Today’s case for a global\u00a0NGO with a fully EMS licensed user base covers the distribution and installation of a large number of templates for Microsoft Word, including a normal.dot, macro’s and the required group policy settings to make word use these templates.<\/p>\n
Requirements:<\/p>\n
- \n
- A test user with an EMS licence (or seperate Azure AD Premium and Intune)<\/li>\n
- Source files<\/li>\n
- Google<\/li>\n
- Advanced Installer<\/a> (free license)<\/li>\n<\/ul>\n
Steps:<\/p>\n
First, let’s start a ‘Simple’ project in Advanced Installer, this does not require a license, and drag your files into a new folder under Program Files in the Files and Folders menu:<\/p>\n
![\"ai_templates_1\"](\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2016\/09\/ai_templates_1.png\")
<\/a><\/p>\nThese will then end up in the c:\\program files (x86)\\<chosen foldername> location on the target client.<\/p>\n
Searching for the right registry keys corresponding to a GPO setting?<\/a><\/em><\/p>\n
Now create registry keys under the correct Office registry branch (16.0 for Office 2016) to direct Office to the right location. SharedTemplates should point to the folder where your company templates exist. UserTemplates should point to a folder where the user has write-access, usually somewhere in AppData.<\/p>\n
![\"ai_templates_2\"](\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2016\/09\/ai_templates_2.png\")
<\/a><\/p>\nMy templates have a so called startup folder<\/a>, if you point word to this folder Word will load all templates in there, our most important one was a normal.dot containing a selector macro, lets set the registry key for that:<\/p>\n
![\"ai_templates_3\"](\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2016\/09\/ai_templates_3.png\")
<\/a><\/p>\nAnd don’t forget to add a few keys to ensure the locations we’ll be making word access are trusted locations:<\/p>\n
![\"ai_templates_4\"](\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2016\/09\/ai_templates_4.png\")
<\/a><\/p>\nNow that our files and settings are configured, we’ll set the Build Parameter to “Per machine if user is administrator, per user otherwise”<\/em>. This is the first requirement that will cause the registry keys to end up in the right location (HKCU):<\/p>\n
![\"ai_templates_5\"](\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2016\/09\/ai_templates_5.png\")
<\/a><\/p>\nNow just press the build button in the top left and you’ll end up with a single, clean and working MSI file. Log in to the Intune console<\/a>, and go to the Apps section.<\/p>\n
Click Add Apps and load the on demand configuration tool:<\/p>\n
![\"ai_templates_6\"](\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2016\/09\/ai_templates_6.png\")
<\/a><\/p>\nEnsure you have selected “Windows Installer through MDM”, the other methods won’t work.<\/p>\n
![\"ai_templates_7\"](\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2016\/09\/ai_templates_7.png\")
<\/a><\/p>\nAccept all other default settings or configure as you please and press Upload.<\/p>\n
Once the upload completes, you’ll see the app in the Intune Console, but this won’t distribute the application yet, for that you’ll have to click ‘Manage Deployment” and configure a user based deployment:<\/p>\n
![\"ai_templates_8\"](\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2016\/09\/ai_templates_8.png\")
<\/a><\/p>\n![\"ai_templates_9\"](\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2016\/09\/ai_templates_9.png\")
<\/a>![\"ai_templates_10\"](\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2016\/09\/ai_templates_10.png\")
<\/a><\/p>\nAnd voila, within the hour your devices will have their templates deployed straight from Intune.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Azure AD, Intune and Windows 10 offer an incredibly nice light management option, where your users can use any Windows 10 Pro or higher device and simply join it to your Azure AD on their own. Intune then allows you to enforce your security policies on those devices, and to distribute AppX and MSI packages … Continue reading EMS case: distributing Office templates and macro’s to your users on Windows 10 mobile managed Azure AD Joined devices<\/span>