Enterprise / Corporate Deployment How-To for IT Administrators

Overview

This guide helps IT administrators evaluate and deploy the Office Timeline Add-in for PowerPoint. It covers installation at scale (Intune, SCCM, GPO), required components, optional configuration flags, network access, and upgrade considerations.

A) System Requirements
B) Deploying the Office Timeline Add-in within a corporate environment
C) Corporate Firewalls
D) Upgrading an Existing Office Timeline Deployment
E) Microsoft log in and Required Permissions

Licensing is account-based: after installation, users activate by signing in with their Office Timeline account. No product keys are required.

A) System Requirements

Component	Requirement
Operating System	Windows 10 (64-bit version; LTSB, CBB, and CB), Windows 11
Microsoft Office	Office 2019, 2021, Office 365, or Microsoft 365
.NET Framework	Version 4.8
VSTO Runtime	Microsoft Visual Studio Tools for Office 2010 Runtime (v10.0.60910) or newer
Microsoft Visual C++ Redistributable	Latest supported version
Microsoft Edge WebView2 Runtime	Version 100.0.1185.50 or newer
.NET Programmability Support for PowerPoint	Must be enabled in Microsoft Office (this is enabled by default in most installations)

B) Deploying the Office Timeline Add-in within a Corporate Environment

To deploy Office Timeline across your organization, follow the instructions below. These steps apply whether you distribute via Intune, SCCM, or other enterprise deployment systems.

Step 1: Obtain the installer

Download the latest OfficeTimeline.zip and extract it on a preparation system.

This package includes the OfficeTimeline.msi file used for automated deployments.

Step 2: Prepare target systems

Ensure that all target systems meet the System requirements and have the following software installed:

• Microsoft Office 2019, Office 2021, or Microsoft 365
• .NET Framework 4.8
• VSTO 2010 Runtime (v10.0.60910 or newer)
• Microsoft Edge WebView2 Runtime (v100.0.1185.50 or newer)

You can download the runtime components directly from Microsoft using the links in the System Requirements section.

Step 3: Configure your deployment system

Use your software distribution tool to deploy OfficeTimeline.msi.

Example command line for a silent install:

msiexec /i OfficeTimeline.msi /qn

This installs the add-in for all users on the machine. No license key or activation parameter is required. Users will activate by signing in after installation.

Important: The installation should execute in a user context (with a user logged in) to ensure a smooth first-run experience.

Step 4: Activation

Once installed, users simply:

1. Open PowerPoint.
2. Launch the Office Timeline Add-in from the PowerPoint ribbon.
3. log in with their Office Timeline account.

The add-in automatically detects the user’s assigned license from the Subscriptions page and activates the appropriate plan (Lite, Plus, or Expert).

If the user has no license assigned, the add-in will default to the Free plan until one is assigned.

Tip for IT administrators: You can pre-stage accounts and license assignments in the account Subscriptions page before deployment. Users will automatically receive their assigned plan upon log in.

Optional Installation Parameters

You can customize deployment behavior using optional MSI parameters:

Parameter	Description
DISABLETELEMETRY=1	Prevents the add-in from sending usage data to Office Timeline.
DISABLECHECKFORUPDATES=1	Disables both automatic and manual update checks.
/qn	Runs the installer silently (no user interface).

Example command:

msiexec /i OfficeTimeline.msi /qn DISABLETELEMETRY=1 DISABLECHECKFORUPDATES=1

C) Corporate Firewalls

If your organization restricts outbound traffic, ensure the following endpoints are reachable over HTTPS (TCP 443) without proxy blocking or SSL inspection.

Office Timeline Endpoints

• https://www.officetimeline.com

• accounts.officetimeline.com
  → Azure AD B2C authentication and ABLAS services

Azure AD B2C Endpoints

• *.b2clogin.com
  → Azure AD B2C login endpoints
  (e.g., officetimelineprod.b2clogin.com)

• *.onmicrosoft.com
  → API scopes
  (e.g., officetimelineprod.onmicrosoft.com)

Microsoft Identity Platform Endpoints (used by MSAL)

• login.microsoftonline.com

• *.microsoftonline.com

• graph.microsoft.com (if Microsoft Graph is used)

These endpoints are required for:

• User authentication

• License validation

• Token acquisition and refresh

• Update checks

If access is blocked, users will not be able to log in or activate premium features.

Recommended Firewall Rules

Allow outbound HTTPS (TCP 443) access to:

• *.officetimeline.com

• *.b2clogin.com

• *.onmicrosoft.com

• *.microsoftonline.com

If a proxy is in place, these domains should be explicitly whitelisted and excluded from SSL/HTTPS inspection. Interception of OAuth traffic may break authentication redirect flows.

Proxy Authentication Considerations

If your firewall or proxy requires authentication:

• Windows system proxy settings must be correctly configured.

• Proxy credentials must be available to the Office Timeline application.

• The proxy must explicitly allow the application to authenticate outbound traffic.

A “Proxy Authentication Required (407)” error typically indicates that the proxy is blocking outbound authentication requests before MSAL can complete the OAuth flow.

Redirect URI Clarification

Office Timeline uses:

http://127.0.0.1

as a local redirect URI for system browser authentication.

This is localhost-only.
No inbound firewall rules are required.

Token Cache and Authentication Flow

Office Timeline caches authentication tokens locally to improve performance.

However, network access is still required for:

• Initial authentication

• Token refresh

• Silent authentication when tokens expire

If proxy or firewall policies block these requests, authentication will fail (commonly with HTTP 407 errors).

Configure the log in Experience

IT administrators may need to control how the Office Timeline log in screen is displayed due to browser restrictions, security policies, or embedded web view limitations.

Office Timeline supports an optional per-user configuration that allows administrators to choose whether users log in through an embedded window or a browser-based flow.

Registry path

 

Value name

 

Type

 

Supported values

Example deployment command

 

Notes for IT administrators

• This setting applies per user (HKCU).

• The command must run in the user context (for example, via a logon script).

• The value remains in place until Office Timeline is uninstalled.

• Administrator rights are not required unless restricted by policy.

D) Upgrading an Existing Office Timeline Deployment

If your organization already has the Office Timeline Add-in deployed from a previous release, you can update to the latest version using the same enterprise deployment process. No uninstall or manual activation steps are required.

Upgrading from a key-based version (legacy installations)

Earlier releases of Office Timeline used product keys or local license files for activation.

Starting with builds (v13.01.00.00 and newer), activation is now handled entirely through user log in.

When upgrading from a legacy deployment:

1. Deploy the latest MSI package (version 13.01.00.00 or newer) using your existing software distribution tool.
2. The installer will automatically uninstall previous versions before installing the new one.
3. When users open PowerPoint after the upgrade, they’ll be prompted to log in with their Office Timeline account to activate.

Tip: For a seamless transition, ensure that all users have active Office Timeline accounts before the deployment. Assigned licenses in the Subscriptions page will automatically be recognized upon log in.

Upgrading new versions of Office Timeline

If you’re upgrading from an older release (v10.0 or newer), deployment is even simpler:

• You can deploy the new MSI directly. The installer automatically replaces the existing version.
• Users remain signed in (unless explicitly signed out).
• License and plan detection are automatic; no reactivation or reassignment is required.

Users who were on the Free plan before the update will remain Free until a seat is assigned to them in the Account Portal.

Mixed Environments

If some users in your organization are still running older, key-based builds, Office Timeline recommends upgrading all users to an recent build to standardize authentication and licensing. The two systems can technically coexist, but license management will only apply to users on 13.01.00.00 or newer.

Recommended upgrade checklist

• ✅ Confirm all users have access to https://www.officetimeline.com
• ✅ Ensure your software distribution system replaces previous installations.
• ✅ Verify user accounts exist in the Subscriptions page.
• ✅ Remove old license-key scripts or GPO assignments; they are no longer used.

E) Microsoft Log in and Required Permissions

Office Timeline supports signing in with Microsoft work accounts using OpenID Connect (OIDC). This allows users to authenticate with their existing Microsoft credentials instead of creating separate Office Timeline passwords.

To enable this, IT administrators may need to review or approve a small set of identity permissions. These permissions allow Office Timeline to verify a user's identity and link their Microsoft account to their Office Timeline seat.

Permissions Required

Office Timeline requests the standard OpenID Connect scopes shown below:

These permissions are read-only and allow access only to basic identity information. Office Timeline does not receive access to emails, files, Teams messages, calendars, or any other Microsoft 365 resources.

Why these permissions are needed

When users log in with “Continue with Microsoft,” Office Timeline must be able to:

• Verify the user’s identity

• Read their name and display information

• Identify the email address associated with their Office Timeline seat

These are the minimum permissions required to authenticate Microsoft work accounts under the Microsoft identity platform.

Security Considerations

These permissions are considered low-risk because:

• They provide only basic identity details

• They are read-only

• They cannot be used to modify or access Microsoft 365 data

• They are standard for business applications that use Microsoft authentication

This is the same model used by thousands of applications in Microsoft.

Setup for Entra Administrators

No Microsoft Entra application registration is required.

To grant tenant-wide admin consent, an Entra Global Administrator should use the following link: login.microsoftonline.com

After signing in, review the requested permissions and select Accept.

You may be redirected to a confirmation page after accepting. This is expected behavior.

Once admin consent has been granted, users in your organization can log in using “Login with Microsoft” without additional configuration.

IT Administrator Actions

Depending on your organization’s security policies, you may need to complete the following steps:

1. Register Office Timeline in Microsoft
   Add Office Timeline as an enterprise application in your tenant if required by your internal application governance process.

2. Configure API permissions
   Ensure the openid, profile, and email scopes are available for the application.

3. Grant admin consent
   Approve the OpenID Connect scopes at the tenant level so users can log in without seeing a consent prompt.

Granting admin consent tells Microsoft:

“This application is approved to read basic identity information for users in our organization.”

IT administrators normally only need to do this once.