sharepoint 2016 for everyone & all in onerasha.co/librarybook/sharepoint 2016 all in one for...

SharePoint2016ForEveryone&AllInOne

Part–I

This book has been written to make readers understand aspractical as it could be and how itwould help business toincrease the productivity. Whenever new technology jumpsintomarket, it requiresmore time to recognize it’s features(though it may not be applicable for specific readers likeMVPs). I hope with the help of this book, people will beawareofitwellinadvancedathighlevel

SwatiPradipBannoreJain

2/27/2016

HelloSharePoint2016!!

HelloReaders,Ihopeyouwillenjoyandlearnwhilereadingthisbook.Thisbookisthecompilationofmyownfindingswith reference to knowledge shared at different conferences& summary ofMSDN&TechNetblogseries/articlesetc .ThisbookiswrittenconsideringthelargeraudienceincludingITusers,Businessusers,Architects,Developersandputtingthisknowledgeinsimplewords.Togetintoadvancedetails,referencesareprovidedcorrespondingtosubtitle.Sothisdefinitelygoingtosaveyourtimetogetacquaintedtonewtechnologyovershorterperiodoftime.Youcanalsostartthediscussions&getmoreclarificationshere.Everythingisshortandcrispbuttriggerstheinsightinyou,whichhelpsyoutogetintomoredepth.SharePoint2016iscloudorientedversion,tailoredtodifferentcustomerrequirement,soletusunderstandaboutthehybridarchitecture.SharePoint Cloud (online) and on-premise integration becomes an essential factor to considerwhenrequirementsdemandsextensiveavailabilityofallthefeaturesinshortdurationoftime.InSharePoint2016ispreconfiguredforhybridenvironmentwithnoorlessadministrativeefforts.AndglobalsearchispoweredbyOfficegraphandDelve.Iwould like to introducemyself as consistent blogger, technology enthusiastwith 9+ years ofindustryexperience.Mytwitterhandleis@jaiswati,TechnologyBlog:http://swatipoint.blogspot.com,Blogaboutmyownthoughts:http://allizzwellbyswatiji.blogspot.in/FaceBookCommunityPage: https://www.facebook.com/SharePointQ/

TableofContents

SharePoint2016VSPre-SharePoint2016

ImprovedFileTransfer

UIImprovements

ImprovedListThreshold

LargelistcolumnindexmanagementTimerJob

EnableAutoIndexingforSharePointListorLibrary

OutgoingEmailSettings

SecureSocketsLayer(SSL)withSMTPConnectionEncryption

SecureSocketsLayer(SSL)withNoSMTPConnectionEncryption

ImprovedSearchIndex

Authentication

OperationsandTelemetry

Somemorenewfeatures

SharePoint2016FeaturesLists&WebTemplates

SoftwareandHardwarerequirements

Prerequisites

Databaseservers

Upgrade&Migration

SharePoint2016installation

TroubleshootingwiththeSharePoint2016installation

SharePoint2016ServerRole

Serverroles

RoleConversion

ServicesintheFarm

SharePoint2016HybridSearch

CloudSearchServiceApplication

PrerequisitesforusingOffice365hybridsearch

IndexesinCloudSearchServiceApplication

FederatedSearchVsCloudHybridSearch

WhytochooseCloudHybridSearch?

CloudHybridSearchLimitations:

WhatisCloudIndex?What’sitsroleinCloudSSA?

CreatingCloudServiceApplication

CreateCloudSSA.ps1

OnBoard-HybridSearch.ps1

HowsecurityworksforHybridSearchResults(SecurityTrimmingofSearchResults)?

SearchIndexinginSP2016

E-discoveryforSearchingSensitivedata

SharePoint2016ServiceApplications

DeprecatedServiceApplications

UserProfileSynchronizationServiceApplication

ExcelServiceApplication

UserProfileServiceApplication

ActiveDirectoryImport

MicrosoftIdentityManager2016

ProfileRedirection

ProjectServerServiceApplication

CreatingProjectServerApplication

CreateProjectServerSiteCollection

AccessServiceApp

What’snewinSharePoint2016Sites

ComplianceCenterforDataLossPrevention(DLP)

WhatisDLP?

HowDLPWorks?

DocumentDeletionPolicies

InPlaceHoldPolicyCenter

AboutinPlaceholdPolicyCenter

CreatingInPlaceHoldPolicies

FastSiteCollectionCreation(SCCF)

EnabletheFastSiteCollectionCreationforaWebTemplate

CreateSiteMasterinparticularContentdatabases.

CreateSiteCollectionusingtheSiteMaster

SharePointHybrid

ConfiguringOneDriveforBusiness

SiteFolders

SearchingdocumentsinOneDrive

UsingHybridOneDriveforBusiness

Search(Hybridsearch)

Hybridsitesfeatures

Extranet(Partnerfacingextranetsites)

HybridPicker

Prerequisites

HybridScenariosconfigurationwithHybridPicker

HybridOptions

WhatareNextGenPortals?

NextGenPortals

NextGenPortalArchitecture

HubSiteCollection

ContentSiteCollection

Libraries

Office365VideoPortal

InfoPedia

DelveandOfficeGraph

OfficeGraph

DelveBuildingBlocks

OfficeGraphEndpoints

SharePoint2016VSPre-SharePoint2016KeyfocusareasinSharePoint2016areimproveduserexperiences,CloudInspiredInfrastructure&ComplianceReportingwhereimprovementsarebeingmade.SharePoint2016isthecloudversiontoachievehighlevelofreliability&performancewithServerroleoptimizationsZerodowntimepatchingstrategyImproveddistributedcachereliabilityTrafficmanagementwithintelligentroutingandserverhealthchecksForexample,ImprovedFilehandlingProtocol.

ImprovedFileTransferThistablehelpstounderstandtheimprovementinFileTransferinSharePoint2016.SharePointServerVersion

Mechanism Description

SharePoint2010 Cobaltprotocol Serverhastofetchthewholedocumentfromthedatabaseandmergetheexistingcontentwiththeuserchangesbeforesavingthewholedocumentbacktothecontentdatabase.

SharePoint2013 ShreddedStorage Thisallowsdocumentstobestoredinsmallpiecesinthecontentdatabase.Becausedocumentsarealready“shredded”inthedatabase,theserverdoesnothavetofetchthewholedocumenttomergetheoriginalcontentswiththechanges,whichreducestheserverprocessingoverhead.

SharePoint2016 BackgroundIntelligentTransferService(BITS)

Improvesuploadanddownloadspeedsandresiliency.

ThisisthesummaryofcomparisonsinSharePoint2016&earlierversions. SharePoint2016 SharePoint2013 SharePoint2010ContentDatabaseSize

ContentDatabaseSizingintoTBs

200GBingeneralusagescenario

200GBingeneralusagescenario

SiteCollectionsPerContentDatabase

100,000sitecollectionspercontentdatabase

2000recommended5000maximum

2000recommended5000maximum

ListThreshold IncreasedListThreshold>5000

5000items 5000items

MaxFileSize MaxFileSizeincreasesto10

Defaultmaximumfilesizeis250

Defaultmaximumsizeis250MB

GB&RemovedCharacterrestrictions

MBwhichcanincreaseupto2GB

whichcanincreaseupto2GB

IndexedItems 2xincreaseinSearchscaleto500millionitems

100millionpersearchserviceapplication.10millionperindexpartition

100millionpersearchserviceapplication10millionperindexpartition

UIImprovementsSharePoint2016UIissimilartoSharePointOnline(inOffice365),withfewadditionalchangesAuthoringCanvastocreatecontentforawebpageusingaSway-likeuserexperience.DurableLinkswhichallowsdocumentstobemovedwhilekeepingtheURLintact,becauseitisbasedonaresourceID.

ImprovedListThresholdTo increase theperformanceof large lists, new timer job is introduced.This timer jobcanbeassociatedwithparticularWebApp.Inparticularlistifthresholdisincreasedtomorethan2500listitems&autoindexingisenabledforthelistthenitcreatesautoindexbasedonListviewfiltercolumn.Itworksasshowninfollowingflowdiagram.

LargelistcolumnindexmanagementTimerJobThisPowerShellscripthelpstostartthistimerjob.$w=Get-WebApplication-Name“WebApplicationName”Get-SPTimerJob-WebApplication$w-Identityjob-list-automatic-index-managementStart-SPTimerJob-Identityjob-list-automatic-index-management

EnableAutoIndexingforSharePointListorLibraryAutoindexingcanbeenabledfromthelistsettingsorwithPowershellasbelow.

ThisisthescriptforenablingtheautomaticindexingwithPowerShell.$web=Get-SPWebhttp://webUrl$list=$web.Lists["ListName"]$list.EnableManagedIndexes=$false

$list.Update()$list.Fields|SelectTitle,Indexable

OutgoingEmailSettingsInCentralAdministration,WebApplicationOutgoingemail settings canbe configured,whereinSMTPportinformationcanbeupdated.

SharePointServer2016supportssendingemailtoSMTPserversthatuseSTARTTLSconnectionencryption.STARTTLSisanextensiontoplaintextcommunicationprotocols,whichoffersawaytoupgradeaplain text connection toanencrypted (TLSorSSL)connection insteadofusingaseparateportforencryptedcommunication.This Outgoing Email Settings supports sending mail to SMTP servers using STARTTLSconnectionencryption,thereforeSMTPcanusenon-defaultports.Itdoesnotsupportunencryptedconnections.The following list shows the SharePoint 2016 requirements that are needed to negotiateconnectionencryptionwithanSMTPserver:

1. STARTTLSmustbeenabledontheSMTPserver.2. TheSMTPservermustsupporttheTLS1.0,TSL1.1,orTLS1.2protocol.3. TheSMTPservermusthaveaservercertificateinstalled.4. The server certificatemust bevalid.Typically, thismeans that thenameof the server

certificatemustmatchthenameoftheSMTPserverprovidedtoSharePoint.TheservercertificatemustalsobeissuedbyacertificateauthoritythatistrustedbytheSharePointserver.

5. SharePointmustbeconfiguredtouseSMTPconnectionencryption.

SecureSocketsLayer(SSL)withSMTPConnectionEncryptionTo configure SharePoint to always use SMTP connection encryption, In SharePoint CentralAdministrationwebsiteandunder SystemSettings ,Configureoutgoinge-mail settingsandsettheUseSecureSocketsLayer(SSL)drop-downmenutoYes.ToconfigureSharePointtoalwaysuseSMTPconnectionencryptioninWindowsPowerShell,usetheSet-SPWebApplicationcmdletwithoutthe-DisableSMTPEncryptionparameter.

Forexample:$WebApp=Get-SPWebApplication-IncludeCentralAdministration|?{$_.IsAdministrationWebApplication-eq$true}Set-SPWebApplication-Identity$WebApp-SMTPServersmtp.internal.contoso.com-OutgoingEmailAddresssharepoint@domain.com-ReplyToEmailAddresssharepoint@domain.com

SecureSocketsLayer(SSL)withNoSMTPConnectionEncryptionToconfigureSharePointtoneveruseSMTPconnectionencryptioninSharePointCentralAdministration,browsetoSystemSettings>ConfigureoutgoingemailsettingsandsettheUseSecureSocketsLayer(SSL)drop-downmenutoNo.ToconfigureSharePointtoneveruseSMTPconnectionencryptioninWindowsPowerShell,usetheSet-SPWebApplicationcmdletwiththe-DisableSMTPEncryptionparameter.Forexample:$WebApp=Get-SPWebApplication-IncludeCentralAdministration|?{$_.IsAdministrationWebApplication-eq$true}Set-SPWebApplication-Identity$WebApp-SMTPServersmtp.internal.contoso.com-DisableSMTPEncryption-OutgoingEmailAddresssharepoint@domain.com-ReplyToEmailAddresssharepoint@domain.com

ImprovedSearchIndex-Searchindexsizeincreasedfrom250millionsupporteditemsperfarmto500millionitems.

AuthenticationInSharePoint2013,multipleauthenticationsprovidersaresupportedlikeFBA,windows,claims

In SharePoint 2016 authenticationmechanism is normalized onOAuth protocol&SAMLwithWSFEDtomakeitcloudreadyforseamlessintegration\interactionwithOffice365.Azureactivedirectoryprovidescloudbasedidentity.Butolderauthenticationmodelswillbestillsupported.ThisveryfirstMS_IgnitesessionishelpfultounderstandnewSharePoint2016features.

OperationsandTelemetryThis is for thefirst timeadvanceddataanalysis&reportingaswellas realusermonitoring ispossiblewiththisnewfeature.Thisfeatureprovidestheinformationabout

1. HTTP404messages(linkstoold/missingcontent)2. Speedinwhichpagesanddocumentsareloaded3. LatencystatisticsbetweenClient,WebServerandSQLServer4. Daily/weeklyactiveuserspersite5. Browsers/devices

AgraphicalinterfaceontheUsageandHealthDatabase,whichisalreadyavailableinSharePoint2013.Howeverthereisnouserinterface,makingitdifficulttogettherealinformationoutofthisdata.ThatnowseemstoberesolvedinSharePoint2016.

SomemorenewfeaturesMrBillBaer,hadintroducedthenewfeaturesinSharePoint2016.Havealookinhisblogpostshere

SharePoint2016FeaturesLists&WebTemplatesInSharePoint2016,newfeatures&WebTemplatesareintroduced.Clickbelowlinkstogetthelist.

1. ListofFeatures2. ListofWebTemplates

SoftwareandHardwarerequirementsBeforeactualinstallation,environmentshouldmeetsoftwareandhardwarerequirements,whichislistedhere.Inbrief,requirementsareasfollows

PrerequisitesWindowsManagementFramework3.0(ProvidessupportforWindowsPowerShell3.0)ApplicationServerRoleWebServer(IIS)RoleMicrosoft.NETFramework4.5.2Updateforthe.NETFramework4(KB2898850)MicrosoftSQLServer2012NativeClientMicrosoftIdentityExtensionsMicrosoftSyncFrameworkRuntimev1.0SP1(x64)WindowsServerAppFabric1.1(Providesinmemorydistributedcaching)WindowsIdentityFoundationv1.1Microsoft Information Protection and Control (Client Provides support for informationprotection)MicrosoftWCFDataServices(Enablesthecreation&consumptionofODataservices)

DatabaseserversIn built SQL databases are no more supported while installation, we need 64-bit edition ofMicrosoftSQLServer2014ServicePack1installsseparately.

Upgrade&MigrationUpgrade14.5modesitecollectionsto15modes,AttachSharePoint2013databasestoSharePoint2016sitecollections.

SharePoint2016installationVirtualmachine from azure.microsoft.com can be leveraged& follow the steps as directed inwizard.

Istronglyrecommendyougototroubleshootingsectiononce&readitcarefullybeforeyoustartwith the installation.Make sure that environment meets all provided pre-requisites in thislink.AlternativelythisisveryusefulpostbyNicktoinstallpre-requisitesMakesurethattheselectedpathmeetsthespacerequirementsinthesystem.NowthisversionisdesignedforMulti-Serverenvironment,theroleoftheparticularservermustbeplannedpriortoitsinstallation.SayforexampleiftheroleoftheparticularserveristheSearchServerthenthespacerequirementshastobeconsideredaccordingly.

WaitforthisinstallationtocompleteandthenruntheConfigurationWizard.FordetailedstepsoninstallationreadthisTechNetarticle.

When installation is done, it would show all the required roles are successfully installed asabove.

TroubleshootingwiththeSharePoint2016installationFollowing errors can be prevented beforehand by executing this PowerShell script beforerunningtheinstallationwizard.

Add-WindowsFeatureNET-HTTP-Activation,NET-Non-HTTP-Activ,NET-WCF-Pipe-Activation45,NET-WCF-HTTP-Activation45,Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-App-Dev,Web-Asp-Net,Web-Asp-Net45,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Security,Web-Basic-Auth,Web-Windows-Auth,Web-Filtering,Web-Digest-Auth,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Tools,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Metabase,WAS,WAS-Process-Model,WAS-NET-Environment,WAS-Config-APIs,Web-Lgcy-Scripting,Windows-Identity-Foundation,Xps-Viewer-verbose

Totroubleshootanyinstallationrelatedissues

1)InWizardyoucanseewhichparticularcomponentisfailedoninstallation.

2)ClickonReviewthelogfilelink,inWizard.&searchfor‘Error’Hereisthelistofcommonerrors.

ThetoolwasunabletoinstallApplicationServerRole&IISserverRole.

Solution:InWin2014Server,find‘ServerManager’andaddaboveroles

MSIInstallererrorcode1603whileinstallingAppFabric1.1

Solution:Download&installAppFabricfromMDC

Cannot connect to databasemaster at SQL Server at {server name}. The databasemightnotexist,orthecurrentuserdoesnothavepermissiontoconnecttoit.

Solution:OpentheWindowsFirewallwithAdvancedServicesandaddaninboundruletoallowtrafficoverport1433.

Apart from this there couldbe someother errors thatyoumaycomeacross, so check thisblogpostandmakesurethatallintherequiredentitiesareinstalledproperlywithnoissues.

Alternativelyyoucaninstallpre-requisites,checkthisblogpost.

SharePoint2016ServerRoleServerrolesAsettingthatallowsyoutodefinetheroleofaSharePointserverandhelpyoumaintainthebestperformanceofthedesiredserverrole.Wehavedifferentrolesavailable:

Front-endApplicationDistributedCacheSearchCustomSingleServerFarmYouwillgetthefollowingscreenwhenyouruntheconfigurationwizardtoaddanewservertoanexistingfarmorwhenyoucreateanewfarm.InSharePointServer2013/2010,itwaspossibletoinstallandconfigureallrolesonaserverandanalyzehealthcouldscanit,Noweachserverwithitsownrole.

Wecaninstallmultiplerolesonasingleserver;however,thehealthanalyzerisnotdesignedforthat.

ASharePointServer2016farmisnow,ThisdoesnotshipFoundationwithversionanddoesnotgoalongwithSQLExpress.ThisinvolveslicenseslikeWindowsServerLicenses,SharePointServerLicenses,CALs,OfficeOnlineServer(akaOfficeWebApps)

RoleConversionUsingthenewMinRolefunctionalityinSharePointServer2016,SharePointfarm

administratorscandefinerolesforeachserverinaserverfarm.Theroleofaserverisspecifiedduring the creation of new battery orwhile adding the server to the existing farm. SharePointautomaticallyconfigurestheservicesoneachserverbasedonthespecifiedrole and firm performance is also optimized for it.In SharePoint Server 2016, under SystemSettingsanewtabwillappearas"ConvertServerRole”inthisFarm.Herewecanselecttheroleoftheparticularserver.

AlsoservercanbealwaysconvertedfromSingleServerfarmtoMultipleServerfarmwithRoleconversion.

ServicesintheFarmInCentralAdministration,UnderApplicationManagement,navigatetoManageServiceslink.Thispagewillshowservicesrunninginthefarm.FirstAutoProvisioncolumninformsyou(Yes)iftheserviceisstartedonthefarmornot(No),ontheserversconcernedinrelationtotheirroleMicrosoftno longer tellsyouwhichserver theservice isstartedbut if it isstarted in thefarm.EverythingisthereforebasedonmanagementRoles.

“Action“columncancontainthreetypesofactionbuttons:1. Manage Service Application (service associated with a service application, it is

activated/deployed)2. DisableAutoProvision(DisabletheserviceintheFarm,theinstancesarestoppedonall

servers)3. Enable Auto Provision (Enable service in the Farm, the instances are started on

appropriateserverswiththerolethathasbeenassigned)TheServicesrunningontheserverdefinestheroleoftheserver.Followingtableindicateswhatservicesarerunningforwhattypeofserverhavingspecificrole.

Servicesrunningontheserverwithspecificrole

ApplicationWFE SearchDistributedCache

SingleServer

Access2010DatabaseService

AccessServicesAppManagementServiceBusinessDataConnectivityServiceClaimstoWindowsTokenServiceDistributedCacheDocumentConversionsLauncherServiceDocumentConversionsLoadBalancerServiceLotusNotesConnectorMachineTranslationServiceManagedMetadataWebServiceMicrosoftSharePointFoundationSandboxedCodeServiceMicrosoftSharePointFoundation

SubscriptionSettingsServiceMicrosoftSharePointFoundationWorkflowTimerServiceMicrosoftSharePointInsightsPerformancePointServicePowerPointConversionServiceProjectServerApplicationServiceRequestManagementSearchQueryandSiteSettingsServiceSecureStoreServiceUserProfileServiceVisioGraphicsServiceWordAutomationServicesWorkManagementService

SharePoint2016HybridSearchEarlier,theOfficeGraphandDelvefunctionalitywasonlyavailableinOffice365.ButwiththehelpofHybridSetupthesefeaturescanbeleveragedforon-premiseserver.InSharePoint2016,youwillhaveaccesstoa"CloudSearchServiceApplication".Thisshouldfurtherenhancethesearchexperienceforenduserswitha"unified"index,orasingleindexforOn-PremisesandOnline.Theadvantageofthisisthatthereisthereforealsoranking,sortingandrefinementbetweenthesedifferentsourcesmaybeused.CloudSearchServiceApplicationsupportsOffice&DelveexeprienceOn-PremiseUnlike SharePoint 2013, some of the office features are deprecated and now if businessrequirements demands those feature,SharePoint 2016onpremiseversionhas to be configuredwithOffice365.Insuchcasedocumentsmayresideinon-premiseaswellasinOffice365.TofetchthesearchresultsfrombothrepositoriesCloudSearchServiceApplicationcanbeconfiguredasdescribedbelow.

CloudSearchServiceApplicationThisisthelogicalArchitectureofhybridsearchforcrawlinginCloudSSA

On-premcontent iscrawledbythecrawler in thecloudSSAandpushedtothesearchindexinO365. DirSync mechanism synchronizes Active Directory users to Azure Active Directory inOffice365.At high level when crawling starts, crawler downloads the contents in on-premise serviceapplication.Parses the contents and sends the encrypted contents to content processing component in thecloud.Youcanactually see theseactivities in fiddler toolwhencrawling is startedoncontentsource.

PrerequisitesforusingOffice365hybridsearchBelowlistedpre-requisitesneedstobeconsidered,whileconfiguringcloudSSA

HybridenvironmentwithOffice3651)Office365 subscription that includesSharePoint+ActivatedUserswithOn-PremSP serverinstallation.2)DirectorySynchronizationofADusersandgroupstosynchronizeusersandgroupsfromAzuretoOffice365

BasichybridsearchrequirementsTosetuptheHybridSearch,considerthesepre-requisites.1)SupportedcontentsourcesSharePointServer2007,2010or2013Fileshares,BCSconnectors*2)SharePointServerwithCloudSearchserviceapplication2013or2016

AdditionalrequirementsforsearchpreviewsReverseproxybacktoon-premisesWACserver

IndexesinCloudSearchServiceApplication

The hybrid cloud search feature is one of the highly anticipated new SharePoint 2016. Itsprinciple is simple, typically SharePoint, and any search engine, locally stores its index (theindex is the set of information that allows users to find documents easily in the documentarysystem).SharePoint2016andSharePoint2013withtheCUofAugust2015providetheabilitytostoretheindexinthecloudandallowthecloudandonpremisethefarmpopulatethisindex.

FederatedSearchVsCloudHybridSearch

HowFederatedSearchWorks?AlljusttohaveasinglesearchresultforthecloudandthefarmOnPremise.Todayitisalreadypossiblewiththefederationbutthereisahugedifferencewithwhathappensinthe

Cloud Hybrid Search.In SharePoint Server 2013 hybrid search using query federation wasintroduced.Searchresultscameasseparateresultssets.Thissolutionrequiredhostingallsearchcomponents on-premises.With the federated, there is no calculation ranking on the search andthereisachoiceofthesourceandtheresultthatappearsdependingonthechoice.

HowCloudHybridSearchWorks?Cloudhybridsearchoffersonlyoneindexandarankingcalculationandthereforesearchresultsaremorecoherent:Theindexwillbestoredinthecloud,anewparameterforthesearchapplicationservicewillbeavailable,andthisparameterisCloudIndex

andisavailableinSharePoint2013SP1CUwithAugust2015andinSharePoint2016.

CloudHybridSearchsupportsrelevancyanddeeprefinersacrosstheentireresultset,searchingfrom anywhere, even on-premises sites ,supportsOffice 365 enterprise search andDelve foryour on-premises content, supports preview and access the content when connected to yourcorporatenetwork.

WhytochooseCloudHybridSearch?1. Reducedon-premisesinfrastructurecostbyhostingmostsearchcomponentsinthecloud2. TheOffice365teamkeepssearchrunningandup-to-dateforyou,24/73. Bringstogetheron-premisesandcloudcollaborationlikeneverbeforewithDelve4. Smoothersearchexperience,evenduringmigration

CloudHybridSearchLimitations:PriorconfiguringCloudSSA,checkthelimitationsstatedinbelowtable.Searchfeature NoteCustomsecuritytrimming Thecustomsecurity trimming isn’t

supported.Removal of on-premises searchresults

To remove a search result, youremove the URL to the item. Thisrequires interaction with thecrawler, and SharePoint Onlinecan’t interact with the crawler inthecloudsearchfarm.

Customentityextraction SharePoint Online doesn’t supportcustomentityextraction.

Contentenrichmentwebservice The content enrichment webservicecall-out isnotavailable intheCloudSSA.

Thesaurus SharePoint Online doesn’t supportathesaurus.

Bestbets Best bets are a SharePoint Server2010 feature.You can achieve thesame result in SharePoint Onlinebyusingqueryrules.

Customsearchscopes Custom search scopes are aSharePoint Server 2010 feature.YoucanachievethesameresultinSharePoint Online by using resultsources.

Promotion/demotion of searchresults

Promotion/demotion of searchresultsisaSharePointServer2010feature.You can achieve the sameresult in SharePoint Online byusingresultsources.

WhatisCloudIndex?What’sitsroleinCloudSSA?A Cloud Search Service Application (SSA) cannot be created using the central admin SSAcreationuserinterface.ThereasonbeingthatthecloudSSArequiresapropertysettingthatisnotapplied by theUI based creation process.This property is calledCloudIndex andmust be setto true foracloudSSA.CloudIndex isa read-onlypropertyofanydeployedSSAandas suchcannotbesetpostcreation.BydefinitionthisalsoimpliesthatanexistingregularSSAcannotbeconvertedtoacloudSSA.ThepropertyvalueforaSSAcanbecheckedbyexecutingthisPowershellscript.(get-spenterprisesearchserviceapplication).cloudindex

CreatingCloudServiceApplicationTheCloud SSA should be created by executing a SSA creation PowerShell script and settingtheCloudIndexpropertytotrue.Later,whenweexecutetheon-boardingscript,anotherpropertycalledIsHybridissetto1fortheSSA.New-SPEnterpriseSearchServiceApplication-Name$SearchServiceAppName-ApplicationPool$appPool-DatabaseServer$DatabaseServerName-CloudIndex$trueFirst, it is necessary to subscribe to the Cloud Search Hybrid Preview Program throughMicrosoftConnecthttps://connect.microsoft.com/office/program8647After logging inwith yourMicrosoft account, you arrive on the page,where it is possible todownloadthepreviewdocumentation.Also,itiscurrentlypossibletodownloadtwoPowerShellscripts that you create a local Cloud Search Service Application, and SharePoint Farm can"connect"withanOffice365tenant.ThatwewillusetocreatethelinkbetweentheOn-PremisesandOnline.The followingare the (relatively simple), steps toperform thisPowerShell scripts.Microsoftthesestepswilllikelybeinalaterstageofprocessingina"ScenarioPicker"Wizard,tocallviathe GUI in Central Administration. But, for now, this is the only way to be able to test thefunctionality.

CreateCloudSSA.ps1ThisscripthastoberunonasingleSharePointserverinthefarm,fromaSharePoint2013/16ManagementShell,hasthefollowingparameters:

-SearchServerName|thenameoftheSharePointserver,whereinitiallytheSearchcomponentsarestarted.-SearchServiceAccount|TheServiceAccount,includingtheCloudSearchServiceApplicationwillrun.-SearchServiceAppName|thenameoftheCloudSearchServiceApplication-DatabaseServerName | The Database Server \ Instance, which the Service Applicationdatabasesarecreated.Thescriptthencarriesoutthefollowing:

1) Acheckon the existence of theSearchService account in theActiveDirectoryDomain.If theSearchServiceAccountandManagedAccountarenotyet registered inSharePoint,thisisdone(withaprompttoenterthepassword).2)ServiceApplicationProxyisassociatedwiththeCloudSearchServiceApplication.

Afterrunningthescript,yougetthefollowingoutput.

OnBoard-HybridSearch.ps1This script helps to connect On-Premise Cloud Search service application to Office 365environment.Thisscripthasthefollowingparameters:-SearchServerName | the root of the site collection on SharePoint Online tenant in the form"https://<tenant>.sharepoint.com".-HybridSSAId|theGUIDoftheCloudSearchServiceApplication.Thisparameterisoptional,theintentionistouseitwhenyouhavemultipleSearchServiceApplications,toprovidespecificforthelink.Ifyouomitthis,thescriptgrabsinfact,theexistingServiceApplication(assumingthatonlyone)toallowittobuildforhybriduse.Theexecutionhappensagain fromasingleSharePointserver in the farm,where theAzureADPowerShellmoduleisprovisioned(MicrosoftOnlineSignassistantmustbeinstalled.):Forthis,seehttps://msdn.microsoft.com/en-us/library/azure/jj151815.aspx#bkmk_installmodule.Afterthescriptisexecuted,executethefullcrawl.

Thisscriptdoesthefollowing:1)A check on the existence of theAzureADPowerShellmodule andMSSign in assistant.Anumberofregistrykeysarefilledwithgeneralinformation2)AzureControl Services (ACS) is added to the ServiceApplication farmwhich establishestrustwithOffice3653)SharePointOnlineApplicationPrincipalManagementServiceApplicationProxyisaddedtotheFarm4)Atrustisbuiltupbetweentheon-premisesfarm,andSharePointOnline(bymeansofanumberofSPNs,whichareexchanged)5)FillsinthedetailsofaGlobalAdminaccountinyourOffice365tenant

Afterrunningthescript,lookintheOn-PremisesCloudSearchServiceApplication,createanumberofContentSources,forexample,SharePointsites,Filesharecontent,orpublicwebsitestocrawl.

Crawlingtookthemalittlelongerthanusual,butatsomepointitwillbeready,andthecrawledcontent would be immediately visible within the Office 365 Search Center (accessible viastandardhttps://<tenant>.sharepoint.com/search).

Afterrunningthescript,yougetthefollowingoutput:

The IsExternalContentmanagedproperty is set to«1» for content that is crawledon-premises.Thepropertycanbeusedtorestrictaqueryforonline/on-premisesresults,asarefineror inaresultsource.

IfyoulogintoOffice365asthefederateduser,youwillbeabletoseethecrawlcontentsfromOn-Premiseresultsource.Getthedetaileddocumentation&PowerShellscriptsforConfiguringCloudSSA

1)MicrosoftConnect2) MSDNblog to explain this in further details byManasBiswas [MSFT]&NeilHodgkinson[MSFT]

Foranyotherqueries,postyourquestionshere.

HowsecurityworksforHybridSearchResults(SecurityTrimmingofSearchResults)?AsitemsareindexedinOffice365,theaccesscontrolentriesarelookedupintheclouddirectoryservice.UserSIDsaremappedtoPUIDsGroupSIDsaremappedtoObjectIDs«Everyone»and«Authenticatedusers»aremappedto«Everyoneexceptexternalusers»

Securityprincipalscanbemanagedon-premisesandsynchedtothecloudbyusingtheDirSynctool.Theobject in the cloud (AAD)directorynowmirrors theobject in theon-premises (AD)directory.Ifyougetadocumentinthesearchresultonline,it isbecauseyouhaveaccesstothedocumenton-premises.Youmustbesignedintoon-premisestoopen/accesstheactualdocument.If user belongs to particular groupwith specific access on documents but still cannot see theresults,itwouldbeduetoSIDvalueswhicharenotmappedtoAzureADonline.

SearchIndexinginSP2016When you create a Cloud Search Service Application the regular content plugin is disabledand Azure Plugin is initiated. The crawler picks up a document from SharePoint, parses it,extractsastructuredviewofthecontent,removesanyunnecessarymarkupandsubmitsbatchjobstoSharePointOnlinesearchengineforprocessingthedata.Thebatchjobsarecompressedandencrypted before submitting to service. Hence forth all processing and persistence of theextractedmetadataisdoneinSharePointOnlinesearchfarm,whichiswherethefinalindexsizewillcomeintopicture.Soyouwillnotbeabletodoa1:1mappingwithwhatyouseeinyourOn-premiseSPfarmsindex.ThisisthehelpfulpostaboutinitialthoughtsaboutCloudSSA.

E-discoveryforSearchingSensitivedataE-Discovery of content within SharePoint, Lync and Exchange is also available in hybriddeployments. The ability to search for content is therefore theoretically possible to search asingle eDiscovery assignment, the content inside all sources and gather into one report. ThistechniqueleaningagainontheCloudSearchServiceApplication.Topreventsensitiveinformationfrombeingshowninsearchresult,ithastoconfigurethroughe-discoverycase&queryine-discoverysearchcenter.

1.Createe-discoverySearchCenter.

2.Createe-discoveryCaseandsete-discoveryfilterwithspecificqueryforsensitivetype. KQL query helps to detect sensitive Information type by “Classification” asparameter&providesinstantstatistics.3.Once crawl is completed, documentsmatching ediscovery filter will be shown insearchresult.Userwithrequiredaccesscanviewthesedocumentsandthenexportittoonedriveforbusiness.

Regardingtheactualconfigurationofsensitiveinformationreadbelowblogposts.http://summit7systems.com/configuring-sharepoint-2016-sensitive-information/http://blogs.technet.com/b/wbaer/archive/2015/08/26/sensitive-information-types-in-sharepoint-server-2016-it-preview.aspx

SharePoint2016ServiceApplicationsSharePoint2016has samearchitecture for service applicationswhich is carried forward fromSharePoint2013exceptUserProfileserviceapplication&ProjectServerserviceapplications

ThesearetheserviceapplicationsavailableinSharePoint2016farmwhichissimilartoserviceapplicationsinSharePoint2013versions.(InadditiontoCloudSearchServiceApplicationasdescribedinabovesection).In SharePoint 2016, the Service Applications which are running on particular server isdeterminedbytheServerRoleanditcanbeinterconvertedthroughPowershellScriptorUI.

DeprecatedServiceApplicationsHereyouwillfindthelistof theallfeatures, thatwillnomoresupportedinSharePoint2016,includingServiceApplicationfeatures.

UserProfileSynchronizationServiceApplicationIn SharePoint 2013 (in earlier versions) used Forefront Identity Manager Client (FIM) tosynchronize between Active Directory and SharePoint. SharePoint Server 2016 Beta 2 usesMicrosoftIdentityManager2016toolforsynchronization.Thistabledepictstheexactdifferenceswithearlierversions.SharePoint2013ADSynchronization

SharePoint2016ADSynchronization

usesForefrontIdentityManagerclient(FIM)tosynchronizebetweenActiveDirectoryandSharePoint

NolongerusesFIMasthesynchronizationclient.ThedefaultprocessisActiveDirectoryImport.

PreviouslyinSharePoint2013,Microsoftsupportsseveraltypesallowingyoutoconnecttodifferentdirectoryservices,suchasIBMTivoli,NovelleDirectory.

ActiveDirectoryImportistheonlysynchronizationconnectiontypeavailable.MicrosoftIdentityManager2016canbeusedanexternalFIMservicetosynchronizationbetweendirectoryservicesandSharePoint.

ExcelServiceApplicationExcelServiceapplicationfunctionalitiesarenowmovedtoExcelOnline(ExcelWebApp)ThefollowingExcelServicesfunctionalityhasbeendeprecated:TrusteddataprovidersTrustedfilelocationsTrusteddataconnectionlibrariesUnattendedserviceaccountExcelServicesWindowsPowerShellcmdletsOpeningofExcelworkbooksfromSharePointCentralAdministrationsiteThe followingExcel Services functionality requiresExcelOnline inOfficeOnline ServerPreview:ViewingandeditingExcelworkbooksinabrowser(withorwithouttheDataModel)ExcelWebAccesswebpartforSharePointODCfilesupport(nolongerrequiresDataConnectionLibraries)ProgrammabilityfeaturessuchasJavaScriptOM,UserDefinedFunctionAssemblies,SOAPandRESTprotocolsupport.

InstallingOfficeWebAppInstallOfficeWebAppsServerandrelatedupdates,thislinkoninstallationsteps.CompletethesestepsonanyserversthatwillrunOfficeOnlineServer.

1)RunSetup.exe.

2)OntheReadtheMicrosoftSoftwareLicenseTermspage,selectIacceptthetermsofthisagreementandclickContinue.3)OntheChooseafilelocationpage,selectthefolderwhereyouwanttheOffice4) Online Server Preview files to be installed (for example, C:\ProgramFiles\Microsoft OfficeWebApps) and select Install now. If the folder you specifieddoesn’texist,Setupcreatesitforyou.

WhenSetupfinishesinstallingOfficeOnlineServerPreview,chooseClose.Ifyou'replanningtouseKerberosConstrainedDelegationwithExcelOnline,then,inServices,settheClaimstoWindowsTokenServicetostartautomaticallyonthisserver.AlsoseesecondNOTEhere:https://msdn.microsoft.com/en-us/library/ee517278.aspx.

ExcelServiceforExternalDataAccess:If you plan to use any features that utilize external data access,workingwithDataModels orSharePoint’sPowerPivotorPowerViewcapabilities,notethatExcelOnlinemustresideinthesameADdomainforestastheiruser-baseaswellasanyexternaldatasourcesyouplantoaccessusingWindows-basedauthentication”

ExcelOnlinewithKerberosAuthentication:IfyouplantouseKerberosConstrainedDelegationwithExcelOnline,besuretoaddeachOfficeOnlineServerinthefarmtotheActiveDirectoryDomainServicesdelegationlist.Formorereferencecheckhere.

UserProfileServiceApplicationIn User Profile Service Application, User profile synchronization can be done from ActiveDirectoryorbyenablingtheexternalIdentityManager.

ActiveDirectoryImportBy default, User Profiles can be imported from Active Directory. Create Active Directoryconnectionasdirectedinbelow.

Hereprovidethesynchronizationoption,asSharePointActiveDirectoryImport

&ProvidetheConnectionName,Type&ConnectionSettings.

MicrosoftIdentityManager2016Microsoft Identity Manager 2016 enables rich, bi-directional synchronization and commonidentityscenarios.MicrosoftIdentityManager2016simplifiestheidentitylifecyclemanagementwith automated workflows, business rules and easy integration with heterogeneous platformsacrossthedatacenterandcloudtoincludeSharePointServer2016.StepstoconfigureMIMcanbefoundhere

ProfileRedirectionProfileRedirection enables the extension of profiles toDelve aboutMe and additionalOffice365 experiences users within an organization. Profile redirection, in a hybrid Team Sitesconfiguration redirects cloud (hybrid) users to their profile in Office 365 powered by OfficeDelve ensuring hybrid users have a single place for their profile information. Get moreinformationhere.Below table depicts the difference inUser Profile ServiceApplicationwithearlierversions.SharePoint 2013 User ProfileServiceApplication

SharePoint 2016 User ProfileServiceApplication

Synchronizationdatabasewhichstoresconfiguration and stagingdata forusewhen profile data is beingsynchronized with directory servicessuchasActiveDirectory

UserProfileserviceapplicationtoberesponsible for bearing a set ofcomplicatedconfiguration structure insynchronization.

User Profile Service application inSharePoint 2016 offers more userpropertiesbydefault

Inthisversionwhenyoucreate,newUserProfileServiceApplication,

DatabaseNameforSyncDatabaseisdisabled&alldataisstoredinUserProfileDatabase.SocialDatabaseandSyncDatabaseareobsoleteinthisversion.

ProjectServerServiceApplicationUnlike SharePoint 2013 & earlier versions, separate installation is not required; it will beincludedinSharePoint2016Installable.

CreatingProjectServerApplicationHere is a little how to (how-to) to create a website using the template "Project Server" site.Indeed,ProjectServerhasbecomeaBusinessServiceattheCentralAdministration.Todothis,signinwithyour"AccountFarmAdministrator"andcreateyourapplicationservice.Make sure youhave created an application dedicated pool, a dedicated service account and auniquedatabase,forthesafetyofsegregation.

CreateProjectServerSiteCollectionPriortothecreationofProjectSitecollectioncreation,makesurethatProjectServerServiceisrunning&whileinstallingSharePoint,youhaveselectedmulti-serverrole,Ifnotconverttheroleofthemulti-server.ForthisstartPowerShell(SharePointManagementShell)withthefarmadministratorrightsanddefinethosefollowingvariables-whichwewilluseforthecreationofourwebsite.Incase;settheitemsasshownbelow:$Name="ProjectServerServiceApplication"$web=Get-SPWebApplication"http://<Web-AppUrl>/"$Sitecollection=web$$Template="#0pwa"$Owner="SharePoint\FarmAdmin"$DBName="<ProjectServerDBName>”"$DBServ="domain\<DBServerName>”Thenwewill create a specific content database toour collection site and then create the site.Thesesettings-andcmdletsdonotbeunknownasthiswasalsotrueinSharePoint2013.Runthefollowingcmdletsandparameterstocreatethedatabase:NewSPContentDatabase-Name$DBName-DatabaserServer$DBServ-WebApplicationWeb$

Thereafter-forthecreationofyoursitecollectionexecutethisscript:New-SPSite -url "http: // <siteurl> /" -OwnerAlias $ Owner -ContentDatabase $ DBName -template$Template-Description"PWAtestsite"-Name$TitleEnable-SPFeaturepwasite-url"http://<siteUrl>"

Andnow,afterenablingyoursiteisreadyforuse!

AccessServiceAppAccesswebappfeaturescomingtoSharePointon-premisecustomers.Withtheupcomingreleaseof SharePoint 2016, customers using SharePoint 2016 with Access Services within theirorganizationswillseeadditionalfeaturesandtakeadvantageofserviceimprovements.HereisalistofAccesswebappfeaturesinAccessServicescomingforSharePoint2016:

CascadingcontrolsDatasheetfilterimprovementsRelatedItemControlenhancementsImagestorageandperformanceimprovementsOfficeAdd-insintegrationwithAccesswebappsAdditionalpackagingandupgradefunctionalityforAccesswebapppackagesOnDeploymacroactionforupgradescenariosLocktablesfromeditingfunctionalityDownloadinExcelfeaturefordatasheetviews

What’snewinSharePoint2016SitesNew Site Templates like Compliance & in-place hold Policy templates are introduced inSharePoint 2016. Also provisioning performance is improved through Fast Site CollectionFeature.

ComplianceCenterforDataLossPrevention(DLP)Data loss prevention featurewas introducedOffice 365, but itwill be extended inSharePoint2016.Newsite templates are introduced inSharePoint2016.Tounderstand the functionalityofthesetemplatesweneedtounderstandthisfeatureandIt’sbackground.

WhatisDLP?WithimplementationofDLP,Organizationscanenabletheiremployeestoprotectsensitivedatafrombeingleakedoutsideoforganizationthroughdefinedpoliciesandenforcedatasecurity.

Broadly speaking it helps to identify,monitor, and protect sensitive data through deep contentanalysis.InSummary,Withthisnewcapability,youcan:1. Search for sensitive content across SharePoint Server 2016 , SharePoint Online, and

OneDriveforBusiness.2. Leverage 51 built-in sensitive information types (credit cards, passport numbers, Social

Securitynumbers,andmore).3. Identifyoffendingdocuments,exportareport,andadjustaccordingly.4. Information on configuring and using this feature is documented in SharePoint Online and

Office365.Formoreinformation,see:SearchforsensitivecontentinSharePointandOneDrivedocumentsUseDLPinSharePointOnlinetoidentifysensitivedatastoredonsitesOnDLP implementationPolicyTipscanbeseen inOutlook,OneDriveandSharePointOnline,DesktopExcel,PowerPointandWord.

PolicytipsinOWAfordevicesWithDLPpolicydefined,outlookitemwillbescannedforthesensitiveinformation.

If message contains the sensitive information, email sender will be notified about the policyviolation.Inabove,emailsenderisnotifiedaboutCreditcardnumberinformationinhisemail&thensenderwillbeabletocorrecttheemail&senditaccordingly.

PolicytipsinSharePointandOneDriveWithDLPpolicydefined,documentswillbescannedforthesensitiveinformation.

PolicytipsinOfficeclientsWith DLP policy defined, documents will be scanned for the sensitive information & PolicyinstructionwillbeshowninOfficeClients.

HowDLPWorks?

HowDLPworksinOffice365?Inoffice365,thesepoliciesaredefinedinComplianceCenter.Ithascentralcompliancepolicieswhichapplyacross theOffice365suite. It iscentralpoint foraccess toexistingExchangeandSharePointcompliancefeatures.Itcompilesonepolicydefinition,itisindependentofworkload,ithasonepolicylifecycle&onesetofsensitivetypedefinitions.

CreatingNewDLPPoliciesTocreatenewDLPPolicy,NavigatetoOffice365Administration,&selectDatalosspreventiontab, in thatselectNewDLPPolicyfromTemplatesuitable to requirementsoralsoDLPPolicycanbeimported.

Select thekindof informationthatyouwant toprotect&alsoyoucancreate thecustompolicyaccordingtorequirements.

Here,selecttheservicesforwhichDLPpoliciesneedstobeapplied.SharePointOnlinespecificsites.Onedriveforbusiness.

SearchforsensitivecontentacrossSharePointOnlineandOneDriveforBusinessFordetailedwalkthroughandinformationfollowingreferencewouldbehelpful.https://blogs.office.com/2014/08/27/search-sensitive-content-sharepoint-onedrive-documents/

DLPPolicyRulesThesearethesetofconditionsandresultingactionsthatdescribethepolicyobjective.Ithelpstotakeactiontoenforcepolicy.Rangeofactionsmodelthebusinessrequirementsforprotectionofsensitive information from audit, notification, override to block. Actions are normalized fordifferentworkloadexperiences.

DLPcontentdetectionflowinExchange

ItisintegratedintoExchangeTransportRule(ETR)engineinSMTPservice&runsincategorizerduringOnResolvedMessage.ItisintegratedasanewETRpredicateforchecking

thesensitiveinformation.Performstextextractionforbodyandattachmentsfollowedbyclassification.Itcanbecombinedwithanyexistingpredicatesandactions.

DLPprocessinginSharePointOncetheDLPpoliciesareinplace&crawlingisexecutedinSearchserviceapplication,itisinvokedbysearchcrawlerasnewcontentdiscoveredandchanged,Classificationresultsstoredinindex.Classificationoperatorcomponentcontinuespolicyevaluationandapplication.

HowDLPworksinSharePoint2016Above section, explains the background of this feature in office 365. In SharePoint 2016,toimplementDLP,followingpre-requisitesarerequiredasshowninbelowdiagram.

ComplianceCenterInCentralAdministration,createsitecollectionforComplianceCenter,byselectingthetemplateasbelow.

Createnewpolicyandselectthepolicytemplateaccordingtosecurityrequirementstosecurethedata.

To assign this policy to specific site collection, Navigate to DLP Policy Assignments forsitecollectionList.

Choose the sitecollection to assign the policies & under Managed Policies section assignsitecollectionwithrespectivepolicy.

E-discoveryCenterFor actual amendment of policies on documents, setup the Ediscovery center, in centraladministrationcreatethesitecollectionwitheDiscoverytemplate.

Navigatetothissitecollection,&createnewDLPqueries.

Select thepolicy templates (as selected inabovestepswhileconfiguringpolicy incompliancecenter sitecollection), also add ediscovery filter to add the site location where policies areassignedinabovesteps.Now upload the document which breaches the policy in this sitecollection (where policy isassignedandediscoverylocation&filtersareset).startthecrawlinginsearchcenter&restartthetimerjobsgivebelow.

Navigatetodocumentlibraryinthisparticularsitecollectionandcheckifpoliciesareapplied.ThisisthegenericoverviewofhowDLPworksinSharePoint2016.FormoredetailsonDLPquery,findthesereferences.http://blogs.technet.com/b/fromthefield/archive/2015/12/04/data-loss-prevention-dlp-in-sharepoint-2016-beta-2.aspx(ByBrendan)http://absolute-sharepoint.com/2015/12/configure-dlp-in-sharepoint-2016-step-by-step-tutorial.html(ByVLad)

DocumentDeletionPolicies

AboutDocumentDeletionPolicy

WiththehelpofDocumentdeletionpolicy,documentcanbedeletedaftercertainperiodoftimetoavoidunnecessarylegalrisk.Documentdeletionpoliciesarepowerful&flexible—forexample,Administratorcanallow site owners to choose from policies that are centrally created and managed. Also siteownerscanoptoutaltogetheriftheydecideapolicydoesnotapplytotheircontent.Using Specific Site collection Template, a single mandatory policy on all sites in a sitecollection, such as all OneDrive for Business sites, or even enforce a policy on all sitecollections.Thisprovidesadefaultpolicywithadefaultrulethatwillbeautomaticallyappliedwithoutanyactionrequiredbysiteowners.

CreatingDocumentDeletionPoliciesAdmincreatesandmanagesdocumentdeletionpoliciesbyusing theDocumentDeletionPolicyCenter,whichcanbefoundunderRetentionin theOffice365ComplianceCenter.Alternatively,Policy Center site collection can be created choosing Compliance Policy Center ontheEnterprisetab.EachtenantcanhaveonlyoneDocumentDeletionPolicyCenter,andit’llbecreatedautomaticallyifyoustartfromtheComplianceCenter.

After theDocumentdeletionPolicycenter iscreated,specify thedeletion rulebycreatingnewdeletionpolicy.Based on the requirements, options specified in below image can be provided to specify thedeletionpolicy.Here specify thedate fromwhendocumentdeletiondatewill be calculated&timeperiodafterwhichdocumentwillbedeleted.

Document Policy can be applied for OneDrive for Business Template or Site CollectionTemplate.

InPlaceHoldPolicyCenterAboutinPlaceholdPolicyCenterThissitemodelusedtomanagestrategiestokeepitemsinSharePointsitesforaspecifiedtimeperiod, based on the date of creation or modification of 'element. You can combine thesestrategieswiththoselinkedtotheremovalofdocumentsaccordingtotheirretentionpolicies.Ifmultiple policies apply, the document is saved for the longest period. This site template isemergingwithSharePoint2016.

CreatingInPlaceHoldPoliciesSelectIn-PlaceholdPolicyCentertemplatewhilecreatingthesitecollection.

In-PlaceHoldPolicyCentersitecollectionistheplacetomanagethepoliciescentrally.

Here,findmoredetailsaboutcreatingInPlaceholdpolicies.

FastSiteCollectionCreation(SCCF)FastSiteCollectionCreationisamechanismdesignedtoimproveprovisionperformanceofSiteCollections through performing a copy operation using SPSite.Copy Commad at the ContentDatabase level.This helps to create the replicaof theSourceSiteCollection (MasterSite) insame Content Database & then customize the new site collections by activating the customfeatures.Herearethestepstogo

EnabletheFastSiteCollectionCreationforaWebTemplateExecutefollowingPowerShellCommandtoenableFastSiteCollectionforawebtemplate.Enable-SPWebTemplateForSiteMaster-Template“STS#0″-CompatibilityLevel15ThiscommandenablesFastSiteCollectionCreationforTeamSiteTemplate.

CreateSiteMasterinparticularContentdatabases.ExecutefollowingcommandtocreateSiteMasterinparticularcontentDatabase.

New-SPSiteMaster-ContentDatabase$ExistingContentDB-Template“STS#0″

ThiscommandcreatesSiteMasterwhere$ExistingContentDB,variableofexistingContentdatabasewhereTeamsitewascreated.

CreateSiteCollectionusingtheSiteMasterExecutefollowingcommandtocreatesitecollectionusingthissitemaster.

New-SPSite http://<server>/sites/FastSiteNew -ContentDatabase $ExistingDB -CompatibilityLevel15-CreateFromSiteMaster-OwnerAlias“<domain>\<userid>”

Formoredetails,checkfollowingreferences.

http://www.learningsharepoint.com/2015/09/10/fast-site-creation-in-sharepoint-2016-a-deep-dive/

http://nikcharlebois.com/sharepoint-2016-fast-site-creation/

http://blogs.technet.com/b/wbaer/archive/2015/08/26/fast-site-collection-in-sharepoint-server-2016-it-preview.aspx

SharePointHybridSharePointHybridisaboutconnectingon-premisesandCloud,togetherandachievesbusinessvaluesthroughhybridpillars.

Ahybridsolutionhelpstogetstartedwiththecloudfunctionality.Ahybridenvironmentenablesenterpriseuserstobeconnectedtorequiredcontents&resourcesfromanywhere.Togetthemoreconfigurationdetailsabouthybridconfigurationinthisblogseries.http://blogs.msdn.com/b/spses/archive/2013/10/22/office-365-configure-hybrid-search-with-directory-synchronization.aspx

HybridOneDriveforBusinessHybridsitesfeatureshavetobeusedwithHybridOneDriveforBusiness(introducedinSharePointServer2013withServicePack1(SP1)):

UserscansyncfileswithOffice365andsharethemwithothers.UserscanaccesstheirfilesdirectlythroughOffice365fromanydevice.

ItistheadvancementofSharedandPersonalMySiteconcepts,&sharingandversioningexperienceissimplified.Itisprivatebydefaultwithsimplepermissionsmanagement.StoringbusinessfilesinOneDriveforBusinessmakesiteasyforuserstoshareandcollaborateondocuments.WithOffice365,on-premisesstoragecostscanbereducedbymovingyourusers'filestothecloud.UserscanberedirectedtoOneDriveforBusinessinOffice365whentheyclickOneDriveorSitesinthenavigationbar.ThisisknownasOneDriveforBusinesshybrid.OneDriveforBusinesscanbeconfiguredinOffice365orinSharePointServer2013.Youcanalsointegratebothenvironmentstocreateahybridexperience.

ConfiguringOneDriveforBusiness

PrerequisitesforconfigurationareasbelowThisTechEdsessionhelpstounderstandmoreonpre-requisitesforconfiguringanycloudscenario,toconfigureHybrid,youwillneedtosetupEnterpriseSearchServiceapplicationUserProfileServiceApplicationSubscriptionSettingsServiceApplicationAppManagementServiceApplicationReplacingtheSTScertificateoftheOn-PremisesSharePointServerandestablishaServer-to-ServertrustwithWindowsAzureACS.Office365SubscriptionTolearnhowtoconfigurehybridOneDriveforBusinesswithOffice365,findtheroadmaphere.Alsothisisusefulpost.

IntheCentralAdministration,onedriveandsitelinkscanbeconfiguredasbelow.

SiteFoldersAftertheOneDriveisconfigured,asdescribedabove,usersareabletonavigatetolibrariesforwhich they have access to with the help of Site Folders. Irrespective of the location of thedocumentinparticularsite,usercaneasilyaccessthedocumentssharedwiththem.

SearchingdocumentsinOneDriveAfter the OneDrive is configured, as described above, users can search the documents inOneDriveusingEnterpriseSearchServiceApplicationinOn-Premiseserver.

ConfiguringtheResultSourceforOneDriveInCentralAdministration,open theSearchServiceApplication&create theResultSource forOneDrive.A Result source can be created which points to Office 365 url (i.e https://tenant name-my.sharepoint.com)asRemoteserviceUrlparameter&MySitehosturlas(i.e.path:https://tenantname-my.sharepoint.com/personal)QueryTransformUrlparameter

ConfiguringtheResultSourceinSearchResultPageConfiguretheSearchResultWebpart,toconfigurethisResultSourceasdescribedabove.

ThisisthesummaryofmsdnblogseriesbyManas,postedhere

UsingHybridOneDriveforBusinessAttachmentswillbestoredinan“Attachments”folderintheuser’spersonallibraryin

SharePointOnline,knownasOneDriveforBusiness.Eachattachmentwillbesecuredtothoseontherecipientlistoftheoriginatingemail.

Search(Hybridsearch)Cloudhybridsearchisanewhybridsearchsolutionalternative.Withcloudhybridsearch:Crawled contents from on-premise server & Office 365 server are stored in search index inOffice 365.You can set up the crawler in SharePoint Server 2016 to crawl the same contentsourcesandusethesamesearchconnectorsinOfficeSharePointServer2007,SharePointServer2010,andSharePointServer2013.Office365SearchCentershowstheaggregatedsearchresultfromSharePointOnlineaswellasfromOn-Premisecontentsources.Formore informationabout cloudhybrid search, see thepublicMicrosoft cloudhybrid searchprogramonMicrosoftOfficeconnection.https://support.office.com/en-us/article/SharePoint-Hybrid-4c89a95a-a58c-4fc1-974a-389d4f195383With hybrid search, you can search for files and documents across SharePoint Server andSharePointOnline,givingyoueasyaccesstothefilesthatyouneed.ImplementingaSharePointhybrid infrastructure letsuserssearchfrombothsystemsandaccesscontent from each.Depending on howyou set up your system, you can have only on-premisesusers,onlyonlineusers,orbothbeabletosearchbothyourSharePointServeron-premisesandOffice365.Pleasefindmoredetailsabout theconfigurationdetails inSharePoint2016HybridSearchSectionofthisbook.

HybridsitesfeaturesThis allows users for seamless experience while using SharePoint On-Premise Server andSharePointOnlinesites:

UserscanfollowSharePointServerandSharePointOnlinesites,fromaggregatedlist.UsershaveasingleDelveprofileinOffice365,wherealloftheirprofileinformationisstored.

Formoreinformation,seePlanforhybridsitesfeatures.

Extranet(Partnerfacingextranetsites)SharePointOnlinesitesaretheExtranetSites.Anextranetisasitethatfacililatesexternaluserstohaveaccesstorelevantcontentandtocollaboratewiththem.UsingOffice365,Partnerfacingextranet sites can be created that let partners securely do business with your organization,withoutaccesstothecorporateon-premisesenvironmentoranyotherOffice365site.

CompareOffice365HybridExtranetwithatraditionalSharePointOn-premisesExtranetThiscomparisonprovidestheadvantagesofusingHybridExtranet.

Office 365 HybridExtranet

SharePoint "on-premises"Extranet

Firewallaccessrequired toexternalusers

No Yes

Complexnetwork andinfrastructureconfigurationrequired

No Yes

Securityhardening

Managed throughOffice 365Configurations

Manuallyconfigured by ITstaff

IT Laborintensive

No Yes

Ongoingmaintenanceneeded

Minimal Considerable

Additionalhardwareneeded

No Often

Managingexternal

Yes Locally managedonly

partner userslocallymanaged orcloudmanagedControllingsharingexperiencefor extranetsites

Part of Office 365sitesfunctionality

Often requirescustomsolutions/apps

ConfigurationofHybridExtranetHereyouwillfindthestepstoconfigureHybridExtranetovergreaterdetails.

HybridPickerUseHybridPickertoconfigurehybridfeaturesbetweenSharePointServer2016andSharePointOnline. Hybrid Picker is part of Office 365. You can find it in the SharePoint Tenant Adminconsole. You need to log on as a Global Administrator or a user assigned the SharePointAdministratorrole.TouseHybridPicker,youalsoneedtobeloggedintoaSharePointServer2016ITserverasaFarmAdministrator.

PrerequisitesInbelowtablefindthepre-requisitestoconfigureHybridPicker.

Conditions EnvironmentIncaseofSharePointServer2013farmshouldhaveSeptemberPUorlaterproperlyinstalled.

On-Premise

Open80and443portsinthefirewallforoutboundcommunications.

On-Premise

FarmAdministratoraccesstoCentralAdministration

On-Premise

GlobalAdministratorAccesstoOffice365

Office365

Accountbeingsynchronizedwithpropertiessuchasemail,SIP,emailaddress.UserssynchronizedwithOffice365usingAzureActiveDirectorySync(AADSync).

On-Premise

HybridScenariosconfigurationwithHybridPicker

HybridOneDriveforBusinessThisredirectsyourusers'OneDriveforBusinesstoOneDriveforBusinessinOffice365.Italsoinstallsaserver-to-server(OAuth/S2S)connectionbetweenSharePointServeron-premises.Findmoredetailsinthissectionofthebook.

HybridsitefeaturesThisoptionconfiguresaserver-to-server(OAuth/S2S)trustbetweenSharePointServer2016and

Office 365 & then configures hybrid sites features. Choosing the option configures hybridOneDriveforBusinessaswell.

FindstepbysteproadmapforconfigurationofHybridSitefeatureshere.Afterthisfeatureconfiguredusinghybridpicker,

Users having access (configured as the part of audience group) to Office 365environment,willberedirectedtoDelveUserProfile(i.e.Aboutmelink,undersettingsmenu,intoprightcornerintheribbon).ThiscanbeconfiguredaspartofOneDriveforbusinessconfigurationdescribedinthissection.Userswillbeabletoseetheaggregatedlistofhis/herfollowedsitesfromon-premise&Office-365environment(onclickofAppLauncher)

HybridOptionsThissnapshotdescribes thevariousoptionsavailablewithhybridconfigurationwithrespect tohybridextranet&hybridSearch.

WhatareNextGenPortals?Office 365 Video Portal, Infopedia & Delve are the out of the box NextGen Portals. TheseIntelligent,Social,Mobile,Ready-to-GoPortalsareenhancedbykeyOffice365capabilitieslikeOffice Graph, Office Add-Ins, OneDrive, Skype, Outlook, Yammer, SharePoint ContentManagement,AzureMedia&PaaSservice,ComplianceCenter.

TheseOffice365capabilitiescanbeleveragedinSharePoint2016On-Premiseserverwiththehelp of hybrid configuration.These capabilities includes experiences like Portals, Team Sites,Files,Search,Social,BIetc

NextGenPortalsPageRenderer&AuthoringcanvascomponentsarebuiltontopofSharePointContentStorage,this portalAPI can be accessed throughRESTAPIs.Custom portals can be created using theNextGenportaltemplate.BuildingblocksofNextGenPortalsareasshownbelow.

NextGenPortalArchitectureEachNextGenPortalconsistsofHubsitecollection&ContentSiteCollection (Channel).EachContentSitecollectioncanbecreatedinHubSiteCollection.

HubSiteCollectionHubsitecollectionissimilartoCommunityPortal(SearchCenterwhichshowsallcommunitiesinthefarm),ItdisplaysthedatahostedinContentSiteCollection/Channels.

HubSitecollectionsisunder<Office365domain>.sharepoint.com/portals/hubmanagedpath(PerTenant).Forexample,InVideoOffice365Hub,fromthiscentralsitecollection,differentvideochannelscanbecreated.

Security can bemanaged fromManaged Settings forHub Site collection /Channels.After youuploadthevideostochannel,youwillneedtowaitforthecrawlingtobecompleted.

ContentSiteCollectionWithrespecttoeachHubSiteCollection,Channels/ContentsiteCollectionsarecreatedunderthe/portals/managedpath.

LibrariesIneachContentSiteCollection,PortalDataisstoredinrespectivelibrariesindifferentformat.

Library FormatPages PagedataasJSONBloblistitemsImages ImageAssetsforpages

Videos VideoFiles(backedbyAzureMediaServices)

Office365VideoPortalOfficeusesVideoAzureMediaServicesfortranscoding(converting)videosinmultipleformatstobecompatiblewithmostdevices(devices).AzureMediaServicesonlyexistsinthecloud,socanbeaversion"hybrid"

Video hub portal inOffice 365, contains different channels,Video uploaded in this channel isstoredinAzureComponents&TimerJobmanagesinteractionbetweenSharePointOnline&Azure components. End user uploads video to SharePointOnline, SharePoint interactswithAzureServicemediaservicefortranscodingthevideoandstoringitinContentStorage.

AzureMediaservicealsoprovidesthumbnailsforreferencingtheparticularvideo.AzureMediaServicedeliversvideostreamingthroughAESsecuritytoContentDeliverynetwork&viewerscanviewsecuredcontents.FollowingfeaturesareresponsibleforVideoProcessinginSharePointOnlineWebApplicationFeature:VideoProcessingThisfeatureregistersvideoprocessingtimerjob.

WebApplicationFeature:CloudVideoThumbnailProvider.Thisfeatureprovidesfunctionstogeneratethumbnailsforvideos

InfoPediaThisistheKnowledgemanagementPortal,definitivehubforMicroSites,Boards&personalizedportalpoweredbyOfficegraph.

This landingpage shows the collectionofMicrosites (links toMicrosites enabledwithSocialFeatures).At high level InfoPedia is collection ofMicrosites, Boards, andArticles in definedhierarchy.FindmoreaboutInfoPedia&Micrositeshere.

DelveandOfficeGraphDelve is theknowledgemanagementportal incontextwithcurrent logged inuser & Officegraph is the graphical representation of related activities among related users and relatedinformation.

DelveusestheOfficeGraphtodeliverpersonalizedviewsofthepeopleandcontent.DelvenowletsyoudiscoverContenttypesfromacrossOffice365.TogetmoreinsightsonDelve&OfficeGraph,checkouttheseveryinformativepostswithmoredetails.http://www.dotnetmafia.com/blogs/dotnettipoftheday/archive/2014/09/08/a-quick-look-at-delve-in-office-365.aspxhttps://support.office.com/en-us/article/Office-Delve-for-Office-365-admins-54f87a42-15a4-44b4-9df0-d36287d9531b

ToactivateDelve,You’llneedtoturnontheFirstReleaseprograminyourOffice365ServiceSettings.You'llneedtoenableDelveontheSharePointSettingsaswell.

ChoosetheoptionAllowaccesstotheOfficeGraph(default).TenantadministratormayturnoffofficegraphandDelveforthewholetenancy.

InRibbon,navigatetoDelvelink.

AllowaccesstoOfficeGraph.

Alternatively,IndividualscanturnofftheDelvesettings.

OfficeGraphIt’san intelligent fabric thatappliesmachine learning tomatch theconnectionbetweenpeople,content and interactions all across Office 365.Office Graph consists of signals which showsactionsbetweenOffice365,Actors&Items.

Signalsaresecuritytrimmed&respectstheprivacyoftheendusers.SignalsarecategorizedasPublicsignal/PrivatesignalbasedonlevelofPrivacy.EachsignalconsistsofActorNode,Edges(toconnectActortoObject/Item)&ObjectorItem

Thistabledescribesdifferenttypesofedges(inSignals)withPrivate/PublicvisibilityEdge Description VisibilityPersonalFeedlFeed Theactor’spersonal feedasshownon their

HomeviewinDelve.Private

Modified Items that the actor hasmodified in the lastthreemonths

Public

OrgColleague Everyone who reports to the samemanagerastheactor.

Public

OrgDirect Theactor’sdirectreports. PublicOrgManager Thepersonwhomtheactorreportsto. PublicOrgSkipLevelManager Theactor’sskip-levelmanager. PublicWorkingWith People whom the actor communicates or

workswithPrivate

TrendingAround Items popular with people whom the actorworks or communicates with frequently.Aggregatedacrossseveralsignals

Public

Viewed Items viewed by the actor in the last threemonths.

Private

WorkingWithPublic

ApublicversionoftheWorkingWithedge. Public

DelveBuildingBlocksThistabledescribesthebuildingblocksofDelve&sequenceinwhichgraphqueryisexecuted.

Sequence Features Technique1 Graphsearch /_api/search/query2 Signals /_api/signalstore/signals3 Previewimages /_layouts/15/getpreview.ashx

OfficeGraphEndpointsCustomApps/SolutionscanbedevelopedusingtheAPIexposedbyGraphendpoints.Togettheendtoenddetailsaboutthisapi,getthroughConnect2015Videos.DelvecanbeextendedforcustomrequirementsusingGraphQueryLanguage(GQL),ExternalHybridContent,ExternalActivity.