preservediscover in-place archive with secondary quota available on-prem, online, or eoa lync...
TRANSCRIPT
Compliance and eDiscoverySpeakerTitleMicrosoft Corporation
Presentation available @http://ignite.office.comUpdated: Oct. 15, 2013
Preserve Discover
In-Place Archive with secondary quota
Available on-prem, online, or EOA
Lync Archives into Exchange
Search across Primary & Archive – OLK & OWA
Storage management
Capture deleted & edited messages
Time-Based In-Place Hold
Query-Based In-Place Hold
In-Place Hold across Ex, SP, Lync
Preservation
Automated time-based criteria to delete or move to archive
Set policies at item or folder level – admin or user
Consistent MRM OWA UI
Data governance
Search primary, archive, & recoverable items
De-duplication & Search statistics
eDiscovery Center for Ex, SP, Lync
Case Management
In-Place preview
Export search results
eDiscovery
The new Office
Archiving
2
Identify and
preserve
Search and
processReview Produce
eDiscovery overview
Volume Relevance
The what and why of In-Place
eDiscovery and compliance
In-Place archive (Cloud or on-Premise)
LyncSPEX …
EX
SP
Lync
eDiscovery and compliance
Traditional archive
…
Cross productCloudOn-premises
In-Place platform, discovery and preservation
Choice of platform for archive
In-Place eDiscovery and preservation
4
In-Place hold as you want it
Litigation hold (Legacy)
Time-based In-Place hold
In-Place hold (Indefinite)
Query-based In-Place hold
eDiscovery center
Exchange admin center
Exchange management shell
Variants Management options
5
eDiscovery simplified
Save time and money
Reduce risk
Key takeaways
Advantages: in-place, real time, more content
Capabilities: In-Place hold, query, and export
6
eDiscovery as easy as 1, 2, 3
In-Place hold: protect content in-place in real time
Query: find up to date and relevant content quickly
Export: transfer content for review and production
1
2
3
Across: SharePoint, Exchange, Lync, and file shares on-premises and Office 365
7
In-place hold: content stays in Exchange and SharePoint, less storage space, lower costs, higher fidelity
Location and query based: hold entire mailboxes, SharePoint sites, or apply a query to hold less content
No impact to users: seamlessly create, edit, and delete without knowing its on hold
1. In-Place hold
Demo: In place hold
Real time: no need to wait for indexing, always live and up to date
Reduce: proximity search, rich query syntax
Make decisions: query and source statistics help you analyze
2. Query
Demo: Find the right data
Easy: download from SharePoint, Exchange, and file shares
Extensible: convert into popular load files
Take it offline: Native files, PSTs, pages as .MHT, lists and feeds as .CSV
3. Export
Demo: Export the data
In-Place Real time More content
eDiscovery as easy as 1, 2, 3
In-Place hold: protect content in-place in real time
Query: find up to date and relevant content quickly
Export: transfer content for review and production
1
2
3
Across: SharePoint, Exchange, Lync, and file shares on-premises and Office 365
11
Sources & capabilities
Source SearchIn-place preservation Export
SharePoint 2010 and SharePoint 2007
Yes No Yes
Exchange 2010 No No No
SharePoint 2013 Yes Yes Yes
Exchange 2013 Yes Yes Yes
File shares Yes No Yes
Content from external systems
No No No
34
Pre-requisitesInstall Domain Controller
Install Exchange Server 2013
Install SharePoint Server 2013 in a three-tier farm.
Install Microsoft Office 2013
Topology: On-Prem
35
Claims-based authenticationClaim is an attribute that of a user not confined to only groups. SharePoint 2010 introduces claims based identity infrastructure
STS (Security Token Service): Service that issues and validates security tokens intended for relying party applications.
SharePoint 2010 introduced a local STS and in 2013 it is enhanced to light-up new scenarios.
Trust broker:An STS that acts as a broker between two or more applications. ACS (Azure Access Control Service) is a trust broker between two apps.
[New] OAuth 2.0:Industry standard RFC 6749 that enables applications to gain access to user’s resources without prompting for user’s credentials.
[New] S2S (Server-to-Server): Extension to OAuth 2.0 to allow an application to be high trust and to delegate a user’s identity.
[New] Application principal: Directory principal object that represents an application, much like users are represented by a principal in directory, MSO-DS & AD
Terminologies
36
eDiscovery scenario: Peter signed-in to SharePoint and put hold on documents and Exchange mailboxes
S2S Authentication – On-premise
SharePoint
Security Token
Service
Exchange
peter@contosobrowses to SP page and triggers hold on Exchange mailbox
1 2 3
5
6
On-premise
Security Token Service OM
trust
4
App Management
Service
User Profile App (UPA)
Service
37
User authentication and accesses eDiscovery center page in SharePointUser [email protected] signs in to SP Windows Claims, assigned with a SID (Security Identifier) by Active Directory
User navigates to the eDiscovery center page and triggers a hold on a mailbox in Exchange on-premise
SP requests an S2S token from its local SP-STSSP requests a S2S token from its local STS
SP requests token for EX on-premise resource
SP-STS validation of requestSP-STS issues a signed S2S ‘inner’ token that,
Identifies SP on-premise app principal
Audience that the token is intended for
Valid for only certain time period and signed with its certificate
SP amending to S2S token and sends to EX on-premiseAdds S2S ‘outer’ token about the user identity information and inserts ‘inner’ token and sends to EX on-premise
Sends the S2S token to EX on-premise
EX On-premise validates SP’s requestEX On-premise validates that the token is indeed issued by a trusted S2S token issuer
Verifies audience, accepts the user info, and rehydrates user
Authorizes SP’s request
EX returns the results for the operation that SP On-premise requested
S2S in On-premise – ‘Under the hood’
EDiscovery configuration: On-Prem
Configure search
Grant permissions
Create eDiscovery center
Configure trust relationship in Exchange
Configure trust relationship in SharePoint
Install Exchange Web Services API
39
Download from http://www.microsoft.com/en-us/download/details.aspx?id=35371
Download the right version
Download for 64 bit computers
DLL must be Gac-ed
Runmsiexec /i EwsManagedApi.msi addlocal =“ExchangeWebServicesApi_Feature, ExchangeWebServicesApi_Gac”
Install Exchange Web Services API in all SharePoint machines
40
If Exchange SSL Certificate is untrusted Install it as Trusted root certificate in all SharePoint machines
In SharePoint Management ShellNew-SPTrustedSecurityTokenIssuer –MetadataEndpoint "https://Ex1.contoso.com/autodiscover/metadata/json/1" –Name "ExchangeServer"
Configure trust relationship in SharePoint
41
Create new eDiscovery Web Application with SSL enabled
ORSet$sts = Get-SPSecurityTokenServiceConfig$sts.AllowMetadataOverHttp = $true$sts.AllowOAuthOverHttp = $true
Create eDiscovery Web Application
42
In Exchange Management Shellcd c:\'Program Files'\Microsoft\'Exchange Server'\V15\Scripts\.Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl https://wfe1.contosotlg.corp.com:11111/_layouts/15/metadata/json/1 -ApplicationType SharePoint
Configure trust relationship in Exchange
43
Farm administrator creates eDiscovery center
“Discovery center” template
Create one or more cases
Give lawyers permissions to cases
Create eDiscovery center
44
SharePointCreate a security group with lawyersCreate WebApp Policy to give Read access for all the content in the webapp for the security group
In Exchange Management ShellRun Add-RoleGroupMember -Identity "Discovery Management" –Member <member name>
OR
In EAC, go to Permissions -> Admin RolesFor “Discovery Management” role, add the user.
Grant permissions
45
27
Add Search Result Source
Add external SharePoint sources as Content Sources
Add external file shares as Content Sources
Add Search Result Source for Exchange in eDiscovery Center Site Collection.Choose Autodiscover or specify Exchange EWS URLDouble check: It should be created in eDiscovery Center Site Collection and not in Case Site.
Start full crawl
Configure Crawl log permissionsSet-SPEnterpriseSearchCrawlLogReadPermission -SearchApplication (Get-SPEnterpriseSearchServiceApplication) -UserNames "<eDiscoveryUsers>"
<eDiscoveryUsers> is semicolon-delimited list of the account names of users who manage eDiscovery cases.
Configure search
47
EDiscovery configuration: Online
Configure Search
Grant Permissions
Create eDiscovery Center
Configure trust relationship in Exchange
Configure trust relationship in SharePoint
Install Exchange Web Services API
48
30
Cross-premise cross-product S2S callsExample: SharePoint on-premise calls to Exchange online
Cross tenant scenariosExample: SharePoint Online call from Contoso tenancy to Exchange Fabrikam tenancy
Office 365: Unsupported scenarios
Where did we come from?
Exchange (Archive, Discovery, Policy, Auditing and Reporting, etc.)
SharePoint (Archive, Discovery, Policy, Auditing and Reporting, etc.)
NOWArchiving, eDiscovery and Devices for Office
(AED)
Archiving
eDiscovery
Deletion and Preservation
Auditing and Reporting
Device Protection
eDiscovery challenges
Preservation
Search and reduction
Export
Q&A
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
AppendixDemo
Demo
eDiscovery