All presentation SharePoint O365 and everything else
Click here to load reader
-
Upload
kenneth-barnes -
Category
Documents
-
view
971 -
download
13
description
Transcript of All presentation SharePoint O365 and everything else
SharePoint 2013 – How to get there!real world experience
Technical Process
End User Responsibility
AdoptionUser Experience
Challenges
Manage riskCentralized site collection policies control access
Ensure compliance and increase manageability with audit resilience, filtering, and enablement
Classify and identify information
Mitigate threats and prevent malicious content.
Protect, preserve, and persist information
Support compliance via eDiscovery
Encrypt and protect data with Rights Management Services (RMS).
Purge information no longer needed with site closure policies
Manage costReduce cost and complexity
Ensure data compliance and security
Solve fundamental business and IT challenges with a consistent, integrated approach
Control costs with adaptable cross-premise environments, with public and private cloud, as well as on-premise, deployment options.
Reduced disk I/O and bandwidth requirements
Unprecedented scale
Downtime mitigation through application aware routing and management
Manage your time
Balance the needs of users with those of IT
Automate repetitive processes and improve operating economics with Windows PowerShell 3.0
Cut costs while improving the scalability, flexibility, and reach of IT systems
Improve adoption and amplify users impact
Empower site administrators to decide when upgrade is right for their users through delegation of upgrade.
Create evaluation site collections and fix issues without affecting live data
Preserve customizations and drive broad user adoption
Create backward compatible site collections through selective provisioning.
Top business challenges we hear about
Information Explosion Data in Silos Diverse User Requirements
Discrete Roles Diverse
Systems Varied
functions Lack 360°
view of info
18
Unstructured Data Un-Organized Un-Categorized Exponential Growth
100+ Systems No Interconnect Difficult to find
info Frustration
Ease of Implementation 3.6
Service Reliability 3.4
Industry Specific Consulting Advice 3.4
Initial Setup Cost 3.4
Vendor Responsiveness 3.3
Support for Specific Business Needs 3.2
Support Costs 3.1
Ease of Customization 3.1
Ease of Integration with on-prem systems 3
Silos for Challenges and implementation
Marketing Sales ProcurementConsulting Research HR / LegalSupportProduction
Content Silos
Siloed UI Applications
IT Finance
Information and application silos
Phase 1Design & Plan
• For Business and It Audience• To understand
SP 2013 and its information
• Understand value of information management
• Gain Predisposition towards SharePoint
Phase 2Build & Deploy
• For Business and IT Audiences• To understand
the extent of Information and adoption management
• Persuade for championing the cause
• For End-user audiences• Messaging begins
with education, but quickly turns into a risk adjusted persuasion campaign
• Set expectations about potential negatives (data cleanup and migration
Phase 3 Transfer & Operate
• For End-user audiences• To Support the
use of new tools and bolster confidence in the new environment
• To promote cultural shift
• Define companies message
• Define company adoption plan
• Define message and message with SharePoint
Phase 4 Nurture and Improve
• For End-user audiences• To maintain
the cultural shift or paradigm in the organization
• Collect feedback on the campaign for future iterations for SharePoint
• Define Companies messages
SharePoint 2013 Awareness Communication
and Adoption Strategy
SharePoint Adoption
Define your VisionSimplify -> Start Small ->Stay Focused
Identify Relevant Use Cases
Execute
Enable Technology
Measure Success and Expand
Adoption Checklist
Define Your Vision Identify Relevant Business CasesRelease your SharePoint functionality in phases Increase awareness by creating a communication planSupport users by creating a training planEnsure ongoing success by creating a user support planGenerate excitement by creating an incentives and
rewards plan
Define Your Vision
• Establish the business priorities that SharePoint will address
• Determine your timeframe• Establish metrics by which you'll measure
success• Conduct a pilot to gather initial feedback
• Create a good User Experience
Identify Relevant Business Cases
• Determine the most appealing scenarios for business users
• Identify "low-hanging fruit"• Review the list of use cases provided with this white
paper to determine which ones apply to your business
• Focus on Features for the Business and make them available
Release your SharePoint functionality in phases
• Start Small and Stay Focused• Select a pilot group of users• Do it iteratively• Create a Task force
Increase awareness create a communication planand strategy
• Leverage Experts and Champions• Engage Leadership by identifying executive
sponsors• Conduct town hall meetings to discuss your
solution• Create a plan for continuous communication
Support users by creating a training plan and a strategy
• Establish short, just-in-time training options for users
• Ensure that your site owners are properly trained before giving them site ownership
• Provide training to content contributors to ensure effective content management
• Create a site owner community to enable users to help each other
Ensure ongoing success by creating a user support plan and strategy
• Establish a contact person for every page• Establish a SharePoint Center of Excellence
within your organization to provide high-end support for users
• Survey users on a regular basis to gather feedback and establish metrics
• Ensure content gets moved from legacy platforms to SharePoint in a planned manner
Generate excitement by creating an incentives and rewards plan
•Demonstrate with real data how features are useful
•Make it fun (buck the company culture)•Use an online scavenger hunt as a fun way to encourage usage
•Provide recognition for content contribution
Features
Office 365 Feature Parity
There are a lot of areas to cover…
• ECM• WCM• Business Intelligence• Social• Search• Services• The New App Model/Development
THE NEW WAY TO WORK TOGETHER
SharePoint
ManageBuild
DiscoverOrganize
SHAREShare
Find the perfect balance between compliance and collaboration
Efficiently manage infrastructure while maximizing uptime, minimizing failures and downtime
Empower end users while managing risk, complexity, and costs
Manage Risk Manage Cost Manage Your Time
SharePoint 2013 ArchitectureIn general model has stayed same as in previous version
Numerous platform level improvements and new capabilities
• Shredded Storage• SQL Improvements• Cache Service• Request Management• Themes• Sharing
Service applications in SharePoint 2013New service applications available and improvements on existing ones
Office Web Apps is no longer a service application
Web Analytics is no longer a service application, it’s part of search
SharePoint 2013 workflows have a proxy to a Workflow Manager farm
Create Control Protect
Create and organize content easily with the help of relevant discovered information
Manage content policy, information architecture and taxonomy
Reduce risk and manage compliance with centralized eDiscovery tools
Enterprise Content Management
Enterprise Content ManagementSite-level retention policies
• Compliance levels extended to sites• Policies include:
• Retention policy for sites and Team Mailbox associated with site
• Project closure and expiration policy
Discovery Center• Designed for managing discovery
cases and holds• Establishes a portal through which
you can access discovery cases to conduct searches, place content on hold, and export content
Enterprise Content ManagementeDiscovery capablities
• Support for searching and exporting content from file shares
• Export discovered content from Exchange and SharePoint
Team folders• Seemless integration of
Exchange and SharePoint to provide best of both world and end user flexibility
Internet Sites
Design Publish EngageUse familiar tools to design rich and beautiful sites that represent your brand
Create, reuse and consume content for any device and language
Surface the right content to the right user with adaptive experiences
Web Content ManagementSupport the tools and workflows designers use
Variations & Content Translation
Search Engine Optimization
Cross Site Publishing
Video & Embedding
Image renditions
Clean Urls
Metadata navigation
Connected Experiences
Work TogetherMake it easier to work as a team and manage your projects.
Share KnowledgeUse community knowledge to gain insight and find answers.
Get ConnectedEngage in conversations to stay informed and make better decisions.
Social
Microblogging• Share content, links, and media• Follow people, sites, content,
and conversations
Activity Feeds• Provides a view into recent
activity related to content, links, media, and people
Social
Communities• Community sites with self-
service administration and moderation
• Modern community features such as achievements and reputation
Discussions• Modern discussion boards
Blogs• Client application integration• Categories, comments, and
moderation
Connected Platform
Secure Information Manage Identities Integrate Business Apps
Ensure that information communicated via internal social networks is secure and compliant with centralized IT policies.
Provide a single view of the people in an organization and bring together identity-based information from many sources.
Build new social apps, and bring important information from your LOB applications directly into the newsfeed.
Mobile
Classic and Contemporary views for mobile browsers
Automatic Mobile Browser Redirection
Target different designs based on user agent string
Office Mobile Web Apps• Excel• PowerPoint• Word
Push notifications
Search
Find Answer ExtendFind what you’re looking for with intelligent results tailored to you
Get answers and take action with an experience that’s always a step ahead
Build smarter applications that can scale for any need
Search
New Search architecture with one unified search
Personalized search results based on search history
Rich contextual previews
Business Intelligence
Explore Visualize ControlEasily combine data from any source to create fully interactive reports and insights with guided exploration
Visually discover and share insights for collaborative decision making across the organization
Manage self-service BI with control & compliance for end user created assets
Business IntelligenceExcel BI
• Instant analysis through In Memory BI Engine
• Power View Add-in
Excel Services• Improved data exploration• Field List and Field Well Support• Calculated Measures and Members• Enhanced Timeline Controls
Business IntelligencePerformancePoint Services
• Filter enhancements and Filter search• Dashboard migration• Support for Analysis Services
Effective User
Visio Services• Refresh data from external sources –
BCS and Azure SQL• Supports comments on Visio
Drawings• Maximum Cache Size service
parameter• Health Analyzer Rules to report on
Maximum Cache Size
Build appsBuildsites
Build for the cloud
Buildapps
SharePoint 2013 makes customizing sites easier for user, web designer and professional developer alike.
The cloud provides you with the freedom to choose how and where to host your apps.
A new development model for building apps provides a secure and scalable way to build SharePoint solutions.
Apps for Office and SharePointApps
App catalog and store
Vacation request
Event planning
Expense calculator
Learning management
Risk management
Help-desksupport
Products and platforms
Services and data
Summary
SharePoint Server 2013 enhances the workload experiences by enabling new compelling scenarios that engage and work with the user.
Enterprise Content Management
• Social Interaction• Document Set
Management• E-Discovery• Records Center• Enterprise
Metadata Management
• Search Visualization
Ask colleagues for expertise
Preview content inline
Follow relevant content and subject matter experts
Social Interaction
Site mailboxes – Exchange and SP togetherSite mailboxes can receive emails and have their own email addressEasy access from both Outlook and SharePoint (same view!)
Emails stored in ExchangeDocuments stored in SharePointUnified compliance policy applies to both
Shared Storage Management
Site Mailbox
Membership
Owners Members
Exchange Site Mailbox SharePoint Site
ProvisioningLifecycle
Exchange 2013
SharePoint Farm
IW Views
OutlookSharePoint
Document Set Improvements
Support for OneNote notebooksDocument set icon in search resultsFolders supportedAlso for default documents set for document set
Support for easier aggregationCBS & CBQ web parts understands document sets
Better developer supportClient side and Server side API improvements
Versioning improvementsCapture full document set as version
Search directly in document set
eDiscovery - Exchange, SharePoint and LyncUnified console to add, manage and export discovery setsIn-place discovery and holdsLegal team does discovery, not information workers
Discovery Center in SharePoint
Unified Preserve, Search and Export
Exchange Web Services Connect to Exchange to get mailbox data
Lync Archiving to Exchange Exchange is the compliance store for Lync
Search Infrastructure Exchange and SharePoint use the same search platform
De-duplicate
eDiscovery Architecture
Exported data
Mailboxes
All SharePoint content
Lync IMs
Site Based Compliance & preservation
Compliance officers create policies, which define:
The retention policy for the entire site and the site mailbox, if one is associated with the site.What causes a project to be closed.When a project should expireCan set also site collection as read only
Policy also available optionally from self site creation
Policies must be replicated from content type hub cross enterprises
Specify retention schedules for content types
Submit documents for long term archival
Record Centers
Enterprise Metadata ManagementMetadata as enabler for Navigation, term and search driven pages, etc.New term store manager features enhance term usage modelsMultilingual improvementsCross-site collection access to private local site collection groups
Dataview editing supportShare and Local propertiesPinned Terms vs Term Re-UseTaxonomy API (CSOM and REST)
Term Store Manager in SP2013
Cross site collection term access for private groupsPossibility to link different site collections to see others terms
Pinning termsRead only reuse of the term in alternative location in the hierarchy
User interface for custom property editingSpecific by location properties also possible
Indication of the term set usage for other SP2013 functionalitiesAdditional Multilingual supportFlexible LCID and automated translation support
Block users from using keywords outsideof specific term set
Learns with use and improves results
Understands the query and adapts the experience
Search Visualization for ECM Content
Web Content Management
• Easy Content Authoring & Management
• Targeted User Experiences
• Search As Content Provider
• Managed Navigation• Content Re-Use• Multi-Lingual
Support
Design Manager and general rendering changesEmpowering web designers & developersCompletely revamped CSS classesWeb Part rendering with DIVs, not with TABLEsMinimizing ramp up time
Site design & branding using the technologies web developers already know & love (HTML, CSS, JS) – using their preferred design tools.Creating and updating designs no longer requires deep SharePoint expertise
Design manager for assisting uploading templates and modifying them on-fly
Image renditions & Video improvements
Image transformation dynamically in SharePointRenditions are actual thumbnailsConsistency sized imagesCropping for targeting areas of pictures
Enable easy enterprise podcast scenariosVideo support improvementsVideo player as HTML 5 implementation
Search Engine Optimization improvements• Numerous SEO improvements in site and page level
Features SharePoint 2010 SharePoint 2013Clean URLs http://www.c.com/Pages/cars.aspx http://www.c.com/cars
Home Page Redirects
HTTP 302 for http://www.c.com to redirect to /pages/default.aspx
Home page served from address www.c.com – no redirect for browser
Country code top-level domains (ccTLDs)
http://www.c.com/en-us/Pages/cars.aspxhttp://www.c.com/es-mx/Pages/coches.aspx
http://www.c.com/cars http://www.c.mx/coches
XML Sitemaps None Automatically generated and referenced in robots.txt
SEO Properties(e.g. Meta Description)
<title> and <h1> must be identical Browser titleMeta descriptionMeta keywords
Webmaster Tools integration
None Assists with ownership verification
Device based rendering - Channels
Different channels defined in site collection level (SPSite)Define “channels” for single devices or groups of devices – based on user agentsAssign alternate “Master Pages” (shared look and feel) per channelSelectively include and exclude portions of Page Layouts per channel by using specific controlPossible to provide cookie level override for end users
Same URL, different look and feel based on used deviceTarget Different Devices (per Agent Substring)
Content Search Web PartSimilar to Content Query Web Part – but based on indexed contentShow content cross site collectionsShow content cross multiple site collections
New presentation template model for easy content presentation fine tuningContent rendered in client sideProvides full control on rendering capabilities using html templates
Easy editors as web part editors for defining planned query
AudioCamerasComputersHome appliancesPhonesTV and video
TERM STORE NAVIGATION TAXONOMY
Search
Product Catalog
Filter query byCATEGORY: COMPUTERS
Friendly URLhttp://contoso.com/computers
Use pagemaincategory.aspx
CONTENT SEARCH WEB PART
Managed navigation, search and topic pages
Cross-site publishing (XSP) and catalogs
Define content to share acrosssite collections
Author content in multiple site collections, then aggregate using Content By Search web part
You can use catalog-enabled sites for scenarios such as a content repository, knowledge base, or product catalog
Multilingual support improvements
Utilize translation service for automated or manual term translations
Business Intelligence
• Built-In Visualization
• Excel & Excel Services
• Performance Point Services
• SQL Integration• Management (via
Central Administration)
Excel Services
Web-based interactive reporting and sharingPower View is built-in
Powerful analytics with the built in PowerPivotSQL Server 2012 required
A platform for building business applicationsKey FeaturesFlash FillFlexible Charts & Pivot TablesAuto-Chart SuggestionsChart PreviewsTimeLineDashboards
Excel Services Architecture
Excel Web Access
Excel Web Services
JSOMREST API
Excel Proxy
User-Defined Functions
Excel Calculation Service
XLSX/b/m
SharePoint Content Database
External Data Sources
Web
Front End
Applicatio
n Server
Backend
New features for Excel Services in SP2013• Data exploration improvements with additional
commands• Better integration with SQL Server Analyses Services data or PowerPivot models
• Field list and field well support added to excel services for easier PivotChart and PivotTable control
• Calculated measures and members supported in web rendering
• Enhanced timeline controls for rendering• Application BI Servers support• Business Intelligence Center update• Touch and Device Support
Mobile devices support for BI – including excel
Delivering great touch-based data exploration and visualization capabilities in a browser on iOS, Android and Microsoft platformsExcel Services 2013PerformancePoint 2013Reporting Service 2012
SharePoint FarmExcel Services
Excel Services Topology (On-Premise)
Office Web Apps Farm
6
SQL ServerAnalysis Services
WOPI
OLEDB/ODBC
You have different options for rendering:• View workbooks using Excel Services on
SP; or• View workbooks using Office Web Apps
Server (and potentially lose functionality)
Web Part
Web Service API
AuthenticatedJSOM/REST/APIs
Windows-Auth basedExternal Data
Edit documents
New documents
Co-authoring
View
Un-AuthenticatedJSOM/REST
User DefinedFunctions
Connection stringUnattended account
External data*
Embedding
Excel Services vs. Office Web Apps Server
Office Web Applications
SharePoint 2013
PerformancePoint Services Context-driven dashboards across systemsProvides transparency and accountabilityInteractive access using browserCan be created/updated by power-users/professionals
• Bring together data from multiple data sources
• Visualization your data with charts & graphs
• Drill into your data with Decomposition Trees
PerformancePoint Changes in SP2013
Architecture and general model has remained the same as in previous version
Key changes and new capabilitiesFilter Enhancements and Filter Search
Cascading Filters*PerformancePoint support on iPadSupport for Analysis Services Effective UserBI Center UpdateTheming supportDashboard Migration
SQL Server Analysis Services for advanced analytics
SQL Server Analysis Services
SharePointExcel Services
Excel Interactive View
Generates Excel table and chart views on-the-fly from an HTML table hosted on a web pageExport to Excel Web App or Excel file for further analyses
Associated to any html tableNot only in SharePoint, available cross platform
Social - Connected Experiences
• Personal Sites• Team & Project
Sites• Communities• Connected
Platform• Integration
Follow people, sites, hashtags, and documentsFilter to see the company feed and
mentions
Share with everyone, or a smaller group
See the pulse of the company with trending tags
Personal Sites
I’m Following
Gives information about all of the things that user is followingnumber of people, Documents*, Sites*Tags
Can easily identify all of the things that powers a user’s newsfeedAllows the user to access all of those things within a single click from the newsfeed
Search powers experiences across SharePoint
Update your profile
Get to know someone by the activities they perform
Join in on a conversation
About Me – What Other People See
Public Page, Personal Site, Social FeaturesSP2013 social features mostly rely on data on the person’s personal site and in the Windows Server AppFabric Cache
Two lists are now located for providing social features: the Microfeed list and the Social List
The personal site document libraries experience has been re-designed
Profile Database is still used for following peoples and tags as it was in 2010
Personal Site
Microfeed
Private Public
Social
Sites
Docs
My Documents
MFsProfile
DBSocial
DB
One view of all your tasks Synchronized with Outlook
Site feed for group conversations
Personal site My Tasks
Onedrive Provides a single place for users to create, share, collaborate and follow important documents
In 2013 Personal Sites have a single document library that can be user for private document as well as documents shared with others
It is “the” document library of your personal site and a set of views that give access to content people want to be connected with.
All: provides an overall view of documents in the My Documents
Offline Libraries: OneDrive Pro
Provides quick and easy access to Document Libraries in the familiar Windows Explorer experienceWorks for any SharePoint 2013 Document Libraries.
Makes your documents accessible online, offline or in-between and your changes are automatically syncedSyncs libraries across multiple devices
Fully integrated with Office Document Center: every file that gets uploaded through Onedrive Pro is shredded
Replace SharePoint Workspaces
Make collaborative decisions
Team & Project sites
86
Work together as a team from anywhere in the world
Lync Integration
Members and reputations
Community Home PageEasily
onboarding process
Conversations
Welcome section
Community Members and My Membership
At any time people can go to the Members list to see all members and rank them by various metricsPeople can also see their status and what is needed to move to the next level of reputation:
Search & Communities
Contextual Search in Community SiteSearch results provide community and members informationCustom Display templateSearch result contextualized within the Community site
Key Features
Find recent & featured content
Search within and across communities
People search
Deep integration with search results
Connected Platform
Secure informationIRMGuest sharing
Manage IdentitiesSharePoint user profiles drive the single view of a person via the “Person card”Integrates w/AD
Multiple platform connectivityWindows Phone, iOS
Integration
Available APIsGet/Post feedsGet user profile propertiesFollow people, sites, documentsLike, reply, mention, tag, link, add pictures
REST & CSOM Development Models
Authenticated Access
Available in the cloud (& more with on-premises)
Best-in-class enterprise social networking
stand-alone social service + in-app social experiences
Yammer Enterprise Social Networking Services
Yammer (& SharePoint, et al)
Search
Unified & Ubiquitous
• Enterprise Search• People Search• Deep Refinement• Document Previews• Query Rules & Result
Sets• Search Verticals• Architecture• Analytics
Enterprise Search Hub UI
Employee facing Integrated with enterprise portal or standalone
search Search driven experience (versus browse) Based on core results web part, refiners, search
box
Query User query driven Security trimming
Relevance General relevance algorithm Task oriented experiences targeted to intent
Crawl and Content Diverse set of content across enterprise,
including custom content sources
Admin Service managed by “search service” admin Site managed by “search site” admin
The launching point into other experiences via navigation and flashing in “intent” driven results
Gives users an “Internet search like” experience for finding info and answers across the enterprise
People Search
Same UI and Query features as Enterprise Search HubRelevance
Specialized people search ranking model that incorporates fuzzy name matching and expertise finding
Crawl and Content Fixed set of content driven out of User Profiles
(which themselves could aggregate people data from multiple locations)
Admin Site managed by “search site” admin
Find people by name, expertise, group, etc Find the right person faster
– Query suggestions/type-down support combines browsing and searching
– Find a broader range of experts based on documents they’ve authored in addition to profile info
– Fuzzy name search is now more accurate, works across more languages, is not based in Speech Server anymore
– Social connections: see how you are connected to each person in search results
– Search anywhere for people by name and expertise – in Lync or site search
Find answers to questions others have already answered
97Search architecture
Admin
Content UX
mssearch.exe
Crawl+ connectors
Contentprocessing
noderunner.exe
Search core
FAST Server engine
noderunner.exe
Queryprocessing WFE
noderunner.exe
CLIENT APP
Public API
Unit of scale/role boundary
Analyzernoderunner.exe
Partner-built connectors
Other Service Applications
Architectural model for Service Applications in SharePoint 2013
Introduction to model and changes compared to previous versions
Introduction to individual service applications in SharePoint 2013
What has been changed?What is new?
Access Services Web Service Application
App Management Service Application
Business Data Connectivity Service Application
Search Service Application
PowerPoint Conversion Service Application
Secure Store Service Application
Machine Translation Service
Usage and Health Data Collection Service Application
User Profile Service Application
State Service
Visio Graphics Service Application
Security Token Service Application
Work Management Service
Same services architecture as introduced in 2010
• Services can be individually consumed from any Web Application
• Allows for a very rich (and complex) farm structure if required
• Provide flexibility to utilize services based on application needs
• Numerous platform enhancements
Key Service Application Changes
New Service Applications:
• App Management Service
• Work Management Service
• Translation Services
(Re)Moved Service Applications:
• Office Web Apps Now a separate product
• Web Analytics Now part of Search service
Access Web Apps
Collaborative web applications on SharePoint & SQL ServerAccess App is a SharePoint hosted SP App (own site)Database is a single SQL Server database
Access is an abstraction layer over SQL ServerSimplified designersLowers barriers to entry
Provide capability for creating data tracking applications easily as business usersDeveloper-level experience not requiredMost robust SP App designer for SharePoint 2013
Apps Service Application
APP
Permissions and licensesin service app database
Application Server hosting service app
App management1
2
3
4
Business Connectivity Services
SharePointDesign Tools
Office Applications
BCS Client
Business Data ConnectivityExternal Content Type Repository
External Lists
Dev Platform
Enterprise Search
Business Intelligence
Collaboration Social
Enterprise Content
ManagementSharePoint Designer
Visual Studio
LOB WCF/WS DBOData
Translation service applicationProvides built-in machine translation capabilities on the SharePoint platformCloud-based translation servicesBased on Word Automation Service architectureSupports sync, async, streamingCan translate documents, pages and sitesExtensibleFull trust solutions and SP Apps supportedREST API or CSOM availableAPIs for batch and immediate translations
PowerPoint Automation Services
New service application in SP2013
All about file conversions
Business scenariosRequirements to convert large amount of old PPT format files to PPTXConvert presentations from PPTX format to some read only format, like PDF, XPS or to images
There’s no out of the box functionality to perform conversion directly from UIAccessed programmatically by providing file streams which should be converted.Customization example: Enable conversion from all document libraries for PowerPoint presentationsCustomizations using PowerPoint Conversion Service Application have to be deployed as full trust solution or executed in SharePoint server
Supported source presentation formats
Open XML File Format presentation format (.pptx)PowerPoint 97–2003 presentation (.ppt)
Supported destination document formats
.pptx (Open XML File Format presentation format)
.xps (Open XML Paper Specification)
.jpg
.png (Portable Network Graphics Format)
User Profile Service
Stores information about users in a central location
User profiles can be imported and synchronized with identity management systems like Active Directory
Offers following featuresUser profilesProfile SynchronizationAudiencesMy Site HostMy SiteSocial tags and notes
Related service appsManaged metadata service appSearch service applicationBusiness Connectivity Services
Profile Synchronization
PerformanceLarge organizations should be able to perform a full sync of AD and SharePoint data over a weekend.
ReliabilityIT pros should be able to monitor the performance and stability of profile sync and have access to the information that they need to take corrective action when problems occur.
CompatibilityCommon Directory Service configurations should be supported, including Forefront Identity Manager and generic LDAP providers.
Visio Services…Renders diagrams in the browserHigh quality PNG(s) for full fidelityNo dependence on SilverlightNative support for Visio file formatDiagram consumers do not need a Visio client Available across devices using desktop browsers and mobile browsers
Accessible only via SharePointOn premises & in cloud using Office 365
Visio Services…Refreshes data fromMultiple external data sourcesConfigured using theData Linking Wizard in the client
All shapes visually refresh – not just Data GraphicsData driven shape behavior
Integrated into SharePoint solutionsExtensible using the JavaScript API and Web Part Connections
SP2013 for Word AutomationNew ”Immediate” based request (no waiting)New option to execute conversion immediately, not necessarily from timer jobOperate on one file at the time per requestConfiguration options from CA for simultaneous request amount
Notify or update items in SharePoint after completionWord Automation Services can perform file conversions and can update files (ex. update table of contents or fields)
Allow WAS to support streamsConvert streams from API perspective as inputs and outputs for file operationsStreams are stored in memory within Application Server Manager and Worker – not in content database
Work Management Service – Task Aggregation
Timer job
Personal site ascache for tasksSynchronous request
for task to UI
Asynchronous cache request for providers
SharePoint
Project
Exchange
Provider X
My Tasks
Summary:Other Service Applications
Access Services Web Service Application
App Management Service Application
Business Data Connectivity Service Application
Search Service Application
PowerPoint Conversion Service Application
Secure Store Service Application
Machine Translation Service
Usage and Health Data Collection Service Application
User Profile Service Application
State Service
Visio Graphics Service Application
Security Token Service Application
Work Management Service
Customization Management
The New App Model
Customization packaging & deployment options
Farm•Full trust solutions•Customizations to file system of servers•Hosted in same process as SharePoint•Server side SharePoint API access•Classic model from 2007
Sandbox•Declarative elements•Partially trusted code service still included for limited server side support•Hosted in isolated process•Limited server side SharePoint API access
SP Apps•New Apps model•Deployed from corporate catalog or SharePoint store•Manage permission and licenses specifically•Simple install and upgrade process•Preferred option
Deprecated in SP2013
App Model Benefits
No custom code on the SharePoint serverEasier to upgrade to future versions of SharePointWorks in hosted environments w/o limitations
Reduces the ramp-up time for those building appsDon’t need to know/be as familiar with SharePoint “-isms”
Leverage hosting platform features in new appsEnables taking SharePoint apps to different levels – further than what can be done with farm / sandbox solutionsIsolation – private vs. public clouds
SharePoint Solutions & Apps
Full-Trust Solutions
Sandboxed Solutions
Apps
Use Client-Side SharePoint API
Use Server-Side SharePoint API
Use Remote Services
App-based Permissions (OAuth2)
On-Premise Deployment Friendly
Hosted Deployment Friendly
Distribution via Marketplace
SharePoint Provided Schematics for Install / Upgrade / Uninstall
SP App Hosting Options
SharePoint
The app is hosted in the cloud. Windows Azure and SQL Server Azure components are provisioned automatically when an app is installed. (Available for SharePoint Online only)
Existing sites and services
App web (optional)
Existing sites and services
App web
The app and all resources are hosted in your organization’s SharePoint farm. Relies on client side technologies. Your IT organization supports the app.
The app and all resources are hosted by the provider in any environment suitable for the app.
Auto-hosted
SharePointhosted
Existing sites and services
App web (optional)
Windows Azure & SQL Azure
Oauth + REST or client object models
Oauth + REST or client object models
Architecture
Architecture overview
Search 2013 platform
Exchange 2013 platform SharePoint 2013 platform
Search 2013 platform
`
Exchange
SharePoint
Custom solution
REST API
Outlook Web App (OWA) search eDiscovery
Intranet search
Custom app (Internet/intranet)
Marketplace app
All
resu
lts
People
Sit
e s
earc
h
Vid
eo
Cust
om
searc
h
vert
ical
Internetsearch
Content sources
Public API
Search Architecture
Click to insert photo.
Service DatabasesService Applications with their own DBs:
• App Management Service• Business Data Connectivity• Managed Metadata Service• Search• Secure Store Service• Machine Translation Service• State Service• Usage and Health Data Collection• User Profile• Word Automation Service• Access Services App databases
Cross farm services in SharePoint 2013Remote farms don’t need perms to parent farm DBs*
Any farm can publish SAs
One web application can use both local and remote SAs
Enables centralized “enterprise” SAs
Support only in specific service applications• Business Data Connectivity• Managed Metadata Service• Search• Secure Store Service• Machine Translation Services• User Profile
Cross farm services cross major versions
SharePoint 2010 farms can consume some services from SharePoint 2013 farms(Other way around is not supported)Useful for upgrade process
Supported services areSearchUser ProfileSecure StoreManaged MetadataBCS
Service Applications and WAN environments
Service application
Allowed for WAN environments?
Hybrid with Office365
Search
Managed Metadata
Machine Translation Service
Business Data Connectivity
User Profile
Secure Store Service
Other Architecture Changes
Shredded Storage
SQL Improvements
Cache Service
Request Management
Office Web Apps
Social Changes
Other Considerations
Shredded Storage
User Requests Document
WFE Requests Document
SQL Reads Full Document
User Updates Document
Updates are Sent to WFE Updates are
Sent to SQLUpdates are
Committed to SQL “Shredded
Storage”
SQL Improvements
We’ve reduced scenarios that might invoke full table scansThere have been lots of improvements around finding docs for link fix-up and alert handling
Reduced data redundancy for some features
Using advanced indexing features provided by SQL 2008 R2
Changes in architecture to support wide lists, i.e. lists where a single item spans multiple rows in the database to hold the data
Cache Service
New Distributed Cache service in SharePoint 2013 Based on Windows Server AppFabric Distributed Caching.
It is all provisioned by SharePoint setupInstalled on each server in the SharePoint farm.Used in features like authentication token caching and My Site social feeds
Request Management (RM)
Route to WFEs with better health, keeping low-health WFEs aliveIdentify harmful requests and deny them immediatelyPrioritize requests by throttling lower-priority ones (bots) to serve higher-priority ones (end-users)Send all requests of specific type, like search for example, to specific machinesIsolates traffic to help troubleshoot errors on one machineRoute heavy requests to more powerful WFEs
Office Web Apps Architecture
Separate server product, not a service applicationWAC farm can support multiple SharePoint farmsView files from multiple data sources, including SharePoint, Exchange, Lync, File servers3rd parties can integrate with WAC to provide access to documents in their data stores, e.g. EMC Documentum, IBM FileNet, OpenText, etc.WAC version does not need to be in sync with SharePointConnect SharePoint farm to WAC farm using PowerShellNewSPWOPIBinding
Office Web App URLs in SP 2013
URLs have been cleaned to be human friendly and understandable
From this:http://office/2013/collab/Demo/_layouts/PowerPoint.aspx?PowerPointView=ReadingView&PresentationId=/2013/collab/Demo/Docs/wac.pptx&Source=http%3A%2F%2Foffice%2F2013%2Fcollab%2Fdemo%2Fdocs%2FTraining%2520Module%2Fdocsethomepage%2Easpx%3FID%3D96%26FolderCTID%3D0x0120D52000DC71A13124DA5249ACA958C4DFD092C90037E1F59EB352013B4F940A3806D9B183F0%26List%3Dc910e954%2D68ca%2D42ae%2Dbb0f%2D1c6908c73e77%26RootFolder%3D%252F2013%252Fcollab%252Fdemo%252Fwac%25202013&DefaultItemOpen=1
To this:http://office/2013/collab/Demo/Docs/wac.pptx?Web=1
Social Change Highlights
User Profile Replication Engine (UPRE)Exact delivery mechanism remains TBD
Profile Sync Improvements
My Site Data Store Changes
Other Considerations
Stretched farms are no longer supported in SharePoint 2013“Stretched” means different data centers with less than 1ms latencyAll servers in the farm must be in the same data center now
For 100% fidelity in 100% of features, all content must reside the same farmCertain social features will have a very slightly degraded experience unless content databases, personal sites and community sites are all togetherStill allows for geo-grouped farms with full fidelitySpecific feature differences beyond scope of this discussion
New: Azure Workflow Server - not exactly a service app, but provides externalized host to run workflows.
Application Discovery and Load Balancer Service Application
Other Architecture Changes (Re-Cap
Shredded Storage
SQL Improvements
Cache Service
Request Management
Office Web Apps
Social Changes
Other Considerations
What are the end-user’s responsibilities?
What are your strategies?
Learn SharePoint 2013
So, how do I motivate end-users?
Top 10 Features To Help Motivate Users
• #1-Enhanced Collaboration• #2-Social Engagement• #3-Find Experts and the right Content• #4-Doc and Records Management, eDiscovery and Compliance• #5-Portals - Intranet, Extranet and Internet• #6-Next Gen Devices • #7-Business Intelligence, Dashboards and Reporting• #8-Organize Projects• #9-Improve Service Delivery with Citizen Apps• #10-Better Governance
Streamline common tasks
Track who you’re sharing with
Live document previews
Edit, share or follow documents with one click
Drag and drop content into SharePoint
Simplified Sharing:Drag and drop content directly into your document libraries and by hovering over a document
Live document preview and at a glance see who you’re sharing with and when the document was last edited.
Without leaving the library you can edit your documents using Office Web Apps, and in one click share it with a colleague.
We’re taking document sharing and storage one step further with the introduction of Onedrive Pro.
Integrate Social Across Departments
Connect your workforce and share knowledge with social capabilities in SharePoint and Yammer
Follow colleagues, teams, documents, and sites to stay on top of the latest government happenings and improve collaboration across departments and agencies.
New Community Sites help you engage in crowdsourcing and harness social networks and insights to drive knowledge sharing.
Improve cross-agency knowledge sharing and collaborative processes
Crowdsource for best ideas
Reduce time to get new hires up to speed; promote team building
BenefitsFollow people, documents and
sites
Share ideas and get answers in real
time on your Newsfeed
#hashtags
@Mention people
Pervasive presence integration
♡ Like
EnhancedCollaboratio
n
EmergencyPlanGrantManagement EmployeePensionsTGIFFeedback
#EmergencyPlan.
Emergency Planning site
Who typically works on #EmergencyPlan updates?
those type of updates.
Deliver Better Portal Experience through Search Government
Portals
Simplify how citizens retrieve public service information and get answers to questions
SharePoint Search and FAST Search are brought together into a next generation search engine.
Search is far more tuned to what citizens are doing, and what others have found successful.
New Hover Card enables users to quickly inspect and find what they are looking for.
Improve public awareness of citizen and business services; better address constituent needs
Benefits
Create YouTube-like video experiences through Search
View video thumbnails without leaving your search page
Visual refiners
Dive into the part of the document that
matters most
Interact with live previews
of documents
New Hover Card changes based on
content type
Find it in one place with unified eDiscovery
With advanced search technology (from the FAST acquisition) the new Office unifies the eDiscovery process by letting you retrieve content stored across Exchange, SharePoint, Lync and even file shares.
Compliance officers can search and view content by project, legal matter, or business context.
Reduce time spent and costs associated with discovery
Eliminate third-party security and compliance software
Benefits
Get instant statistics
Use proximity searches to
understand context
Query results across Exchange and
SharePointLaser focused refiners to help find the data
you need
Fine tune complex queries
Risk and Compliance
Simplify eDiscovery for Compliance Officers
Create dynamic site(s)
Familiar Content Authoring and Management
Managed Navigation/Friendly URL’s
Support Automated or Manual Translation
Image Renditions
Video Improvements
Usage Analytics
Design Manager
Device Based Rendering
Support BYOD and use Office Mobile across devices and platforms
Workers on mobile devices stay productive with Office Web Apps and connected with presence and instant messaging. One-click into Lync meetings and view shared content.
With Office 365, Exchange and Office enable Rights Management capabilities by default, including IRM in Office, OWA and Exchange ActiveSync.
Improve productivity and satisfaction of employees who travel and work on projects and missions across geographic locations
Reduce the risk and costs associated with unwanted disclosure, such as classified documents and citizen information
Reduce device hardware and support costs (BYOD)
Benefits
iPhoneWindows Phone
Office Mobile apps available on Windows Phone 7.5 and Windows
Phone 8
AndroidiPad
OneNote and Lync apps available on iOS and Android phones
Next Generation Devices and
Apps
Securely manage mobile devices with policies that let you enforce PIN lock and remove confidential data from lost
phones
Work More Securely From Your Own Device
Take budget data, citizen behaviors, and economic trends into Excel to discover insights
Use Excel recommendations for the most suitable charts and pivot tables based on patterns in your data.
Quickly preview your chart and graph options, and then pick the option that works best.
Apply Timeline Slicer, a visual time filter, to see data quickly over different periods.
Save time creating budgets, reports and analyzing data
Gain efficiencies and empower workers through self-service BI
Enable your leadership to make better, more informed decisions
Benefits
Flash Fill automatically
recognizes pattern from list and proposes
fill
Recommended Charts: Excel recommends the
most suitable charts based on patterns in your data.
Discover different ways to visually represent data
Timeline Slicer: See your data over different time
periods, e.g., Month, Quarter, Year
Business Intelligence
Budget Report
Budget Allocation
Count
Create Budget Reports Faster, Help Officials Discover Insights
Keep things on track
Integrate tasks from Microsoft Project
Edit SharePoint lists inline
Manage projects with shared calendars and timelines
Extend the way you create and consume information from within Office and SharePoint
Develop apps for Office and SharePoint with HTML/CSS, JavaScript or PHP.
Hosted in the cloud with minimum device footprint.
Apps can be accessed from any device with a web browser.
Distribute and manage with IT app catalog (or public Office Store).
Lower IT costs and time spent on deployment and delivery
Reduce training costs by leveraging familiar Office UI
Increase insight into web content and LOB data to improve decision making and unlock the ROI in existing investments
Benefits
The Bing Maps app in Excel maps the addresses highlighted
Work across Office apps and Office Web Apps
Line-of-Business
Applications
Next Generation Devices and
Apps
Develop Apps Using New Cloud App Model
Manage app approvals and usage
Discover IT approved apps in the App Catalog
Track app requests and manage licenses
Access the SharePoint and Office store
OK, what are IT’s responsibilities?
Learn and Train the Trainer
Inform your user community
• Information on what will happen during transition…• Communication on when and where it will reside
‘infrastructure’• What will be converted and when will it occur…• Provided directions for using self-service…• Notifications and reminders are KEY …• Self-service is essential but training is a must…• Notification and ease and do it iteratively …• What IT support, training, and help will be available…
Understand The Differences
1.No Design View in SharePoint Designer 2013
2.No Breadcrumb (By Default)
3.Create Sub Site Has Moved
4.No Sign In As a Different User
5.App Naming & Organization (For Those Who Are Used To Previous Methods For Creating New Lists/Libraries The App Naming Can Be Confusing)
6.Share Instead Of Manage Permissions (Better Than Previous Model, But Requires Explanation)
7. Branding\UX
What did we learn?
• Communication with stakeholders is key• Show the benefits, get their buy-in.• Explain the process• Get user Adoption
• Train the trainer
• Detailed Inventory of what Users want• 3rd party• Deprecated features
• Prepare to do some design work
• UAT is key
When You Leave, You Should Know… SearchWhat:
…our view of relevance is…what tools you can use to manage relevance
When:…to use result sources, query rules, dynamic rules & relevance models
How:…to manage the relevance lifecycle
Challenges for Search
Users and their data
Challenges: Data ComplexityWhat we give to search engines
What most search engines see
1 2 3 4awaycomecontrastivecustomizeforfs14howoptimizingourrelevance (3)
shouldsimplesomess14techniquesview (2)whatwhenwithyou
Author: victor poznanskiTitle: conf relevancy sharepoint Date: 9.4.9Type: pptAuthority: 6Anchor: SPC presentation …
This release adds:• Non-search clicks• Improved clicks• Improved phrases
Challenges: Intent Where is my talk for the
SharePoint conference?
Are SharePoint Conferences always
held at the same place?
I wonder if there are any
presentations from previous
conferences
Different people have different intents
Query Rules help you handle intents
There is rarely a single right answer
SharePoint Conference
Query management tools Relevance management tools
Search Quality ≡ Relevance
Conversational user experience
Query management tools Relevance management tools
Collection Quality
Cust
om
ization
Cust
om
ization
Query management tools Relevance management tools
Configuration in the Conceptual Relevance Flow
For all queries:
Authorities: Level 1: http://networksRanking model: {incorporate user ratings}
Query:BT networkquarterly report
Search Web Part
Query Processing Engine
Document Collection
Thesaurus: BT British TelecomBest bets: BT Network …/BTN.htm
(WORDS BT, British Telecom) AND(WORDS network, networks, networked) AND (WORDS quarterly, quarterlies) AND(WORDS report, reports, reported)
Mixed Results for:• BT Network best bet• BT network quarterly
report• BT network
ContentType=reports
Dynamic Reordering Rules: Quarterly Report {prefer docs from http://reports}
Query Rule: {Terms} Quarterly Report {Terms} ContentType=“reports”
Improving Search Quality…the quality improvement cycle
The Quality Improvement Cycle
Identify the problem queries
Diagnose the problems
Try to fix
Deploy
1. social features2. user feedback web parts3. analytics reports4. Best Bets
1. eliminate crawl issues2. check permissions3. Test query: item=url4. check freshness
Fixing the Problem: Core Tools
Authorities • Identify important data hubs
Result Source
• Scope or federate your searches
Fixing the Problem: New Tools
Query Rules: Reformulate the query
Dynamic Reranking Rules: Reorder the Results
Custom Ranking Model: Build relevance from ground zero
Tuning Tool: Incrementally improve existing ranking model
Contr
ol
Sim
plic
ity
Using AuthoritiesHelp the ranker to see important hubs
Authorities: SSA-level configuration
Sites that are important
Sites with low intrinsic relevance
Takes ~24hrs to propagate
Authorities: Disconnected
Main Site: Project data
Second Site: Documentatio
n
Third Site: Glossaries
Most Authoritative Second-level Non-authoritative
Authorities: Connected
Authorities: Connected
1
0
1
1
2
4
3
2
∞
4
Setting an authority affects all sites connected through hyperlinks
Sites are weighted
by distance to the authority
Authorities: Connected
1
0
1
1
2
1
1
2
∞
0
Setting an authority can have unexpected side- effects
Authorities: Connected
1
0
1
1
2
1
-
2
∞
0
Non-authorities do not affect connected sites
Using Result SourcesLimiting the scope of queries and federating
Queries are Sent to Sources“Customer services monthly report”
Results from that sourceSourceUser aims a
query at a source
Protocol/Location
Query Transformation
(scope restriction)
Scoping Your Queries with Result Sources
Scoping a Source I
Scoping a Source II
User’s original queryRestrict to this site
Query Rules• Conditionally rewrite the query
• Conditionally federate to other sources
Query Rules: rewriting the query
E.g. for monthly report customer support, prefer:
• …results that might be monthly reports• …from particular sites• …with particular authors• …and the most recent date
Query Rules: conditional federation
GlaxoSmithKline bring results from the CRM vertical for this
customerBenefits
bring results from the HR vertical
Query Rules: conditions and actions
if query starts with
“what is”
Query Condition
if user segment
is “sales”
ContextCondition
Add results from Wikipedia (without the
“what is”)
Action
What is COGS? [Bing] COGS site:en.wikipedia.org
Query Rules: conditions and actions
PHRASE-BASED MATCHES• Exact match, beginning or end• Ad-hoc or term store dictionary• Match a regex (advanced)
HISTORICAL (LOG-BASED) MATCHES• Is this query more likely aimed at
the following source…?• Do people mostly click on result
of the following type…?
Query Conditions
CURATED (BEST BET)• Show a promoted result
REFORMULATE THE USER QUERY• Show a block of results• Replace the core results
with a different query
Actions
Reformulating a User Query I
monthly report customer support
Action Terms Subject Terms
customer support site:http://reports/regularcontenttype=“MonthlyReport”
Query Transform
Query Rules are Associated with Sources
“Customer services monthly report”
Query Rules associated with that
source
Results from that source + Best Bets +Result Blocks
Local SharePointUser aims a query at a source
Building a Rule (site settings)
Search Verticals And Federation
Simple Search VerticalsSearch Box
Results web part
Nav Entry (all are verticals)
Query Rules
Item Templates
Refiners
Sort Menu
Result source for this site
Federating Results in from a Vertical
Results from the people vertical are federated in to “everything”
Federating using More Likely Queries I
Federating using More Likely Queries II
Tweaking Relevance
Dynamic Reordering RulesDynamic Rules let you reorder results according to a set of criteria• Just like query rules apply to user queries, dynamic rules apply to results
They are configured as part of a query• They translate into a special query syntax called XRANK
Result actions let you promote or demote results that match• In many cases, you can use this instead of Best Bets.
Using the Query Builder
Using the Query Builder
The query template
Using the Query Builder: Sorting
Using the Query Builder: Sorting
This will ensure the freshest reports will come back, but there is no ranking
If the primary sort key is not “rank”, you cannot add dynamic ordering rules
Using the Query Builder: Dynamic Rules
Result conditions and actions
Result Conditions
Result Actions
Promote up or demote down
Manual condition looks like a query
Promotion and Demotion
A promotion-to-top places any result at the top of the results
A promotion of 10 moves a mediocre relevant result to the top
A demotion of 10 places a mediocre relevant result under the most relevant results.
A demotion-to-bottom places any result at the bottom of the results
Ranking and Ranking Customization
You can Tune a Custom Ranking Model After…
You’ve considered or tried simpler optionsAuthorities, Thesaurus, Query Rules, Dynamic Rules
You’ve seen ranking could be improved for most queries
A meta-data property should be incorporated into ranking schema, e.g.: user rating
You’ve configured new managed properties & recrawled:
• Add a new managed property (integers: sortable/refinable, text: searchable)• Recrawl
How Can You Change Ranking?
ΣRank Score
ωPowerPoint
ωauthor
ωactivity
Title=“XBOX Monthly report”
Type=pptActivity=2M clicksAuthor=Ian RankemRating = 5
Title=“XBOX Monthly report”
Type=pptActivity=2M clicksAuthor=Ian RankemRating = 5
Query: Ken Monthly
ωrating
Transform (normalization)
Document(managed properties)
SummarySearch quality is even better in this release
Improved ranking that builds on SS and FS + new featuresImproved linguistics: stemming and thesaurusIdentify hubs: authorities
Manage intent diversityHandle different intents with query rules
Friendly tools for managing relevanceManage the relevance lifecycle using admin UITune ranking models with free tuning tool
SharePoint 2013 Permissions
managing access to sites
Assigning permissions
• Permissions can be set per site, per app (list/library) and per content (folder, file or list item) within a list or library
• Permissions can be inherited from the parent. This is the default option when creating new sites, lists/libraries, folders and items within lists or libraries
• As a rule of thumb, permissions should start as open as possible and become more restrictive as you go deeper into the hierarchy within a site collection. E.g. the top-level site in a site collection may be open to everyone. A sub-site may have access restricted to a specific team, a library within that site may be further restricted to managers within the specific team
Choices to manage permissions
Per User
Per SharePoint
Group
Per Directory
Group
Method
Pros
Cons
Bestuse:
• Add users individually to the resource
• Set permissions per user
• Add users to a SharePoint group
• Set permissions per SharePoint group
• Add users to a Directory group (AD DS)
• Set permissions per Directory group
• Lowest overhead across site collections
• Requires centralized management
• Delegated admin and can view membership
• Struggling to think of any these days…
• May have to duplicate across site collections
• Largest overhead to maintain
• Quick demos and very small deployments
• Want to delegate control to site owners
• Granular configurations and large deployments
Microsoft recommendations – Part 1
• The old way• Add users to Active Directory groups. Add Active
Directory groups to SharePoint groups. Assign access permissions to SharePoint groups
ADgroup
Site Collection 1
Site Collection 2
SPgroup Site
SPgroup Site
Added to
Added to
Added to
Permissionsgranted
Permissionsgranted
The standard Microsoft approach for all solutions: add users to a security group, add the security group to a resource group, assign permission for a resource to the resource group
Microsoft recommendations – Part 2
• Since June 2010• Add users to Active Directory Domain Services groups
(AD DS). Assign permissions to AD DS groups. Do not use SharePoint groups
AD DSgroup
Site Collection 1
Site Collection 2
Site
Site
Added to
Permissionsgranted
Permissionsgranted
New approach recommended because changes to membership of SharePoint groups triggers indexing and can affect performance
Realistic approach – Part 1
• Use AD DS Groups where possible• Best performance / can nest and re-use for other services• When a user needs to be added to a group, you only need
to add them once to the appropriate Directory groups . The same directory group can be added to sites across multiple site collections
• Best uses:• Groups that will contain the same users and will be re-
used across multiple site collections – saves time/effort • When a large number of groups will need to be managed
with frequent changes to memberships - easier to manage centrally as well as offering best performance
• When information security requirements demand a strict change management procedure for controlling access permissions
Realistic approach – Part 2
• Use SharePoint Groups for ease of use in some scenarios• Site owners can manage the site permissions by adding people
to groups within just their site• Membership can be displayed on site pages using the ‘Site
Users’ web part, everyone can see exactly who has access to the site
• Best uses:• Team site collections, where site management is most likely to
be delegated to site owners within the department/team, with governance procedures in place to guide controlling access
• Specialist sites, where group membership is likely to be unique and there is a need for non-IT roles to view/manage membership
• Small deployments where SharePoint day-to-day administration is delegated as much as possible due to limited IT resources
What’s changed in SharePoint 2013?
The following content applies to SharePoint 2013/SharePoint Online
‘Sharing’ instead of ‘Securing’
• New terminology is used for changing permissions and controlling who can access sites and content. Throughout the user interface (UI), the word ‘Share’ is used.
• In some places, it can look a little confusing…
Clicking this link will allow people to ‘share’ the site with others
Sharing is everywhere
It’s easier than ever to share folders and documents, just like those pesky file sync/share tools like DropBox*
* We love DropBox really
Sharing can get messy
With folders and documents, clicking ‘Share’ behaves differently to sharing sites. Users cannot be added to groups. Instead, they are given item-level permissions
This prevents them being given access to more than they should but could have a significant performance impact on large lists and libraries
Lists also behave differently – you can’t share items direct at all. Instead you have a ‘Shared with’ link that takes you the permissions page for the item (the old method for managing access)
Beware sharing more than you want
When you click the ‘Share’ button to share a site, you may assume you are just sharing that specific site…
You would be assuming wrong!
When you click Share for a site, the default is to add the users to the first group in the site with permission to Edit content… If the site is inheriting permissions from a parent site, that group may have permission to edit a lot more than you realise…
Beware who you share with
If sharing with external users has been enabled for the site collection, then anybody with Full Control permission for a site can share it with external users, i.e. anybody outside the organization
In this image, I’m inviting the one and only Bill Gates to check out my site
Note: only users with Full Control can do this, and only in site collections where external sharing has been enabled. It is off by default. But the external user can be granted equivalent access – right up to Full Control of the site!
Sharing is not always sharing
A standard dialogue box is used when adding users to any SharePoint group, regardless of activity
e.g. if you decide to click the ‘Share’ button and add a user to a site, you need to select what group to add them too. You are sharing access
But if you have gone into Site Settings to set up a new group you might not have assigned any permissions yet. You are not sharing access, just sorting out group membership
Sharing challenges recommendations
• When changing permissions by sharing content with people, you can only add them to SharePoint groups available to the current site. Domain groups will not be listed
• i.e. Sharing will not follow Microsoft’s recommendation for using Domain groups rather than SharePoint groups for permissions
• For practical reasons, most deployments will benefit from a mixed approach. Use domain groups when possible, use SharePoint groups when necessary or when practicality trumps performance
What hasn’t changed that should
To see the full list of groups, click the More… link in the navigation bar on the left of the page (circled in red)
It’s a minor annoyance that you’ll spot as soon as you click the New button from this page to create a new group
Within Site Settings, when you click on People & Groups, the next screen doesn’t show you a list of people and groups, it shows you the membership of the first group in the list
Governance and Administration Matters
Will try and highlight which bits are only applicable to certain versions
Guidelines for managing access
• Only enable external access on those site collections you intend to share content with people outside your organization
• Only grant Full Control site permissions to non-IT roles who have been given training in how to manage their sites. And budget for refresher training and periodic audits to review
• Keep permissions as simple as possible. You do not need groups to identify business roles, only to manage different permissions. Share at the highest level possible by default. Avoid creating custom roles or granular (‘fine grained’) permissions per library, per folder or per item except for specific and rare uses
Optimize the design
• If only certain functions need to share content with users outside the organization, use site collections to separate and control what content can be accessed by external users
• Scenarios that require granular permissions management should be given dedicated site collections. They may even warrant dedicated web applications to fully isolate server resources (on-premise option only)
• Scenarios that require granular permissions management (often involving forms and workflows) should use Active Directory Domain Services groups if possible for performance gains
• Collaborative team sites that are most likely to share documents individually should be kept small in size, particularly the libraries
Pre-configure/Automate what you can
• Have a central resource mailbox for access requests. Configure all attempts to access sites to prompt users to request access, and forward the request to the central mailbox for review by IT
• For sites that are intended to be ‘shared’ internally or externally with control delegated to site owners, set-up default SharePoint groups to make permissions granted as clear as possible
• For sites that are intended to be shared, break inheritance for all top-level sites to avoid accidentally sharing more than intended. i.e. each top-level site should have its own unique set of permissions
…and document the manual steps
• Provide clear guidelines on how access to sites is being managed and when more granular permissions are acceptable or not (e.g. unique permissions per sub-site, library or item)
• Use a consistent naming method for SharePoint groups so that people become familiar with differences in access permissions
• Beware the default new ‘Edit’ permission. When sharing sites and content, site owners should always click ‘Show options’ and ensure the correct group is selected
Example: Team Site Collection
SharePoint Group Permission Purpose
<Site> Owners Full Control Delegated site management
<Site> Team Members Edit Team participation in the site
<Site> Contributors Contribute Use for shared contributions
<Site> Visitors Read Use for shared viewing
Teams
Finance Legal IT
XX X X
= site
= broken inheritance
Directory group ‘Everyone excluding external users’ added to Visitors group by default
Site Owners trained to use only Contributors or Visitors group when sharing the site outside the team
Bonus tip: Show group membership
• When delegating control and using SharePoint groups to manage access permissions, to encourage self-auditing
• Create a page for the site called ‘Site Permissions’ and display each group membership using the ‘Site Users’ web part.
• It’s an extra step when setting up each top-level team site but can lower ongoing maintenance overheads by making access transparent
Reference: What do the different permissions allow people to do?
This bit is specific to SharePoint 2013 but the basics apply to all
Default Groups Part 1
• The following are the default groups created automatically for team sites in SharePoint 2013
Group name
Permission Level
Comments
Owners Full Control Use (sparingly) when delegating management of sites
Members Edit Use for participants who will be adding and updating content
Visitors Read Use for people who will be reading but must not change content
Viewers View Only Use to allow people to view but not download content
Default Groups Part 2
• The following are additional groups created for other site templates, specifically the Enterprise Publishing templates
Group name
Permission Level Comments
Restricted Readers
Restricted Read + Limited Access
Can’t see version history or permissions
Style Resource Readers
Read to Master Page gallery and Restricted Read to Style library
Don’t remove from root site in site collection
Approvers Approve + Limited Access Can approve content before it is published
Designers Design + Limited Access Can change visual layout
Hierarchy Managers
Manage Hierarchy + Limited Access
Can change the structure
Default Permissions Part 1
Permission Access granted Notes/Comments
View Only Can view pages and lists/libraries (browser-only). Cannot download (or view in client applications)
Default for ‘Viewers’ group in 2013.
Limited Access
Enables access to specific content without having full access to site. Built-in, cannot be edited. This is used when sharing individual documents
Do not remove!
Read Can view pages, lists/libraries and items, can download and view in client applications
Default for ‘Visitors’ group. No change from previous versions
Restricted Read
Same as Read but cannot see permissions or version history
No change from previous versions.
Default Permissions Part 2
Permission Access granted Notes/Comments
Contribute Can add or change items on pages and in lists/libraries
Used to be the default for ‘Members’ pre-2013. Can no longer delete items
Edit Can add, edit and delete lists and libraries. Can add, edit and delete items within lists/libraries
New permission for 2013 and now the default for ‘Members’
Design Can view, add, modify, customize, approve and delete the layout of site pages using the browser or SharePoint Designer 2013
Altered in 2013 as some perms have been moved to ‘Edit’.
Full Control
Full permissions including site creation and deletion and full access to all site settings
No change to previous versions
Default Permissions Part 3
Comments:
• The new ‘Edit’ permission makes sense because many organizations have wanted a permission that does not include ‘delete’. That is now the role of the ‘Contribute’ permission
• However, when the ability to delete is required, ‘Edit’ now grants more permissions than the old ‘Contribute’ such as adding and deleting lists/libraries too (previously required ‘Design’)
• That said, the Recycle Bin remains your friend and accidental deletions can be easily recovered. (Up to 90 days on Office 365, period to be defined for on-premise installations, default is 30)
• Yes I missed off a couple of permissions: Approve and Manage Hierarchy. They’re pretty self-explanatory and haven’t changed
References & Further Reading
• Overview of site permissions in SharePoint 2013http://technet.microsoft.com/en-us/library/jj219771.aspx
• Define permission levels and groups in SharePoint 2013http://technet.microsoft.com/en-us/library/cc262690.aspx
• Permission levels and permissions in SharePoint 2010 (Windows SharePoint Services 3.0)http://office.microsoft.com/en-gb/windows-sharepoint-services-help/permission-levels-and-permissions-HA010100149.aspx
• Clarifying guidance on SharePoint Security Groups versus Active Directory Domain Services Groupshttp://blogs.msdn.com/b/kaevans/archive/2013/05/06/clarifying-guidance-on-sharepoint-security-groups-versus-active-directory-domain-services-groups.aspx
• Software boundaries and limits for SharePoint 2013http://technet.microsoft.com/en-us/library/cc262787.aspx#ListLibrary
There is even more
In case you’re still not sure of the potential risk
Scenario: Following the defaults
• All team sites are inheriting permissions from the root ‘Teams’ site in the site collection. It’s an open collaborative organization…
Teams
Finance Legal IT
Group Permission
Owners Full Control
Members Edit
Visitors Read
Teams Site Permissions
Scenario: IT shares their site
• Somebody in IT decides that their supplier should have access to the IT team site…
• If they just follow the defaults, they will add the external user to the ‘Teams Members’ group and give them Edit permission to all the sites in the site collection, i.e. Finance and Legal sites as well
• Yes there are warnings written in the dialogue box. From experience, people don’t read the small print…
Teams
IT
Scenario: Sharing lots of documents
• If people are complaining about performance problems with their site, and specifically navigating a library within the site, check its size and whether or not documents are being shared (internally or externally)
• Microsoft recommends to not exceed more than 5,000 unique security scopes per list or library. The absolute maximum is 50K
• Avoid ‘sharing’ documents in large libraries. Keep them small to avoid performance issues. Large libraries such as records archives should have standard, centrally managed, permissions
No-code SharePoint 2013 Solutions for
users
Context sensitive Help items:
• Videos • Images/Screenshots
• Documents • Links
What type of user do you want to be
You have technical expertise
Your organization understands business needs
Does not want to code
AKA Citizen developer, BUIT
“Let’s not write code until we have to write code.”
What is a no-code solution?
Quick, useful, inexpensive
Solves a common business need
AKA SharePoint Composite, Mashup
Typical no-code solutions
Tracking goods, services, orders, and customers
Human Resource portals
Self-service reporting, financial dashboards
Expense reporting
Typical no-code solutions
Review and approve document workflows
New-hire orientation sites
Ideation, feedback, & “suggestion boxes”
Structured documents: contracts, RFPs, & invoices
“Citizen Developers 25% of New Business Applications by 2014”Gartner
CustomizeSharePoint
Out-of-the-Box(sites, docs, lists, social)
SharePointComposites
(Access App, BI,Workflow, BCS)
DeclarativeCapabilities
(Doc Sets, Records, Search)
Managed Code(Apps, CSOM,
Reusable components)
The customization continuum
Your New Favorite Website
http://technet.microsoft.com/en-us/sharepoint/dn594430
Your New Favorite Handbook
Handbook
Call to Action
• Watch videos at: SharePoint-Videos.com
• Check out: No-code solutions using SharePoint 2013 Composites
• Read the Gartner article: Gartner Says Citizen Developers 25 % of New Business Applications by 2014
Overview
Community sites
Personal site administration
Personal site feeds
Personal site following
OneDrive Pro
Agenda
My Site Host - The landing page
• Newsfeed: shows you updates on social activities for items and people you are following:• People posts• People profile changes• Changes on followed documents• Items tagged with followed tags• Mentions & Likes• Activities: all my activities• Site Feed activities• Company Feeds
• I’m Following
• Trending Tags
About Me – What other people see
©2012 Microsoft Corporation. All rights reserved.
Community sites
Community home page
Members and reputations
Easily onboarding
processWelcome section
Conversations
Communities and reputations
Evolution of the SharePoint 2010 Forums Builds on the concepts of discussions, likes, ratings,
badges and reputations Communities can be created by using a new Site
Definition Template available for site collections and sites
Uses Wiki Pages infrastructure Each community site is self contained:
all community information is stored on local lists in the community
Communities – design
Content is organized by Categories, with a rich UI set of image and data
Presentation pages are «wiki pages» Rich content experience Easier to customize, don’t need to be SharePoint master for creating content
Users can use rating and liking for content Can vote 1 to 5 stars, or Likes Likes and rating are available on each site in SharePoint 2013
Community Site specific features Reputation Moderation Best replies & Featured discussions Discussion Alerts …
Community categories
Title
Posts and replies
Description
Navigation
Communities – posting
Every post can be edited and deleted by the original owner as well as community owners
Every member of the community can report a post to the moderator (if the setting is enabled)
Marking a post as “featured”: once marked, a specific post will render at top of its category Community administrators or moderators can set featured posts
Communities – conversations and replies
Best Reply: bubbles up in a specific reply and shows it up as the first reply in the discussion thread
• Community Administrators and Moderators can set “best reply” on any replied to post
• Regular members can mark a reply as the “best reply” if they created the original discussion post
Ratings model and settings
• Owners can enable ratings on Community• Ratings can be a star or like system: • Both are completely decoupled from Social
DB and live only in the Content DB• Owner can switch between the two systems
and rating values get preserved in the switch
• Mouse hovering on the rating provides quick information at a glance:
• Who rated• The value of the rate• Visual representation for your likes
Tracking your reputation
People reputation is impacted by activities like creating posts, adding replies, etc.
Reputation is per community – reputation in one does not affect it in another community
Reputation model cannot be directly extended Community owners control points for each activity
Community badges
There are two type of badges in communities: Achieved badges
Gained by people from collecting points for performing specific activities Gifted badges
Assigned by community owners
Earning badges
Administrators also configure the point thresholds required to achieve reputation rankings
Once a member reaches a specific level he/she receives a «badge» that shows achievement goals reached
Achieved badges can be displayed as a ranking level or text
Gifted badges
It’s a way for Community Owners to “push” recognition to a member Not achieved by members Assigned by Community owners
List of Gifted Badges can be managed to add or remove badges Gifted Badges are shown in the people status with a specific Icon to
highlight the badge
Community members and my membership
The Members list displays all members, their rank and various metrics
People can also see their status and what is needed to move to the next level of reputation:
Report to moderator
• Allows any members to report any post (reply or discussion) to the Moderator• Reports with comments are stored
in an hidden list
• Members are notified real time of their reported activity
• Moderators can then decide to delete, edit or remove the Report
Community portal
Displays a directory of Communities within the organization Starting point for Communities, where and what they are
and join Site collection that gets provisioned by CA
Administrator defines the Community Portal entry point
Uses Search to populate the list of the existing communities There’s a lag between the time a new Community gets created and when it shows up in the Portal
Provides ability to search for Communities within the Portal It is security trimmed: displays Communities based on
permissions (access)
Community portal
Demo Community walkthrough
©2012 Microsoft Corporation. All rights reserved.
Personal site administration
Privacy settings
Available in Central Administration in the User Profile Service Application
Administrators govern profile information that users can or cannot manage
Users can always override Admin settings regarding activities and following people privacy settings.
Simplified compared to SharePoint 2010 Policy settings: Privacy setting is now “Only me” or “Everyone”
Personal Site Settings
Central Administration Settings
Privacy settings
Admins can also enable a “default“ privacy setting to make people following information and activities public.
Blocks administrators in CA from controlling privacy settings of newsfeed activities Message informs administrators that policy control is override
If unchecked there are no system activities in Microfeed.
©2012 Microsoft Corporation. All rights reserved.
Personal site feeds
Microblogging feed flow• User Generated • System Generated
Microfeed
Public
Microfeed
Private
Reading microblogging feeds
• Latest activities from across SharePoint cached in-memory, so users can always see the latest activities when they go to their consolidated feed in real time.• That applies to both user activities like
microblogging posts and system activities like doc modifications
• What is not retrieved from the cache• “User’s Activities” in the Person.aspx page• Everything.. If the cache is empty
Site feed
A mechanism for scoping conversations only to a specific set of people By default Microfeed posts are public and accessible by everyone
Relies on a different Site for scoping the conversation People share a site where they want to start private conversation
Group conversations don’t get posted in personal site Microfeed list The post lives only in the local site and Distributed Cache
If members of the conversation follow the site, group conversations also appear in their consolidated feeds web part The person who initiates the conversation follows the site automatically, other people must manually follow the site the text changes to show up the title (link) of the site where the conversation happens
Newsfeed in team sites
Team Sites have the site feed feature enabled during provisioning Provides a Site Feed page in the site that shows microblogging posts related to
that site It also provisions a Microfeed list within the site and the Newsfeed web part Can also be activated on other sites
Liking • Offers a way to keep track of specific posts across all the microblogging activity
• Likes: is a personal view to see things you liked*• Other people don't have access to the list of
everything you liked, but they can see what you liked if they look at your profile feed (About me).
• Useful to track Social activities• The popularity of an item• Tracking a specific post – thread
• It shows in the main consolidated feeds web part
@Me (aka: mentions) • Mentions give the ability to refer to a person in a microblogging post
• It works independently from following• if a person gets mentioned that post will show in
his or her mentions feed.
• People lookup from different places• “Followed People” list• AuthN providers based on the Authentication type
• User who gets mentioned receives a notification email always• In Site Conversation user gets a warning
mentioning someone will send an email, regardless if he/she has access to the site
• In Communities user gets the email and the notification in Newsfeed web part, regardless if he/she has access to the site
• Newsfeed page also provides a visual notification of number of mentions
Everyone view
It is a Personal Site feeds view of all users generated activities. Introduces a new level of discoverability of new people and topics to the feed system, Helps on ramping new users to the feed system and its usage patterns in their company It is a great way to start following people you think are interesting
User generated activities are displayed for everyone in the company Showing even activities of not followed people Only user generated activities are showed, not system generated activities (e.g. user x is following site y) Group conversations doesn’t show up in the Everyone view
Topology considerations
Having a single UPA vs. multiple UPAs is best practices from the Social features standpoint With multiple UPAs Microfeeds and people following will still work but people will experience
delays in notifications
Community sites need to live in the same farm where My Site Host and Personal Sites are provisioned They can live in different web applications
If in different farms, community notifications in the Newsfeed will not happen
©2012 Microsoft Corporation. All rights reserved.
Personal site following
Following - people
• Follow People Entry points• People Search• Newsfeed• People Page (About me)
Following – site • Follow Site Entry points
• Search• Community Portal*• Site Itself
Following – document
• Follow Document Entry points• Search• Library
Following – tags
• Follow Tags Entry points• Newsfeed• Profile• TagProfile• Trending #tags web part
• through TagProfile page
I’m following
• Gives information about all of the things that user is following• number of people, • Documents*, • Sites*• Tags
• Can easily identify all of the things that powers a user’s newsfeed
• Allows the user to access all of those things within a single click from the newsfeed
©2012 Microsoft Corporation. All rights reserved.
Onedrive Pro
Onedrive
• Provides a single place for users to create, share, collaborate and follow important documents
• In 2013 Personal Sites have a single document library that can be user for private document as well as documents shared with others
• It is “the” document library of your personal site and a set of views that give access to content people want to be connected with:• All: provides an overall view of documents in
the My Documents
Offline libraries: Onedrive Pro
Provides quick and easy access to Document Libraries in the familiar Windows Explorer experience Works for any SharePoint 2013 Document Libraries.
Makes your documents accessible online, offline or in-between and your changes are automatically synced Syncs libraries across multiple devices
Fully integrated with Office Document Center: every file that gets uploaded through Onedrive Pro is shredded
Replace SharePoint Workspaces
Overview
Community sites
Personal site administration
Personal site feeds
Personal site following
Onedrive Pro
Social Session Summary
290 | @bobbyschang | bobbyspworld.com
SharePoint
Permissions Worst
Practices
Rather Than a List of To-Do’s
Why Worst Practices?
At Times It’s More Effective (and Fun) to Share
What NOT To Do
And Scare You Share With You Its Consequences
SharePoint Permissions
Basic Overview
Permissions Fundamental
To Provide or Restrict Users
with Access to SharePoint Content
Inherited Permissions by Default
Site Collection
Site
List / Library
Item
Child Site
Site Collection
Site
List / Library
Item
Child SiteBreak Inheritance
Inheritance Can Be Broken
Site Collection
Site
List / Library
Item
Child SiteBreak Inheritance
Inheritance Can Be Broken
Permission Level• Determines how much access a user has
• Most Commonly Used Permission Levels:
1. Contributeo Target Audience = Team Members, Supervisorso Create, Read, Update, Delete content
2. Reado Target Audience = Visitors, Clients, Extended Team Memberso Read content
3. Full Controlo Target Audience = Site Administrators, Site Managerso Create, Read, Update, Delete contento “The Kitchen Sink”
No Planning
Worst Practice
Right?
Planning
Matters
Planning Matters
Photo Credit – Matthew Keagle & Creative Commons
Do You Have a Permission Strategy?
- What is purpose of the site?- Gathering Info vs. Dissemination- Extranet vs. Intranet
- Who’s the target audience?- Is there any restricted content?- Access for anyone outside org?
- Are there different member roles?- Any group specific classified info?- Who’s the Site Manager?
- What is documentation process?- How will you address training?- How will permissions be governed?
What Governance Can Do
• Consensus on processes and set expectations
• Increased team awareness
• Better understanding of SharePoint intricacies
• More effectively managed platform
• Compliance with rules and regulations
“A governance strategy is never static
– it is
a living, breathing process and a set of
rules
that you should live by, not die by!”
--Christian Buckley, SharePoint MVP
SharePoint Platform Matures
Governance Should Evolve as Your
“Full Control” for Everyone
Worst Practice
What You Can Do w/ Full ControlCreate & Delete Sites
Create SharePoint Groups
Manage Site & List/Library Permissions
Activate & Deactivate SharePoint Features
Create, Update, Delete List/Library Public View
Generate Site Web Analytics Reports
Create, Modify, Delete SharePoint workflow
Create, Modify, Delete Site & List/Library Columns
Delete Site & List Template
Delete Master Page & Page Layout
Add, Update, Delete a Wiki and Web Part Page
Add, Update, Delete Web Parts
Etc. etc. etc.
TOO MUCH !
! !
Full Control Pyramid Scheme
Don’t Take Site Manager Delegation Lightly!
Dear Site Managers,
You play a pivotal role to SharePoint success (or failure)
When asked to pleeasseee have access to EVERYTHING
Image Credit: © SheKnows LLC
Let’s not rush to give Full Control
First Ask Follow-Up Questions
• What type of “access”?
• What exactly is “everything”?
• Majority of the time, you may find:
• “Everything” may pertain only to Documents
• “Access” could mean Read/Update/Delete Documents
• Thus Contribute access may be sufficient
?
Before Providing Full Control
• Ensure user completed necessary training
• Check or Refine governance policy
• Consider other permission levels that may fulfill needs (e.g.: “Design”)
Thy requests must go through me …
It’s not that
you’re a
control freak
Simply can’t have everyonemanage your site
Assigning Permissions to Individual Users
Worst Practice
• Team Growth
• Role Change for Existing Users:
– Expanded Responsibilities
– Rolling Off Project
– Promotions
• Onboarding New Employees
• Employee Departures
How Will You Handle
Real World Example
Where in the World is Carmen
Sandiego?
Challenges
• Hard to decipher who has what level of access
• Cumbersome to manage, control, and update existing permissions
• SharePoint Out-of-Box “Check Permissions” function is rather limited
Instead, Use …
SharePoint Group
Then Add or Remove Users from the Group
First, Assign Permissions to SharePoint Group
AD Group (Active Directory)
For SP2013 Microsoft recommends …
AD Group
AD Group – Why & When
• Recommended by MSFT for performance
• Use AD group in SharePoint only if
• AD group definition is well defined
• IT Team is proactive in updating membership
• Group info should be up-to-date to ensure proper access setup in SharePoint
Default Settings for SharePoint Groups
Worst Practice
Have You Seen This Error?
How About This?
SharePoint Group Challenges• Site Managers could be locked out
• Be Mindful of Default Settings when creating new
ALWAYS assign a group as group owner
Preferably Site Collection Owner or Site Owner group
Group Owner SettingsDefault -> the user who created group
Instead open membership list to everyone
Membership Visibility Settings
Default -> only Group Members can view
What to Look Out For in Site Creation
When Creating a New Site• “Unique permissions” option is available
• This option: • Breaks site permission inheritance
• Allows you to create 3 new SharePoint groups
Before Creating 3 New Groups
Reflect and Assess!
Do I really need unique site permissions?
Do I need all 3 new SharePoint Groups?
Is there an existing group that I can use?
Item Level Permissions
Worst Practice
Item Level Permission
• Item = Document, List Item (e.g.: Calendar, Task, etc.)
• You can set permissions at the Item Level
doesn’t mean you should
Just because you can …
Challenges
• Library/List View doesn’t differentiate unique permissions
• Laborious admin• Manual process of checking broken permissions
• Changing permissions require updates to each file
• May lead to performance issue
F A C T : Reduced performance after 5000 files break inheritance
See Microsoft references:
http://bit.ly/1iMmyiC
What changed in 2013?
“Share” in SharePoint 2013
• Intuitive & Convenient
• Embraces social
• Great tie-in to other components
Sharing is Caring! Right??
“Sharing” a File in 2013
The Gotchas
• Convenient but hard to govern• UX is different than sharing a site• Breaks permission inheritance of the file• Grants permissions to individual users
For more details, read this great resource by Sharon Richardson
Available via File Preview
Who can “Share” a File?
Contributor
Note: It contradicts Contribute permissions level
Let’s Recap!
Item Level Permission (Worst Practice #5)
Permissions for Ind. Users (Worst Practice #3)
Oh so easy
“Share” File in sp2013
+ ______________________________
__
Fun with Limited Access
*BONUS* Worst Practice
Ever Seen This and Wondered Why?
Because Limited Access is The Devil
If user is not declared in site permissions,
Permissions given to a user at library or list level
leads to
“Limited Access” creation for user at the site level
Site
List / Library
Limited Access
Contribute
Challenges with Limited Access
• Clutters site permission page• Can’t easily identify where access was granted• Important Note
!
When You Delete User’s Limited Access at Site,
SharePoint Automatically
Removes User’s Permissions in Library/List/File
What if you’re already in a permission hole?
First Things First – Stop the Bleeding!
e.g.: Change Full Control access
for unqualified folks to Design
Assess the Damage and Document Findings
Gathering Permissions Info
• SharePoint Out-of-Box• Unique access displayed in site permissions
page
• Manual process conducted per site
• PowerShell script
• Third Party Tools
• Codeplex (v. 2010/2007): SP Permissions Manager
• #SPYam Community Recommended:ControlPoint byDeliverPoint by
Few Considerations During Permissions Clean-Up
Remember that it’s a process
• Requires time commitment & effort• Warning: You may not get it done in a day
• Don’t do it yourself• Gather requirements from business users• Leverage other team members
Photo Credit - The Daily Journal
One is the loneliest number
For Worst Case Scenario, Consider Starting Over
For those in very bad shape
• It may be more beneficial to start over by:• Inheriting all permissions• Then reconfiguring permissions appropriately
• This route could be high risk, high reward
• Before exploring this, be sure to:• Get executive buy-in• Devise a plan with Content/Site Managers and relevant
business functions
• Communicate impact to user community
Last and Certainly NOT Least
Mitigate Survey the Field Clean Up Manage & Control
Do NOT forget this step!!
Manage & Govern
• Enforce permissions governance
• Gain leadership support:• Illustrate level of effort to remedy issue• Quantify the business impact ($)
• Form & engage Governance Committee
• Provide continuous training for Site Managers
Monitor & Control
• Define processes to periodically assess
• Determine monitoring tools• SharePoint Audit log reports (Manual process)
• Automated Audit via Third Party tool
Whatever you do,
just remember this…
“The greatest accomplishment is not in never failing,
but in rising again after you fall” --Vince Lombardi
Photo Credit - Journal Communications, Inc.
10 Reasons to
Avoid Folders
in SharePoint
370 | @bobbyschang | bobbyspworld.com
NO FOLDER FOR YOU !!
371 | @bobbyschang | bobbyspworld.com
Provide Your Users with Value-Add
Photo Credit – Matthew Keagle & Creative Commons
Folder = Physical Location
• SharePoint appends all folders into URL
• URL encoding applies, e.g.: Space = %20
Team Alpha Site Project
Document Library Project SOW
Proposal
Draft Copies from Team
My Personal Original Copies
I Very Much like Subfolders
http://mycompany.com/sites/TeamAlpha/ProjectDocuments/Project%20SOW/Proposal/Draft%20Copiesfrom%20Team…
/MyPersonal%20Original%20Copies/I%20Very%20Much%20Like%20Subfolders/My%20Favorite%20Document.docx
My Favorite Document.docx
375 | @bobbyschang | bobbyspworld.com
Linear StructureReason # 1
A Linear Structure
• Requires drilling down to sub-folders
• Rigid structure leads to difficulty in finding content
• Can be inefficient during file upload
# of user clicks
1
2
34
56
7
377 | @bobbyschang | bobbyspworld.com
Forced GroupingReason # 2
Multiple Categories?
• Every file HAS to belong to a folder
• Cannot account for file that falls into multiple categories
Company A Company B
Document forCompany A & B
Merger
379 | @bobbyschang | bobbyspworld.com
Moving Document = URL Change
Reason # 3
380 | @bobbyschang | bobbyspworld.com
Your links don’t work!!
SharePoint is broken
I HATE SharePoint!!!
381 | @bobbyschang | bobbyspworld.com
Higher Chance of Running to Error
Reason # 4
Deep Folder Structure
• Folder is directly correlated with URLs• Deep Folder Structure = Long URL
• System Constraint• MS Office restriction of 259 characters max for
URL links• User may not be able to save, open, or update
the files
Threshold Error
• Renaming folder may result in Threshold Error
• Generally occurs when total number of files in all sub-folders are greater than 5,000 files
384 | @bobbyschang | bobbyspworld.com
Metadata / Document TagSolution
385 | @bobbyschang | bobbyspworld.com
Picture listening to a song in iTunes
What do you see?
Recap Reason #1 thru #4
1. Linear folder structure
2. Inability to account for multiple categories
3. Risk in broken links upon document move
4. Higher chance of running into error
387 | @bobbyschang | bobbyspworld.com
Metadata / Document TagDemo
388 | @bobbyschang | bobbyspworld.com
Lack of Flexibility in Display
Reason # 5
Photo Credit - Mind Yourself
Not Easy to Change Display
• Folder presents only 1 way of document grouping
• Users have various preferences on structuring info
Region > Year > Project Phase > Document Category
Year > Document Category > Region > Project Phase
You’re at mercy of the person
who created the folder structure
vs.
390 | @bobbyschang | bobbyspworld.com
Custom Filters & Key Filters
Demo
391 | @bobbyschang | bobbyspworld.com
SharePoint ViewDemo
392 | @bobbyschang | bobbyspworld.com
Inability to Track SynonymReason # 6
Limitations with Synonym
• Synonyms are typically appended• E.g.: “Status / Progress Report / Project Team Update”
• Folder names cannot contain special characters (e.g.: /)
• Adding Synonym Folder Name Change URL Change
394 | @bobbyschang | bobbyspworld.com
Managed MetadataDemo
395 | @bobbyschang | bobbyspworld.com
Lack of Control Over Taxonomy
Reason # 7
Contributors and Folders
• Contributors have too much control• Able to Create, Delete, or Move folders• Able to Rename folders
• Folder structure can be altered by any team member
”Is she changing our spectacularly designed folder?”
Photo Credit – Creatas/Creatas/Getty Images
Governance Concern
• With folders, contributors have free reign over taxonomy management
• Reserve capability for selective individuals• i.e.: Content Manager or Site Manager
• Avoid the Wild Wild West scenario
398 | @bobbyschang | bobbyspworld.com
Termstore ManagementDemo
399 | @bobbyschang | bobbyspworld.com
Loss of Office Integration Functions
Reason # 8
400 | @bobbyschang | bobbyspworld.com
Document Information Panel
Demo
401 | @bobbyschang | bobbyspworld.com
No Standard or ReusabilityReason # 9
Lack of Standard2012
Southeast
Project Status
Weekly Status ReportsTeam A
M A N U A L C O P Y P R O C E S S
2012
Status
ProjectReports
WeeklyProjectStatus
Southeast
2012
Project Status
Weekly Status Reports
2012
Status Reports
Team B Team C Team D
Inconsistent
Content Type
• Foundation of SharePoint Content Management
• Even if you’re not aware of Content Type, you most likely have already interacted with it
• Provide standardization:• Consistent set of tags or metadata
• Ability to attach standard document template
• Associate automated business workflow process
404 | @bobbyschang | bobbyspworld.com
Content TypeDemo
405 | @bobbyschang | bobbyspworld.com
No Folder Workflow or Automation
Reason # 10
406 | @bobbyschang | bobbyspworld.com
Document SetDemo
407 | @bobbyschang | bobbyspworld.com
No. Not necessarily.
Should I then NEVER use folder?
408 | @bobbyschang | bobbyspworld.com
Why You May Consider Folders
• People are comfortable with folders• Metadata is a Huge Mind Shift
• Expect Resistance & Initial Uphill Battle• Requires Continuous Education and Training
Risk of Low User Adoption
Nice to meet youMet
adata
Varying Permission Model
• Permissions can be set at the folder level
• Documents residing in a folder would inherit the permissions of that folder
• Fantastic for complex permission requirements within a single repository
Bulk Upload Native Tools
1. OneDrive Pro
2. Drag and Drop Feature
3. Open with Explorer
What do they have in common?
Where do I tag??
No Metadata SupportJust
uploaded TONS of
files
More Bulk Update Limitations
• Content Type unsupported in Datasheet/Quick Edit
• In SharePoint 2010:• Managed Metadata unsupported in Datasheet
View
• Content Type unsupported in Inline Editing
414 | @bobbyschang | bobbyspworld.com
How to Use Folders Effectively
Using Folders Effectively
• Combine Folders with Metadata
• Utilize “Common Default Values”• Metadata value can be automatically assigned• Each folder can have different default values
• Create “Without Folders” SharePoint View• Hides folder structure when displaying documents• Eliminates hierarchy issue when browsing
Contributors vs. Visitors View
• Different options for different audience
• Display Folder View for Contributors• Potentially more efficient for upload• Auto-assigns tags via Common Default Values
Contributors vs. Visitors View
• Display Non-Folder View for Visitors• Removes reliance on navigating by folders• Leverages power of metadata
418 | @bobbyschang | bobbyspworld.com
Should I NEVER use folder?
No. Not necessarily.
But Folder should be the Exception
NOT the Rule
Stay away as a Public Facing Website
Focus on more on the internal rather the external
Don’t over customize and graphic design
Graphic design cost money and time do you want to really do it
Do not Develop when you can use OOTB or Buy
See No Coding Section
Do no treat it as a database or Garbage
Think about the Access areas
Do not just dump information into SharePoint
Bad
• There’s no easy way to move documents• No search capability over document versions• No reporting capability across all content on the use of content types• No offline ‘Workspace’ anymore, just One for document access• Remote access requirements• Need a clear strategy roadmap and deployment • Methodology sorted before governance• Transition over time can not just throw it together• May need professional help
USE Cases and Examples
Use Case 1 : Store, Sync, and Share Content
Use case 2: Keep everyone on the same page
Use Case 3: Stay on Track
Use Case 4:
Use Case 5: Finding what you need
Use Case 6: Making informed Decisions
Use Case 7: Onboarding HR
HR
Use Case 8: Keep informed
Use Case 9: Share your knowledge R & DOperations
R & DOperations
Use Case 10: Business Process and Workflow
Use Case 11: Access to Customers Data Sales &Marketing
Use Case 12: User Experience Anywhere Sales &Marketing
Use Case 13: Align Teams Sales &Marketing
Use Case 14: Excel Service Finance
Use Case 15: PCILegal
ITUse Case 16: Support/Helpdesk
ITUse Case 17: Security
ITUse Case 17: Security