Reference
Jun 7, 2019 - The Office cloud policy service is a cloud-based service that enables you to enforce policy settings for Office 365 ProPlus on a user's device. You can search on the policy setting name to find the policy setting that you. There is no need to download updated Administrative Templates files (ADMX/ADML).

If you frequently create a certain type of document, such as a monthly report, a sales forecast, or a presentation with a company logo, save it as a template so you can use that as your starting point instead of recreating the file from scratch each time you need it. Start with a document that you already created, a document you downloaded, or a new template you customized.

WindowsOnline

Save a template

  1. To save a file as a template, click File > Save As.
  2. Double-click Computer or, in Office 2016 programs, double-click This PC.
  3. Type a name for your template in the File name box.
  4. For a basic template, click the template item in the Save as type list. In Word for example, click Word Template.
    If your document contains macros, click Word Macro-Enabled Template.
    Office automatically goes to the Custom Office Templates folder.
  5. Click Save.
Tip: To change where your application automatically saves your templates, click File > Options > Save and type the folder and path you want to use in the Default personal templates location box. Any new templates you save will be stored in that folder, and when you click File > New > Personal, you'll see the templates in that folder.

Edit your template

To update your template, open the file, make the changes you want, and then save the template.
  1. Click File > Open.
  2. Double-click Computer or This PC.
  3. Browse to the Custom Office Templates folder that’s under My Documents.
  4. Click your template, and click Open.
  5. Make the changes you want, then save and close the template.

Use your template to make a new document

To start a new file based on your template, click File > New > Custom, and click your template.
Note: If you're using Office 2013, this button may say Personal instead of Custom.

Use your templates from earlier versions of Office

If you made templates in an earlier version of Office, you can still use them in Office 2013 and 2016. The first step is to move them into the Custom Office Templates folder so your application can find them. To move your templates quickly, use the Fix it tool.
If you think of your current document as a template, you can save it with a different name to create a new document that's based on the current one. Whenever you want to create a document like that, you'll open your document in Word Online, go to File > Save As, and create a document that's a copy of the one you started with.
On the other hand, if you're thinking of the kind of templates you see by going to File > New, then no: you can't create those in Word Online.
Instead, do this:
If you have the Word desktop application, use the Open in Word command in Word Online to open the document in Word on your desktop.
From there, create a template. When you go to File > New in the Word desktop application, you'll be able to use your template for new documents. And if you store the documents online, you can edit them in Word Online.

See Also

You can use Mobile Device Management for Office 365 to create device policies that help protect your organization’s information on Office 365 from unauthorized access. You can apply policies to any mobile device in your organization where the user of the device has an applicable Office 365 license and has enrolled the device in MDM for Office 365.

In this article:

Before you begin

  • Learn about the devices, mobile device apps, and security settings that MDM for Office 365 supports. See Capabilities of Mobile Device Management for Office 365.
  • Create security groups that include Office 365 users that you want to deploy policies to and for users that you might want to exclude from being blocked access to Office 365. We recommend that before you deploy a new policy to your organization, you test the policy by deploying it to a small number of users. You can create and use a security group that includes just yourself or a small number Office 365 users that can test the policy for you. To learn more about security groups, see Create, edit, or delete a security group.
  • Important: Before you can create a mobile device policy, you must activate and set up MDM for Office 365. See Overview of Mobile Device Management for Office 365.
  • To create and deploy mobile device management policies in Office 365, you need to be an Office 365 global admin. See Permissions in Office 365 Security & Compliance admin center.
  • Before you deploy policies, let your organization know the potential impacts of enrolling a device in MDM for Office 365. Depending on how you set up the policies, noncompliant devices can be blocked from accessing Office 365 and data, including installed applications, photos, and personal information on an enrolled device, can be deleted.
Note: Policies and access rules created in MDM for Office 365 will override Exchange ActiveSync mobile device mailbox policies and device access rules created in the Exchange admin center. After a device is enrolled in MDM for Office 365, any Exchange ActiveSync mobile device mailbox policy or device access rule applied to the device will be ignored. To learn more about Exchange ActiveSync, see Exchange ActiveSync in Exchange Online.

Step 1: Create a device policy and deploy to a test group

Before you can start, make sure you have activated and set up MDM for Office 365. See Overview of Mobile Device Management for Office 365 for instructions.

  1. In Office 365, in the Security & Compliance Center, go to Data loss prevention > Device management.
  2. On the Device actions page, choose Device policies.
  3. Click on + Add.
  4. Specify a Policy name.
  5. Select a policy type from dropdown.
  6. Specify the requirements you want applied to mobile devices in your organization.
  7. On Who will get these settings? click on Change and search for the groups who will test the policy before you deploy it to your organization, and then choose Select.
  8. Click on Add to create the policy.

Each user that the policy applies to will have the policy pushed to their device the next time they sign in to Office 365 using their mobile device. If users haven't had a policy applied to their mobile device before, then after you deploy the policy, they’ll get a notification on their device that includes the steps to enroll and activate MDM for Office 365. Until they complete enrollment, access to email, OneDrive, and other services will be restricted. After they complete enrollment using the Intune Company Portal app, they'll be able to use the services and the policy will be applied to their device.

Step 2: Verify your policy works

After you’ve created a device policy, you should check that the policy works as you expect before you deploy it to your organization.

  1. In Office 365, go to Security & Compliance Center > Data loss prevention > Device management.
  2. On the Device actions page, check the status of user devices that have the policy applied. You want the State of devices to be Managed.
  3. You can also do a full or selective wipe on a device by clicking on Factory reset or Remove company data from Manage button after selecting a device. For instructions, see Wipe a mobile device in Office 365.

Step 3: Deploy a policy to your organization

After you’ve created a device policy and verified that it works as expected, deploy it to your organization.

  1. In Office 365, go to Security & Compliance Center > Data loss prevention> Device management.
  2. Click on Device policies
  3. Select the policy you want to deploy, and choose Edit next to Groups applied to.
  4. Search for a group to add and click on Select.
  5. Click on Close on Change setting.
  6. Click on Close on Edit policy.

Each user that the policy applies to will have the policy pushed to their device the next time they sign in to Office 365 from their mobile device. If users haven't had a policy applied to their mobile device, they’ll get a notification on their device with steps to enroll and activate it for MDM for Office 365. After they’ve completed the enrollment, the policy will be applied to their device.

Step 4: Block email access for unsupported devices

To help secure your organization’s information, you should block app access to Office 365 email for mobile devices that are not supported by MDM for Office 365. See Supported devices for a list of devices that are supported. To do this:

  1. Go to Security & Compliance Center > Data loss prevention> Device management. On the Device actions page, choose Device policies.
  2. Select Manage organization-wide device access settings.
  3. To block unsupported devices, choose Block under If a device isn't supported by MDM for Office 365, do you want to allow or block it from using an Exchange account to access your organization's email > Save.

Step 5: Choose security groups to be excluded from conditional access checks

If you want to exclude some people from conditional access checks on their mobile devices and you've created one or more security groups for those people, add the security groups here. The people in these groups will not have any policies enforced for their supported mobile devices.

  1. Go to Security & Compliance Center > Data loss prevention > Device management. On the Device actions page, choose Device policies.
  2. Select Manage organization-wide device access settings.
  3. Select Add to add the security group that has users that you’d like to exclude from being blocked access to Office 365. When a user has been added to this list, they’ll be able to access Office 365 email when using an unsupported device.
  4. Select the security group you want to use in the Select group panel.
  5. Select the name, and then Add > Save.
  6. On the Organization-wide device access settings panel, choose Save.

What is the impact of security policies on different device types?

When you apply a policy to user devices, the impact on each device varies somewhat between different device types. See the following table for examples of the impact of policies on different devices.

Security Policy
Windows Phone 8.1+
Android 4+
Samsung Knox
IOS 6+
Notes
Require encrypted backup
IOS encrypted backup required.
Block cloud backup
Block Google backup on Android (grayed out), cloud backup on iOS.
Block document synchronization
iOS: Block documents in the cloud.
Block photo synchronization
iOS (native): Block Photo Stream.
Block screen capture
X
Blocked when attempted.
Block video conference
FaceTime blocked on iOS, not Skype or others.
Block sending diagnostic data
X
Block sending Google crash report on Android.
Block access to app store
X
App store icon missing on Android home page, disabled on Windows, missing on iOS.
Require password for app store
iOS: Password required for iTunes purchases.
Block connection to removable storage
X
NA
Android: SD card will be grayed out in settings, Windows notifies user, apps installed there are not available
Block Bluetooth connection
***
***
***We can't disable BlueTooth as a setting on Android. Instead, we disable all the transactions that require BlueTooth: Advanced Audio Distribution, Audio/Video Remote Control, hands-free devices, headset, Phone Book Access, and Serial Port. A small toast message appears at the bottom of the page when any of these are used.
Install office admx templates

What happens when you delete a policy or remove a user from the policy?

When you delete a policy or remove a user from a group to which the policy was deployed to, the policy settings, Office 365 email profile and cached emails may be removed from the user's device. See the following table to see what is removed for the different device types:

What's removed
Windows Phone 8.1+
iOS 6+
Android 4+ (including Samsung Knox)
Managed email profiles*
Policy settings

Except for Block sending diagnostic data from device.
Note: *If the policy was deployed with the option Email profile is managed selected, then the managed email profile and cached emails in that profile will be deleted from the user's device.

Each user that the removed policy applied to will have the policy removed from their device the next time their mobile device checks in with MDM for Office 365 . If you deploy a new policy that applies to these users' devices, they'll be prompted to re-enroll in MDM for Office 365.

You can also wipe a device, either completely, or selectively wipe organizational information from the device.

Related Topics

Overview of Mobile Device Management for Office 365
Capabilities of Mobile Device Management for Office 365