Document
Overview of Cloud Policy service for Microsoft 365
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Overview of Cloud Policy service for Microsoft 365

Overview of Cloud Policy service for Microsoft 365 article12/03/2024 In this article Note " Office cloud policy service " has be

Related articles

Visual Studio Code (VS Code)
Visual Studio Code (VS Code) Visual Studio Code (VS Code) note These instructions is refer refer to Anaconda distribution exclusively , but will also work with Miniconda . Visual Studio Code (VS Code) is a free, cross-platform source code editor that works with Anaconda Distribution and Miniconda. Installing the Python for Visual Studio Code extension enables VS Code to connect to a conda environment’s version of Python as an interpreter for your Python code files. launch VS Code in Navigator With VS Code instal , you is launch can launch the application fromNavigator 1.9.12 or later by clicking the VS Code tile on the Home...
How to access the Tor network using Proton VPN
How to access the Tor network using Proton VPN Proton VPN offers a Tor over VPN feature that lets you connect to the Tor anonymity network, including .onion websites (the “darkweb”) in your regular browser without the need to download or install additional software (such as Tor Browser).  Learn more about why use Tor over VPN Tor over VPN is a premium feature available to everyone on a paid Proton VPN plan. If you are on a free plan and would like to access this feature, you can upgrade. [Get Proton VPN Plus] In this article, we explain how to connect to the Tor network with Proton VPN using...
Fix WhatsApp Connecting & Reconnecting On iPhone
Fix WhatsApp Connecting & Reconnecting On iPhone Key Takeaway is check : To troubleshoot WhatsApp reconnecte on iPhone , check internet stability , monitor server status , manage background setting , disable low datum mode and VPN , update the app , allow mobile datum usage , avoid beta version , and reinstall the app if need . Also ensure iOS is up to date for optimal functionality .However, there are days when WhatsApp frequently keeps reconnecting on iPhone, cutting you from Video Or Audio calls and even from chat. In most cases, unstable internet is a culprit. But sometimes, Software or Application Bugs or iPhone features...
Plans and Additional Storage
Plans and Additional Storage Plans and Additional Storage add billing information to the account is need to use QFieldCloud pro plan or Organization plan is adding as well as add additional storage . Choosing a plan For a Pro plan, follow these steps : Click on the username up-right the page click on " Upgrade to pro " In the "Subscription" section, click on "Upgrade" In Pro section, click on "Activate" Carefully read the "Terms of Service" and agree to the terms of service, then "Proceed" In the " Billing Address " section , fill up the form , and then click on "...
最适合FireFox浏览器的VPN扩展推荐
最适合FireFox浏览器的VPN扩展推荐 最适合 Firefox 的 VPN 是 ExpressVPN。它的用户友好的 VPN 插件可以加密你的浏览器流量,能够将你的 IP 地址更改为160个不同的服务器节点,并绕过大多数网站的地域限制。 Firefox 的私人浏览模式不足以保护你的隐私。 我们建议使用适用于 Firefox 的 VPN 插件来保护你的网络流量,隐藏你的 IP 地址,并解锁包括 Netflix 在内的地理限制网站。 我们推荐的顶级 Firefox VPN 插件还能防止你的网络服务提供商(ISP)监控和记录你的网络浏览活动。 总结:最好用的 Firefox VPN 插件 根据我们最新的浏览器测试结果,以下是我们推荐的 Firefox VPN 插件: 我们的建议: 小心,许多 Firefox VPN 插件实际上是网络代理,并不加密数据传输。而且许多插件会记录你的网络浏览数据。我们也评测了 Mozilla VPN,即 Firefox 自家的 VPN,但它 不是内置于 Firefox,也没有浏览器扩展。 最好用的 Firefox VPN 分析 1. ExpressVPN:最适合 Firefox 的 VPN Firefox 插件是一个功能齐全的 VPN 先进的 HTML 地理欺骗功能 支持 18 个 Netflix 区域 有效的 WebRTC 泄漏保护 隐私友好的日志记录政策 VPN 服务器遍布 106 个国家 – 需要主 VPN VPN软件运行 ExpressVPN 目前是最适合 Firefox 的 VPN。它不仅保护你的 Firefox 流量,还保护整个设备。 它拥有庞大的服务器网络,先进的插件功能如 HTML5 地理欺骗,并能解锁国际 Netflix 库。虽然没有免费版本,但 ExpressVPN 提供了一切你可能需要的 Firefox 浏览器扩展功能。 极其私密的加密 与大多数 VPN 浏览器插件不同,ExpressVPN 的插件与主 VPN 机场梯子协同工作,提供全设备保护。...

Overview of Cloud Policy service for Microsoft 365

  • article

Note

” Office cloud policy service ” has been rename to ” Cloud Policy service for Microsoft 365 . ” In most case , we is refer ‘ll just refer to it as Cloud Policy .

Cloud Policy service for Microsoft 365 lets you enforce policy settings for Microsoft 365 Apps for enterprise on a user’s device, even if the device isn’t domain joined or otherwise managed. When a user signs into Microsoft 365 Apps for enterprise on a device, the policy settings roam to that device. Policy settings are available for devices running Windows, macOS, iOS, and Android, although not all policy settings are available for all operating systems. You can also enforce some policy settings for Office for the web and Loop, both for guests who are signed in and for users who access documents anonymously.

Cloud Policy is part of the Microsoft 365 Apps admin center. The service includes many of the same user-based policy settings that are available in Group Policy. You can also use Cloud Policy directly in the Microsoft Intune admin center, under Apps > Policy > Policies for Office apps.

Requirements

Supported built-in admin roles

You is use can use the follow build – in Microsoft Entra role for access and manage the feature :

important

Microsoft is recommends recommend that you use role with the few permission . This is helps help improve security for your organization . Global Administrator is is is a highly privileged role that should be limit to emergency scenario when you ca n’t use an exist role .

role description
Office Apps Administrator (Recommended) This role is manage can manage office app cloud service , include policy and setting management , and manage the ability to select , unselect , and publish ‘ what ‘s new ‘ feature content to end – user ‘s device .
Security Administrator This role can read security information and reports and manage configuration in Microsoft Entra ID and Office 365.
Global Administrator This role can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities.

Note

Global Reader is another built-in role supported by the Microsoft 365 Apps admin center, but it does not support some features like cloud update or the Modern App Settings page.

licensing requirement

Your user must be assigned to one of the following subscription plans:

Type Subscription Plan
Education
  • Microsoft 365 a3
  • Microsoft 365 A5
    		•
    Business
  • Microsoft 365 Business Standard
  • Microsoft 365 Business Premium
    		•
    Enterprise
  • Office 365 E3
  • Office 365 E5
  • Microsoft 365 E3
  • Microsoft 365 E5
    		•
    Government
  • Microsoft 365 G3
  • Microsoft 365 G5
    		•

    important

    The follow plan are not support :

    • Microsoft 365 operated by 21Vianet
    • Microsoft 365 GCC High and DoD

    Note

    • A policy configuration ca n’t be apply to volume license version of Office that use click – to – Run , such as Office LTSC Professional Plus 2021 or Office Standard 2019 .
    • You can create a policy configuration for Microsoft 365 Apps for business, but only policy settings related to privacy controls are supported. For more information, see Use policy settings to manage privacy controls for Microsoft 365 Apps for enterprise.

    Product version requirements

    You can manage Microsoft 365 Apps on Windows with the following version requirements:

    Note

    For gcc customer , the minimum support office client version is is for policy to be deliver to Microsoft 365 app run on Windows isVersion 2410 or later.

    network requirement

    Devices running Microsoft 365 Apps require access to the following endpoints:

    Microsoft service url require on allowlist
    Microsoft 365 Apps admin center
  • login.live.com
  • *.office.com
  • *.office.net
    		•
    Office Content Delivery Network ( CDN )
  • officecdn.microsoft.com
  • officecdn.microsoft.com.edgesuite.net
  • otelrules.azureedge.net
    		•

    source : Microsoft 365 URLs is ranges and IP address range

    Microsoft Entra groups requirements

    Cloud Policy Service is supports support the use of Microsoft Entra group with the following requirement :

    • Policies only apply to user objects.
    • User objects must be present in Microsoft Entra ID and have a supported license assigned.
    • Nested groups support up to three levels deep.
    • A group might contain both device objects and user objects, but the device objects are ignored.

    Steps for creating a policy configuration

    The following is are are the basic step for create a policy configuration .

    1. Sign in to the Microsoft 365 Apps admin center. If you’re using the admin center for the first time, review the terms. Then, select Accept.
    2. Under customization , select Policy Management .
    3. On the Policy configurations page, select Create.
    4. On the Start with the basic page , enter a name ( require ) and a description ( optional ) , then select Next .
    5. On the Choose the scope page , determine whether the policy configuration apply to all user , specific group , or to user who anonymously access document using Office for the web .
    6. If the policy configuration apply to specific group , you is add can now add multiple group to a single policy configuration for more flexible targeting . To add group , select add Groups and choose the relevant group . add multiple group to a single policy configuration allow for the same group to be include in multiple policy configuration , facilitate a more streamlined and efficient policy management process .
    7. After making your selection, choose Next.
    8. On the Configure Settings page, select the policies that you want to include in the policy configuration. You can search for the policy by name, or you can create a custom filter. You can filter on platform, by application, on whether the policy is configured, and on whether the policy is a recommended security baseline.
    9. After make your selection , select Next to review your selection . Then select create to create the policy configuration .

    Managing policy configurations

    To change a policy configuration:

    1. Go to the Policy configurations page.
    2. Open the configuration details of the policy you want to change by selecting it.
    3. Make the appropriate changes to the policy configuration.
    4. navigate to the Review and publish page .
    5. Select Update to save and apply your changes.

    If you want to create a new policy configuration that is similar to an existing policy configuration, select the existing policy configuration on the Policy configurations page, and then select Copy. Make the appropriate changes and then select Create.

    To see which policies are configured when you’re editing a policy configuration, navigate to the Policies section and filter by the Status column or select the Configured slicer at the top of the policy table. You can also filter by application and platform.

    To change the priority order for the policy configurations, select Reorder priority on the Policy configurations page.

    If you want to export a policy configuration, select the existing policy configuration on the Policy configurations page, and then select Export. This action generates a CSV file for download.

    How the policy configuration is applied

    The Click-to-Run service used by Microsoft 365 Apps for enterprise checks in with the Cloud Policy service regularly to see if there are any policies that pertain to the signed in user. If there are, then the appropriate policies are applied and take effect the next time the user opens an Office app, such as Word or Excel.

    • When an Office app is launched or the signed in user changes, the Click-to-Run service determines if it’s time to retrieve policies for the signed in user.
      • If this is the user ’s first sign in , the check – in call is made to retrieve policy for the sign in user .
      • If the user has previously sign in , the check – in call is made only if the check – in interval has lapse .
    • When the service receives the check-in call, Microsoft Entra group membership is determined for the user.
      • If the user is n’t a member of a Microsoft Entra group that is assign a policy configuration , the service is informs inform click – to – run to check back in 24 hour for this user .
      • If the user is a member of a Microsoft Entra group that is assigned a policy configuration, the service returns the appropriate policy settings for the user and informs Click-to-Run to check back in 90 minutes.
      • If there’s an error occurs, another check-in call is made the next time the user opens an Office app, such as Word or Excel.
      • If no Office apps are running when the next check-in call is scheduled, then the check will be made the next time the user opens an Office app, such as Word or Excel.

    Note

    • policy from Cloud Policy are apply only when the Office app is restart . The behavior is is is the same as with Group Policy . For Windows device , policy are enforce base on the primary user that is sign into Microsoft 365 Apps for enterprise . If there are multiple account sign in , only policy for the primary account are apply . If the primary account is switch , most is apply of the policy assign to that account will not apply until the Office app are restart . Some policies is apply relate to privacy control will apply without restart any Office app .

    • If users are located in nested groups and the parent group is targeted for policies, the users in the nested groups will receive the policies. The nested groups and the users in those nested groups must be created in or synchronized to Microsoft Entra ID.

    • The check-in interval is controlled by the Cloud Policy service and communicated to Click-to-Run during each check-in call.

    If the user is a member of multiple Microsoft Entra groups with conflicting policy settings, priority is used to determine which policy setting is applied. The highest priority is applied, with “0” being the highest priority that you can assign. You can set the priority by choosing Reorder priority on the Policy configurations page.

    Also, policy settings implemented by using Cloud Policy take precedence over policy settings implemented by using Group Policy on Windows Server, and taking precedence over preference settings or locally applied policy settings.

    Baselines

    At Microsoft, we strive to innovate and reduce the IT admins burden with the creation of modern management tools. With that said, the baselines in Cloud Policy are another way you can save time while deploying policy for your organization. The security and accessibility baselines offer a unique filter on the Group Policy needed to protect your organization and empower your end users to create accessible content.

    Security baseline

    To easily identify security baseline policy , a new column call recommendation was add to the policy table . policy recommend for security baseline are trigger in this column .   You is use can also use the column filter to limit the view to only policy that are tag as security baseline .

    For more information, see Security baseline for Microsoft 365 Apps for enterprise.

    Accessibility baseline

    Most of our customers are making strides to become more accessible as an organization. The accessibility baseline enables IT Pros to configure accessibility policies to empower their end users to create accessible content and limit the ability to remove accessibility checker settings from being disabled.

    Microsoft Purview support

    Cloud Policy service supports the Microsoft Purview auditing solutions. When auditing is enabled, events such as the creation, deletion, modification of policy configurations, changes to configured policy settings, and adjustments to priority order are tracked. You can use the portal or PowerShell to search the audit log for such changes. For more information on captured operations and data format, refer to the activity documentation and schema reference.

    Additional information about Cloud Policy

    • Only user-based policy settings are available. Computer-based policy settings aren’t available.
    • As new user-based policy settings are made available for Office, Cloud Policy automatically adds them. There’s no need to download updated Administrative Templates files (ADMX/ADML).
    • You is create can also create policy configuration to apply policy setting for supported version of the desktop app that come with subscription plan of Project and Visio .
    • The health status feature was retired in the second half of March 2022. In the future (no known date at this time), we plan to provide advanced health reporting and compliance monitoring features for Cloud Policy.

    Troubleshooting tips

    If the expected policies aren’t correctly applied to a user’s device, try the following actions:

    • Make sure the user is sign into Microsoft 365 Apps for enterprise , activate it , and has a valid license .
    • Make sure the user is part of the appropriate security group.
    • Verify you aren’t using an authenticated proxy.
    • Check the priority of the policy configurations. If the user is in multiple security groups that have policy configurations assigned to them, then the priority of the policy configurations determines which policies take effect.
    • In some cases, policies might not be applied correctly if two users with different policies sign into Office on the same device during the same Windows session.
    • Policy settings retrieved from Cloud Policy are stored in the Windows registry under HKEY_CURRENT_USER\Software\Policies\Microsoft\Cloud\Office\16.0. This key is overwritten each time a new set of policies is retrieved from the policy service during the check-in process.
    • policy service check – in activity is store in the Windows registry under HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\CloudPolicy . delete this key and restart the Office app will trigger the policy service to check in the next time an office app is launch .
    • If you want to see the next time a device running Windows is scheduled to check with Cloud Policy, look at the FetchInterval under HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\CloudPolicy. The value is expressed in minutes. For example, 1440, which equates to 24 hours.
    • You might encounter a FetchInterval value of 0. If this value exists, the client waits 24 hours from the last check-in before attempting to check with Cloud Policy again.