sharepoint 2013 on-premises and yammer deployment guidance

SharePoint 2013 on-premises and Yammer deployment guidance

Thomas MolbachArchitectEnterprise Social GP, Microsoft

OFC-B342

+

Session Objectives And TakeawaysSession ObjectivesUnderstand the steps involved in Yammer and on-premises SP2013 integrationGet an introduction to setting up single sign-on and dirsyncSee different ways of integrating Yammer in the SharePoint user experienceSearch integration

TakeawaysBest practices SSO and dirsync integrationArchitecture slides you can use with your customers

Yammer or SharePoint Social? On-premises or Cloud?

SharePoint on-premises and Yammer• Service Pack 1 & Yammer embed for SharePoint • Committed to another SP on-premises release• Continued hybrid improvements

SharePoint Social• Social capabilities will be maintained• Don’t plan on adding new features

Office 365 and Yammer

Go Yammer!• Immediate

adoption • Rapid innovation• Connect everyone

• Home of innovations for Enterprise Social

ScenariosSSO and DirSyncUX Integration Search Integration

Agenda

Social Integration Scenarios

Single sign-onDirectory synchronization User interface integration

Steps to integrate SharePoint and Yammer

Social Integration ScenariosExisting SP 2013 on-premises:

no Yammer networka single active Yammer Networkmultiple active Yammer Networksusing SharePoint Socialplus Office365 + Yammer

All scenarios are included in a TechNet article (soon to be published)

Existing SP 2013 on-premises, no Yammer network

AssumptionsSharePoint 2013 with SP1Not using SP2013 social featuresActive Directory with ADFS

TasksEstablish Yammer licensesCreate a Yammer networkConfigure single sign-on (SSO)Configure directory syncDisable SP2013 social featuresEnable Yammer as user experience in SPConfigure Yammer embed

SP2013 on-premises and a single active Yammer NetworkAssumptionsSharePoint 2013 with SP1No usage of SharePoint social or communitiesActive Directory with ADFSOne single Yammer Network with active users

TasksConfigure single sign-on Configure directory sync Disable SharePoint 2013 Social featuresEnable Yammer as social experience in SPConfigure Yammer Embed

SP2013 on-premises and multiple active Yammer Networks

AssumptionsSharePoint 2013 with SP1Not using SP2013 social featuresMultiple Yammer Networks

TasksMerge the multiple Yammer Networks Always start with SSOPrepare communications for usersImplement Yammer dir sync, initially in suspended mode, enabling adds and updates laterDisable SharePoint 2013 Social featuresConfigure Yammer Embed

+

SP2013 on-premises and using SP SocialAssumptionsSharePoint 2013 Using on-premises social features (Newsfeeds, Communities etc) Decided to switch to use Yammer

TasksInstall service pack 1 for SharePoint 2013Configure single sign-onImplement Yammer DSyncDiscuss migration approach with community site collection ownersEither keep or Yammer (preferred)Disable SP2013 on-premises social featuresConfigure Yammer Embed

SP2013 on-premises + Office365 + Yammer Assumptions

SharePoint 2013 with SP1(No usage of SharePoint social)

Active Directory and ADFSOne Yammer Network

TasksConfigure single sign-on Configure Yammer Directory Sync Disable SharePoint 2013 Social featuresEnable Yammer as the default social experience in SharePoint Configure Yammer Embed

Yammer SSODirectory sync

Big Picture – O365, Yammer, and SSO

SSO Service

Provider

YammerUsers

On-Premise Environment

ADFS STS

Yammer Directory

Sync

Active Directory

SSO

SSO Service

Provider

YammerUsers

Azure Active Directory

IdentityMapping

On-Premise Environment

ADFS STS

Yammer Directory

Sync

O365 Directory

Sync

Active Directory

SSO

SSO

Yammer UsersAlways belong to a home (canonical) networkSometimes users are members of an external networkGuests get direct access to other home networksExist in a limited number of states during lifetime After 90

days

Suspended

ActiveDeleted

Pending

Yammer Standalone Single Sign-On (SSO)Independent from O365 and Azure AD.The original SSO solution since before Microsoft acquired Yammer.Still needed in many customer environments, even when O365 with SSO in place.

Supports SAML 1.1 and SAML 2.0 Identity Providers.Email address, not UPN, is the unique identifier.Works with on-premises ADFS.Works with Azure AD as Identity Provider.Yammer Directory Sync does NOT work with Azure AD, only with on premise AD.http://blogs.technet.com/b/speschka/archive/2014/01/08/using-azure-active-directory-for-single-sign-on-with-yammer.aspx

Not self-service: requires Yammer Customer Support

Yammer Standalone Single Sign-On (SSO)Deployment

Provide identity provider metadata

Yammer Customer Support activates SSO

Yammer Directory SyncEntirely separate app from O365 Directory Sync.Syncs users, but does not sync security groups.Intended to easily onboard maximum number of users in a companyNot a moderation tool – it will not prevent users from accessing Yammer!

Adds and Invitations

Custom invite and welcome emails

Yammer Directory SyncCore Functions

Suspensions

Suspend users when they are disabled or deleted in AD

Profile Updates

Prepopulate user profile fields

Overwrite upon update to AD

Installs on a single server.No database required.AD and LDAP expertise required to configure custom filters (queries).First sync sends all data, subsequent syncs are incremental, only for newly added or changed users.

Yammer Directory SyncDeployment

Install Directory Sync

Connect to Yammer

Connect to AD

Validate user queries

Enable syncs

Keep these simple.Filters are automatically added for objectCategory and objectClass.Difficult to exclude users - avoid filters with custom attributes, Distribution Groups, and Security Groups

Yammer Directory SyncLDAP Queries

// A good startmail=*@contoso.com

// Multiple domains, merged network(&(mail=*@contoso.com)(mail=*@contoso.co.uk))

// Redundant query(&(objectCategory=person)(objectClass=user)(mail=*))

// Not what you expect! Don’t do this!(&(mail=*@contoso.com)(customAttribute=true))

Create a query for each OU with a GUID identifier.Specify an LDAP filter.Provide a naming context for each OU.Set ShowDeleted to false.

Yammer Directory SyncMultiple OUs

"Queries": [ { "Id": "a92b0946-5ea9-42c3-9541-736863f39d29", "Filter": "mail=*@consoso.com", "OverrideRootNamingContext": "OU=France,DC=contoso,DC=com", "ShowDeleted": false }, { "Id": "6bb94cbb-f9bb-46ab-a78b-58eae0f23836", "Filter": "mail=*@contoso.com", "OverrideRootNamingContext": "OU=Germany,DC=contoso,DC=com", "ShowDeleted": false }, { "Id": "33bf59b3-ecfe-41cb-899f-7d85e1eb0dee", "Filter": "", "OverrideRootNamingContext": "<WKGUID=xxxxxxx,DC=contoso,DC=com>", "ShowDeleted": true }]

ou=legal,DC=contoso,DC=com

Moving user out of monitored OU does NOT remove user from Yammer; user is no longer monitored at all.In this example, User still has access to Yammer.

Yammer Directory SyncCommon Mistakes

ou=sales,DC=contoso,DC=com

Monitored by Directory Sync

Not Monitored by Directory Sync

Changing value of monitored attributes does NOT remove user from Yammer; user is no longer monitored at all.If custom attribute yammerUser set to false, user still has access to Yammer.Same problem with Distribution Groups and Security Groups.

Yammer Directory SyncCommon Mistakes

(&(mail=*@contoso.com)(yammerUser=true))

Monitored by Directory Sync

Yammer front end integration

New in SharePoint 2013 – service pack 1SharePoint SP1 brings new integration optionsNew applet to manage O365 integrationCentrally manage the integration of YammerOnce activated:

“Newsfeed” in the top nav bar is replaced with “Yammer”“All Company” newsfeed is removed from My Site hostWhen you click on it you will need to log into Yammer (o365 user mapping does not apply)It does not add the Yammer app to your farmIt does not do anything to team site feeds

Yammer Integration OptionsYammer SharePoint AppSimpleLimited functionalityNo UX customizations

Yammer EmbedConfigurable JavaScriptLimited UX customizations

Yammer Open Graph REST APIFull programmatic flexibilityOffers full UX customizations

Open Graph API OverviewWhat is Yammer’s Open Graph API?Open Graph is a light weight protocol that facilitates integrating data from different social apps into what we call the social graph.Yammer's Open Graph API allows developers to write activity from their app into Yammer.

Yammer’s Open Graph API AllowsRich metadata around an object identified by a URL.Discussion mirroring between an application and Yammer through comment feeds.Aggregation of all conversations around an object in Yammer.

Examples of Uses for Yammer’s Open Graph APIIn a customer relationship management (CRM) app, a sales rep updates an opportunity’s probability of closing to a lower number.In a scheduling app, an employee creates a lunch meeting.

Open Graph Activities

Format<Actor> <Action> <Object> on <App Name>: <Message>

Follow objects in Yammer

Search across Yammer & app

Publish to Yammer activity stream

Post, Like & Share

{ "activity":{ "actor":{ "name":"John Doe", "email":"john@seyammer.com" }, "action":"contosomedia:publish", "object": { "url":"https://media.contoso.com/34242", "title":“People enjoying lunch" }, “message":“New image from Getty”, users":[ {"name":"Jane Doe", "email":"jane@seyammer.com"} ] }}

Demo

Yammer integration in SharePoint

Yammer EmbedAddPostRenderCallback(ctx, function(){ SP.SOD.executeFunc("yammerembed.js", null, function() { yam.connect.embedFeed({ container: '#embedded-feed', network: 'microsoft.com', feedType: 'open-graph', objectProperties: {

url: newPath, title: newTitle, description: newDescription + " This document has these sections: " +

sectionNames},config: { header: false }

}); yam.connect.actionButton({

container: "#embedded-like",…

yam.connect.actionButton({container: "#embedded-follow",…

Yammer Open Graph REST APIfunction doSearch() {yam.getLoginStatus( function(response) { if (response.authResponse) { yam.platform.request({ url: "https://api.yammer.com/api/v1/search.json", //REST endpoints method: "GET", data: { //data object literal to specify parameters "search": response.user.full_name,

"page":"1", "num_per_page": "3"

}, success: displayItems, error: fail }); } else { console.log("Can't do search, user is not logged in"); } });}

Embedded group feed. Group created automatically for the team site as part of the team site provisioning.

SharePoint team site with Yammer integration

User profile and latest notifications

Team site with Yammer example

Latest user network activities

User profile and latest notifications

Communities and groups

User’s network

Personal messages feed directly in the front page of the Intranet or specific group feeds in the other sites

Create page specific discussions using OpenGraph option for specific URL

Portal with Yammer example

Search Integration

Search Demo

Current Search IntegrationExample of REST API Search Integration

Breakout SessionsOFC-B223 The Microsoft Roadmap for Enterprise Social – Tuesday @17:00 (8.0–D3)OFC-B219 Introducing Delve and the Office Graph – Wednesday @8:30 (8.0–D1)OFC-B342 Microsoft SharePoint Server 2013 on Premises and Yammer Deployment Guidance – Wednesday @15:15 (8.0–D3)OFC-B349 Yammer Identity and User Management – Thursday @17:00 (8.0-E7)

ResourcesEnterprise Social Resource Center http://enterprisesocial.com Office 365 Customer Success Center http://success.office.com Technical Resources http://aka.ms/yamtn Office 365 Public Roadmap http://office.microsoft.com/roadmap

Enterprise Social Related content

Find Me Later At Work Together booth & Ask the Experts!

Additional ResourcesSPC14 recording - Yammer SSO and Directory Synchttp://channel9.msdn.com/Events/SharePoint-Conference/2014/SPC368

Official docs – Yammer SSO and Directory Synchttps://about.yammer.com/success/activate/integrations/

Yammer site examples – blog postinghttp://blogs.msdn.com/b/vesku/archive/2014/03/30/getting-started-on-building-social-intranets-with-sharepoint-and-yammer.aspxhttps://github.com/OfficeDev/PnP

#worklikeanetwork

Sign up and get started with Yammer www.yammer.com1

Enterprise Social Resource Center http://enterprisesocial.com 2

Check out the Success Center http://success.office.com 3

Next Steps

Questions?

Technical NetworkJoin the conversation!

Share tips and best practices

with other Office 365 expertshttp://aka.ms/o365technetwork

ResourcesLearning

Microsoft Certification & Training Resourceswww.microsoft.com/learning

Developer Network

http://developer.microsoft.com

TechNetResources for IT Professionals

http://microsoft.com/technet

Sessions on Demandhttp://channel9.msdn.com/Events/TechEd

Additional ResourcesSPC14 recording - Yammer SSO and Directory Synchttp://channel9.msdn.com/Events/SharePoint-Conference/2014/SPC368

Official docs – Yammer SSO and Directory Synchttps://about.yammer.com/success/activate/integrations/

Yammer site examples – blog postinghttp://blogs.msdn.com/b/vesku/archive/2014/03/30/getting-started-on-building-social-intranets-with-sharepoint-and-yammer.aspxhttps://github.com/OfficeDev/PnP

Questions?

Managing Office 365 Identities and Services

5

Office 365Deploying Office 365 Services

Classroomtraining

Exams

+

Introduction to Office 365

Managing Office 365 Identities and Requirements

FLC

40041

Onlinetraining

Managing Office 365 Identities and ServicesOffice 365 Fundamentals

http://bit.ly/O365-Cert

http://bit.ly/O365-MVA

http://bit.ly/O365-Training

Get certified for 1/2 the price at TechEd Europe 2014!http://bit.ly/TechEd-CertDeal

MOC

20346 Designing for Office

365 Infrastructure

MOC

10968

3

EXAM

346EXAM

347

MVA MVA

Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC

TechEd Mobile appPhone or Tablet

QR code

Evaluate this session

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.