Presentation on theme: "Configuring SharePoint 2013 and Office 365 Hybrid – Part 1"— Presentation transcript:
1Configuring SharePoint 2013 and Office 365 Hybrid – Part 1 Brendan Griffin
2Me.About() Senior Premier Field Engineer @ Microsoft @brendankarlSenior Premier Field MicrosoftMicrosoft Certified Master: SharePoint 201010 years experience with SharePoint
3Agenda What is Hybrid? Identity Considerations Base Configuration for Hybrid
4What is Hybrid? Office 365 + SharePoint 2013 = Hybrid Securely integrate SharePoint Online with SharePoint On-PremisesFacilitates gradual migration from On-Premises to Office 365Addresses key workloads – Search, BCS and Social*This session will focus on configuring the infrastructure to support Hybrid, Part 2 will take a closer look at SharePoint specific configuration and advanced scenarios
5Example: Hybrid Search Imagine a Scenario…Your company are using SharePoint On-Premises and Office 365User content is currently stored in bothDoes this mean that your users have to search both to find content???
6Example: Hybrid Search Certainly Not!Hybrid Search provides the ability for Office 365 content to be surfaced in Search results within an On-Premises farm and vice versaEnd users can perform a single Search query to find content!3 options are available for configuring Hybrid search – Outbound, Inbound and Two-Way
7Hybrid TopologiesThis session will focus on the One-Way Outbound topologyEasiest of the three options to configureStart with the One-Way Outbound topology first before embarking on more complex Hybrid topologies
9Identity Considerations How does Authorization Work?There are three different identity scenarios for Office 365Hybrid requires the ability to map an On-Premise user to a Cloud Identity – Cloud Identity (only) isn’t an option for Hybrid
10Identity Considerations Decisions, Decisions???Should you go for Synchronised or Federated Identity…it all depends!A great Blog post that outlines potential reasons to opt for Federated Identity over SynchronisedAlready use ADFS?Require auditing?Immediate account disable?Restrict sign in by location/time?
11Identity Considerations In this session we will look at Directory & Password SynchronizationUsers from the On-Premise AD will be sync’d to Office 365 (Azure AD) – includes a hash of their passwordEnables users to logon to SharePoint On-Premises and Office 365 using the same username and password – this isn’t SSO though!
12On-Premises Service Applications SharePoint On-Premises requires a number of Service Applications to support HybridSecure Store is required for inbound HybridUser Profile Service required to rehydrate users for Security Trimming
13Deployment StepsFour Steps to Configure One-Way Outbound Hybrid SearchInfrastructure Pre-RequisitesSetup AAD Sync (DirSync)Establish S2S Trust with Azure ACSConfigure SharePoint On-Premises Search – Covered in Part 2
14Deployment Steps Required Tools Microsoft Online Services Sign-In Assistant – LinkAzure Active Directory Module for Windows PowerShell – LinkSharePoint Online Management Shell – Link
15Deployment StepsInfrastructure Pre-Requisites – Verify Internal DomainVerify the internal AD domain name with Office 365 – Needs to be a routable domain!Enables Microsoft to verify that you “own” the domainIf you are using a non-routable domain (.local) for AD – all is not lost!Verifying a domain increases the Office 365 object limit from 50K to 300K!
16Deployment StepsInfrastructure Pre-Requisites – Verify Internal DomainIn my environment the AD domain is griffin.local which isn’t routable!I purchased brendg.co.uk and associated this with the AD domain griffin.local by adding a UPN SuffixUpdated user accounts to use the new domain
17Deployment StepsInfrastructure Pre-Requisites – Verify Internal DomainInvolves adding a temporary DNS record to the domainThe existence of this record is verified by Microsoft to validate domain ownershipInstructions included for the most common DNS hosting providers
19Deployment Steps Infrastructure Pre-Requisites – Active Directory AD domain must be at least Windows Server 2003 Forest Functional LevelRun IdFix to identify objects that could cause sync issues and remediateIllegal charactersDuplicate entriesLength…
20Deployment Steps Admin Center Infrastructure Pre-Requisites – Activate Directory SyncPowerShellAdmin Center
30Deployment Steps Additional Considerations For greater control over the attributes that are synchronised to Azure AD select Azure AD app and attribute filteringPassword write-back requires Azure AD Premium
33Deployment StepsAssigning Licenses using the Office 365 Portal
34Deployment Steps Assigning Licenses using PowerShell Licenses all users with a Username (UPN) of *.brendg.co.ukAlso sets their location to GB
35Deployment Steps AAD Sync Schedule By default AAD Sync will sync AD users with Office 365 every 3 hoursA sync can be manually performed using DirectorySyncClientCmd.exe – automate using a Scheduled Task
36Deployment Steps AAD Sync Account Account is created in AD during AAD Sync configurationUsed by AAD Sync to read attributes from ADThis account is granted the following permissions:Replicating Directory ChangesReplicating Directory Changes All
37Deployment Steps Establish S2S Trust with Azure ACS Replace the STS Certificate within the On-Premises SharePoint farmRegister the On-Premises STS as a Service Principal in Office 365Establish a trust between the On-Premises farm and Azure ACS
42Base Configuration for Hybrid SummaryAdded a custom domain to Office 365 (brendg.co.uk)Tidied up AD and activated Directory Sync in Office 365Setup Azure AD Sync to sync users from On-Premises AD to Office 365 (Azure AD)Established S2S trust between SharePoint 2013 and Office 365The next session will demonstrate Hybrid Search configuration