The Shared Add-In uses COM Shim, is obfuscated and is signed with Authenticode signature. I initially thought MSI advertisement would be the way to approach this. But, later investigations revealed that COM Add-Ins won’t be triggered using Advertisement.
We need to understand what part of it would require admin privileges while installing the Add-in:
1) Installation of Pre-requisites like: .NET Framework, PIA, KB908002
2) Copying of the Add-In and related/dependent files.
3) .NET component registration, COM Shim registration
4) Office Add-in related registry entries.
The pre-requisites do need admin privileges, so we should separate them out into a separate setup so that this particular setup would be run by an admin locally (or GPO or SMS). For the Add-in project, we need to make sure that the files get copied to a "non restricted" folder like %userprofile% as copying to "Program Files" may not be allowed for managed users. The Add-In related entries need to go to HKCU. So we just used to put the files under "%userprofile%". The users will also have the ability to turn ON or OFF this add-in.