – how to save, how to start sp workflowExample and Detail around how customizable the Office UI is and what the IT person needs to know to be able to do it.Basic Design TenantsRibbon acts on what you seeScenario basedMail: All about triaging and acting on mailCalendar: Manage your schedule, schedule mtgsConsistency Across ModulesSame set of tabsCommon commands located in the same place across all modulesLeft side: Create new itemsRight side: Find peopleMiddle: What you need to do there
In this demo first explain backstage general term and then discuss extensibility of backstage. With the sample add-in provided with the demo package you can show a customized backstage and how it can link to processes and SharePoint workflows.Share-Save to SharePoint, note SharePoint locations (from connect to my computer)Note it can be prepopulated by admin during deployment – user can build/manage own sites in app or in SharePoint doc librarySame experience across the applicationsImportant to note you can add tags from the app for SharePoint
Objective of Slide & Key MessageOffice 2010 Tech Center, which can be accessed on technet at the following URL: http://technet.microsoft.com/office/ee263913.aspx
Hardening the attack includes security engineering which we have spoken about earlier.Microsoft have also worked on additional areas to protect workstations from threat. They take advantage of what the operating system provides for protection by integrating Office 2010 with it.Support for Data Execution Prevention (DEP)/No Execute (NX) – Malicious executable codes will be prevented from executing. In order for malware to be able to run, it would need to find a way around DEP, Address space layout randomization (ASLR) and GS (buffer over run) and then find a way to break out of the protected view.Leverage Work Item Querry Parsers – Built from more recent code rather than legacy codeRobust & Agile Cryptography – Supports different algorithms loaded on OS; password protection complexityDomain enforced password complexity
This new feature of Office 2010 scans an Office file when it is opened and validates it against well-known schema for its ‘correctness’. If the validation fails, it will open in protected viewer as read-only. File validation focuses on binary file formats that are pre Office 2007 XML format. This is because a lot of the attacks have been targeted at this type of file format.Office file validation will validate a document in binary file format against a valid documented schema file format.Any exploits will need to meet the valid documented schema format before it will get validated.To make sure the schemas are updated quicker they are updated through Windows definition updates. Because updates are sent through definition updates and are small it allows a faster process that bypasses testing and gets to the desktops quicker for protection.
In previous versions of office there’s a file block feature. In Office 2010 the file block now has improvements to the Trust Centre and also has improved the user experience on blocked file feedback through the UI. Files that are blocked are opened within the ‘sandbox’ by default.Administrators have more control and options for the security settings via group policy. They can define which file types to block and have open in the protected viewer.Scenario – there has been an alert on file type .doc circulating in email attachments that are causing harm. File block is used to block all .doc files until the issue has been addressed. While .doc files can still be opened, they are opened within the protected view with read-only access.Scenario - An IT administrator at a hospital needs to retain access to Word 2.0 documents, but doesn’t need to edit or create such documents. He’d like to eliminate the risk of a vulnerability in that old format enabling an attack. Using the new File Block controls, he can tell all Word clients to display all Word 2.0 files in the protected mode viewer, and disallow the creation or editing. He gets the best of both worlds.
The protected viewer is an new security defense for Office 2010. It’s an improvement on the MOICE feature that was developed for Office 2007. MOICE was used to convert potentially risky binary file types to XML format to try remove any exploit code that was hidden away within the file. The downside to MOICE was that some files took a long time to convert and users would get frustrated at the amount of time it took to open the files.Protected view opens your files in a ‘sandbox’ giving you a read-only view. The goal is to stop malicious code from tampering with your document, profile or other user settings. It doesn’t convert your file to a safer format but allows you to view the file within an environment that will not allow malicious code access to your system. You can then determine whether it is safe to allow it to be edited. Word, Excel, and PPT files can run within the ‘sandbox’ when opened. In Outlook, any attachments opened from the within the preview option will open in the ‘sandbox’.Users can make better trust decisions because they can view the attachments or documents before deciding whether they trust them or not.Scenario – An email that has come through has an attachment that you are unsure of. You can now open this email without worrying about malware attacking your system as it is automatically opened in the sandbox.Scenario - A secretary receives an invoice in email threatening legal action if the invoice is not paid. She opens the supposed invoice to see what it is. Unfortunately for the attacker, Office File Validation detects that the file has been tampered with, opens the file inside Protected Mode and warns the user that the file likely contains malicious content.
Users now can make better trust decisions as they are able to open the file within protected viewer view the contents of the document first.Un-trusted files are opened within protected viewer automatically. If you want to remove it from protected view, you just click the button to enable editing.Once you have saved a file and opened and enabled for editing, Office will remember your selection and will not open that particular file in protected view again.Explain that the user can now view the documents prior to making decisions on trust.
User can see the retention policy in action with the ability to see the policy information on individual items.User education regarding retention policy is a major part of ensuring compliance. Users are now able to see exactly what the policy is on each item. Note that the UI elements are native to Outlook, however notes and options require Exchange 2010
Many IT shops forget (or were never even aware) of the host of migration and deployment tools that Microsoft makes available to facilitate your deployment. We won’t spend time on these in this hour but recognize that there are important tools for every phase of your migration and deployment process.More information can be found on each of these tools on TechNet’s Office Resource Kit – OnRamp Deployment tools module will detail each of the tools.
Use this slide to communicate that the feature set of the applications that are enhanced by linking to server products – it is important to note the a client continues to become richer as server services are brought online
Relationship with Developers and IT ProsThis is large area of focus for 2010 – required to ensure customers can make the transition to 2010
Office Environment Assessment toolComprehensive environment scanning tool. Currently installed applications and installation environment.Add-ins currently in use by Office clientsPrograms that are not registered as add-ins but still interact with Office programsEnvironmental assessment (potential upgrade issues)Add-ins assessment - list of 3rd party programs and information about the program’s compatibility with Office 2010Office 2010 Compatibility Inspector ToolThis tool will integrate into Office VBA and VSTO:Use information collected from OM differences and perform a simple text search (likely candidate search) for known properties and methods in the Office OM that changed.It will give the user the option to comment/mark those areas in the code where text search has identified a possible OM match. Basic scanner where “definitions” and remediation links will be updated from a central online location.Summary of total lines of code scanned as well as total lines identified as potential candidates for OM changesA detailed report, with module name, line number, and links to remediation for each issue found with possibly a RED/Yellow flag for impact guidance.Office Migration Planning ManagerFile Scanning and reporting tool Provides detailed information regarding potential file format/document compatibility issues before migrationCommand-line scannerCan be run remotely or locallyAggregates information in a provided databaseDefines compatibility challenges (e.g.): Scan macro code for 32bit vs. 64 bit compatibilityContentApplication Compatibility Analysis and Remediation Guide” migration to Office 2010. Guide to an environmental assessment. Assist customers will identifying areas of Office that may be concern for them.Per Product: Excel, PowerPoint, Word, Outlook, and AccessWill include per product list of known issues that may present problems to migration and possible workarounds/alternatives/solutions (remediation).This will also include top OM changes that will affect migration of add-ins, templates and macros.Non-pro developers articles for migrating Macros & VBA solutions on MSDN.comExcel Macro migrationAccess Macro / run-time migrationOutlook migrationWord Migration