Presentation is loading. Please wait.

Presentation is loading. Please wait.

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1 Brendan Griffin.

Similar presentations

Presentation on theme: "Configuring SharePoint 2013 and Office 365 Hybrid – Part 1 Brendan Griffin."— Presentation transcript:

1 Configuring SharePoint 2013 and Office 365 Hybrid – Part 1 Brendan Griffin

2 Me.About() @brendankarl Senior Premier Field Engineer @ Microsoft Microsoft Certified Master: SharePoint 2010 10 years experience with SharePoint

3 Agenda What is Hybrid? Identity Considerations Base Configuration for Hybrid

4 What is Hybrid? Office 365 + SharePoint 2013 = Hybrid Securely integrate SharePoint Online with SharePoint On- Premises Facilitates gradual migration from On-Premises to Office 365 Addresses key workloads – Search, BCS and Social *This session will focus on configuring the infrastructure to support Hybrid, Part 2 will take a closer look at SharePoint specific configuration and advanced scenarios

5 Example: Hybrid Search Imagine a Scenario… Your company are using SharePoint On-Premises and Office 365 User content is currently stored in both Does this mean that your users have to search both to find content???

6 Example: Hybrid Search Certainly Not! Hybrid Search provides the ability for Office 365 content to be surfaced in Search results within an On-Premises farm and vice versa End users can perform a single Search query to find content! 3 options are available for configuring Hybrid search – Outbound, Inbound and Two-Way

7 Hybrid Topologies This session will focus on the One-Way Outbound topology Easiest of the three options to configure Start with the One-Way Outbound topology first before embarking on more complex Hybrid topologies

8 Hybrid Topologies Example: One-Way Outbound Topology

9 Identity Considerations How does Authorization Work? There are three different identity scenarios for Office 365 Hybrid requires the ability to map an On-Premise user to a Cloud Identity – Cloud Identity (only) isn’t an option for Hybrid

10 Identity Considerations Decisions, Decisions??? Should you go for Synchronised or Federated Identity…it all depends! A great Blog post that outlines potential reasons to opt for Federated Identity over SynchronisedBlog o Already use ADFS? o Require auditing? o Immediate account disable? o Restrict sign in by location/time?

11 Identity Considerations In this session we will look at Directory & Password Synchronization Users from the On-Premise AD will be sync’d to Office 365 (Azure AD) – includes a hash of their password Enables users to logon to SharePoint On-Premises and Office 365 using the same username and password – this isn’t SSO though!

12 On-Premises Service Applications SharePoint On-Premises requires a number of Service Applications to support Hybrid Secure Store is required for inbound Hybrid User Profile Service required to rehydrate users for Security Trimming

13 Deployment Steps Four Steps to Configure One-Way Outbound Hybrid Search 1.Infrastructure Pre-Requisites 2.Setup AAD Sync (DirSync) 3.Establish S2S Trust with Azure ACS 4.Configure SharePoint On-Premises Search – Covered in Part 2

14 Deployment Steps Required Tools Microsoft Online Services Sign-In Assistant – LinkLink Azure Active Directory Module for Windows PowerShell – LinkLink SharePoint Online Management Shell – LinkLink

15 Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain Verify the internal AD domain name with Office 365 – Needs to be a routable domain! Enables Microsoft to verify that you “own” the domain If you are using a non-routable domain (.local) for AD – all is not lost! Verifying a domain increases the Office 365 object limit from 50K to 300K!

16 Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain In my environment the AD domain is griffin.local which isn’t routable! I purchased and associated this with the AD domain griffin.local by adding a UPN Suffix Updated user accounts to use the new domain

17 Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain Involves adding a temporary DNS record to the domain The existence of this record is verified by Microsoft to validate domain ownership Instructions included for the most common DNS hosting providers

18 Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain

19 Deployment Steps Infrastructure Pre-Requisites – Active Directory AD domain must be at least Windows Server 2003 Forest Functional Level Run IdFix to identify objects that could cause sync issues and remediateIdFix o Illegal characters o Duplicate entries o Length o …

20 Deployment Steps Infrastructure Pre-Requisites – Activate Directory Sync PowerShell Admin Center

21 Demo 1: Infrastructure Pre-Requisites





26 Deployment Steps Setting up AAD Sync 1.Install and configure the AAD Sync tool – 2.Assign user licenses in Office 365

27 Demo 2: Setting up AAD Sync



30 Deployment Steps Additional Considerations For greater control over the attributes that are synchronised to Azure AD select Azure AD app and attribute filtering Password write-back requires Azure AD Premium

31 Deployment Steps Checking Directory Synchronisation

32 Deployment Steps Directory Synchronisation – Notification e-mail

33 Deployment Steps Assigning Licenses using the Office 365 Portal

34 Deployment Steps Assigning Licenses using PowerShell Licenses all users with a Username (UPN) of * Also sets their location to GB

35 Deployment Steps AAD Sync Schedule By default AAD Sync will sync AD users with Office 365 every 3 hours A sync can be manually performed using DirectorySyncClientCmd.exe – automate using a Scheduled Task

36 Deployment Steps AAD Sync Account Account is created in AD during AAD Sync configuration Used by AAD Sync to read attributes from AD This account is granted the following permissions: Replicating Directory Changes Replicating Directory Changes All

37 Deployment Steps Establish S2S Trust with Azure ACS 1.Replace the STS Certificate within the On-Premises SharePoint farm 2.Register the On-Premises STS as a Service Principal in Office 365 3.Establish a trust between the On-Premises farm and Azure ACS

38 Demo 3: Establish S2S Trust with Azure ACS




42 Base Configuration for Hybrid Summary Added a custom domain to Office 365 ( Tidied up AD and activated Directory Sync in Office 365 Setup Azure AD Sync to sync users from On-Premises AD to Office 365 (Azure AD) Established S2S trust between SharePoint 2013 and Office 365 The next session will demonstrate Hybrid Search configuration

43 Questions

44 Thank You to Our Sponsors!

Download ppt "Configuring SharePoint 2013 and Office 365 Hybrid – Part 1 Brendan Griffin."

Similar presentations

Ads by Google