SharePoint Online Hybrid – Configure Outbound Search Manas Biswas Sr. Support Escalation Engineer, SharePoint Online Escalation Services Microsoft
Meet Manas Biswas Escalation Services, Microsoft. Microsoft’s Cloud strategies, Office 365 and Azure Passion for informing and inspiring the world to embrace the future “Office365”
Meet Rob Latino Part of the Office 365 Support organization for over 4 years Certified in Office 365 Administration Involved in the Office 365 community and technical content management
Module Overview SharePoint Hybrid Scenarios Hybrid Components and Configuration Infrastructure Validation Configuring Hybrid Search & Query Rules
Microsoft SharePoint Server 2013 What is Hybrid? And why ? Hybrid Solution
Microsoft SharePoint Server 2013 Supported Workloads On Premises Cloud
One-way outbound topology TechReady 18 12/2/2018 One-way outbound topology Customer network Microsoft data center Internet Intranet Microsoft Office 365 tenant SharePoint Server 2013 Farm Outbound SharePoint Online SharePoint Local search results only Inbound Hybrid search results Site collection Primary web app SharePoint Online cannot query SharePoint Server SharePoint Server can query SharePoint Online On-premises SharePoint Server 2013 Enterprise Search portal: Local and remote search results are available SharePoint Online search portal: Local search results are available
One-way inbound topology 12/2/2018 One-way inbound topology Customer network Microsoft data center Internet Perimeter network Intranet Microsoft Office 365 tenant SharePoint Server 2013 Farm Outbound SharePoint Online SharePoint Hybrid search results Inbound Reverse proxy Local search results only Site collection Primary web app SharePoint Online can query SharePoint Server SharePoint Server cannot query SharePoint Online On-premises SharePoint Server 2013 Enterprise Search portal: Local search results are available SharePoint Online search portal: Local and remote search results are available
Two-way (bidirectional) topology 12/2/2018 Two-way (bidirectional) topology Customer network Microsoft data center Internet Perimeter network Intranet Microsoft Office 365 tenant SharePoint Server 2013 Farm Outbound SharePoint Online SharePoint Hybrid search results Inbound Hybrid search results Site collection Reverse proxy Primary web app SharePoint Online can query SharePoint Server SharePoint Search can query SharePoint Online On-premises SharePoint Server 2013 Enterprise Search portal and SharePoint Online search portal: Local and remote search results are available.
Query Flow – On Premise Search Center Microsoft SharePoint Server 2013 Query Flow – On Premise Search Center User Profile Service App SharePoint Online Index Component Query Processing Component Index Component SharePoint On Premises Index Component ? ? On Premises Search Center Query Processing Component Index Component Authenticated User
Results from SharePoint Online Sharepoint On Premises User Experience Results from SharePoint Online Results from Sharepoint On Premises
Query Flow – On Premise Search Center Microsoft SharePoint Server 2013 Query Flow – On Premise Search Center User Profile Service App SharePoint On Premises Index Component Query Processing Component Index Component Reverse Proxy SharePoint Online Index Component ? ? Office 365 Search Center Query Processing Component Index Component Authenticated User
Deployment - Phases Infrastructure Setup 12/2/2018 Deployment - Phases Infrastructure Setup S2S Trust & Identity Management Search Service Integration
Deployment - Phases Infrastructure Setup 12/2/2018 Deployment - Phases Infrastructure Setup Domain Setup ADFS Directory Synchronization Reverse Proxy S2S Trust & Identity Management Search Service Integration
Infrastructure Deployment TechReady 18 12/2/2018 Infrastructure Deployment Customer network Microsoft data center Internet Perimeter network Intranet Office 365 tenant ADFS Proxy ADFS Servers On Premises Infrastructure Identity Platform AD Servers Federation Gateway Azure AD Directory Service DirSync Server User Profile Sync Service SharePoint SharePoint Reverse Proxy Secure Store Target App SharePoint STS Azure AD Tenant Azure AD Proxy ACS Trust
Infrastructure for Outbound Hybrid with Password Sync TechReady 18 12/2/2018 Infrastructure for Outbound Hybrid with Password Sync Customer network Microsoft data center Internet Perimeter network Intranet On Premises Infrastructure On Premises Infrastructure Office 365 tenant Identity Platform AD Servers Federation Gateway Azure AD Directory Service DirSync Server with Password Sync User Profile Sync Service SharePoint SharePoint SharePoint STS Azure AD Tenant ACS Trust Azure AD Proxy
Infrastructure for Inbound Hybrid with Password Sync TechReady 18 12/2/2018 Infrastructure for Inbound Hybrid with Password Sync Customer network Microsoft data center Internet Perimeter network Intranet Office 365 tenant On Premises Infrastructure Identity Platform AD Servers Federation Gateway Azure AD Directory Service DirSync Server with Password Sync User Profile Sync Service SharePoint SharePoint Reverse Proxy Secure Store Target App SharePoint STS Azure AD Tenant ACS Trust Azure AD Proxy
Core identity scenarios with Office 365 Cloud Identity Single identity in the cloud Suitable for small organizations with no integration to on-premises directories Windows Azure Active Directory On-Premises Identity DirSync & Password Sync* Directory & Password Synchronization* Single identity suitable for medium and large organizations without federation* Windows Azure Active Directory Federated Identity On-Premises Identity Federation Single federated identity and credentials suitable for medium and large organizations Windows Azure Active Directory Directory Sync
Directory Synchronization Features TechReady 18 12/2/2018 Directory Synchronization Features Directory synchronization between on-premises and online Identities are created and managed on-premises and synchronized to the cloud Single identity and credentials but no single Sign-On for on-premises and Office 365 services Windows Azure Active Directory Directory Synchronization AD On-Premises Identity Ex: Domain\Alice Cloud Identity Ex: alice@contoso.com User
Steps to configure Directory Sync Activate directory synchronization in your tenant Activate Add on-premises domain to Office 365 tenant Add Domain Update DNS records TXT or MX Records Run the wizard and start the sync Install and Configure In Office 365 dashboard validate users and groups Sync Activate users and grant licenses Activate Users For Directory synchronization detailed configuration see: http://technet.microsoft.com/en-us/library/hh967642.aspx
Synchronisation of User Account demo Synchronisation of User Account
Deployment - Phases Infrastructure Setup 12/2/2018 Deployment - Phases Infrastructure Setup Directory Synchronization S2S Trust & Identity Management Replace S2S Token Signing Certificate for S2S Trust Validate UPA ACS Trust Setup Search Service Integration
Establish Server To Server Authentication TechReady 18 12/2/2018 Establish Server To Server Authentication For Remote Index to work we need to establish an OAuth Trust with ACS between SharePoint On-Premises and Online. This enables S2S Authentication – 7 Steps Replace the STS certificate across all SharePoint servers in on-premises farm Deploy Windows Azure AD PoSH with the pre-requisite of Microsoft Sign-in Assistant Establish trust between on-premises SP Farm and SP Online by replacing certificate Add SPN for the on-premises domain. (Eg.00000003-0000-0ff1-ce00-000000000000“ /*.techready.com) Register SP Online application principal as a trusted provider in SP on-premises Set authentication realm for SharePoint Configure a proxy in the on-premise farm for Azure AD
Validate User Profile Service Application TechReady 18 12/2/2018 Validate User Profile Service Application User Profile Service Application is configured and running Profile Service App created Profile Services Started Profile Sync Service Running MIIS Client User Profiles are synced with AD for the same set of users as specified for DirSync User Profile Service Profile Search Office 365 Users and Groups User profile attributes are correctly populated, key ones are: User Principal Name (UPN) Name Identifier (Most Commonly this is Windows Security Identifier(SID)) Simple Mail Transport Protocol (SMTP) Address Session Initiation Protocol (SIP) address
S2S Authorization and ACS Trust demo S2S Authorization and ACS Trust
Configure Result Source – On Premises TechReady 17 12/2/2018 Configure Result Source – On Premises Protocol should be chosen as Remote SharePoint SPO URL should be specified as Tenant Root Site URL (https://tenant.sharepoint.com) For Credentials information select Default Authentication
Create A Query Rule – On Cloud Select the inbound result source then ‘New Query Rule’ Under ‘Query is performed on these sources’, if you select “One of these sources”, make sure to select the result source you created Query Conditions section, click Remove Condition so that the rule will fire for every query Within Actions choose Add result Block Edit Result Block and choose settings as desired
Validate your Search Configuration Launch Query Builder from the Query Rule you’ve created Click on the Test tab and then Click the Show more link Type some query terms in the “{subjectTerms}:” edit box Click the Test query button You should see SharePoint On Premises search results or a detailed error message
Configure Result Source and Query Rule demo Configure Result Source and Query Rule
Infrastructure for Outbound Hybrid with Password Sync TechReady 18 12/2/2018 Infrastructure for Outbound Hybrid with Password Sync Customer network Microsoft data center Internet Perimeter network Intranet Office 365 tenant On Premises Infrastructure Identity Platform AD Servers Federation Gateway Azure AD Directory Service DirSync Server with Password Sync User Profile Sync Service SharePoint SharePoint Reverse Proxy Secure Store Target App SharePoint STS Azure AD Tenant ACS Trust Azure AD Proxy
References TechNet Blogs Configure hybrid Search for SharePoint Server 2013 http://technet.microsoft.com/en-us/library/dn197172(v=office.15).aspx Blogs Office 365-Configure Hybrid Search with Directory Synchronization –Password Sync http://blogs.msdn.com/b/spses/archive/2013/10/22/office-365-configure-hybrid-search-with-directory-synchronization.aspx Office 365-Configure Inbound Hybrid Search with Directory Synchronization –Password Sync –Part2 http://blogs.msdn.com/b/spses/archive/2014/01/05/office-365-configure-hybrid-search-with-directory-synchronization-password-sync-part2.aspx Identity Federation & Single Sign on Deployment for Hybrid Search in Office 365 –SharePoint Online –Part3 http://blogs.msdn.com/b/spses/archive/2014/01/07/identity-federation-amp-single-sign-on-deployment-for-hybrid-search-in-office-365-sharepoint-online-part3.aspx