Deploy Office 365 Updates Using SCCM

This post is a step by step guide to deploy Office 365 updates using SCCM. SCCM makes it easy not to deploy Office 365 but to manage office 365 software updates as well. In my previous posts, I covered on deploying Office 365 using SCCM. I also posted Office 365 client management dashboard details.

After you deploy Office 365, deploying software updates is the next major task. SCCM has the ability to manage Office 365 client updates by using the Software Update management workflow.

Office 365 updates when deployed to client computers are first downloaded in local client cache. Since Office 365 client updates are huge, ensure that you configure the cache settings prior to deployment. Starting with SCCM 1606, you can specify the cache folder size using client settings in the Configuration Manager console.

Step-by-Step Guide to Deploy Office 365 Updates Using SCCM

To deploy Office 365 updates using SCCM, you need to configure some basic steps. Once you configure these steps, you can quickly deploy Office 365 updates using configuration manager.

Step 1 – Verify the Requirements

To deploy Office 365 updates ensure you meet the below requirements.

  • Your setup must have at least SCCM 1606 or later version of SCCM running.
  • An Office 365 client and Supported channel version for Office 365 client.
  • Windows Server Update Services (WSUS) 4.0

If you have met all the above requirements, you can proceed to step 2.

Step 2 – Configure Software Update Points

I am sure you would have configured software update point because that is required to deploy updates. However if you not configured your software update point, then you can follow this post.

Under Software Update Point component properties, click Classifications tab. Ensure that Updates classification is checked. In addition to this, if you make any other changes, remember to synchronize software updates once.

Deploy Office 365 Updates Using SCCM

Go to software update point properties and click Products tab. Under Office product, select Office 365 client. Click OK and close SUP properties window.

Deploy Office 365 Updates Using SCCM

Synchronize the software updates again and open wsyncmgr.log file. You should now see some synchronizations related to Office 365. Wait for the synchronization to complete.

Deploy Office 365 Updates Using SCCM

Once the sync is complete, look for Office 365 updates. Click Software Library > Overview > Office 365 client management. Click Office 365 updates and you will see all the Office 365 updates. Proceed to Step 3 now.

Deploy Office 365 Updates Using SCCM

Step 3 – Enable Office 365 clients to receive updates from SCCM

With Configuration Manager version 1606 and above, you can easily manage Office 365 client agent. This setting is part of Configuration Manager client settings. Once you configure this setting, the SCCM client agent talks to Office 365 client agent to download the updates from a distribution point and install them.

In SCCM console, navigate to Administration > Overview > Client Settings. Right click default client settings and click Software Updates. Look for option “Enable management of the Office 365 client agent“. Click the drop-down and click Yes. Click OK. So by enabling this option you can now manage Office 365 client agents using SCCM.

Deploy Office 365 Updates Using SCCM

Step 4 – Deploy Office 365 updates to clients

To deploy Office 365 updates to clients using SCCM, you need to perform some more steps. There are two ways to deploy Office 365 updates.

  • Manually deploy software updates – We will use this method in this post.
  • Automatically deploy software updates – Using automatic deployment rule (ADR).

In step 2 we configured SUP to include Office 365 updates. We will now go through the steps to deploy Office 365 updates using SCCM.

After running software updates sync, i have got some more Office 365 updates. All these updates won’t be deployed. Looking at my Office 365 client edition, the current build is 9126.2275. Out of all the updates, I use search criteria to filter out the updates. In the below screenshot, i have set to filter updates that aren’t expired and date release is less than or somewhere between 10 days. The basic idea is to deploy updates that are released recently.

Step 4.1 – Download Office 365 Updates

In some organizations you will find both x64 and x86 versions of Office 365 client deployed. If you have got only Office 365 x86 client deployed, you can select only x86 client based edition updates and proceed. In this example, I am selecting both x64 and x86 edition Office 365 client update – Semi-Annual channel version 1803 updates. Select the updates, right click and click Download.

Deploy Office 365 Updates Using SCCMCreate a new deployment package. Specify name and path to store the updates. Click Next.

Deploy Office 365 Updates Using SCCM

Select distribution points that you want to distribute the updates. Click Next on Distribution Point settings page.

Deploy Office 365 Updates Using SCCM

Select Download software updates from the internet. Click Next.

Deploy Office 365 Updates Using SCCM

On the progress page you will find the updates being downloaded.

Deploy Office 365 Updates Using SCCM

The Office 365 updates are downloaded. On completion page click Close.

Deploy Office 365 Updates Using SCCM

Step 4.2 – Deploy Office 365 Updates

We will now deploy Office 365 updates using SCCM. In the above steps, we got the 2 updates downloaded. So select and right click those updates and click Deploy.

Deploy Office 365 Updates Using SCCM

Specify deployment name. Click Browse and select the device collection to which you want to deploy the updates.

Deploy Office 365 Updates Using SCCM

Under deployment settings, you can either choose to deploy updates as required or make it available to client machines. Choose the option based on your requirement. Click Next.

Deploy Office 365 Updates Using SCCM

Schedule the deployment appropriately and click Next.

Deploy Office 365 Updates Using SCCM

Click Next.

Deploy Office 365 Updates Using SCCM

Click Next.

Deploy Office 365 Updates Using SCCM

On completion page, click Close.

Deploy Office 365 Updates Using SCCM

On one of the client machine, i got this software center notification.

Deploy Office 365 Updates Using SCCM

The Office client update is installing. Nice to see that.

Deploy Office 365 Updates Using SCCM

I would also want to show you that the build number changes once the update is installed. The current Office 365 client build number is 9126.2275.

Deploy Office 365 Updates Using SCCM

Notice that build number is now 9126.2282.

Deploy Office 365 Updates Using SCCM

You can also get the Office 365 client version right from Office 365 client management dashboard.

Deploy Office 365 Updates Using SCCM

Prajwal Desai

Hi, I am Prajwal Desai. For last few years I have been working on multiple technologies such as SCCM / Configuration Manager, Intune, Azure, Security etc. I created this site so that I can share valuable information with everyone.

Related Articles


  1. Great guide. Thanks!

    Before I set about it, can you tell if the client needs to installed with a particular update branch on the XML. i.e if I choose to install semi-annual updates on a client that was install with the branch of Monthly – will it still work?

  2. Hi ,

    I’m facing an issue to download the Semi annual updates , as per your article all the settings are available already . While download we are getting below error. Also all other updates are working fine, we dont see any error in patch download logs.

    Software updates that will be downloaded from the internet
    Error: Microsoft 365 Apps Update – Semi-Annual Enterprise Channel Version 2002 for x86 based Edition (Build 12527.21330)
    Failed to download content id 17138252. Error: Invalid certificate signature
    Microsoft 365 Apps Update – Semi-Annual Enterprise Channel Version 2002 for x64 based Edition (Build 12527.21330)

  3. Hi,
    I have successfully followed your guide – everything looks fine – except that I have a LOT(around 90%) of clients with status “unknown” instead of required, not required or compliant. Why does this happen?

  4. Do we have to Enable Management of the O365 client in the Client Settings? I just don’t want these computers automatically updating O365 (M365) applications on their own. I still want to be able to push out the updates on a schedule within SCCM.

    1. Enabling them from client setting would not allow them to automatically download it from internet. SCCM client will take control of it and the updates would still go on the basis of policies client machine is receiving from SCCM.

    1. Yes , while deploying the deployment package, you just have to select the collection that contains the device or devices you want to target.

  5. Hello everyone.

    I have a different builds of office 365 in our environment, i am newbie in the update process.

    We have Semi-annual Channel clients in builds 1803 and 1808.

    Can I made a only Software Update Group with the different updates to the builds and deploy this update group to all clients? or must create different Software Update Group and different collections for each build?

    Best regards

  6. Prajwal,

    So, if I my O365 build is the monthly one, then I’d want to download the monthly updates, correct?

  7. I am having trouble downloading the updates using the wizard. It fails with “Error: failed to download content id 16872757. Error: Incorrect function”

  8. Hi, can oyu give a tipp on this?

    my Client have the version 1803 9126.2259 and I am trying to update to 9126.2382 wihtout success (Client already Compliant).
    Intresting is that any update under Office 365 Updates is requiered, i get a lot of installed, compliant, but any are requiered…..

    what I am missing hier?

    note: management of the Office 365 client agent, is enable.


  9. I have an issue with the Update, SCCM is not pushing the updates if 1) you have both installation and update in same SCCM package, or if i created a separate package.

  10. hello together, is it possible to reject individual security updates as before by SCCM or to uninstall after an installation because of problems (eg Outlook archive can not be searched anymore)

    I’m not interested in the assignment of feature updates that has been well explained, I really want to know if I have a system that every 6 months a new feature update may receive if I still monthly allow the individual security updates or reject?

    With Office 2016 or older, it is possible to allow or reject individual KBs, is this also possible in Office 365?

    Have a nice evening and thank you

  11. Hi. Has anyone come across an issue where the base version doesn’t update? i.e. User has 1705 installed so only updates to 1705 are deployed. We need to update to 1808 and keep on latest versions as they are released. Has anyone figured out how to do this?

    1. Yes, with my sccm I’ve got the same thing the version does not upgrade. My clients are stuck at 1708 their build gets updated but the client don’t see the 1902 update in software center through ADR.

      1. In your O365 Automatic Deployment Rule, on the “Software Updates” tab, make sure you add “Title” in your search criteria. In the “Search Text” of the title criteria add the following:

        The channel you require e.g. Semi-annual enterprise channel version
        The version you require e.g. 1902
        The version you require e.g. 1908

        If you want to stop clients from going to a certain version, also include that with a “-” symbol in front e.g. -2002 (this will ignore any update for the 2002 version)

        Using my example above, you should then see the following text next to “Title” in the search criteria box:

        Semi-annual enterprise channel version OR 1902 OR 1908 OR -2002

        Also, one other tip, when manually looking for the update you want your machines to get (via the “Office 365 Updates” node), make sure that you see some numbers in the “Required” column. If you see 500 there, that means that 500 of your machines require this update.

        To see what updates are applicable to your fleet, simply sort by the “Required” column and you’ll see which ones are relevant. If you don’t see any numbers against any updates, then you need to look at what channel you are running. Take a look at the XML file you created with the office deployment tool and make sure everything you selected is correct for your requirements.

        If your O365 Automatic Deployment Rule (ADR) is configured correctly, and the update you want makes it in to the software update group which is created by the ADR, then any machines which require it will install it.

    1. for office 365 click to run below 3 url’s are need

  12. Hi, you’ve deployed them manually, but I can you automate this? I’ve tried to deploy (available) multiple builds (even previous ones) to a pc and it showed all the updates instead of just showing the newer ones for that channel, which I think should have been the behavior.


  13. Hi , great article. Would have been good if there was an article How to Troubleshoot Office365 Software Updates and how the files download from the cloud. 😉

    1. Hi There,

      I need to deploy O365 Semi-Annual Channel Update to all PC’s (2500) via SCCM for our clients.

      Currently they most of them are in 16.0.8431.2236 and i tried to upgrade to 16.0.9126.2259. Tried them on few test machines and i am facing a weird issue. It shows complaint in SCCM but the office version still remains the same(old version). have rebooted, ran the machine policies but no luck. Any leads please

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button