SLIDE 1
SHAREPOINT AND OFFICE 365 HYBRID BETTER TOGETHER
TODD KLINDT, SHAREPOINT MVP @TODDKLINDT HTTP://WWW.TODDKLINDT.COM
- www.toddklindt.com/blog
- todd@toddklindt.com
- http://www.toddklindt.com/podcast
SHAREPOINT AND OFFICE 365 HYBRID BETTER TOGETHER TODD KLINDT, - - PowerPoint PPT Presentation
SHAREPOINT AND OFFICE 365 HYBRID BETTER TOGETHER TODD KLINDT, - - PowerPoint PPT Presentation
SHAREPOINT AND OFFICE 365 HYBRID BETTER TOGETHER TODD KLINDT, SHAREPOINT MVP @TODDKLINDT HTTP://WWW.TODDKLINDT.COM WHO IS THIS TODD KLINDT GUY? www.toddklindt.com/blog todd@toddklindt.com
SLIDE 2
SLIDE 3
AGENDA
▪ Why Hybrid? ▪ Authentication ▪ OneDrive (My Sites) ▪ Search ▪ Other stuff ▪ Usefull Tools
SLIDE 4
WHAT IS HYBRID?
- The offspring of two plants or animals of different species or varieties, such as a mule (a
hybrid of a donkey and a horse)
- Or
- Private Clouds and Public Clouds
- On-Prem and IaaS
- SharePoint Server On-Prem and Office 365 / Azure / SharePoint Online / BobaaS
SLIDE 5
WHY HYBRID?
Why Cloud?
- More Secure?
- Gradual move
- Save money
- Easier accessibility
- New Functionality
- Extranet situations
- Consultants
- 1099
Why on-prem?
- Not all content makes sense in the cloud
- Sensitive info, like my SSN
- Geographic restrictions
- Fancy custom code
- Farm solutions
- 3rd party
SLIDE 6
BABY STEPS
- Develop a plan
- Begin with the end in mind
- Phased approach is okay
- Landscape is changing
SLIDE 7
AUTHENTICATION
- The first step on your hybrid journey
- Two options
- Azure AD Connect Sync / ADFS / Pass-Through
- Third Party
- Can move gradually
- Users
- Technology
- Mind your licenses
SLIDE 8
ACTIVE DIRECTORY CORE CONCEPTS & CONCERNS
- FSMO roles, AD DNS, WINS, NETBIOS, etc
- Dirty, dirty directories
- 2003 (Everyone group) --> 2008 (Authenticated Users group)
- IsCriticalSystemObject objects not synced (like Domain Users)
- UPN issues around migration
- Schema extensions
SLIDE 9
SAME SIGN ON SCENARIO
SLIDE 10
SINGLE SIGN ON SCENARIO
SLIDE 11
PASS-THROUGH AUTH
SLIDE 12
NOW WHAT?
SLIDE 13
MYSITES / ONEDRIVE FOR BUSINESS
- Users
- Used to use fun tools like Dropbox
- Used to being able to access content on multiple devices
- Used to being able to access content anywhere
- IT wants
- To meet security standards
- Control costs
- Control governance
- Keep using SharePoint, it’s the coolest!
SLIDE 14
MYSITES / ONEDRIVE FOR BUSINESS
- Moves user MySites to OneDrive for Business
- You get 1 TB! And you get 1 TB!
- Requirements
- SharePoint Online
- SharePoint 2013 SP1 or 2016
- Sync up your authentication
- Configure on prem to point to Online
- Create an audience
- Control experience
SLIDE 15
ONEDRIVE FOR BUSINESS CLIENT
- User familiarity
- Provides offline sync in Windows and Mac
- Provides access and functionality with devices
- Same client as OneDrive Consumer
SLIDE 16
SYNC LIMITATIONS
- Illegal characters - <, >, :, ", |, ?, *, /, \
- 30 Million documents each library
- Performance drops after 100,000 files
- Filename less 400 characters
- File size limit 15 GB
- No network drives
- IRM requires client 17.3.7294.0108 or later
- From KB 3125202
SLIDE 17
REAL WORLD EXAMPLE
Param( [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $User ) # Add the Active Directory bits and not complain if they're already there Import-Module ActiveDirectory -ErrorAction SilentlyContinue
20
SLIDE 18
# Add the Azure Active Directory module Import-Module AzureAD # New way # Import-Module MSOnline # Crappy old way # Define AD group that is synced to AAD and is used for ODFB audience $syncgroupname = "CloudSync" $syncgroup =Get-ADGroup $syncgroupname
21
SLIDE 19
# Name of the Azure License to apply $LicensedUser = Get-AzureADUser -ObjectId "licensetemplate@toddklindt.com" $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense $License.SkuId = $LicensedUser.AssignedLicenses.SkuId $Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses $Licenses.AddLicenses = $License# Azure AD domain suffix $aadsuffix = (Get-AzureADDomain | Where-Object -Property IsDefault -Value $true -EQ).name # $aadsuffix = “toddklindt.com” # Crappy
22
SLIDE 20
# First, add the user to the group Add-ADGroupMember -Identity $syncgroupname -Members $User # Remind them to recompile their SharePoint audience Write-Host "You'll need to recompile your SharePoint audience to reflect the group change"
23
SLIDE 21
# Sync up to Azure AD # & $syncclient # Old, crappy way Start-ADSyncSyncCycle # Now tweak the user in Azure AD # First connect # Connect-MsolService # Crappy Connect-AzureAD # Get the user $aaduser = "$user@$aadsuffix"
24
SLIDE 22
# Set the user's location. Without that the license will fail Set-AzureADUser -UserPrincipalName $aaduser -UsageLocation "US" # Set-MSOLuser # Crappy # Set the user's license Set-AzureADUserLicense -ObjectId $aaduser -AssignedLicenses $Licenses # Set-MsolUserLicense -UserPrincipalName $aaduser -AddLicenses $license
25
SLIDE 23
NEXT STEP
SLIDE 24
SEARCH
- If SharePoint Search isn’t already your corporate search, shame on you!
- One-way or Two-way
- Or…
SLIDE 25
CSSA (THE CLOUD SEARCH SERVICE APPLICATION)
- Introduced in the August 2015 CU for SharePoint 2013 or 2016
- Combines on-prem Search index and SharePoint Online Search
- Not Federation
- Search results are not separated
- Does not require a Search index on-prem
- Allows cloud services to include on-prem content
- Getting Comfortable with the new hybrid Cloud Search Service in SharePoint 2013
SLIDE 26
PROFILE
- Each environment has its own Profile
- Makes the SharePoint Online Profile the master
- Redirects from on-prem server
- Custom attributes are tricky
SLIDE 27
TAXONOMY
- Require June 2017 Patch or later
- Single Taxonomy that spans on-prem and online
- Completely flexible
- Shared Masters are online
- Pushed on-prem
- Daily Timer Job
- Source
SLIDE 28
SITES
- Sites link forwards to SharePoint Online
- Shows followed sites in both environments
- Does not copy existing followed sites in on-prem
- Does not copy followed documents
- Self-service Site Creation (SharePoint 2013 only, March 2017 PU)
- Managed the same way as on-prem
- Source
SLIDE 29
YAMMER
- Can move your Social piece into
Yammer
- Requires SP1 on-prem
- Can also use
Yammer app
- http://technet.microsoft.com/en-us/library/dn270535(v=office.15).aspx
SLIDE 30
BI
- Business Connectivity Services
- One-Way Inbound
- Two-Way
- Full CRUDQ functionality
- Duet Enterprise
- For SAP
- One-Way Inbound
- Two-Way (requires Duet Enterprise Online)
SLIDE 31
ON-PREMISES DATA GATEWAY
- Makes your on-prem data available to cloud BI tools
- PowerApps, PowerBi, Azure Logic Apps, Flow, Azure Analysis Services
- On-prem SQL Databases and SharePoint Lists
- Easy to install
- No inbound ports, only outbound
- Source
SLIDE 32
On-premises SharePoint Server 2013 Enterprise Search portal: Local and remote search results are available SharePoint Online search portal: Local search results are available
Search: One-way outbound Business Connectivity Services: Not supported Duet Enterprise for SharePoint and SAP: Not supported
ONE-WAY OUTBOUND TOPOLOGY
Intranet Microsoft data center Internet
Microsoft Office 365 tenant
SharePoint Online
Local search results only Site collection
SharePoint Online cannot query SharePoint Server
SharePoint Server 2013
SharePoint
Primary web app Federated search results
SharePoint Server can query SharePoint Online
Outbound Inbound
SLIDE 33
On-premises SharePoint Server 2013 Enterprise Search portal: Local search results are available SharePoint Online search portal: Local and remote search results are available
Search: One-way inbound Business Connectivity Services: Supported Duet Enterprise for SharePoint and SAP: Supported
ONE-WAY INBOUND TOPOLOGY
Intranet Microsoft data center Internet
Microsoft Office 365 tenant
SharePoint Online
Federated search results Site collection
SharePoint Online can query SharePoint Server
SharePoint Server 2013
SharePoint
Primary web app Local search results
- nly
SharePoint Server cannot query SharePoint Online
Outbound Inbound Reverse proxy
SLIDE 34
On-premises SharePoint Server 2013 Enterprise Search portal and SharePoint Online search portal: Local and remote search results are available. If extranet authentication services are configured, extranet users can log in remotely through an on-premises Active Directory account and use all available hybrid functionality.
Search: Bidirectional Business Connectivity Services: Supported Duet Enterprise for SharePoint and SAP: Supported
TWO-WAY (BIDIRECTIONAL) TOPOLOGY
Intranet Microsoft data center Internet
Microsoft Office 365 tenant
SharePoint Online
Federated search results Site collection
SharePoint Online can query SharePoint Server
SharePoint Server 2013
SharePoint
Primary web app Federated search results
SharePoint Server can query SharePoint Online
Outbound Inbound
SLIDE 35
SOUNDS COMPLICATED!
SLIDE 36
HYBRID PICKER
- Makes Hybrid Easy! (er)
- Installs or configures
- OneDrive
- User Profiles
- App Launcher
- Auditing
- Search
- Taxonomy
- Needs the SharePoint 2013 August 2015 CU or later or 2016
SLIDE 37
THINGS TO CLICK
- Plan SharePoint Server hybrid
- Implementing Hybrid Scenarios with Office 365 Courseware
- Hybrid for SharePoint Server 2013
- SharePoint Cloud Migration Assistant (Public Preview)
- Bill Baer’s much better slide deck
SLIDE 38
QUESTIONS?
@TODDKLINDT TODD@TODDKLNIDT.COM WWW.TODDKLINDT.COM/OMAHASPUG
SLIDE 39
- Microsoft wants to hear from you!
- Surveys! Surveys! Surveys!
- http://www.toddklindt.com/OneDriveSurvey