Presentation is loading. Please wait.

Presentation is loading. Please wait.

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Published byDarrin Claytor Modified over 9 years ago

Similar presentations

Presentation on theme: "Configuring SharePoint 2013 and Office 365 Hybrid – Part 1"— Presentation transcript:

1 Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Brendan Griffin

2 Me.About() Senior Premier Field Engineer @ Microsoft
@brendankarl Senior Premier Field Microsoft Microsoft Certified Master: SharePoint 2010 10 years experience with SharePoint

3 Agenda What is Hybrid? Identity Considerations
Base Configuration for Hybrid

4 What is Hybrid? Office 365 + SharePoint 2013 = Hybrid
Securely integrate SharePoint Online with SharePoint On-Premises Facilitates gradual migration from On-Premises to Office 365 Addresses key workloads – Search, BCS and Social *This session will focus on configuring the infrastructure to support Hybrid, Part 2 will take a closer look at SharePoint specific configuration and advanced scenarios

5 Example: Hybrid Search
Imagine a Scenario… Your company are using SharePoint On-Premises and Office 365 User content is currently stored in both Does this mean that your users have to search both to find content???

6 Example: Hybrid Search
Certainly Not! Hybrid Search provides the ability for Office 365 content to be surfaced in Search results within an On-Premises farm and vice versa End users can perform a single Search query to find content! 3 options are available for configuring Hybrid search – Outbound, Inbound and Two-Way

7 Hybrid Topologies This session will focus on the One-Way Outbound topology Easiest of the three options to configure Start with the One-Way Outbound topology first before embarking on more complex Hybrid topologies

8 Hybrid Topologies Example: One-Way Outbound Topology

9 Identity Considerations
How does Authorization Work? There are three different identity scenarios for Office 365 Hybrid requires the ability to map an On-Premise user to a Cloud Identity – Cloud Identity (only) isn’t an option for Hybrid

10 Identity Considerations
Decisions, Decisions??? Should you go for Synchronised or Federated Identity…it all depends! A great Blog post that outlines potential reasons to opt for Federated Identity over Synchronised Already use ADFS? Require auditing? Immediate account disable? Restrict sign in by location/time?

11 Identity Considerations
In this session we will look at Directory & Password Synchronization Users from the On-Premise AD will be sync’d to Office 365 (Azure AD) – includes a hash of their password Enables users to logon to SharePoint On-Premises and Office 365 using the same username and password – this isn’t SSO though!

12 On-Premises Service Applications
SharePoint On-Premises requires a number of Service Applications to support Hybrid Secure Store is required for inbound Hybrid User Profile Service required to rehydrate users for Security Trimming

13 Deployment Steps Four Steps to Configure One-Way Outbound Hybrid Search Infrastructure Pre-Requisites Setup AAD Sync (DirSync) Establish S2S Trust with Azure ACS Configure SharePoint On-Premises Search – Covered in Part 2

14 Deployment Steps Required Tools
Microsoft Online Services Sign-In Assistant – Link Azure Active Directory Module for Windows PowerShell – Link SharePoint Online Management Shell – Link

15 Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain Verify the internal AD domain name with Office 365 – Needs to be a routable domain! Enables Microsoft to verify that you “own” the domain If you are using a non-routable domain (.local) for AD – all is not lost! Verifying a domain increases the Office 365 object limit from 50K to 300K!

16 Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain In my environment the AD domain is griffin.local which isn’t routable! I purchased brendg.co.uk and associated this with the AD domain griffin.local by adding a UPN Suffix Updated user accounts to use the new domain

17 Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain Involves adding a temporary DNS record to the domain The existence of this record is verified by Microsoft to validate domain ownership Instructions included for the most common DNS hosting providers

18 Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain

19 Deployment Steps Infrastructure Pre-Requisites – Active Directory
AD domain must be at least Windows Server 2003 Forest Functional Level Run IdFix to identify objects that could cause sync issues and remediate Illegal characters Duplicate entries Length

20 Deployment Steps Admin Center
Infrastructure Pre-Requisites – Activate Directory Sync PowerShell Admin Center

21 Demo 1: Infrastructure Pre-Requisites

22 IdFix - Walkthrough

23 IdFix undo

24 Verify domain and activate sync

25 UPN update

26 Deployment Steps Setting up AAD Sync
Install and configure the AAD Sync tool – Assign user licenses in Office 365

27 Demo 2: Setting up AAD Sync

28 AAD Sync install/configure

29 AAD Sync user tidy up

30 Deployment Steps Additional Considerations
For greater control over the attributes that are synchronised to Azure AD select Azure AD app and attribute filtering Password write-back requires Azure AD Premium

31 Deployment Steps Checking Directory Synchronisation

32 Deployment Steps Directory Synchronisation – Notification

33 Deployment Steps Assigning Licenses using the Office 365 Portal

34 Deployment Steps Assigning Licenses using PowerShell
Licenses all users with a Username (UPN) of *.brendg.co.uk Also sets their location to GB

35 Deployment Steps AAD Sync Schedule
By default AAD Sync will sync AD users with Office 365 every 3 hours A sync can be manually performed using DirectorySyncClientCmd.exe – automate using a Scheduled Task

36 Deployment Steps AAD Sync Account
Account is created in AD during AAD Sync configuration Used by AAD Sync to read attributes from AD This account is granted the following permissions: Replicating Directory Changes Replicating Directory Changes All

37 Deployment Steps Establish S2S Trust with Azure ACS
Replace the STS Certificate within the On-Premises SharePoint farm Register the On-Premises STS as a Service Principal in Office 365 Establish a trust between the On-Premises farm and Azure ACS

38 Demo 3: Establish S2S Trust with Azure ACS

39 Export certs

40 Pre-req’s and update STS certificate

41 Azure ACS trust

42 Base Configuration for Hybrid
Summary Added a custom domain to Office 365 (brendg.co.uk) Tidied up AD and activated Directory Sync in Office 365 Setup Azure AD Sync to sync users from On-Premises AD to Office 365 (Azure AD) Established S2S trust between SharePoint 2013 and Office 365 The next session will demonstrate Hybrid Search configuration

43 Questions

44 Thank You to Our Sponsors!

Download ppt "Configuring SharePoint 2013 and Office 365 Hybrid – Part 1"

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Office 365 and SharePoint 2013 Hybrid Environments Rene Modery Singapore 1.

Office 365 and SharePoint 2013 Hybrid Environments Rene Modery Singapore 1.
Office 365 Identity Federation Technology Deep-Dive

Office 365 Identity Federation Technology Deep-Dive
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.

Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.
Identity management integration options for Office 365

Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SharePoint Business Continuity Management with SQL Server AlwaysOn

SharePoint Business Continuity Management with SQL Server AlwaysOn
Understanding Active Directory

Understanding Active Directory
TechEd 2013 4/20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at

Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure
Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.

Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.

Similar presentations

Ads by Google