What’s new for IT professionals in Office 2010
Office 2010 provides new features and improvements that help IT administrators configure, validate, deploy, and protect their Office installations. The following sections discuss changes in these areas and provide links to resources:
- Licensing and volume activation
- Office 2010 64-bit editions
- Security changes
- Office Customization Tool changes
- Application-specific changes and application compatibility
Licensing and volume activation
Microsoft includes product activation technologies in the following products sold through the Volume Licensing channel: Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2, and now Office 2010. Product activation is verification with the manufacturer to confirm that software is genuine and that its product key is not compromised. Activation establishes a relationship between the software's product key and a particular installation of that software on a device.
Activation types include retail, volume, and OEM, and most require interactive steps by the user or IT professional, such as entering a product key from the packaging, or contacting a networked server or telephone service center. Activation technologies and tools vary according to the different channels for the software — retail, volume, and OEM.
The Microsoft policy requires the activation of all editions of Office 2010. This includes those obtained through a Volume Licensing program. This requirement applies to Office 2010 running on both physical computers and virtual machines.
You can use the following methods to activate Office 2010 with Office Activation Technologies:
- Key Management Service (KMS). KMS uses a KMS host key to activate a KMS host computer and establish a local activation service in your environment. Office 2010 connects to the local KMS host for activation.
- Multiple Activation Key (MAK). With a MAK, clients activate Office 2010 online with the Microsoft hosted activation servers or by telephone
- A combination of KMS and MAK.
To learn about Office Activation Technologies, see Volume activation overview for Office 2010, Plan volume activation of Office 2010, Deploy volume activation of Office 2010, and Volume activation quick start guide for Office 2010 in the Office 2010 Resource Kit.
Office 2010 64-bit editions
Processors that are 64-bit are quickly becoming the standard for systems ranging from servers to desktop computers. The 64-bit systems can use more virtual and physical memory than 32-bit processors. This lets users work with much larger data sets than they could previously, to analyze and solve large computational problems. Office 2010 introduces native 64-bit versions of Office products to take advantage of the additional capacity provided by 64-bit processors. This additional capacity is only needed by Office users who require Excel spreadsheets that are larger than 2 GB, for example. The 32-bit version of Office 2010 provides the same functionality and is also compatible with 32-bit add-ins. This is why Office 2010 will install the 32-bit version by default.
For information about the supported operating systems, supported scenarios, setup process, and deployment considerations for 64-bit Office 2010 clients, see 64-bit editions of Office 2010 in the Office 2010 Resource Kit.
Security changes
Several new security controls in Office 2010 make it easier for IT professionals to build a robust defense against threats without diminishing information worker productivity. Five of the new controls provide countermeasures for hardening and reducing the attack surface and mitigating exploits. These include the following:
- Data Execution Prevention (DEP) support for Office applications A hardware and software technology that helps harden the attack surface by preventing the execution of viruses and worms that exploit buffer overflow vulnerabilities.
- Office file validation An Office software component that helps reduce the attack surface by scanning files for file format (file fuzzing) exploits before the files are opened by an application.
- Expanded file block settings A suite of Group Policy settings that helps reduce the attack surface by providing more specific control over the kinds of files an applications can access.
- Office ActiveX kill bit An Office feature that administrators can use to prevent specific ActiveX controls from running within Office applications.
- Protected view A sandbox environment that helps mitigate attacks by enabling users to preview untrusted or potentially harmful files in a secure viewer.
In addition to these new controls, Office 2010 provides several security enhancements that further harden the attack surface by helping to ensure the integrity and confidentiality of data. This includes the following:
- Cryptographic agility for Microsoft Excel 2010, Microsoft PowerPoint 2010, and Microsoft Word 2010.
- Trusted time stamping support for digital signatures.
- Domain-based password complexity checking and enforcement.
- Encryption strengthening enhancements.
- Improvements to the password to modify feature.
- Integrity checking of encrypted files.
Office 2010 also provides several security improvements that have a direct affect on information worker productivity. Improvements in the message bar user interface, a trust model that remembers users’ trust decisions, Trust Center user interface settings, and single identity management are some examples of new features that help make security decisions and actions less intrusive to information workers. In addition, many of the new and enhanced security controls can be managed through Group Policy settings. This makes it easier for you to enforce and maintain your organization’s security architecture.
For more information about security for Office 2010, see Security overview for Office 2010 and Plan security for Office 2010.
Office Customization Tool changes
The Office Customization Tool (OCT) is the main customization tool that is used to customize an installation of Microsoft Office 2010 (and the 2007 Microsoft Office system). The OCT is part of the Setup program and is the recommended tool for most customizations, and is available only with volume licensed versions of Office 2010 and the 2007 Office system. You run the OCT by typing setup.exe /admin at the command line.
For more information about the OCT, see Office Customization Tool in Office 2010 in the Office 2010 Resource Kit.
The Office 2010 release provides the following new features:
- Two architecture-specific versions of the OCT, one for 32-bit Office 2010 and one for 64-bit Office 2010. The 64-bit version of the OCT supports 64-bit client editions of Office 2010, and provides the same user interface, capabilities, and OPA settings as the 32-bit version. The OCT files are located in the Admin folder under the x86 (32-bit) and x64 (64-bit) folders, respectively. For information about 64-bit Office 2010, see 64-bit editions of Office 2010 in the Office 2010 Resource Kit.
- Import feature that lets administrators import 32-bit OCT customization (MSP) updates into the 64-bit version of the OCT and 64-bit MSP updates into the 32-bit version of the OCT. This allows administrators of mixed environments (32-bit and 64-bit) to do the Setup customizations one time. For more information, see Import an Office 2010 Setup customization file in the Office 2010 Resource Kit.
- Support for adding multiple Outlook e-mail accounts.
Application-specific changes and application compatibility
For information about application-specific changes in Office 2010, see the Product and feature changes in Office 2010 articles in the Office 2010 Resource Kit.
To learn about application compatibility in Office 2010, see the following articles:
- Application compatibility assessment and remediation guide for Office 2010
- Office Environment Assessment Tool (OEAT) user's guide for Office 2010
- Microsoft Office Code Compatibility Inspector user's guide
For information about tools for preparing your environment for migrating to Office 2010, see Office Migration Planning Manager (OMPM) overview for Office 2010.
