Preface
This is my continuation of To Hell and Back with Office 365 in VDI blog post. There’s a lot of information in there that helped lead me to this solution for running Office 365 on a non-persistent VDI.
Stephen Wagner’s blog was where I found most of the configurations needed for the GPO and ODT file. I am not going to detail these settings in this blog.
Let’s get to work
I’m setting up a new Citrix farm that will need to run Office 365. We’re trying to get away from roaming profiles, so I started out with all profile management disabled. The VMs will be non-persistent, meaning all changes will revert back to the original state on the master image. I am also integrating this with Azure AD. I hope this blog post can save someone else the headache I just went through.
We were using published apps before (Office 2016) and I tried to configure that first with O365. This does not work with Microsoft’s modern authentication.
You will find a CTX that tells you a workaround is to disable modern authentication. You will also find a Microsoft article telling you NOT to do this as well as a support matrix indicating that this is NOT supported by Microsoft.
Ok, but if you’re like me, you try it anyway. It doesn’t work. Outlook will simply never open, it hangs on the “loading profile” screen.
Onward to configuring O365 in a published desktop! Microsoft supports it! This shouldn’t be too difficult!
Of course, it is not as simple as switching the Citrix delivery group from Apps to Desktops.
My recommendations
- You will be adding a couple of GPOs, user registry entries, and a logonscript. If you want to keep it clean, do it all through a GPO or WEM and keep it in one place.
- The
HKCU (CURRENT_USER)registry keys need to be configured through a GPO or WEM. You can’t do it locally on the master image.
Group policy settings
You’ll find these settings on other blogs, like I said above, I’m not going to get into that here. I would simply be copy & pasting.
Office Deployment Tool .XML File
You need to configure this file to run with the Office install. The main setting to pay attention to is the following:
<Property Name="SharedComputerLicensing" Value="1" />
Joining Azure AD
You will also need the VMs to be hybrid joined to Azure for this to work at all. I setup a scheduled task to run at LOGON under the SYSTEM account executing the following command:
dsregcmd /join
Since this is local to my master image, I do a dsregcmd /leave as part of the sealing procedures.
There is a scheduled task for dsregcmd /join to run at startup by default in windows, so you don’t need to add this. The reason you need another one at logon is to generate the USER Primary Refresh Token (PRT). The startup join will only generate the DEVICE PRT.
Profile Solution: FSLogix
I literally only need the Office Activation license to stay with the user and did not want to deal with Citrix Profile Management or any type of profile management solution. Trying to exclude everything but the license file sounds great in theory, but it didn’t work very well.
I found the best way to do this was to use FSLogix Office Container with all default settings. The user will be prompted to activate Office the first time they login, but FSLogix saves this in the VHD and it will roam with the user to other VMs in your Citrix farm.
I wasn’t able to fully avoid a profile management solution, but I feel like this is as lightweight as it can be without greatly impacting the user experience.