- Office Ignite
Download
Report
Transcript - Office Ignite
http://ignite.office.com
The new Office
Preserve
Discover
Storage management
Preservation
Data governance
eDiscovery
In-Place Archive with
secondary quota
Capture deleted & edited
messages
Search primary, archive, &
recoverable items
Available on-prem, online,
or EOA
Time-Based In-Place Hold
Automated time-based
criteria to delete or move
to archive
Lync Archives into
Exchange
Search across Primary &
Archive – OLK & OWA
Query-Based In-Place
Hold
In-Place Hold across Ex,
SP, Lync
Set policies at item or
folder level – admin or
user
Consistent MRM OWA UI
De-duplication & Search
statistics
eDiscovery Center for Ex,
SP, Lync
Case Management
In-Place preview
Export search results
Identify and
preserve
Search and
process
Review
Produce
SP
eDiscovery and compliance
eDiscovery and
compliance
In-Place archive (Cloud or on-Premise)
EX
Lync
…
Traditional
archive
On-premises
EX
Cloud
SP
Lync
Cross product
…
Variants
Litigation
hold (Legacy)
Time-based
In-Place hold
Management options
In-Place hold
(Indefinite)
eDiscovery
center
Query-based
In-Place hold
Exchange
management
shell
Exchange
admin center
Capabilities: In-Place hold, query, and export
Advantages: in-place, real time, more content
Source
Search
In-place preservation
Export
SharePoint 2010 and
SharePoint 2007
Yes
No
Yes
Exchange 2010
No
No
No
SharePoint 2013
Yes
Yes
Yes
Exchange 2013
Yes
Yes
Yes
File shares
Yes
No
Yes
Content from external
systems
No
No
No
Install Domain Controller
Install Exchange Server 2013
Install SharePoint Server 2013 in a
three-tier farm.
Install Microsoft Office 2013
Claim is an attribute that of a user not confined to only groups. SharePoint 2010 introduces claims based identity infrastructure
Service that issues and validates security tokens intended for relying party applications.
SharePoint 2010 introduced a local STS and in 2013 it is enhanced to light-up new scenarios.
An STS that acts as a broker between two or more applications. ACS (Azure Access Control Service) is a trust broker between
two apps.
Industry standard RFC 6749 that enables applications to gain access to user’s resources without prompting for user’s credentials.
Extension to OAuth 2.0 to allow an application to be high trust and to delegate a user’s identity.
Directory principal object that represents an application, much like users are represented by a principal in directory, MSO-DS & AD
On-premise
SharePoint
2
1
Security Token
Service
Exchange
4
3
Security Token
Service OM
5
peter@contoso
browses to SP page
and triggers hold on
Exchange mailbox
App
Management
Service
User Profile App
(UPA) Service
6
trust
User [email protected] signs in to SP Windows Claims, assigned with a SID (Security Identifier) by Active Directory
User navigates to the eDiscovery center page and triggers a hold on a mailbox in Exchange on-premise
SP requests a S2S token from its local STS
SP requests token for EX on-premise resource
SP-STS issues a signed S2S ‘inner’ token that,
Identifies SP on-premise app principal
Audience that the token is intended for
Valid for only certain time period and signed with its certificate
Adds S2S ‘outer’ token about the user identity information and inserts ‘inner’ token and sends to EX on-premise
Sends the S2S token to EX on-premise
EX On-premise validates that the token is indeed issued by a trusted S2S token issuer
Verifies audience, accepts the user info, and rehydrates user
Authorizes SP’s request
Install Exchange Web Services API
Configure trust relationship in SharePoint
Configure trust relationship in Exchange
Create eDiscovery center
Grant permissions
Configure search
http://www.microsoft.com/en-us/download/details.aspx?id=35371
msiexec /i EwsManagedApi.msi addlocal =“ExchangeWebServicesApi_Feature,
ExchangeWebServicesApi_Gac”
Install it as Trusted root certificate in all SharePoint machines
New-SPTrustedSecurityTokenIssuer –MetadataEndpoint
"https://Ex1.contoso.com/autodiscover/metadata/json/1" –Name "ExchangeServer"
$sts = Get-SPSecurityTokenServiceConfig
$sts.AllowMetadataOverHttp = $true
$sts.AllowOAuthOverHttp = $true
cd c:\'Program Files'\Microsoft\'Exchange Server'\V15\Scripts\.
Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl
https://wfe1.contosotlg.corp.com:11111/_layouts/15/metadata/json/1 -ApplicationType
SharePoint
Create a security group with lawyers
Create WebApp Policy to give Read access for all the content in the webapp for the security group
Run Add-RoleGroupMember -Identity "Discovery Management" –Member <member name>
OR
In EAC, go to Permissions -> Admin Roles
For “Discovery Management” role, add the user.
Choose Autodiscover or specify Exchange EWS URL
Double check: It should be created in eDiscovery Center Site Collection and not in Case Site.
Set-SPEnterpriseSearchCrawlLogReadPermission -SearchApplication (GetSPEnterpriseSearchServiceApplication) -UserNames "<eDiscoveryUsers>"
<eDiscoveryUsers> is semicolon-delimited list of the account names of users who manage
eDiscovery cases.
Install Exchange Web Services API
Configure trust relationship in SharePoint
Configure trust relationship in Exchange
Create eDiscovery Center
Grant Permissions
Configure Search
Example: SharePoint on-premise calls to Exchange online
Example: SharePoint Online call from Contoso tenancy to Exchange Fabrikam tenancy
Exchange (Archive, Discovery, Policy,
Auditing and Reporting, etc.)
SharePoint (Archive, Discovery, Policy,
Auditing and Reporting, etc.)
Archiving
eDiscovery
Deletion and Preservation
Auditing and Reporting
Device Protection