In front of a packed audience at this year’s Jamf Nation User Conference (JNUC), Microsoft’s Jeff Kalvass, Program Manager for Outlook for Mac, demonstrated a new and easier method for both activating Office 365 and configuring Outlook.
This new feature was introduced in version 16.18 of Microsoft Office 2019 for Mac, which shipped the week prior to the conference and is available now. One-click functionality will be available with version 16.19 shipping Tuesday, November 13.
After logging in to a brand new macOS user account, Kalvass launched Outlook. Because Office wasn’t yet activated, it first displayed an activation window. However, the activation window was pre-populated with the end user’s email address. He only had to enter a password.
From there, activation completed and then returned to Outlook where the Main Window opened, added the Office 365 email account and began downloading messages. That was it. We saw no “What’s New” messages, no prompts to configure additional accounts and no requests to re-enter the same password.
Let’s use Jamf Pro to make this happen.
The magic that makes all this work is configuration profiles. Along the way, we’ll use a few tools that demonstrate end-to-end how plist preference files relate to configuration profiles.
- Jamf Pro server (any version)
- Active Directory or other LDAP service connected to Jamf Pro (recommended)
- Office 365 account enabled for email
- Terminal application
The Active Directory or LDAP server is recommended only to make populating email addresses for multiple end users easier. This connected service automatically populates the Email Address field when a username is added to a computer record in Jamf Pro.
First, we’ll use the Terminal application to make a plist file on the Desktop with the correct settings. Then we’ll load the plist file into a Custom Settings payload in a new configuration profile in Jamf Pro. Finally, we’ll deploy and test.
Create the plist file
A plist file is the foundation of most configuration profiles. Configuration profiles are all about managing plists like those found in an end user’s home folder in ~/Library/Preferences. Applications store their preferences and settings in plists. If we manage the plist, then we manage the application.
Open the Terminal application found in /Applications/Utilities, type or copy/paste the following one-line command and press the return key:
defaults write ~/Desktop/com.microsoft.office.plist OfficeActivationEmailAddress -string '$EMAIL'
This creates a file on your Desktop named ‘com.microsoft.office.plist’. Locate and select that file on your Desktop and tap the spacebar to QuickLook its contents. You should see something similar to this:
The defaults command creates plist files and it populates them with a preference key on one line followed by a value on the next line to manage that setting for an application.
Keys are usually easy to read and understand. In this case, we’re going to use ‘OfficeActivationEmailAddress’ to specify the Office 365 email address that will activate the software.
The value ‘$EMAIL’ is a payload variable. It’s a placeholder for now, but Jamf Pro will replace it with the email address specified in the computer record just before deploying the configuration profile.
The name of the plist file determines which app we’re managing. (Although “Office” is not really an application, this plist manages some settings across all the Office applications.)
Let’s add one more key/value pair. In Terminal, enter this one-line command followed with a return:
defaults write ~/Desktop/com.microsoft.office.plist OfficeAutoSignIn -bool TRUE
And the ‘OfficeAutoSignIn’ key suppresses windows that may get in the way the first time Outlook is launched.
We may also have to create a second plist file for the Outlook application itself if the username for activating Office is different from the email address we’ll configure in Outlook. For example, if we’re using a User Principal Name (UPN) to activate Office but an email address in Outlook, we’ll need to configure an extension attribute with a new LDAP Attribute Mapping to collect this extra information from Active Directory or the LDAP server. For more information see Computer Extension Attribute Input Types.
In Terminal, enter this one-line command followed with a return:
defaults write ~/Desktop/com.microsoft.Outlook.plist DefaultEmailAddressOrDomain -string'$EMAIL'
The final plists look like one of these two examples when viewing with QuickLook. This one plist shows an example where both the Office activation address and email address are the same. We don’t need a separate plist for Outlook.
And these two plists show an example where we’re retrieving the User Principal Name from Active Directory using an Extension Attribute variable named ‘$EXTENSIONATTRIBUTE_4’ and using that as our Office activation address.
Create the configuration profile
Next, we’ll take this plist file sitting on our Desktop and upload it to Jamf Pro to create a new configuration profile that we’ll push to our Macs.
In Jamf Pro, choose Computers > Configuration Profiles and click the New button to create a new configuration profile.
Under the General payload, give the new profile a name such as ‘Office 365 Activation and Outlook Setup’. Set the profile to install automatically and apply at computer level.
Scroll down in the list of payloads, locate the Custom Settings payload and click the Configure button. Click the Upload button and choose the com.microsoft.office.plist file on your desktop. Upload the file. (If the upload fails, follow the instructions in red to convert the plist file to a plain text XML file and upload again.)
Once the settings are complete, click the Scope tab and scope to a Mac or virtual machine for testing. Don’t use the Download button in the configuration profile to download a mobileconfig file for testing. This doesn’t support payload variables.
Once scoped to a test Mac, log in as any user and open Apple menu > System Preferences > Profiles. Locate the ‘Office 365 Activation and Outlook Setup’ profile and select it. On the right, scroll to the payload details and verify Jamf Pro has replaced the ‘$EMAIL’ payload variable with the email address from the computer record in Jamf Pro.
If everything looks correct, launch Outlook.
Click 1 (Office versions 16.18 and 16.17): The first screen displays the Welcome To Outlook message with the Get Started button. Notice it’s informing the end user that Office needs activating.
With Office 16.19, coming mid-November, this screen goes away.
The following screen prompts the end user for his or her Office 365 password. The activation email address or other user name is pre-populated from the OfficeActivationEmailAddress key in the configuration profile.
Click 1 (Office versions 16.19 and later) or Click 2 (Office versions 16.18 and 16.17): After the end user enters the password and clicks the Sign In button, Office activates...
And then Outlook opens and begins downloading mail.
Environments differ between organizations. Some end users may see additional windows that add clicks to the activation and configuration experience, but these can usually be suppressed.
For example, if end users see the Intelligent Services window, use the defaults command from earlier to generate a com.microsoft.Outlook.plist file and upload it to the same configuration profile:
defaults write ~/Desktop/com.microsoft.Outlook.plist PII_And_Intelligent_Services_Preference -bool TRUE
The Mac Admins community has done a great job documenting these and other key/value pairs for managing Outlook and other Office applications. See https://jamf.it/officepreferences.
Good to know
The new activation and setup features don’t require Macs be bound to Active Directory. Only Jamf Pro needs access to an LDAP server to populate the email address in the computer record.
This solution is only ideal for 1-to-1 Macs because Jamf Pro doesn’t allow for more than one email address per computer record.
Deploying a configuration profile that includes the OfficeAutoSignIn key automatically suppresses several first run dialogs. It’s useful by itself, even if Jamf Pro cannot automatically pre-populate the username for Office 365.
Currently, automatic Outlook configuration works only with Office 365 accounts and not on-premises Exchange servers.
This setup and configuration method fully supports Microsoft’s 2-step verification using the Microsoft Authenticator app on a smart phone or watch.
Jamf will post the video for Paul Bowden’s and Jeff Kalvass’ JNUC presentation in a few weeks. Be sure to watch it to learn about additional new manageability features in Microsoft Office and Outlook for Mac. Keep the “defaults write” command handy in case you see some additional settings you’d like to implement for your end users.
Not already a Jamf Pro customer? Take the gold standard for Apple device management for a free test drive and start putting these workflows to use in your environment.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.