SharePoint

2016 For Everyone & All In One

Part – I

This book has been written to make readers understand as

practical as it could be and how it would help business to
increase the productivity. Whenever new technology jumps
into market, it requires more time to recognize it’s features
(though it may not be applicable for specific readers like
MVPs). I hope with the help of this book, people will be
aware of it well in advanced at high level

Swati Pradip Bannore Jain

2/27/2016

 Hello SharePoint 2016!!
Hello Readers,
I hope you will enjoy and learn while reading this book. This book is the compilation of my own
findings with reference to knowledge shared at different conferences & summary of MSDN &
TechNet blog series/articles etc .This book is written considering the larger audience including
IT users, Business users, Architects, Developers and putting this knowledge in simple words. To
get into advance details, references are provided corresponding to subtitle.
So this definitely going to save your time to get acquainted to new technology over shorter period
of time. You can also start the discussions & get more clarifications here. Everything is short and
crisp but triggers the insight in you, which helps you to get into more depth. SharePoint 2016 is
cloud oriented version, tailored to different customer requirement, so let us understand about the
hybrid architecture.
SharePoint Cloud (online) and on-premise integration becomes an essential factor to consider
when requirements demands extensive availability of all the features in short duration of time. In
SharePoint 2016 is preconfigured for hybrid environment with no or less administrative efforts.
And global search is powered by Office graph and Delve.
I would like to introduce myself as consistent blogger, technology enthusiast with 9+ years of
industry experience.
My twitter handle is @jaiswati,
Technology Blog: http://swatipoint.blogspot.com ,
Blog about my own thoughts: http://allizzwellbyswatiji.blogspot.in/
FaceBook Community Page : https://www.facebook.com/SharePointQ/
 Table of Contents
SharePoint 2016 VS Pre- SharePoint 2016
Improved File Transfer
UI Improvements
Improved List Threshold
Large list column index management Timer Job
Enable Auto Indexing for SharePoint List or Library
Outgoing Email Settings
Secure Sockets Layer (SSL) with SMTP Connection Encryption
Secure Sockets Layer (SSL) with No SMTP Connection Encryption
Improved Search Index
Authentication
Operations and Telemetry
Some more new features
SharePoint 2016 Features Lists & WebTemplates
Software and Hardware requirements
Prerequisites
Database servers
Upgrade & Migration
SharePoint 2016 installation
Troubleshooting with the SharePoint 2016 installation
SharePoint 2016 Server Role
Server roles
Role Conversion
Services in the Farm
SharePoint 2016 Hybrid Search
Cloud Search Service Application
Prerequisites for using Office 365 hybrid search
Indexes in Cloud Search Service Application
Federated Search Vs Cloud Hybrid Search
Why to choose Cloud Hybrid Search?
Cloud Hybrid Search Limitations:
What is CloudIndex? What’s its role in Cloud SSA?
Creating Cloud Service Application
CreateCloudSSA.ps1
OnBoard-HybridSearch.ps1
How security works for Hybrid Search Results (Security Trimming of Search Results)?
Search Indexing in SP 2016
 E-discovery for Searching Sensitive data
SharePoint 2016 Service Applications
Deprecated Service Applications
User Profile Synchronization Service Application
Excel Service Application
User Profile Service Application
Active Directory Import
Microsoft Identity Manager 2016
Profile Redirection
Project Server Service Application
Creating Project Server Application
Create Project Server Site Collection
Access Service App
What’s new in SharePoint 2016 Sites
Compliance Center for Data Loss Prevention (DLP)
What is DLP?
How DLP Works?
Document Deletion Policies
In Place Hold Policy Center
About in Place hold Policy Center
Creating In Place Hold Policies
Fast Site Collection Creation (SCCF)
Enable the Fast Site Collection Creation for a Web Template
Create SiteMaster in particular Content databases.
Create Site Collection using the Site Master
SharePoint Hybrid
Configuring OneDrive for Business
Site Folders
Searching documents in OneDrive
Using Hybrid OneDrive for Business
Search (Hybrid search)
Hybrid sites features
Extranet (Partner facing extranet sites)
Hybrid Picker
Prerequisites
Hybrid Scenarios configuration with Hybrid Picker
Hybrid Options
What are NextGen Portals?
Next Gen Portals
NextGen Portal Architecture
 Hub Site Collection
Content Site Collection
Libraries
Office 365 Video Portal
InfoPedia
Delve and Office Graph
Office Graph
Delve Building Blocks
Office Graph Endpoints

SharePoint 2016 VS Pre- SharePoint 2016
Key focus areas in SharePoint 2016 are improved user experiences, Cloud Inspired Infrastructure
& Compliance Reporting where improvements are being made. SharePoint 2016 is the cloud
version to achieve high level of reliability & performance with
Server role optimizations
Zero downtime patching strategy
Improved distributed cache reliability
Traffic management with intelligent routing and server health checks
For example, Improved File handling Protocol.
Improved File Transfer
This table helps to understand the improvement in File Transfer in SharePoint 2016.
SharePoint Server Mechanism Description
Version
SharePoint 2010 Cobalt protocol Server has to fetch the
whole document from the
database and merge the
existing content with the
user changes before
saving the whole
document back to the
content database.
SharePoint 2013 Shredded Storage This allows documents
to be stored in small
pieces in the content
database. Because
documents are already
“shredded” in the
database, the server does
not have to fetch the
whole document to
merge the original
contents with the
changes, which reduces
the server processing
overhead.

SharePoint 2016 Background Intelligent Improves upload and
Transfer Service (BITS) download speeds and
resiliency.
This is the summary of comparisons in SharePoint 2016 & earlier versions.
SharePoint 2016 SharePoint 2013 SharePoint 2010
Content Content Database 200 GB in general 200 GB in general
Database Size Sizing into TBs usage scenario usage scenario
Site Collections 100,000 site 2000 2000
Per Content collections per recommended recommended
Database content database 5000 maximum 5000 maximum
List Threshold Increased List 5000 items 5000 items
Threshold>5000
MaxFile Size MaxFile Size Default maximum Default maximum
increases to 10 file size is 250 size is 250 MB
 GB & Removed MB which can which can
Character increase upto 2 increase up to 2
restrictions GB GB
Indexed Items 2x increase in 100 million per 100 million per
Search scale to search service search service
500 million items application. application
10 million per 10 million per
index partition index partition
UI Improvements
SharePoint 2016 UI is similar to SharePoint Online (in Office 365), with few additional changes
Authoring Canvas to create content for a web page using a Sway-like user experience.
Durable Links which allows documents to be moved while keeping the URL intact, because it is
based on a resource ID.
Improved List Threshold
To increase the performance of large lists, new timer job is introduced. This timer job can be
associated with particular WebApp. In particular list if threshold is increased to more than 2500
list items & auto indexing is enabled for the list then it creates auto index based on Listview filter
column. It works as shown in following flow diagram.

Large list column index management Timer Job

This PowerShell script helps to start this timer job.
$w = Get-WebApplication -Name “Web Application Name”
Get-SPTimerJob -WebApplication $w -Identity job-list-automatic-index-management
Start-SPTimerJob -Identity job-list-automatic-index-management
Enable Auto Indexing for SharePoint List or Library
Auto indexing can be enabled from the list settings or with Powershell as below.

This is the script for enabling the automatic indexing with PowerShell.
$web = Get-SPWeb http://webUrl
$list = $web.Lists["List Name"]
$list.EnableManagedIndexes = $false
$list.Update()
$list.Fields | Select Title, Indexable
Outgoing Email Settings
In Central Administration, WebApplication Outgoing email settings can be configured, wherein
SMTP port information can be updated.

SharePoint Server 2016 supports sending email to SMTP servers that use STARTTLS connection
encryption.STARTTLS is an extension to plain text communication protocols, which offers a way
to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a
separate port for encrypted communication.
This Outgoing Email Settings supports sending mail to SMTP servers using STARTTLS
connection encryption, therefore SMTP can use non-default ports. It does not support unencrypted
connections.
The following list shows the SharePoint 2016 requirements that are needed to negotiate
connection encryption with an SMTP server:
1. STARTTLS must be enabled on the SMTP server.
2. The SMTP server must support the TLS 1.0, TSL 1.1, or TLS 1.2 protocol.
3. The SMTP server must have a server certificate installed.
4. The server certificate must be valid. Typically, this means that the name of the server
certificate must match the name of the SMTP server provided to SharePoint. The server
certificate must also be issued by a certificate authority that is trusted by the SharePoint
server.
5. SharePoint must be configured to use SMTP connection encryption.
Secure Sockets Layer (SSL) with SMTP Connection Encryption
To configure SharePoint to always use SMTP connection encryption, In SharePoint Central
Administration website and under System Settings , Configure outgoing e-mail settings and set
the Use Secure Sockets Layer (SSL) drop-down menu to Yes. To configure SharePoint to always
use SMTP connection encryption in Windows PowerShell, use the Set-SPWebApplication cmdlet
without the -DisableSMTPEncryption parameter.
For example:
$WebApp = Get-SPWebApplication -IncludeCentralAdministration | ? {
$_.IsAdministrationWebApplication -eq $true }
Set-SPWebApplication -Identity $WebApp -SMTPServer smtp.internal.contoso.com -
OutgoingEmailAddress sharepoint@domain.com -ReplyToEmailAddress
sharepoint@domain.com

Secure Sockets Layer (SSL) with No SMTP Connection Encryption

To configure SharePoint to never use SMTP connection encryption in SharePoint Central
Administration, browse to System Settings > Configure outgoing email settings and set the Use
Secure Sockets Layer (SSL) drop-down menu to No.
To configure SharePoint to never use SMTP connection encryption in Windows PowerShell, use
the Set-SPWebApplication cmdlet with the -DisableSMTPEncryption parameter. For example:
$WebApp = Get-SPWebApplication -IncludeCentralAdministration | ? {
$_.IsAdministrationWebApplication -eq $true }
Set-SPWebApplication -Identity $WebApp -SMTPServer smtp.internal.contoso.com -
DisableSMTPEncryption -OutgoingEmailAddress sharepoint@domain.com -
ReplyToEmailAddress sharepoint@domain.com
Improved Search Index
- Search index size increased from 250 million supported items per farm to 500 million items.
Authentication
In SharePoint 2013, multiple authentications providers are supported like FBA,windows, claims

In SharePoint 2016 authentication mechanism is normalized on OAuth protocol & SAML with
WSFED to make it cloud ready for seamless integration\interaction with Office 365. Azure active
directory provides cloud based identity. But older authentication models will be still supported.
This very first MS_Ignite session is helpful to understand new SharePoint 2016 features.
Operations and Telemetry
This is for the first time advanced data analysis & reporting as well as real user monitoring is
possible with this new feature. This feature provides the information about
1. HTTP 404 messages (links to old / missing content)
2. Speed ​​in which pages and documents are loaded
3. Latency statistics between Client, Web Server and SQL Server
4. Daily / weekly active users per site
5. Browsers / devices
A graphical interface on the Usage and Health Database, which is already available in SharePoint
2013. However there is no user interface, making it difficult to get the real information out of this
data. That now seems to be resolved in SharePoint 2016.
Some more new features
Mr Bill Baer, had introduced the new features in SharePoint 2016. Have a look in his blog posts
here


SharePoint 2016 Features Lists & WebTemplates
In SharePoint 2016, new features & WebTemplates are introduced. Click below links to get the
list.
1. List of Features
2. List of WebTemplates
Software and Hardware requirements
Before actual installation, environment should meet software and hardware requirements, which
is listed here. In brief, requirements are as follows
Prerequisites
Windows Management Framework 3.0 (Provides support for Windows PowerShell 3.0)
Application Server Role
Web Server (IIS) Role
Microsoft .NET Framework 4.5.2
Update for the .NET Framework 4 (KB2898850)
Microsoft SQL Server 2012 Native Client
Microsoft Identity Extensions
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Windows Server AppFabric 1.1 (Provides in memory distributed caching)
Windows Identity Foundation v1.1
Microsoft Information Protection and Control (Client Provides support for information
protection)
Microsoft WCF Data Services (Enables the creation & consumption of OData services)
Database servers
In built SQL databases are no more supported while installation, we need 64-bit edition of
Microsoft SQL Server 2014 Service Pack 1 installs separately.
Upgrade & Migration
Upgrade 14.5 mode site collections to 15 modes, Attach SharePoint 2013 databases to SharePoint
2016 sitecollections.
SharePoint 2016 installation
Virtual machine from azure.microsoft.com can be leveraged & follow the steps as directed in
wizard.

I strongly recommend you go to troubleshooting section once & read it carefully before you start
with the installation.Make sure that environment meets all provided pre-requisites in this
link.Alternatively this is very useful post by Nick to install pre-requisites
Make sure that the selected path meets the space requirements in the system. Now this version is
designed for Multi-Server environment, the role of the particular server must be planned prior to
its installation. Say for example if the role of the particular server is the Search Server then the
space requirements has to be considered accordingly.
Wait for this installation to complete and then run the Configuration Wizard. For detailed steps on
installation read this TechNet article.

When installation is done, it would show all the required roles are successfully installed as
above.
Troubleshooting with the SharePoint 2016 installation
Following errors can be prevented beforehand by executing this PowerShell script before
running the installation wizard.
Add-WindowsFeature NET-HTTP-Activation,NET-Non-HTTP-Activ,NET-WCF-Pipe-
Activation45,NET-WCF-HTTP-Activation45,Web-Server,Web-WebServer,Web-Common-
Http,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-App-
Dev,Web-Asp-Net,Web-Asp-Net45,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Ext,Web-ISAPI-
Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-
Tracing,Web-Security,Web-Basic-Auth,Web-Windows-Auth,Web-Filtering,Web-Digest-
Auth,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Tools,Web-
Mgmt-Console,Web-Mgmt-Compat,Web-Metabase,WAS,WAS-Process-Model,WAS-NET-
Environment,WAS-Config-APIs,Web-Lgcy-Scripting,Windows-Identity-Foundation,Xps-Viewer -
verbose
To troubleshoot any installation related issues
1) In Wizard you can see which particular component is failed on installation.

2) Click on Review the log file link, in Wizard. & search for ‘Error’
Here is the list of common errors.
The tool was unable to install Application Server Role & IIS server Role.
Solution: In Win 2014 Server, find ‘Server Manager’ and add above roles
MSI Installer error code 1603 while installing AppFabric 1.1
Solution: Download & install AppFabric from MDC
Cannot connect to database master at SQL Server at {server name}. The database
might not exist, or the current user does not have permission to connect to it.
Solution: Open the Windows Firewall with Advanced Services and add an inbound rule to
allow traffic over port 1433.
Apart from this there could be some other errors that you may come across, so check this
blog post and make sure that all in the required entities are installed properly with no issues.
Alternatively you can install pre-requisites, check this blog post .

SharePoint 2016 Server Role
Server roles
A setting that allows you to define the role of a SharePoint server and help you maintain the best
performance of the desired server role. We have different roles available:
Front-end
Application
Distributed Cache
Search
Custom
Single Server Farm
You will get the following screen when you run the configuration wizard to add a new server to
an existing farm or when you create a new farm.
In SharePoint Server 2013/2010, it was possible to install and configure all roles on a server and
analyze health could scan it, Now each server with its own role.

We can install multiple roles on a single server; however, the health analyzer is not designed for
that.
A SharePoint Server 2016 farm is now,This does not ship Foundation with version and does not
go along with SQL Express. This involves licenses like Windows Server Licenses, SharePoint
Server Licenses, CALs, Office Online Server (aka Office Web Apps)
Role Conversion
Using the new MinRole functionality in SharePoint Server 2016, SharePoint farm

administrators can define roles for each server in a server farm. The role of a server is specified
during the creation of new battery or while adding the server to the existing farm. SharePoint
automatically configures the services on each server based on the specified
role and firm performance is also optimized for it.In SharePoint Server 2016, under System
Settings a new tab will appear as "Convert Server Role” in this Farm.
Here we can select the role of the particular server.

Also server can be always converted from Single Server farm to Multiple Server farm with Role
conversion.
Services in the Farm
In Central Administration, Under Application Management, navigate to Manage Services link.
This page will show services running in the farm. First Auto Provision column informs you (Yes)
if the service is started on the farm or not (No), on the servers concerned in relation to their role
Microsoft no longer tells you which server the service is started but if it is started in the farm.
Everything is therefore based on management Roles.

“Action “column can contain three types of action buttons:

1. Manage Service Application (service associated with a service application, it is
activated / deployed)
2. Disable Auto Provision (Disable the service in the Farm, the instances are stopped on all
servers)
3. Enable Auto Provision (Enable service in the Farm, the instances are started on
appropriate servers with the role that has been assigned)
The Services running on the server defines the role of the server. Following table indicates what
services are running for what type of server having specific role.
Services running on the server Application WFE Search Distributed Single
with specific role Cache Server

Access 2010 Database Service

Access Services
App Management Service
Business Data Connectivity Service
Claims to Windows Token Service
Distributed Cache
Document Conversions Launcher Service
Document Conversions Load Balancer
Service
Lotus Notes Connector
Machine Translation Service
Managed Metadata Web Service
Microsoft SharePoint Foundation
Sandboxed Code Service
Microsoft SharePoint Foundation
Subscription Settings Service
Microsoft SharePoint Foundation
Workflow Timer Service
Microsoft SharePoint Insights
PerformancePoint Service
PowerPoint Conversion Service
Project Server Application Service
Request Management
Search Query and Site Settings Service
Secure Store Service
User Profile Service
Visio Graphics Service
Word Automation Services
Work Management Service

SharePoint 2016 Hybrid Search
Earlier, the Office Graph and Delve functionality was only available in Office 365.But with the
help of Hybrid Setup these features can be leveraged for on-premise server.
In SharePoint 2016, you will have access to a "Cloud Search Service Application". This should
further enhance the search experience for end users with a "unified" index, or a single index for
On-Premises and Online. The advantage of this is that there is therefore also ranking, sorting and
refinement between these different sources may be used. Cloud
Search Service Application supports Office & Delve exeprience On-Premise
Unlike SharePoint 2013, some of the office features are deprecated and now if business
requirements demands those feature, SharePoint 2016 on premise version has to be configured
with Office 365.
In such case documents may reside in on-premise as well as in Office 365. To fetch the search
results from both repositories Cloud Search Service Application can be configured as described
below.
Cloud Search Service Application
This is the logical Architecture of hybrid search for crawling in Cloud SSA

On-prem content is crawled by the crawler in the cloud SSA and pushed to the search index in
O365. DirSync mechanism synchronizes Active Directory users to Azure Active Directory in
Office 365.
At high level when crawling starts, crawler downloads the contents in on-premise service
application.
Parses the contents and sends the encrypted contents to content processing component in the
cloud. You can actually see these activities in fiddler tool when crawling is started on content
source.
Prerequisites for using Office 365 hybrid search
Below listed pre-requisites needs to be considered, while configuring cloud SSA
Hybrid environment with Office 365
1) Office 365 subscription that includes SharePoint +Activated Users with On-Prem SP server
installation.
2) Directory Synchronization of AD users and groups to synchronize users and groups from Azure
to Office 365
Basic hybrid search requirements
To set up the Hybrid Search, consider these pre-requisites.
1) Supported content sources
SharePoint Server 2007, 2010 or 2013
Fileshares, BCS connectors*
2) SharePoint Server with
Cloud Search service application
2013 or 2016
Additional requirements for search previews
Reverse proxy back to on-premises WAC server
Indexes in Cloud Search Service Application
The hybrid cloud search feature is one of the highly anticipated new SharePoint 2016. Its
principle is simple, typically SharePoint, and any search engine, locally stores its index (the
index is the set of information that allows users to find documents easily in the documentary
system). SharePoint 2016 and SharePoint 2013 with the CU of August 2015 provide the ability to
store the index in the cloud and allow the cloud and on premise the farm populate this index.
Federated Search Vs Cloud Hybrid Search
How Federated Search Works?
All just to have a single search result for the cloud and the farm On Premise. Today it is already
possible with the federation but there is a huge difference with what happens in the

Cloud Hybrid Search.In SharePoint Server 2013 hybrid search using query federation was
introduced.Search results came as separate results sets. This solution required hosting all search
components on-premises. With the federated, there is no calculation ranking on the search and
there is a choice of the source and the result that appears depending on the choice.
How Cloud Hybrid Search Works?
Cloud hybrid search offers only one index and a ranking calculation and therefore search results
are more coherent: The index will be stored in the cloud, a new parameter for the
search application service will be available, and this parameter is Cloud Index

and is available in SharePoint 2013 SP1 CU with August 2015 and in SharePoint 2016.
Cloud Hybrid Search supports relevancy and deep refiners across the entire result set,searching
from anywhere, even on-premises sites ,supports Office 365 enterprise search and Delve for
your on-premises content, supports preview and access the content when connected to your
corporate network .
Why to choose Cloud Hybrid Search?
1. Reduced on-premises infrastructure cost by hosting most search components in the cloud
2. The Office 365 team keeps search running and up-to-date for you, 24/7
3. Brings together on-premises and cloud collaboration like never before with Delve
4. Smoother search experience, even during migration

Cloud Hybrid Search Limitations:
Prior configuring Cloud SSA, check the limitations stated in below table.
Search feature Note
Custom security trimming The custom security trimming isn’t
supported.
Removal of on-premises search To remove a search result, you
results remove the URL to the item. This
requires interaction with the
crawler, and SharePoint Online
can’t interact with the crawler in
the cloud search farm.
Custom entity extraction SharePoint Online doesn’t support
custom entity extraction.
Content enrichment web service The content enrichment web
service call-out is not available in
the Cloud SSA.
Thesaurus SharePoint Online doesn’t support
a thesaurus.
Best bets Best bets are a SharePoint Server
2010 feature. You can achieve the
same result in SharePoint Online
by using query rules.
Custom search scopes Custom search scopes are a
SharePoint Server 2010 feature.
You can achieve the same result in
SharePoint Online by using result
sources.
Promotion/demotion of search Promotion/demotion of search
results results is a SharePoint Server 2010
feature. You can achieve the same
result in SharePoint Online by
using result sources.
What is CloudIndex? What’s its role in Cloud SSA?
A Cloud Search Service Application (SSA) cannot be created using the central admin SSA
creation user interface. The reason being that the cloud SSA requires a property setting that is not
applied by the UI based creation process. This property is called CloudIndex and must be set
to true for a cloud SSA. CloudIndex is a read-only property of any deployed SSA and as such
cannot be set post creation. By definition this also implies that an existing regular SSA cannot be
converted to a cloud SSA.
The property value for a SSA can be checked by executing this Powershell script.
(get-spenterprisesearchserviceapplication).cloudindex
Creating Cloud Service Application
The Cloud SSA should be created by executing a SSA creation PowerShell script and setting
the CloudIndex property to true. Later, when we execute the on-boarding script, another property
called IsHybrid is set to 1 for the SSA.
New-SPEnterpriseSearchServiceApplication -Name $SearchServiceAppName -ApplicationPool
$appPool -Database Server $DatabaseServerName -CloudIndex $true
First, it is necessary to subscribe to the Cloud Search Hybrid Preview Program through
Microsoft Connect
https://connect.microsoft.com/office/program8647
After logging in with your Microsoft account, you arrive on the page, where it is possible to
download the preview documentation. Also, it is currently possible to download two PowerShell
scripts that you create a local Cloud Search Service Application, and SharePoint Farm can
"connect" with an Office 365 tenant. That we will use to create the link between the On-Premises
and Online.
The following are the (relatively simple), steps to perform this Power Shell scripts. Microsoft
these steps will likely be in a later stage of processing in a "Scenario Picker" Wizard, to call via
the GUI in Central Administration. But, for now, this is the only way to be able to test the
functionality.
CreateCloudSSA.ps1
This script has to be run on a single SharePoint server in the farm, from a SharePoint 2013/16
Management Shell, has the following parameters:

-SearchServerName | the name of the SharePoint server, where initially the Search components
are started.
-SearchServiceAccount | The Service Account, including the Cloud Search Service Application
will run.
-SearchServiceAppName | the name of the Cloud Search Service Application
-DatabaseServerName | The Database Server \ Instance, which the Service Application
databases are created.
The script then carries out the following:
1) A check on the existence of the Search Service account in the Active Directory
Domain.If the Search Service Account and Managed Account are not yet registered in
SharePoint, this is done (with a prompt to enter the password).
2) Service Application Proxy is associated with the Cloud Search Service Application.
After running the script, you get the following output.
OnBoard-HybridSearch.ps1
This script helps to connect On-Premise Cloud Search service application to Office 365
environment.
This script has the following parameters:
-SearchServerName | the root of the site collection on SharePoint Online tenant in the form
"https: // <tenant> .sharepoint.com".
-HybridSSAId | the GUID of the Cloud Search Service Application. This parameter is optional,
the intention is to use it when you have multiple Search Service Applications, to provide specific
for the link. If you omit this, the script grabs in fact, the existing Service Application (assuming
that only one) to allow it to build for hybrid use.
The execution happens again from a single SharePoint server in the farm, where the Azure AD
PowerShell module is provisioned(Microsoft Online Sign assistant must be installed.):For this ,
see https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx#bkmk_installmodule.
After the script is executed, execute the full crawl.

This script does the following:

1) A check on the existence of the Azure AD PowerShell module and MS Sign in assistant.A
number of registry keys are filled with general information
2) Azure Control Services (ACS) is added to the Service Application farm which establishes
trust with Office 365
3) SharePoint Online Application Principal Management Service Application Proxy is added to
the Farm
4) A trust is built up between the on-premises farm, and SharePoint Online (by means of a number
of SPNs, which are exchanged)
5) Fills in the details of a Global Admin account in your Office 365 tenant
After running the script, look in the On-Premises Cloud Search Service Application, create a
number of Content Sources, for example, SharePoint sites, Fileshare content, or public web sites
to crawl.

Crawling took them a little longer than usual, but at some point it will be ready, and the crawled
content would be immediately visible within the Office 365 Search Center (accessible via
standard https: // <tenant> .sharepoint.com / search).
After running the script, you get the following output:

The IsExternalContent managed property is set to «1» for content that is crawled on-premises.
The property can be used to restrict a query for online/on-premises results, as a refiner or in a
result source.

If you login to Office 365 as the federated user, you will be able to see the crawl contents from
On-Premise result source.
Get the detailed documentation & PowerShell scripts for Configuring Cloud SSA
1) Microsoft Connect
2) MSDN blog to explain this in further details by Manas Biswas [MSFT] & Neil
Hodgkinson [MSFT]
For any other queries, post your questions here.
How security works for Hybrid Search Results (Security Trimming of Search Results)?
As items are indexed in Office 365, the access control entries are looked up in the cloud directory
service.
User SIDs are mapped to PUIDs
Group SIDs are mapped to Object IDs
«Everyone» and «Authenticated users» are mapped to «Everyone except external users»
Security principals can be managed on-premises and synched to the cloud by using the DirSync
tool.The object in the cloud (AAD) directory now mirrors the object in the on-premises (AD)
directory.
If you get a document in the search result online, it is because you have access to the document
on-premises.You must be signed into on-premises to open/access the actual document.
If user belongs to particular group with specific access on documents but still cannot see the
results, it would be due to SID values which are not mapped to Azure AD online.
Search Indexing in SP 2016
When you create a Cloud Search Service Application the regular content plugin is disabled
and Azure Plugin is initiated. The crawler picks up a document from SharePoint, parses it,
extracts a structured view of the content, removes any unnecessary markup and submits batch jobs
to SharePoint Online search engine for processing the data. The batch jobs are compressed and
encrypted before submitting to service. Hence forth all processing and persistence of the
extracted metadata is done in SharePoint Online search farm , which is where the final index size
will come into picture .So you will not be able to do a 1:1 mapping with what you see in your
On-premise SP farms index. This is the helpful post about initial thoughts about Cloud SSA.
E-discovery for Searching Sensitive data
E-Discovery of content within SharePoint, Lync and Exchange is also available in hybrid
deployments. The ability to search for content is therefore theoretically possible to search a
single eDiscovery assignment, the content inside all sources and gather into one report. This
technique leaning again on the Cloud Search Service Application.
To prevent sensitive information from being shown in search result, it has to configure through e-
discovery case & query in e-discovery search center.
1. Create e-discovery Search Center.

2. Create e-discovery Case and set e-discovery filter with specific query for sensitive
type. KQL query helps to detect sensitive Information type by “Classification” as
parameter & provides instant statistics.
3. Once crawl is completed, documents matching ediscovery filter will be shown in
search result. User with required access can view these documents and then export it to
one drive for business.

Regarding the actual configuration of sensitive information read below blog posts.
http://summit7systems.com/configuring-sharepoint-2016-sensitive-information/
http://blogs.technet.com/b/wbaer/archive/2015/08/26/sensitive-information-types-in-sharepoint-
server-2016-it-preview.aspx













SharePoint 2016 Service Applications
SharePoint 2016 has same architecture for service applications which is carried forward from
SharePoint 2013 except User Profile service application & Project Server service applications

These are the service applications available in SharePoint 2016 farm which is similar to service
applications in SharePoint 2013 versions. (In addition to Cloud Search Service Application as
described in above section).
In SharePoint 2016, the Service Applications which are running on particular server is
determined by the Server Role and it can be interconverted through Powershell Script or UI.
Deprecated Service Applications
Here you will find the list of the all features, that will no more supported in SharePoint 2016 ,
including Service Application features.
User Profile Synchronization Service Application
In SharePoint 2013 (in earlier versions) used Forefront Identity Manager Client (FIM) to
synchronize between Active Directory and SharePoint. SharePoint Server 2016 Beta 2 uses
Microsoft Identity Manager 2016 tool for synchronization. This table depicts the exact differences
with earlier versions.
SharePoint 2013 AD SharePoint 2016 AD
Synchronization Synchronization
uses Forefront Identity Manager client No longer uses FIM as the
(FIM) to synchronize between Active synchronization client. The default
Directory and SharePoint process is Active Directory Import.
Previously in SharePoint 2013, Active Directory Import is the only
Microsoft supports several types synchronization connection type
allowing you to connect to different available.
directory services, such as IBM Microsoft Identity Manager 2016 can
Tivoli, Novell eDirectory. be used an external FIM service to
synchronization between directory
services and SharePoint.

Excel Service Application

Excel Service application functionalities are now moved to Excel Online (Excel Web App)
The following Excel Services functionality has been deprecated:
Trusted data providers
Trusted file locations
Trusted data connection libraries
Unattended service account
Excel Services Windows PowerShell cmdlets
Opening of Excel workbooks from SharePoint Central Administration site
The following Excel Services functionality requires Excel Online in Office Online Server
Preview:
Viewing and editing Excel workbooks in a browser (with or without the Data Model)
Excel Web Access web part for SharePoint
ODC file support (no longer requires Data Connection Libraries)
Programmability features such as JavaScript OM, User Defined Function Assemblies, SOAP and
REST protocol support.
Installing Office WebApp
Install Office Web Apps Server and related updates, this link on installation steps.
Complete these steps on any servers that will run Office Online Server.
1) Run Setup.exe.
 2) On the Read the Microsoft Software License Terms page, select I accept the terms of
this agreement and click Continue.
3) On the Choose a file location page, select the folder where you want the Office
4) Online Server Preview files to be installed (for example, C:\Program
Files\Microsoft Office Web Apps) and select Install now. If the folder you specified
doesn’t exist, Setup creates it for you.
When Setup finishes installing Office Online Server Preview, choose Close.
If you're planning to use Kerberos Constrained Delegation with Excel Online, then, in Services,
set the Claims to Windows Token Service to start automatically on this server. Also see second
NOTE here: https://msdn.microsoft.com/en-us/library/ee517278.aspx.
Excel Service for External Data Access:
If you plan to use any features that utilize external data access, working with Data Models or
SharePoint’s Power Pivot or Power View capabilities, note that Excel Online must reside in the
same AD domain forest as their user-base as well as any external data sources you plan to access
using Windows-based authentication”
Excel Online with Kerberos Authentication:
If you plan to use Kerberos Constrained Delegation with Excel Online, be sure to add each Office
Online Server in the farm to the Active Directory Domain Services delegation list.
For more reference check here.

User Profile Service Application
In User Profile Service Application, User profile synchronization can be done from Active
Directory or by enabling the external Identity Manager.

Active Directory Import

By default, User Profiles can be imported from Active Directory. Create Active Directory
connection as directed in below.

Here provide the synchronization option, as SharePoint Active Directory Import

& Provide the Connection Name, Type & Connection Settings.
Microsoft Identity Manager 2016
Microsoft Identity Manager 2016 enables rich, bi-directional synchronization and common
identity scenarios. Microsoft Identity Manager 2016 simplifies the identity lifecycle management
with automated workflows, business rules and easy integration with heterogeneous platforms
across the datacenter and cloud to include SharePoint Server 2016.
Steps to configure MIM can be found here
Profile Redirection
Profile Redirection enables the extension of profiles to Delve about Me and additional Office
365 experiences users within an organization. Profile redirection, in a hybrid Team Sites
configuration redirects cloud (hybrid) users to their profile in Office 365 powered by Office
Delve ensuring hybrid users have a single place for their profile information. Get more
information here. Below table depicts the difference in User Profile Service Application with
earlier versions.
SharePoint 2013 User Profile SharePoint 2016 User Profile
Service Application Service Application
Synchronization database which stores User Profile service application to be
configuration and staging data for use responsible for bearing a set of
when profile data is being complicated configuration structure in
synchronized with directory services synchronization.
such as Active Directory
User Profile Service application in
SharePoint 2016 offers more user
properties by default
In this version when you create, new User Profile Service Application,
Database Name for Sync Database is disabled & all data is stored in User Profile Database.
Social Database and Sync Database are obsolete in this version.
Project Server Service Application
Unlike SharePoint 2013 & earlier versions, separate installation is not required; it will be
included in SharePoint 2016 Installable.

Creating Project Server Application
Here is a little how to (how-to) to create a website using the template "Project Server" site.
Indeed, Project Server has become a Business Service at the Central Administration. To
do this, sign in with your "Account Farm Administrator" and create your application service.
Make sure you have created an application dedicated pool, a dedicated service account and a
unique database, for the safety of segregation.
Create Project Server Site Collection
Prior to the creation of Project Site collection creation, make sure that Project Server Service is
running & while installing SharePoint, you have selected multi-server role, If not convert the role
of the multi-server.
For this start PowerShell (SharePoint Management Shell) with the farm administrator rights and
define those following variables - which we will use for the creation of our website.
In case; set the items as shown below:
$ Name = "Project Server Service Application"
$ web = Get-SPWebApplication "http: // <Web-AppUrl>/"
$ Sitecollection = web $
$ Template = "# 0 pwa"
$ Owner = "SharePoint \ FarmAdmin"
$ DBName = " <Project Server DB Name>”
"$ DBServ =" domain \ <DBServerName>”
Then we will create a specific content database to our collection site and then create the site.
These settings -and cmdlets do not be unknown as this was also true in SharePoint 2013.
Run the following cmdlets and parameters to create the database:
New SPContentDatabase -Name $ DBName -DatabaserServer $ DBServ -WebApplication Web
$
Thereafter - for the creation of your site collection execute this script:
New-SPSite -url "http: // <siteurl> /" -OwnerAlias $ Owner -ContentDatabase $ DBName -
template $ Template -Description "PWA test site" -Name $ Title
Enable-SPFeature pwasite -url "http: // <siteUrl>"
 And now, after enabling your site is ready for use!

Access Service App
Access web app features coming to SharePoint on-premise customers. With the upcoming release
of SharePoint 2016, customers using SharePoint 2016 with Access Services within their
organizations will see additional features and take advantage of service improvements.
Here is a list of Access web app features in Access Services coming for SharePoint 2016:
Cascading controls
Datasheet filter improvements
Related Item Control enhancements
Image storage and performance improvements
Office Add-ins integration with Access web apps
Additional packaging and upgrade functionality for Access web app packages
On Deploy macro action for upgrade scenarios
Lock tables from editing functionality
Download in Excel feature for datasheet views

What’s new in SharePoint 2016 Sites
New Site Templates like Compliance & in-place hold Policy templates are introduced in
SharePoint 2016. Also provisioning performance is improved through Fast Site Collection
Feature.
Compliance Center for Data Loss Prevention (DLP)
Data loss prevention feature was introduced Office 365, but it will be extended in SharePoint
2016.New site templates are introduced in SharePoint 2016. To understand the functionality of
these templates we need to understand this feature and It’s background.
What is DLP?
With implementation of DLP, Organizations can enable their employees to protect sensitive data
from being leaked outside of organization through defined policies and enforce data security.

Broadly speaking it helps to identify, monitor, and protect sensitive data through deep content
analysis.
In Summary ,With this new capability, you can:
1. Search for sensitive content across SharePoint Server 2016 , SharePoint Online, and
OneDrive for Business.
2. Leverage 51 built-in sensitive information types (credit cards, passport numbers, Social
Security numbers, and more).
3. Identify offending documents, export a report, and adjust accordingly.
4. Information on configuring and using this feature is documented in SharePoint Online and
Office 365.
For more information, see:
Search for sensitive content in SharePoint and OneDrive documents
Use DLP in SharePoint Online to identify sensitive data stored on sites
On DLP implementation Policy Tips can be seen in Outlook, OneDrive and SharePoint Online,
Desktop Excel, PowerPoint and Word.
Policy tips in OWA for devices
With DLP policy defined, outlook item will be scanned for the sensitive information.
If message contains the sensitive information, email sender will be notified about the policy
violation. In above, email sender is notified about Credit card number information in his email
& then sender will be able to correct the email & send it accordingly.
Policy tips in SharePoint and OneDrive
With DLP policy defined, documents will be scanned for the sensitive information.

Policy tips in Office clients

With DLP policy defined, documents will be scanned for the sensitive information & Policy
instruction will be shown in Office Clients.

How DLP Works?
How DLP works in Office 365?
In office 365, these policies are defined in Compliance Center. It has central compliance policies
which apply across the Office 365 suite. It is central point for access to existing Exchange and
SharePoint compliance features. It compiles one policy definition, it is independent of workload,
it has one policy lifecycle & one set of sensitive type definitions.
Creating New DLP Policies
To create new DLP Policy, Navigate to Office 365 Administration, & select Data loss prevention
tab, in that select New DLP Policy from Template suitable to requirements or also DLP Policy
can be imported.

Select the kind of information that you want to protect & also you can create the custom policy
according to requirements.

Here, select the services for which DLP policies needs to be applied.
SharePoint Online specific sites.
One drive for business.
Search for sensitive content across SharePoint Online and OneDrive for Business
For detailed walkthrough and information following reference would be helpful.
https://blogs.office.com/2014/08/27/search-sensitive-content-sharepoint-onedrive-documents/
DLP Policy Rules
These are the set of conditions and resulting actions that describe the policy objective. It helps to
take action to enforce policy. Range of actions model the business requirements for protection of
sensitive information from audit, notification, override to block. Actions are normalized for
different workload experiences.

DLP content detection flow in Exchange

It is integrated into Exchange Transport Rule (ETR) engine in SMTP service & runs in categorizer
during OnResolvedMessage. It is integrated as a new ETR predicate for checking

the sensitive information. Performs text extraction for body and attachments followed by
classification. It can be combined with any existing predicates and actions.
DLP processing in SharePoint
Once the DLP policies are in place & crawling is executed in Search service application, it is
invoked by search crawler as new content discovered and changed, Classification results stored
in index. Classification operator component continues policy evaluation and application.

How DLP works in SharePoint 2016

Above section, explains the background of this feature in office 365. In SharePoint 2016,to
implement DLP, following pre-requisites are required as shown in below diagram.
Compliance Center
In Central Administration, create sitecollection for Compliance Center, by selecting the template
as below.

Create new policy and select the policy template according to security requirements to secure the
data.
To assign this policy to specific site collection, Navigate to DLP Policy Assignments for
sitecollection List.

Choose the sitecollection to assign the policies & under Managed Policies section assign
sitecollection with respective policy.
E-discovery Center
For actual amendment of policies on documents, setup the Ediscovery center, in central
administration create the sitecollection with eDiscovery template.

Navigate to this sitecollection, & create new DLP queries.

Select the policy templates (as selected in above steps while configuring policy in compliance
center sitecollection), also add ediscovery filter to add the site location where policies are
assigned in above steps.
Now upload the document which breaches the policy in this sitecollection (where policy is
assigned and ediscovery location & filters are set).start the crawling in search center & restart the
timer jobs give below.

Navigate to document library in this particular site collection and check if policies are applied.
This is the generic overview of how DLP works in SharePoint 2016.
For more details on DLP query, find these references.
http://blogs.technet.com/b/fromthefield/archive/2015/12/04/data-loss-prevention-dlp-in-
sharepoint-2016-beta-2.aspx (By Brendan)
http://absolute-sharepoint.com/2015/12/configure-dlp-in-sharepoint-2016-step-by-step-
tutorial.html (By VLad)
Document Deletion Policies
About Document Deletion Policy
With the help of Document deletion policy, document can be deleted after certain period of time
to avoid unnecessary legal risk.
Document deletion policies are powerful & flexible — for example, Administrator can
allow site owners to choose from policies that are centrally created and managed. Also site
owners can opt out altogether if they decide a policy does not apply to their content.
Using Specific Site collection Template, a single mandatory policy on all sites in a site
collection, such as all OneDrive for Business sites, or even enforce a policy on all site
collections. This provides a default policy with a default rule that will be automatically applied
without any action required by site owners.

Creating Document Deletion Policies

Admin creates and manages document deletion policies by using the Document Deletion Policy
Center, which can be found under Retention in the Office365 Compliance Center. Alternatively,
Policy Center site collection can be created choosing Compliance Policy Center on
the Enterprise tab. Each tenant can have only one Document Deletion Policy Center, and it’ll be
created automatically if you start from the Compliance Center.

After the Document deletion Policy center is created, specify the deletion rule by creating new
deletion policy.
Based on the requirements, options specified in below image can be provided to specify the
deletion policy. Here specify the date from when document deletion date will be calculated &
time period after which document will be deleted.
Document Policy can be applied for OneDrive for Business Template or Site Collection
Template.
In Place Hold Policy Center
About in Place hold Policy Center
This site model used to manage strategies to keep items in SharePoint sites for a specified time
period, based on the date of creation or modification of 'element. You can combine these
strategies with those linked to the removal of documents according to their retention policies. If
multiple policies apply, the document is saved for the longest period. This site template is
emerging with SharePoint 2016.
Creating In Place Hold Policies
Select In-Place hold Policy Center template while creating the site collection.

In-Place Hold Policy Center site collection is the place to manage the policies centrally.

Here, find more details about creating In Place hold policies.

 Fast Site Collection Creation (SCCF)
Fast Site Collection Creation is a mechanism designed to improve provision performance of Site
Collections through performing a copy operation using SPSite.Copy Commad at the Content
Database level. This helps to create the replica of the Source Site Collection (Master Site) in
same Content Database & then customize the new site collections by activating the custom
features. Here are the steps to go

Enable the Fast Site Collection Creation for a Web Template

Execute following PowerShell Command to enable Fast Site Collection for a webtemplate.
Enable-SPWebTemplateForSiteMaster -Template “STS#0″ -CompatibilityLevel 15
This command enables Fast Site Collection Creation for Team Site Template.
Create SiteMaster in particular Content databases.
Execute following command to create SiteMaster in particular content Database.
New-SPSiteMaster -ContentDatabase $ExistingContentDB -Template “STS#0″
This command creates Site Master where $ExistingContentDB, variable of existing Content
database where Team site was created.
Create Site Collection using the Site Master
Execute following command to create site collection using this site master.
New-SPSite http://<server>/sites/FastSiteNew -ContentDatabase $ExistingDB -
CompatibilityLevel 15 -CreateFromSiteMaster -OwnerAlias “<domain>\<userid>”
For more details, check following references.
http://www.learningsharepoint.com/2015/09/10/fast-site-creation-in-sharepoint-2016-a-deep-
dive/
http://nikcharlebois.com/sharepoint-2016-fast-site-creation/
http://blogs.technet.com/b/wbaer/archive/2015/08/26/fast-site-collection-in-sharepoint-server-
2016-it-preview.aspx
SharePoint Hybrid
SharePoint Hybrid is about connecting on-premises and Cloud, together and achieves business
values through hybrid pillars.

A hybrid solution helps to get started with the cloud functionality. A hybrid environment enables
enterprise users to be connected to required contents & resources from anywhere. To get the more
configuration details about hybrid configuration in this blog series.
http://blogs.msdn.com/b/spses/archive/2013/10/22/office-365-configure-hybrid-search-with-
directory-synchronization.aspx

Hybrid OneDrive for Business

Hybrid sites features have to be used with Hybrid OneDrive for Business (introduced in
SharePoint Server 2013 with Service Pack 1 (SP1)):
Users can sync files with Office 365 and share them with others.
Users can access their files directly through Office 365 from any device.
It is the advancement of Shared and Personal My Site concepts, & sharing and versioning
experience is simplified. It is private by default with simple permissions management.
Storing business files in OneDrive for Business makes it easy for users to share and collaborate
on documents. With Office 365, on-premises storage costs can be reduced by moving your users'
files to the cloud.
Users can be redirected to OneDrive for Business in Office 365 when they click
OneDrive or Sites in the navigation bar. This is known as OneDrive for Business hybrid.
OneDrive for Business can be configured in Office 365 or in SharePoint Server 2013. You can
also integrate both environments to create a hybrid experience.
Configuring OneDrive for Business
Prerequisites for configuration are as below
This TechEd session helps to understand more on pre-requisites for configuring any cloud
scenario, to configure Hybrid, you will need to setup
Enterprise Search Service application
User Profile Service Application
Subscription Settings Service Application
App Management Service Application
Replacing the STS certificate of the On-Premises SharePoint Server and establish a Server-to-
Server trust with Windows Azure ACS.
Office 365 Subscription
To learn how to configure hybrid OneDrive for Business with Office 365, find the roadmap here.
Also this is useful post.

In the Central Administration, one drive and site links can be configured as below.
Site Folders
After the OneDrive is configured, as described above, users are able to navigate to libraries for
which they have access to with the help of Site Folders. Irrespective of the location of the
document in particular site, user can easily access the documents shared with them.

Searching documents in OneDrive

After the OneDrive is configured, as described above, users can search the documents in
OneDrive using Enterprise Search Service Application in On-Premise server.
Configuring the Result Source for OneDrive
In Central Administration, open the Search Service Application & create the Result Source for
OneDrive.
A Result source can be created which points to Office 365 url (i.e https://tenant name-
my.sharepoint.com) as Remote service Url parameter & MySite host url as (i.e.path: https://tenant
name-my.sharepoint.com/personal) Query Transform Url parameter

Configuring the Result Source in Search Result Page

Configure the Search Result Webpart, to configure this Result Source as described above.
This is the summary of msdn blog series by Manas, posted here
Using Hybrid OneDrive for Business
Attachments will be stored in an “Attachments” folder in the user’s personal library in

SharePoint Online, known as OneDrive for Business. Each attachment will be secured to those on
the recipient list of the originating email.
Search (Hybrid search)
Cloud hybrid search is a new hybrid search solution alternative. With cloud hybrid search:
Crawled contents from on-premise server & Office 365 server are stored in search index in
Office 365. You can set up the crawler in SharePoint Server 2016 to crawl the same content
sources and use the same search connectors in Office SharePoint Server 2007, SharePoint Server
2010, and SharePoint Server 2013.
Office 365 Search Center shows the aggregated search result from SharePoint Online as well as
from On-Premise content sources.
For more information about cloud hybrid search, see the public Microsoft cloud hybrid search
program on Microsoft Office connection.
https://support.office.com/en-us/article/SharePoint-Hybrid-4c89a95a-a58c-4fc1-974a-
389d4f195383
With hybrid search, you can search for files and documents across SharePoint Server and
SharePoint Online, giving you easy access to the files that you need.
Implementing a SharePoint hybrid infrastructure lets users search from both systems and access
content from each. Depending on how you set up your system, you can have only on-premises
users, only online users, or both be able to search both your SharePoint Server on-premises and
Office 365. Please find more details about the configuration details in SharePoint 2016 Hybrid
Search Section of this book.
Hybrid sites features
This allows users for seamless experience while using SharePoint On-Premise Server and
SharePoint Online sites:
Users can follow SharePoint Server and SharePoint Online sites, from aggregated list.
Users have a single Delve profile in Office 365, where all of their profile information is
stored.
For more information, see Plan for hybrid sites features.
Extranet (Partner facing extranet sites)
SharePoint Online sites are the Extranet Sites. An extranet is a site that facililates external users
to have access to relevant content and to collaborate with them. Using Office365, Partner facing
extranet sites can be created that let partners securely do business with your organization
,without access to the corporate on-premises environment or any other Office 365 site.
Compare Office 365 Hybrid Extranet with a traditional SharePoint On-premises Extranet
This comparison provides the advantages of using Hybrid Extranet.

Office 365 Hybrid SharePoint "on-

Extranet premises" Extranet
Firewall No Yes
access
required to
external
users
Complex No Yes
network and
infrastructure
configuration
required
Security Managed through Manually
hardening Office 365 configured by IT
Configurations staff
IT Labor No Yes
intensive
Ongoing Minimal Considerable
maintenance
needed
Additional No Often
hardware
needed
Managing Yes Locally managed
external only
partner users
locally
managed or
cloud
managed
Controlling Part of Office 365 Often requires
sharing sites functionality custom
experience solutions/apps
for extranet
sites

Configuration of Hybrid Extranet

Here you will find the steps to configure Hybrid Extranet over greater details.
Hybrid Picker
Use Hybrid Picker to configure hybrid features between SharePoint Server 2016 and SharePoint
Online. Hybrid Picker is part of Office 365. You can find it in the SharePoint Tenant Admin
console. You need to log on as a Global Administrator or a user assigned the SharePoint
Administrator role. To use Hybrid Picker, you also need to be logged in to a SharePoint Server
2016 IT server as a Farm Administrator.

Prerequisites
In below table find the pre-requisites to configure Hybrid Picker.
Conditions Environment
In case of SharePoint Server 2013 On-Premise
farm should have September PU or
later properly installed.
Open 80 and 443 ports in the firewall On-Premise
for outbound communications.
Farm Administrator access to Central On-Premise
Administration
Global Administrator Access to Office 365
Office 365
Account being synchronized with On-Premise
properties such as email, SIP, email
address. Users synchronized with
Office 365 using Azure Active
Directory Sync (AAD Sync).

Hybrid Scenarios configuration with Hybrid Picker
Hybrid One Drive for Business
This redirects your users' OneDrive for Business to OneDrive for Business in Office 365. It also
installs a server-to-server (OAuth/S2S) connection between SharePoint Server on-premises.
Find more details in this section of the book.
Hybrid site features
This option configures a server-to-server (OAuth/S2S) trust between SharePoint Server 2016 and
Office 365 & then configures hybrid sites features. Choosing the option configures hybrid
OneDrive for Business as well.

Find step by step roadmap for configuration of Hybrid Site features here.
After this feature configured using hybrid picker,
Users having access (configured as the part of audience group) to Office 365
environment, will be redirected to Delve User Profile (i.e. About me link, under settings
menu, in top right corner in the ribbon). This can be configured as part of One Drive for
business configuration described in this section.
Users will be able to see the aggregated list of his/her followed sites from on-premise &
Office-365 environment (on click of App Launcher)


Hybrid Options
This snapshot describes the various options available with hybrid configuration with respect to
hybrid extranet & hybrid Search.
What are NextGen Portals?
Office 365 Video Portal, Infopedia & Delve are the out of the box NextGen Portals. These
Intelligent, Social, Mobile, Ready-to-Go Portals are enhanced by key Office 365 capabilities like
Office Graph, Office Add-Ins, OneDrive, Skype, Outlook, Yammer, SharePoint Content
Management, Azure Media & PaaS service, Compliance Center.

These Office 365 capabilities can be leveraged in SharePoint 2016 On-Premise server with the
help of hybrid configuration.These capabilities includes experiences like Portals, Team Sites,
Files, Search, Social, BI etc
 Next Gen Portals
Page Renderer & Authoring canvas components are built on top of SharePoint Content Storage,
this portal API can be accessed through REST APIs. Custom portals can be created using the
NextGen portal template. Building blocks of Next Gen Portals are as shown below.
NextGen Portal Architecture
Each NextGen Portal consists of Hub site collection & Content Site Collection (Channel).Each
Content Site collection can be created in Hub Site Collection.
Hub Site Collection
Hub site collection is similar to Community Portal (Search Center which shows all communities
in the farm), It displays the data hosted in Content Site Collection/Channels.

Hub Site collections is under <Office365domain>.sharepoint.com/portals/hub managed path (Per

Tenant). For example, In Video Office 365 Hub, from this central site collection, different video
channels can be created.

Security can be managed from Managed Settings for Hub Site collection /Channels. After you
upload the videos to channel, you will need to wait for the crawling to be completed.

Content Site Collection

With respect to each Hub Site Collection, Channels/Content site Collections are created under the
/portals/ managed path.
Libraries
In each Content Site Collection, Portal Data is stored in respective libraries in different format.
Library Format
Pages Page data as JSON Blob list items
Images Image Assets for pages
Video Files (backed by Azure Media
Videos
Services)
Office 365 Video Portal
Office uses Video Azure Media Services for transcoding (converting) videos in multiple formats
to be compatible with most devices (devices). Azure Media Services only exists in the cloud, so
can be a version "hybrid"

Video hub portal in Office 365, contains different channels, Video uploaded in this channel is
stored in Azure Components & Timer Job manages interaction between SharePoint Online
& Azure components. End user uploads video to SharePoint Online, SharePoint interacts with
Azure Service media service for transcoding the video and storing it in Content Storage.

Azure Media service also provides thumbnails for referencing the particular video. Azure Media
Service delivers video streaming through AES security to Content Delivery network & viewers
can view secured contents.
Following features are responsible for Video Processing in SharePoint Online
WebApplication Feature: Video Processing
This feature registers video processing timer job.


WebApplication Feature: Cloud Video Thumbnail Provider.
This feature provides functions to generate thumbnails for videos
InfoPedia
This is the Knowledge management Portal, definitive hub for MicroSites, Boards & personalized
portal powered by Office graph.

This landing page shows the collection of Microsites (links to Microsites enabled with Social
Features).At high level InfoPedia is collection of Microsites, Boards, and Articles in defined
hierarchy. Find more about InfoPedia & Microsites here.

Delve and Office Graph
Delve is the knowledge management portal in context with current logged in user & Office
graph is the graphical representation of related activities among related users and related
information.

Delve uses the Office Graph to deliver personalized views of the people and content. Delve now
lets you discover Content types from across Office 365.
To get more insights on Delve & Office Graph, check out these very informative posts with more
details.
http://www.dotnetmafia.com/blogs/dotnettipoftheday/archive/2014/09/08/a-quick-look-at-delve-
in-office-365.aspx
https://support.office.com/en-us/article/Office-Delve-for-Office-365-admins-54f87a42-15a4-
44b4-9df0-d36287d9531b
To activate Delve, You’ll need to turn on the First Release program in your Office 365 Service
Settings. You'll need to enable Delve on the SharePoint Settings as well.

Choose the option Allow access to the Office Graph (default).Tenant administrator may turn off
office graph and Delve for the whole tenancy.
In Ribbon, navigate to Delve link.

Allow access to Office Graph.

Alternatively, Individuals can turn off the Delve settings.

Office Graph
It’s an intelligent fabric that applies machine learning to match the connection between people,
content and interactions all across Office 365.Office Graph consists of signals which shows
actions between Office 365, Actors & Items.
Signals are security trimmed & respects the privacy of the end users. Signals are categorized as
Public signal/Private signal based on level of Privacy. Each signal consists of Actor Node, Edges
(to connect Actor to Object/Item) & Object or Item

This table describes different types of edges (in Signals) with Private/Public visibility

Edge Description Visibility
Personal FeedlFeed The actor’s personal feed as shown on their Private
Home view in Delve.
Modified Items that the actor has modified in the last Public
three months
OrgColleague Everyone who reports to the same manager Public
as the actor.
OrgDirect The actor’s direct reports. Public
OrgManager The person whom the actor reports to. Public
OrgSkipLevelManager The actor’s skip-level manager. Public
WorkingWith People whom the actor communicates or Private
works with
TrendingAround Items popular with people whom the actor Public
works or communicates with frequently.
Aggregated across several signals
Viewed Items viewed by the actor in the last three Private
months.
WorkingWithPublic A public version of the WorkingWith edge. Public

Delve Building Blocks

This table describes the building blocks of Delve & sequence in which graph query is executed.
 Sequence Features Technique
1 Graph search /_api/search/query
2 Signals /_api/signalstore/signals
3 Preview images /_layouts/15/getpreview.ashx

Office Graph Endpoints

Custom Apps /Solutions can be developed using the API exposed by Graph endpoints.
To get the end to end details about this api, get through Connect 2015 Videos. Delve can be
extended for custom requirements using Graph Query Language (GQL), External Hybrid Content,
External Activity.