Maximising Collaboration Features with Exchange, Lync and SharePoint

Berry StefanusAlbert Sauz

OFC309

Exchange, Lync and SharePoint play well together

Session

Site Mailboxes Lync Archiving

eDiscovery In-Place Hold

Site Mailboxes

Collaboration Scenario

• Working towards a shared outcome/purpose

• Working together on shared deliverables

• Need to get all the tools we need to be successful

Working together as a team

• Team appears as virtual identity (e.g., sales@contoso.com)

• Working on shared queue of incoming requests

• Answering as the virtual identity, not the individual

Working on behalf of a virtual entity

• History of public conversations

• Accessible to everyone• Discoverable/

searchable for everyone

• Not in the inbox

Public, unobtrusive conversations

• Delivering information into the inboxes of a group of people

Direct communications with a group

Site Mailboxes Shared Mailboxes Public Folders Distribution Lists

Site Mailbox

Represents a single project that the team is working on

Allows SharePoint site owners to provision without IT intervention

Allows sharing and archiving of the project’s content together

Site Mailbox ArchitectureEnd-user Clients

Outlook 2013 SharePoint

2013

Management

Provisioning Lifecycle

Shared Storage

Site Mailbox

Membership

SharePoint Document

sExchange Email

Document Upload FlowUser

Outlook OST

Exchange Sharepoint

Drags document in

shortcut folder

Freedoc

Pending = True Exchange Synch

Publish to SP doc library

If successful

Create Shadow Message

Pending = False

Pending = False

Shadow message replaces freedoc

If NOT successful

Remove Freedoc

Create synch error messageFreedoc is removed from

list view

Benefits

Unified view of project

documents and

communication

Easy sharing and access for

all team members

Turning emails into records by publishing in SharePoint

Includes compliance

features

Exchange and SharePoint IntegrationPrerequisites

Exchange 2013 and SharePoint 2013 must be deployed within the same Active Directory Forest.

All mailboxes that will access Site Mailboxes must be located on an Exchange 2013 server.

A Root Site Collection must be created on SharePoint

All Sites that will be linked to Site mailboxes must be located on a SharePoint 2013 server. In addition, each SharePoint Site may only be linked to a single Site Mailbox.

Exchange Web Services Managed API must be installed on all SharePoint 2013 servers.

Outlook 2013 must be deployed on client computers

Configuring the SharePoint ServerInstall EWS

msiexec /i EwsManagedApi.msi addlocal="ExchangeWebServicesApi_Feature,ExchangeWebServicesApi_Gac"

Configure Corporate Certificate for SharePoint Web Application

Secure Sockets Layer (SSL) configured for the Default Zone is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication.

Configuring the SharePoint ServerCreate a Site Collection associated with the SSL Web Application

Configuring Synchronisation Settings

Configure Trust Relationship between SharePoint & Exchange

• Download the Script from:

http://technet.microsoft.com/en-us/library/jj552524(v=office.15).aspx

• Run the Script using PowerShell:

.\Set-SiteMailboxConfig.ps1 -ExchangeSiteMailboxDomain <Domain> -ExchangeAutodiscoverDomain [Exchange Server] -WebApplicationUrl

[URL]

Site Policy, Content Type Hub and Site Mailbox Feature

• Site Policy• It defines the life-cycle of a site by specifying when the site will be closed and when it will be deleted.• If an Exchange mailbox is associated with a site, the mailbox is deleted from Exchange Server 2013

when the site is deleted.

• Content Type Hub• Used to publish site policies and share them across site collections

• Site Mailbox Farm-level Activation

Configure Trust Relationship between Exchange & SharePoint

• Configures a Partner Application to authenticate to Exchange using oAuth• Roles assigned to authorize calls to EWS APIs:

• UserApplication, LegalHoldApplication, Mailbox Search, TeamMailboxLifecycleApplication, Legal Hold

• From Exchange Server launch the Exchange Management Shell

.\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl https://<eDiscoverySite>/_layouts/15/metadata/json/1 -ApplicationType SharePoint

• Restart the IIS service on both the Client Access Server (CAS) and the Mailbox Server.

Site Mailbox Lifecycle Management

• Lifecycle of a Site Mailbox is controlled through SharePoint policy• The scope of the policy is the SharePoint site and Site Mailbox

(=project), not the individual item (email, doc)• The closed state represents in-place archiving for the project

Creation

• Dramatically simple, shared space creation

• Integrated with SharePoint Sites Hub

Active Use

• Team is working on project

• Actively contributing content

• Accessible through Outlook and SharePoint

Closure

• Project is closed• Content is kept

for referencing (“archive” state)

• Accessible through SharePoint only

Deletion

• Content is being deleted from Exchange and SharePoint stores

Demo

Site Mailboxes

eDiscovery in SharePoint 2013 – Exchange 2013

eDiscovery Workflow at Microsoft• Pre-2013 2013

• “Doing legal discovery is quite time-consuming for us. Empowering our legal team to execute targeted searches on their own will have a huge impact on IT.” -Martin Fern, Infrastructure Manager, Komatsu Australia

Komatsu Australia (Manufacturing) upgraded to Exchange Server 2013. The interoperation between Exchange and SharePoint will simplify its eDiscovery processes and give the legal department web-based access to legal holds and search across email and documents without involving Exchange admins.It expects to reduce storage costs by 50%

Customer Story

• In-place hold: content stays in Exchange and SharePoint, less storage space, lower costs, higher fidelity

• Query - proximity search, rich query syntax query and source statistics help you analyze

• Export - download from SharePoint, Exchange, and file shares whether on premises or in Office 365 all at once

eDiscovery Features

Unified eDiscovery across Exchange, SharePoint, and Lync

eDiscovery Centre in SharePoint

Unified Preserve, Search and Export.

Exchange Web Services Connect to Exchange to get mailbox data.

Lync Archiving to Exchange Exchange is the compliance store for Lync.

Search Infrastructure Exchange and SharePoint use the same search platform.

Preserve

• Create case

• Apply hold

Search

• Query• De-

duplicate

Review

• Visualize

• Read

Export

• Save as PDF/TIFF

• Print

Information management & retention

Results

SharePoint eDiscovery architecture

Exchange

24

SharePoint Farm 1

eDiscovery CenterSS

A

Prox

y

Search Service Application

Services Farm

Search service

CasesSourcesQuerieseDiscovery SetsExports

Query

Actions Interface

Exchange Web

Services

HoldReleaseHoldGetStatus

SharePoint Farm 2

Timer job

SSA Proxy

FedClient

Query

Timer job

Lync archives content into Exchange mailboxes when user is on In-Place Hold

Includes instant messaging and meeting content

In-Place Hold, eDiscovery, MRM of Lync data consolidated to Exchange tools

Lync 2010 Exchange 2010

Compliance

Archive

Compliance

New Lync New Exchange

Preserve: Lync ArchivingSingle In-Place data store for Exchange & Lync compliance

Lync Archiving: How does it work?User A Mailbox

Recoverable Items

Deletions

Deleted Items

Inbox

Versions

Purges

DiscoveryHolds

Server side archiving

All Lync modalities captured (PC, mobile, web, OWA)

User A on hold

Hold state synced

Structure of eDiscovery Center

27

Case C

Case B

Case A

Sources

eDiscovery Sets

Queries

Exports

eDiscovery Center

• Exchange Mailboxes• SharePoint Sites• File Shares

• Combination of sources, filters and content to preserve

• Search Criteria + Scope of Search

• Used to identify content for export

• List of exports produced relating to case

Discovery Officers

Users & Permissions• Create an AD group (Universal Security) – e.g.: eDiscovery Users

• Grant eDiscovery Group full read permissions on all discoverable content- Web App User Policy- Site Collection Administrators- Access to file shares too (if required)

• Grant eDiscovery Group read permissions to search crawl logs

• Set-SPEnterpriseSearchCrawlLogReadPermission –SearchApplication (Get-SPEnterpriseSearchServiceApplication) –UserNames “domain\DiscoveryGroup”

• eDiscovery users must be in the “Discovery Management” role group in Exchange to search mailboxes

28

Adding eDiscovery Group in Exchange

• Via Discovery Management Exchange Group in AD

29

• Via Exchange Admin Center- http://<exchange-server>/ecp

Unified eDiscovery• Across

Exchange, SharePoint, Lync & file shares

• Based on enhanced search technology

• Delegate discovery console with role based access control

Get instant statistics

Use proximity searches to understand context

Query results across Exchange & SharePoint

Laser focused refiners to help find the data you

need

Fine tune complex queries

Search Prerequisites in SharePoint

• SSL web application with eDiscovery provisioned (to support S2S auth)

• Search Service Application provisioned and started

• User Profile Service Application provisioned and started• - User Profile Synchronisation Service started*

• App Management Service Application started

*Only really require one profile present and the sync service to be started for S2S authentication

Configuring Search• Content can only be discovered if

crawled by Search Service or configured as a result source for Search Application associated with Web App containing eDiscovery Centre

• Identify sources• - Exchange result sources• - SharePoint URLs• - File Share locations

32

Demo

eDiscovery

Exchange, Lync and SharePoint play well together

Related contentBreakout Sessions

OFC306 - Exchange 2013 ArchitectureOFC217 – Lync Anywhere, Delivering

Lync to Different Devices

Find Us Later at the...Ask the Expert Zone

Required Slide*delete this box once you have listed content that is related to your session.

Speakers, please list the other Breakout Sessions and Virtualised Hands-on Labs that relate to your session.

Also indicate where and when they can find you, to continue the discussion. If you’re going to be at Hub Happy Hour (5.30-6.30pm Wed and Thu, let them know)

Resources

TechNet & MSDN FlashSubscribe to our fortnightly newsletter

http://aka.ms/technetnz http://aka.ms/msdnnz

TechNet Virtual LabsFree Virtual Hands-on Labs

http://aka.ms/ch9nz

Microsoft Virtual AcademyFree Online Learning

http://aka.ms/mva http://aka.ms/technetlabs

Sessions on Demand

Complete your session evaluation now and win!

SharePoint 2013 PowerShell asnp Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

##Setting the SharePoint - Exchange OAuth

#Site MailBox Demo

## This command is run as part of running Set-SiteMailboxConfigcd C:\root.\Check-SiteMailboxConfig.ps1## New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://mail.contoso.com/autodiscover/metadata/json/1" -Name "Exchange AutoDiscovery for Contoso.com" -Verbose

## Show the OAuth trust that has been configured on the SharePoint FarmGet-SPTrustedSecurityTokenIssuer

## Show the MMS Content Type Hub Configuration## Show the Site Policy on the site collection as well as the replication of it

##SharePoint Timer Job for Team MailBoxGet-SPTimerJob -Identity ProjectPolicyTeamMailboxJob | FLGet-SPTimerJob -Identity ProjectPolicyTeamMailboxJob | Select-Object -ExpandProperty Description Start-SPTimerJob -Identity ProjectPolicyTeamMailboxJob

SharePoint 2013 PowerShell - Continue### eDiscovery Configuration

##

##Granting Crawl Log Read permission to ComplianceOfficers Group $ssa = Get-SPEnterpriseSearchServiceApplication $crawlLogPermission = Get-SPEnterpriseSearchCrawlLogReadPermission -SearchApplication $ssa Set-SPEnterpriseSearchCrawlLogReadPermission -SearchApplication $ssa -UserNames "corp\ComplianceOfficers"

$crawlLogPermission = Get-SPEnterpriseSearchCrawlLogReadPermission -SearchApplication $ssa $crawlLogPermission

Lync PowerShell Import-Module Lync

# Create Lync Partner Application With ExchangeNew-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl "https://mail.contoso.com/autodiscover/metadata/json/1"

#Get the CS Partner ApplicationGet-CsPartnerApplication

#test that the Lync - Exchange OAuth Works between these usersTest-CsExStorageConnectivity -SipUri sip:pmartin@contoso.com

#Enable Exchange Archiving on the Lync archiving configurationSet-CsArchivingConfiguration -EnableExchangeArchiving $true

#Enable Lync archiving on the archiving policy, in this example, we're enabling archiving globallySet-CsArchivingPolicy -Identity Global -ArchiveInternal $true -ArchiveExternal $true

Set-CsUser -Identity Lswart -ExchangeArchivingPolicy ArchivingToExchangeSet-CsUser -Identity Llim -ExchangeArchivingPolicy ArchivingToExchangeSet-CsUser -Identity berryst -ExchangeArchivingPolicy Uninitialized

#Check the user archiving policy to ensure they're set to ExchangeArchivingGet-CsUser -Identity Lswart|fl *Exchangearchiving*Get-CsUser -Identity LLim|fl *Exchangearchiving*

© 2014 Microsoft Corporation. All rights reserved.Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.