- Office Ignite
advertisement
http://ignite.office.com The new Office Preserve Discover Storage management Preservation Data governance eDiscovery In-Place Archive with secondary quota Capture deleted & edited messages Search primary, archive, & recoverable items Available on-prem, online, or EOA Time-Based In-Place Hold Automated time-based criteria to delete or move to archive Lync Archives into Exchange Search across Primary & Archive – OLK & OWA Query-Based In-Place Hold In-Place Hold across Ex, SP, Lync Set policies at item or folder level – admin or user Consistent MRM OWA UI De-duplication & Search statistics eDiscovery Center for Ex, SP, Lync Case Management In-Place preview Export search results Identify and preserve Search and process Review Produce SP eDiscovery and compliance eDiscovery and compliance In-Place archive (Cloud or on-Premise) EX Lync … Traditional archive On-premises EX Cloud SP Lync Cross product … Variants Litigation hold (Legacy) Time-based In-Place hold Management options In-Place hold (Indefinite) eDiscovery center Query-based In-Place hold Exchange management shell Exchange admin center Capabilities: In-Place hold, query, and export Advantages: in-place, real time, more content Source Search In-place preservation Export SharePoint 2010 and SharePoint 2007 Yes No Yes Exchange 2010 No No No SharePoint 2013 Yes Yes Yes Exchange 2013 Yes Yes Yes File shares Yes No Yes Content from external systems No No No Install Domain Controller Install Exchange Server 2013 Install SharePoint Server 2013 in a three-tier farm. Install Microsoft Office 2013 Claim is an attribute that of a user not confined to only groups. SharePoint 2010 introduces claims based identity infrastructure Service that issues and validates security tokens intended for relying party applications. SharePoint 2010 introduced a local STS and in 2013 it is enhanced to light-up new scenarios. An STS that acts as a broker between two or more applications. ACS (Azure Access Control Service) is a trust broker between two apps. Industry standard RFC 6749 that enables applications to gain access to user’s resources without prompting for user’s credentials. Extension to OAuth 2.0 to allow an application to be high trust and to delegate a user’s identity. Directory principal object that represents an application, much like users are represented by a principal in directory, MSO-DS & AD On-premise SharePoint 2 1 Security Token Service Exchange 4 3 Security Token Service OM 5 peter@contoso browses to SP page and triggers hold on Exchange mailbox App Management Service User Profile App (UPA) Service 6 trust User Peter@contoso.com signs in to SP Windows Claims, assigned with a SID (Security Identifier) by Active Directory User navigates to the eDiscovery center page and triggers a hold on a mailbox in Exchange on-premise SP requests a S2S token from its local STS SP requests token for EX on-premise resource SP-STS issues a signed S2S ‘inner’ token that, Identifies SP on-premise app principal Audience that the token is intended for Valid for only certain time period and signed with its certificate Adds S2S ‘outer’ token about the user identity information and inserts ‘inner’ token and sends to EX on-premise Sends the S2S token to EX on-premise EX On-premise validates that the token is indeed issued by a trusted S2S token issuer Verifies audience, accepts the user info, and rehydrates user Authorizes SP’s request Install Exchange Web Services API Configure trust relationship in SharePoint Configure trust relationship in Exchange Create eDiscovery center Grant permissions Configure search http://www.microsoft.com/en-us/download/details.aspx?id=35371 msiexec /i EwsManagedApi.msi addlocal =“ExchangeWebServicesApi_Feature, ExchangeWebServicesApi_Gac” Install it as Trusted root certificate in all SharePoint machines New-SPTrustedSecurityTokenIssuer –MetadataEndpoint "https://Ex1.contoso.com/autodiscover/metadata/json/1" –Name "ExchangeServer" $sts = Get-SPSecurityTokenServiceConfig $sts.AllowMetadataOverHttp = $true $sts.AllowOAuthOverHttp = $true cd c:\'Program Files'\Microsoft\'Exchange Server'\V15\Scripts\. Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl https://wfe1.contosotlg.corp.com:11111/_layouts/15/metadata/json/1 -ApplicationType SharePoint Create a security group with lawyers Create WebApp Policy to give Read access for all the content in the webapp for the security group Run Add-RoleGroupMember -Identity "Discovery Management" –Member <member name> OR In EAC, go to Permissions -> Admin Roles For “Discovery Management” role, add the user. Choose Autodiscover or specify Exchange EWS URL Double check: It should be created in eDiscovery Center Site Collection and not in Case Site. Set-SPEnterpriseSearchCrawlLogReadPermission -SearchApplication (GetSPEnterpriseSearchServiceApplication) -UserNames "<eDiscoveryUsers>" <eDiscoveryUsers> is semicolon-delimited list of the account names of users who manage eDiscovery cases. Install Exchange Web Services API Configure trust relationship in SharePoint Configure trust relationship in Exchange Create eDiscovery Center Grant Permissions Configure Search Example: SharePoint on-premise calls to Exchange online Example: SharePoint Online call from Contoso tenancy to Exchange Fabrikam tenancy Exchange (Archive, Discovery, Policy, Auditing and Reporting, etc.) SharePoint (Archive, Discovery, Policy, Auditing and Reporting, etc.) Archiving eDiscovery Deletion and Preservation Auditing and Reporting Device Protection
