Service | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
SharePoint | Set Up Global Intranet | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/Set-up-global-intranet.md | The advantage to using hub sites is that they provide a flat architecture that i ![Hub site concept](media\HubSiteExample.png) -If you have subsidiaries in different regions that have thei\nr own branding and navigation, an option for you is to create a hub site for each region. +If you have subsidiaries in different regions that have their own branding and navigation, an option for you is to create a hub site for each region. [Learn how to plan for hub sites](./planning-hub-sites.md) |
SharePoint | Manage Search Schema | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/manage-search-schema.md | Previously updated : 07/12/2018 Last updated : 03/13/2024 Title: "Manage the search schema in SharePoint" Each managed property has settings that determine how users can search for the c You can create new, **custom** managed properties, but these can only contain text or Yes/No. If you need other content types in your custom managed property, then use one of the unused, **built-in** managed properties that search comes with. These managed properties can contain information in integer, decimal, date and time, double precision float, or binary format. You can "rename" these unused managed properties by using the alias setting. For the built-in managed properties, you can change their mappings to crawled properties, but the only setting you can change is the alias.++> [!IMPORTANT] +> If an alias is added to a managed property ensure a managed property with the same name as the alias does not already exist. Aliased managed properties take precedence during search and Microsoft 365 experiences relying on specific properties and values may break as a result. +> +> It is not advisable to change the mapping or mapping order of crawled properties for existing managed properties outside of the [default unused managed properties](#default-unused-managed-properties) provided for reuse, or for managed properties manually created. Changing crawled property mappings may break Microsoft 365 experiences relying on specific properties and values. **Define which content that users can search and get results for** |
SharePoint | Manage Site Collection Administrators | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/manage-site-collection-administrators.md | Previously updated : 07/11/2018 Last updated : 03/18/2024 Title: "Manage site admins" |
SharePoint | Plan File Sync | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/plan-file-sync.md | Last updated 06/10/2022 Title: Plan file sync for SharePoint and OneDrive in Microsoft 365 --++ recommendations: true audience: Admin If you are using the previous OneDrive sync app (Groove.exe), see [Transition fr ## Do you want to limit sync to computers joined to a specific domain? -To make sure that users sync OneDrive files only on managed computers, you can configure OneDrive to sync only on PCs that are joined to specific domains. for more information, see [Allow syncing only on computers joined to specific domains](/onedrive/allow-syncing-only-on-specific-domains). +To make sure that users sync OneDrive files only on managed computers, you can configure OneDrive to sync only on PCs that are joined to specific domains. For more information, see [Allow syncing only on computers joined to specific domains](/onedrive/allow-syncing-only-on-specific-domains). ## Next steps |
SharePoint | Plan For Sharepoint Onedrive | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/plan-for-sharepoint-onedrive.md | Last updated 06/10/2022 Title: Plan for SharePoint and OneDrive in Microsoft 365 --++ recommendations: true audience: Admin These references can also help with planning your rollout: - [Networking roadmap for Microsoft 365](/microsoft-365/enterprise/networking-roadmap-microsoft-365) -- [Office 365 URLs and IP address ranges](/enterprise/urls-and-ip-address-ranges)+- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Use the Office 365 Content Delivery Network (CDN) with SharePoint Online](/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo) |
SharePoint | Plan Implement Navigation Design | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/plan-implement-navigation-design.md | Last updated 09/19/2020 Title: "Get started planning and implementing SharePoint navigation design" --++ recommendations: true audience: Admin |
SharePoint | Plan Intranet | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/plan-intranet.md | Last updated 11/26/2019 Title: "Plan an intelligent SharePoint intranet" --++ recommendations: true audience: Admin search.appverid: - BSA160 - GSP150 - MET150-description: "Learn about how to plan a new SharePoint intranet with focus on bringing sites online quickly and getting a return on your investment" +description: "Learn about how to plan a new SharePoint intranet with focus on bringing sites online quickly and getting a return on your investment." # Plan an intelligent SharePoint intranet -Microsoft SharePoint offers a wide variety of options and tools to create intranet sites for your organization. Moving your intranet to SharePoint in Microsoft 365 might take a while, particularly if you already have extensive intranet content. In this article, we'll look at how to plan a new SharePoint intranet with a focus on quickly bringing sites online and getting a return on your investment. +Microsoft SharePoint offers a wide variety of options and tools to create intranet sites for your organization. Moving your intranet to SharePoint in Microsoft 365 might take a while, particularly if you already have extensive intranet content. In this article, we look at how to plan a new SharePoint intranet with a focus on quickly bringing sites online and getting a return on your investment. -We'll cover how to: +We cover how to: - Understand your key organizational priorities - Understand your audience We'll cover how to: With SharePoint, any user can create highly functional intranet pages quickly without the need for writing code or other difficult customizations. These sites look great on any device or screen and provide deeply engaging experiences for your users. -If you're currently using SharePoint Server for your intranet, you'll find SharePoint in Microsoft 365 to be much easier to work with. Responsive, dynamic pages are easy for anyone to create, and the requirements for IT to build and maintain custom solutions are much less. +If you're currently using SharePoint Server for your intranet, you'll find SharePoint in Microsoft 365 to be easier to work with. Responsive, dynamic pages are easy for anyone to create, and the requirements for IT to build and maintain custom solutions are much less. -As a first step, to see examples of what's possible with SharePoint, we recommend that you review the [SharePoint look book](https://aka.ms/sharepointlookbook). The look book provides a variety of examples about how to include news, events, resources, and personalized content in SharePoint sites that anyone can create and maintain. +As a first step, to see examples of what's possible with SharePoint, we recommend that you review the [SharePoint look book](https://aka.ms/sharepointlookbook). The look book provides various examples about how to include news, events, resources, and personalized content in SharePoint sites that anyone can create and maintain. For an understanding about how the different component parts work together, review the [Guide to the Modern experience in SharePoint](guide-to-sharepoint-modern-experience.md). In the following sections, we look at how to find the best starting point for yo ## Understand current business goals and key stakeholders -The most successful intranets donΓÇÖt just look good, they are primarily focused on helping people get work done and often on promoting engagement. The look book can help inspire you to think about how your content might appear, but your business outcome goals are important to understand what content and functionality are most important for your users and your organization. +The most successful intranets donΓÇÖt just look good, they're primarily focused on helping people get work done and often on promoting engagement. The look book can help inspire you to think about how your content might appear, but your business outcome goals are important to understand what content and functionality are most important for your users and your organization. -All organizations have important strategic goals that drive behavior and investments. If you want to be sure that your intranet is successful ΓÇô and gets the right level of funding ΓÇô you need to ensure that it is aligned with these goals. You can also use these goals to help prioritize your intranet initiatives. Unlike many technology projects, an intranet project is never ΓÇ£doneΓÇ¥ because your organization priorities and interests will change over time. But, at any given time, you want to focus on the intranet initiatives that are most closely aligned with your organizational priorities and key business stakeholders. +All organizations have important strategic goals that drive behavior and investments. If you want to be sure that your intranet is successful ΓÇô and gets the right level of funding ΓÇô you need to ensure that it's aligned with these goals. You can also use these goals to help prioritize your intranet initiatives. Unlike many technology projects, an intranet project is never 'done' because your organization priorities and interests will change over time. But, at any given time, you want to focus on the intranet initiatives that are most closely aligned with your organizational priorities and key business stakeholders. -In addition, take a look at recent employee satisfaction survey data. A good way to become more informed about the information and tools that your employees need is to look at the pain points identified in these surveys. +In addition, take a look at recent employee satisfaction survey data. A good way to become more informed about the information and tools that your employees need are to look at the pain points identified in these surveys. ## Understand your audience -A good place to start thinking about your new intranet is what it will be like when the intranet is in place. What will people be able to accomplish? How will they start their day? What will people say about the intranet? One potentially helpful exercise to frame the overall objectives for the intranet is to engage your key intranet stakeholders in a [cover story](https://gamestorming.com/cover-story/) exercise. This is an exercise in imagination. The purpose is to think broadly about an ideal future state by imagining a magazine cover story about the new intranet, including the key headlines, sidebars, and quotes from users. +A good place to start thinking about your new intranet is what it is like when the intranet is in place. What will people be able to accomplish? How will they start their day? What will people say about the intranet? One potentially helpful exercise to frame the overall objectives for the intranet is to engage your key intranet stakeholders in a [cover story](https://gamestorming.com/cover-story/) exercise. This is an exercise in imagination. The purpose is to think broadly about an ideal future state by imagining a magazine cover story about the new intranet, including the key headlines, sidebars, and quotes from users. -With the end in mind, it can also be helpful to create [personas](https://www.nngroup.com/articles/persona/) for your key users. A persona is a fictional but realistic description of a typical intranet user (for example, new starter/new employee, knowledge worker, field worker, sales rep, people manager, or content author). YouΓÇÖll want to do some research to engage with people who represent these different personas to understand their information requirements. You canΓÇÖt build an intranet without an understanding of the people for whom you are building it. Site owners alone are not enough ΓÇô their perspective is what they want to publish. That is often not the same thing as what their users want to consume. +With the end in mind, it can also be helpful to create [personas](https://www.nngroup.com/articles/persona/) for your key users. A persona is a fictional but realistic description of a typical intranet user (for example, new starter/new employee, knowledge worker, field worker, sales rep, people manager, or content author). YouΓÇÖll want to do some research to engage with people who represent these different personas to understand their information requirements. You canΓÇÖt build an intranet without an understanding of the people for whom you are building it. Site owners alone aren't enough ΓÇô their perspective is what they want to publish. That is often not the same thing as what their users want to consume. ## Think about governance -If your users complain that search is not successful because too much irrelevant content is discovered, this can indicate a governance problem. Before you think about your new intranet project, think about how you will govern the architecture and the content. These are decisions that are a lot easier to make and enforce if they are decided early in your intranet project. For example, you will want to think about: +If your users complain that search isn't successful because too much irrelevant content is discovered, this can indicate a governance problem. Before you think about your new intranet project, think about how you'll govern the architecture and the content. These are decisions that are a lot easier to make and enforce if they're decided early in your intranet project. For example, you'll want to think about: -- Who can provision new sites and when they are provisioned, what is the process to ensure that sites are discovered in navigation or as key [bookmarks](/microsoftsearch/make-content-easy-to-find#bookmarks) in search?+- Who can provision new sites and when they're provisioned, what is the process to ensure that sites are discovered in navigation or as key [bookmarks](/microsoftsearch/make-content-easy-to-find#bookmarks) in search? - Do you want all sites to follow a similar pattern so that users can easily find key content as they move from site to site? - Who is accountable and responsible for the content on sites? How often does content need to be reviewed? - Is content management for intranet sites in the performance goals or job descriptions for people with edit or owner permissions? - Does intranet content need to be [retained](/microsoft-365/compliance/retention-policies) based on your retention policies or [classified](/microsoft-365/compliance/sensitivity-labels) based on its sensitivity? -You do not need to make every governance decision up front, but if you donΓÇÖt have a plan for how you will govern your new, intelligent intranet, it can quickly become a wasteland of information that fails to achieve your critical business goals. +You don't need to make every governance decision up front, but if you donΓÇÖt have a plan for how you'll govern your new, intelligent intranet, it can quickly become a wasteland of information that fails to achieve your critical business goals. ## Review your existing intranet -Your current intranet may be composed of sites from different business groups, such as HR, IT, Facilities, Engineering, and others. As a first step to planning your new SharePoint intranet, we recommend taking an inventory of your existing sites and meeting with the owners of each to determine their business outcome goals for new sites. Take stock of where your content is located and how much content you would need to move when creating a new intranet site. Look at your current content to understand if it is current or needs to be updated prior to moving to a new site. ItΓÇÖs not unusual to find a migration strategy where existing content is left behind. You donΓÇÖt have to migrate anything ΓÇô you may find that it is more effective to create new content that is optimized for the modern SharePoint experience rather than migrate existing, out-of-date content to the new location. +Your current intranet may be composed of sites from different business groups, such as HR, IT, Facilities, Engineering, and others. As a first step to planning your new SharePoint intranet, we recommend taking an inventory of your existing sites and meeting with the owners of each to determine their business outcome goals for new sites. Take stock of where your content is located and how much content you would need to move when creating a new intranet site. Look at your current content to understand if it's current or needs to be updated prior to moving to a new site. ItΓÇÖs not unusual to find a migration strategy where existing content is left behind. You donΓÇÖt have to migrate anything ΓÇô you may find that it's more effective to create new content that is optimized for the modern SharePoint experience rather than migrate existing, out-of-date content to the new location. As part of these meetings, you can identify the business needs that are addressed by each existing site as well as any requirements you might have for new sites. In addition to meeting with current site owners, you may also want to convene a focus group of new employees. New employees are a key audience for the intranet and people who have joined the organization in the past two to three months can provide some valuable insights about what is missing or hard to learn in your current intranet, or resources they wish they had when they first started. They may also provide you with some valuable ideas from the organizations where they previously worked to help you think about new and important capabilities to incorporate. -Think of this step as an opportunity to learn. You are learning about what is important to your users and to the business. You will use this information to identify initiatives for your intranet. +Think of this step as an opportunity to learn. You're learning about what is important to your users and to the business. You'll use this information to identify initiatives for your intranet. ## Identify initiatives -Using the information you gathered during your research, work with your key intranet stakeholders to identify initiatives that reflect your organizational priorities ΓÇô as well as any barriers that might exist when you are implementing them. +Using the information you gathered during your research, work with your key intranet stakeholders to identify initiatives that reflect your organizational priorities ΓÇô and any barriers that might exist when you're implementing them. While you may ultimately implement solutions to address all of the identified initiatives, prioritizing which project to do first will help you achieve early success and user engagement as efficiently as possible. To help decide which initiative to address first, work with the business leaders |:|:--|:--| |Educate employees about benefits (Benefits site)|- Announcements <br> - Training videos|HR|- News post views <br> - Training video views|Help requests are reduced by x%| |Weekly news post by a senior leader|- Streaming events <br> - Formal training|Engineering|- Training content produced for all aspects of coding excellence <br> - Monthly streaming events|Training completed successfully by x% of engineering staff|-|Foster positive employee agreement about company strategy (Executive Leadership Viva Engage Community)|News posts <br> - Streaming events <br> - Viva Engage conversations|HR|Ongoing monthly activity posts by leadership and comments by employees|- Viva Engage conversations show positive sentiment <br> - Comments addressed within 24 hours ΓÇô ΓÇ£no question/comment left behindΓÇ¥ <br> - x% increase in employee satisfaction scores for executive communications| +|Foster positive employee agreement about company strategy (Executive Leadership Viva Engage Community)|News posts <br> - Streaming events <br> - Viva Engage conversations|HR|Ongoing monthly activity posts by leadership and comments by employees|- Viva Engage conversations show positive sentiment <br> - Comments addressed within 24 hours ΓÇô "no question/comment left behind" <br> - x% increase in employee satisfaction scores for executive communications| |Improve timeliness consistency in proposal development (Marketing site)|- Company business value slides <br> - Proposal templates|Marketing|- Slide downloads <br> - Sales team alignment|x% reduction in the time to create proposals| ## Choose pilot scenarios After you have compiled this information, create a design brief to help map out ## Choose solution components -SharePoint offers a variety of building blocks that you can use to create an intranet: +SharePoint offers various building blocks that you can use to create an intranet: -- **[Communication sites](https://support.office.com/article/94A33429-E580-45C3-A090-5512A8070732)** - Use communication sites to share news, reports, statuses, and other information through a variety of templates and web parts.+- **[Communication sites](https://support.office.com/article/94A33429-E580-45C3-A090-5512A8070732)** - Use communication sites to share news, reports, statuses, and other information through various templates and web parts. - **[Home site](home-site.md)** - A home site is a communication site that you set as the intranet landing page for your organization. - **[Hub sites](planning-hub-sites.md)** - Use hub sites to organize related sites and teams and centralize news, search, and content management. - **[SharePoint news](https://support.office.com/article/C2DCEE50-F5D7-434B-8CB9-A7FEEFD9F165)** - Use the news web part to post important or interesting stories, announcements, people news, status updates, and more that can include graphics and rich formatting.-- **[Viva Engage](/viva/engage/viva-engage-landing-page)** - Use Viva Engage to connect with people across your organization beyond the boundaries of projects, functions, and departments.+- **[Viva Engage](/viva/engage/overview)** - Use Viva Engage to connect with people across your organization beyond the boundaries of projects, functions, and departments. - **[Forms](/forms-pro)** - Use forms to create custom quizzes, surveys, questionnaires, registrations, and more. - **[Stream](/stream)** - Use Stream to deliver live and on-demand meetings, events, and training. For the scenario that you've decided to build, choose the components that you'll need to use to meet the site's business objectives. We recommend creating a rapid prototype, and granting access to your key stakeholders. This provides a substantive framework for further discussions and revisions of the design. -At this stage, we recommend that you involve your help desk so that they are prepared to answer questions after the site rolls out to a larger audience. +At this stage, we recommend that you involve your help desk so that they're prepared to answer questions after the site rolls out to a larger audience. For best practices for launching an intranet site, review [Creating and launching a healthy SharePoint portal](portal-health.md). ## Roll out the pilot -When the prototype has evolved to a point where you want to share it more broadly, you can roll it out to a pilot group, or even to the whole organization. User adoption is a critical part of success for a new intranet site. To drive site usage, we recommend that you use both a top down and bottom up approach: +When the prototype has evolved to a point where you want to share it more broadly, you can roll it out to a pilot group, or even to the whole organization. User adoption is a critical part of success for a new intranet site. To drive site usage, we recommend that you use down both a top and bottom up approach: - Recruit executive sponsors who can ensure that the intranet project is funded, and can help message the importance of the new site to others in the organization. - Empower champions throughout the organization to promote the new site on a grass roots level. Other things you can do to drive success include: - Provide formal training. - Hold regular office hours where users can ask questions. -As the site rolls out and more users engage, watch your success metrics and make adjustments as needed to drive additional engagement and user satisfaction. +As the site rolls out and more users engage, watch your success metrics and make adjustments as needed to drive more engagement and user satisfaction. When the site is on its way to success, take stock of any lessons learned in the process and proceed on to the next intranet project that you want to undertake. -## Related topics +## Related articles [SharePoint look book](https://aka.ms/sharepointlookbook) |
SharePoint | Plan Navigation Modern Experience | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/plan-navigation-modern-experience.md | Last updated 09/19/2020 Title: "Plan and implement SharePoint site navigation" --++ recommendations: true audience: Admin -description: "Use the guidance in this document to help you create the right navigation for your organization" +description: "Use the guidance in this document to help you create the right navigation for your organization." # Plan and implement SharePoint site navigation -The fundamental principles and practices for site and page navigation apply to classic and modern SharePoint architectures. However, your options for implementing navigation differ based on the framework for your sites and intranet. For example, the default navigation experiences available in classic SharePoint site hierarchies - sites with subsites - are not available in the modern experience. +The fundamental principles and practices for site and page navigation apply to classic and modern SharePoint architectures. However, your options for implementing navigation differ based on the framework for your sites and intranet. For example, the default navigation experiences available in classic SharePoint site hierarchies - sites with subsites - aren't available in the modern experience. -Instead, [hubs](https://support.office.com/article/fe26ae84-14b7-45b6-a6d1-948b3966427f) provide a great way to achieve the cross-site navigation features previously available in managed navigation and site hierarchies in classic SharePoint. No matter which framework you are using, you can use the guidance in this document to help you create the right navigation for your organization. +Instead, [hubs](https://support.office.com/article/fe26ae84-14b7-45b6-a6d1-948b3966427f) provide a great way to achieve the cross-site navigation features previously available in managed navigation and site hierarchies in classic SharePoint. No matter which framework you're using, you can use the guidance in this document to help you create the right navigation for your organization. **In this article:** This planning guide primarily addresses *site* navigation: the top (team and com ![Hub navigation example:](media/hub-nav-example.png) -*"When we're observing customers carrying out tasks on websites we notice certain common patterns. For example, we find that when people arrive at a particular site they start by **navigating about 70% of the time**. When people get stuck navigating they may resort to using site search."* -- Gerry McGovern +*"When we're observing customers carrying out tasks on websites we notice certain common patterns. For example, we find that when people arrive at a particular site they start by **navigating about 70% of the time**. When people get stuck navigating, they may resort to using site search."* -- Gerry McGovern ## Why navigation is important The most effective SharePoint sites help viewers find what they need quickly so Even when search is available, [most viewers start their web experiences by browsing](https://gerrymcgovern.com/search-and-navigation-interconnections/). That pattern persists on internal web sites as well. Good navigation experiences present viewers with a complete picture of what is available on the site and, combined with the home page, provide a comprehensive "story" for the site. -Page navigation and site navigation display differently. The links that you see in site navigation are static on every page in the site. The navigation links on individual pages are accessed only when the viewer lands on the page. A benefit to on-page links is that they can be different from page to page. Both types of navigational links guide your viewers by providing *wayfinding* experiences. +Page navigation and site navigation display differently. The links in site navigation are static on every page in the site. The navigation links on individual pages are accessed only when the viewer lands on the page. A benefit to on-page links is that they can be different from page to page. Both types of navigational links guide your viewers by providing *wayfinding* experiences. -The key advantage of site navigation links is that they are always visible in the context of the site. Because site navigation links are persistent, they provide an opportunity to provide significant value for site viewers as they traverse the site and address their goals: to find and do what they came for. Hub navigation links extend this wayfinding experience to other sites in the hub ΓÇ£family.ΓÇ¥ This supports navigating to related content not just on the site, but on related sites as well. Setting site navigation links to open in a new tab can help site viewers find the information they want, without navigating away from the current page that they are on. +The key advantage of site navigation links is that they're always visible in the context of the site. Because site navigation links are persistent, they provide an opportunity to provide significant value for site viewers as they traverse the site and address their goals: to find and do what they came for. Hub navigation links extend this wayfinding experience to other sites in the hub ΓÇ£family.ΓÇ¥ This supports navigating to related content not just on the site, but on related sites as well. Setting site navigation links to open in a new tab can help site viewers find the information they want, without navigating away from the current page that they are on. ## Site and page navigation fundamentals -Planning site and page navigation involves thinking about: +When you plan site and page navigation, you want to think about: - **Organizing** ΓÇô Grouping logical and similar intents - **Labeling** ΓÇô Writing clear labels your users will immediately understand Therefore, organizing and labeling your navigation links is critical for the pur ### Organizing -There is no one right way to organize your navigation links. You will make different choices based on the type of site you are creating and your viewers. Organizing concepts might include: +There is no one right way to organize your navigation links. You will make different choices based on the type of site you're creating and your viewers. Organizing concepts might include: - Services - Products There is no one right way to organize your navigation links. You will make diffe - Audiences (if your viewers can clearly identify the audience to which they belong ΓÇô such as student or teacher) - Expertise areas or functions -The default navigation for all SharePoint sites primarily includes *type* of content. For [**communication sites**](https://support.office.com/article/94A33429-E580-45C3-A090-5512A8070732), the default navigation includes Documents, Pages, and Site Contents. These categories are helpful as you are building your site, but they are not typically going to add value to your viewers once your site is ready to launch. +The default navigation for all SharePoint sites primarily includes *type* of content. For [**communication sites**](https://support.office.com/article/94A33429-E580-45C3-A090-5512A8070732), the default navigation includes Documents, Pages, and Site Contents. These categories are helpful as you're building your site, but they are not typically going to add value to your viewers once your site is ready to launch. -This is because the consumer of a communication site typically doesn't care about the *type* of content ΓÇô they care about the *purpose* or *subject* of the content. For communication sites, plan to delete the "out of the box" navigation when you are ready to launch and replace it with something that aligns with the guidance provided in the local navigation section of this guide. +This is because the consumer of a communication site typically doesn't care about the *type* of content ΓÇô they care about the *purpose* or *subject* of the content. For communication sites, plan to delete the "out of the box" navigation when you're ready to launch and replace it with something that aligns with the guidance provided in the local navigation section of this guide. The default navigation for [**team sites**](https://support.office.com/article/75545757-36c3-46a7-beed-0aaa74f0401e) includes links to the related services provided by Microsoft 365 for modern teams ΓÇô including a link to the shared team notebook and the conversations for the team in Outlook. These represent the typical features that teams need to effectively collaborate and might be hard for people to find without the experience provided by the navigation. There are two types of navigation menu styles for SharePoint sites - cascading a There are two types of navigation links: a label and a link. A label is simply a category link ΓÇô it lets you group related links but is not a link itself. A link requires a hyperlink and presents a ΓÇ£clickableΓÇ¥ experience for the user. A label should always have at least one link below. -Both cascading and mega menus support up to three levels of navigation in your menu. The first level represents the tabs you see across the top. The second level is the next level below the tab and the third level is indented or below the second level. Mega menus work best when you are using all three levels of navigation experiences. If you use a mega menu, the second level of links will appear in **bold**. If you only need two levels in your menu, consider using the cascading style. +Both cascading and mega menus support up to three levels of navigation in your menu. The first level represents the tabs you see across the top. The second level is the next level below the tab and the third level is indented or below the second level. Mega menus work best when you're using all three levels of navigation experiences. If you use a mega menu, the second level of links will appear in **bold**. If you only need two levels in your menu, consider using the cascading style. ### Menu experiences There are two types navigation experiences ΓÇô targeted and not targeted. With t All types of menu links support some decoration with emojis. Emojis can be used at the beginning or end of a link label to add some visual interest to your links. -Choose an emoji that relates to the label topic. You can search for emojis at [emojipedia.org](https://emojipedia.org/), or use the Windows key + period (.). Copy the emoji and add it to the label when you are editing your navigation. +Choose an emoji that relates to the label topic. You can search for emojis at [emojipedia.org](https://emojipedia.org/), or use the Windows key + period (.). Copy the emoji and add it to the label when you're editing your navigation. ### Link to pages, not individual documents |
SharePoint | Plan Rollout Migration | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/plan-rollout-migration.md | Last updated 06/10/2022 Title: Migration planning for SharePoint and OneDrive rollout --++ recommendations: true audience: Admin |
SharePoint | Planning Hub Sites | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/planning-hub-sites.md | Title: "Planning your SharePoint hub sites" recommendations: true--++ audience: Admin f1.keywords: - CSH |
SharePoint | Portal Health | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/portal-health.md | Title: "Creating and launching a healthy SharePoint portal" --++ Last updated 01/20/2023 recommendations: true Typically portals have relatively few people who create and author the site and >[!Tip] > Are you wanting to host a live event or town hall? Here are the options we recommend: > - [Learn about Microsoft Teams live events](/microsoftteams/teams-live-events/what-are-teams-live-events)-> - [Learn about hosting events with Viva Engage](/viva/engage/manage-viva-engage-groups/viva-engage-live-events) +> - [Learn about hosting events with Viva Engage](https://support.microsoft.com/office/attend-a-live-event-in-viva-engage-41f1afe3-2a8e-4998-a25b-843d96791b10) > - Link directly to the live event you are streaming (**not** through your portal) ## What type of site should I use as my portal? |
SharePoint | Provision Neo Hub | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/provision-neo-hub.md | Last updated 06/25/2020 Title: Overview of the Microsoft New Employee Onboarding sites --++ recommendations: true audience: Admin description: "Overview of the Microsoft New Employee Onboarding sites" There are three (3) new templates for New Employee Onboarding (NEO) to help organizations improve their onboarding process. The NEO sites are designed to deliver a flexible and consistent experience. The NEO sites can be used on their own, or together. -The NEO site(s) helps organizations by: +The NEO sites help organizations by: - Providing new employees a place to get started - Connecting new employees to people and culture NEO processes often fall short for both the new hires and the organization. Only |Provide new employees a place to get started|Connect new employees to people and culture|Help stakeholders easily contribute to new employee onboarding|Measure effectiveness of new employee onboarding |||||-|Sense of place|Pre-onboarding|Departmental and team onboarding|Value realization| +|Sense of place|Preonboarding|Departmental and team onboarding|Value realization| |Onboarding journey|Social connections and live events|Easy to create and maintain compelling content experiences|Example model for KPIs| ### NEO site template features -- **A fully configured and customizable set of new hire sites built on SharePoint communication sites:** NEO sites include: the site, information architecture, design, and pre-populated content and web parts. There are three NEO sites available that must be provisioned separately and can be customized or added to your organization's new hire content.+- **A fully configured and customizable set of new hire sites built on SharePoint communication sites:** NEO sites include: the site, information architecture, design, and prepopulated content and web parts. There are three NEO sites available that must be provisioned separately and can be customized or added to your organization's new hire content. -- **Onboarding journey:** Onboarding can be an overwhelming experience for new hires with everything the new hire is typically expected to do and learn in a short period of time. Avoid overwhelming your new employees by providing them a curated onboarding journey that paces the new hire through a configurable activity list of administrative, technology, culture, training, and connection-related to-do's. The onboarding journey comes with a pre-configured list of new employee onboarding activities for you to customize for your processes.+- **Onboarding journey:** Onboarding can be an overwhelming experience for new hires with everything the new hire is typically expected to do and learn in a short period of time. Avoid overwhelming your new employees by providing them with a curated onboarding journey that paces the new hire through a configurable activity list of administrative, technology, culture, training, and connection-related to-do's. The onboarding journey comes with a preconfigured list of new employee onboarding activities for you to customize for your processes. - **Sample site pages:** To inspire and provide design templates for arranging your content, the NEO site includes sample inner site pages. Use these site pages as templates for your content. NEO processes often fall short for both the new hires and the organization. Only ### NEO site template options -New employee onboarding involves multiple levels within an organization, including pre-onboarding, corporate onboarding, and departmental onboarding. Each onboarding level provides its own unique value, contributing to a comprehensive onboarding experience each new employee should experience. +New employee onboarding involves multiple levels within an organization, including preonboarding, corporate onboarding, and departmental onboarding. Each onboarding level provides its own unique value, contributing to a comprehensive onboarding experience each new employee should experience. -Research has shown Pre-onboarding new hires, after they sign their acceptance letter but before they officially join the company, can lead to higher performance and better retention rates. To deliver a flexible and consistent onboarding experience, NEO sites consist of three different SharePoint site templates, that are designed to work alone or as one cohesive and familiar experience for new hires. +Research has shown Preonboarding new hires, after they sign their acceptance letter but before they officially join the company, can lead to higher performance and better retention rates. To deliver a flexible and consistent onboarding experience, NEO sites consist of three different SharePoint site templates, that are designed to work alone or as one cohesive and familiar experience for new hires. -|Pre-onboarding site|Corporate onboarding site|Departmental onboarding site| +|Preonboarding site|Corporate onboarding site|Departmental onboarding site| |::|::|::| |![Image of the pre-onboarding site](media/neo-preonboarding-thumb.png)|![Image of the corporate onboarding site](media/neo-corp-onboarding-thumb.png)|![Image of the department onboarding site](media/neo-department-onboarding-thumb.png)|-|Share the Pre-onboarding site with new hires as soon as the job offer has been accepted|Share the Corporate onboarding site with new hires on their first day|Managers and onboarding buddies should share their respective Departmental onboarding site| +|Share the Preonboarding site with new hires as soon as the job offer has been accepted|Share the Corporate onboarding site with new hires on their first day|Managers and onboarding buddies should share their respective Departmental onboarding site| -1. **New employee pre-onboarding site:** A site for new hires, who have yet to officially join the company, to learn more about the company they have joined and to get ready for their official start date. External guest access can be used for providing pre-start hires, with no corporate credentials, access to the Pre-onboarding site only. +1. **New employee pre-onboarding site:** A site for new hires, who have yet to officially join the company, to learn more about the company they have joined and to get ready for their official start date. External guest access can be used for providing prestart hires, with no corporate credentials, access to the Preonboarding site only. 2. **New employee corporate onboarding site:** A place for new hires to visit to get the information and connections they need to successfully onboard to the organization. -3. **New employee departmental onboarding site:** A place for new hires to visit to learn more about the department they are joining, its people, culture, and priorities. The Departmental onboarding site can be associated to an existing departmental hub. +3. **New employee departmental onboarding site:** A place for new hires to visit to learn more about the department they're joining, its people, culture, and priorities. The Departmental onboarding site can be associated to an existing departmental hub. > [!NOTE] > To deliver a flexible and consistent new hire onboarding experience the NEO sites consists of **three different SharePoint site templates**, that are designed to work alone or as one cohesive and familiar experience for new hires. Sites must be provisioned individually, and then can be configured to [create a hub](./create-hub-site.md) or [add a site to an existing hub](https://support.microsoft.com/office/associate-a-sharepoint-site-with-a-hub-site-ae0009fd-af04-4d3d-917d-88edb43efc05#:~:text=Associate%20a%20SharePoint%20site%20with%20a%20hub%20site.,to%20your%20site.%20You%20can%20...%20More%20items). The New Employee Onboarding (NEO) sites can be provisioned from the [SharePoint ### Prerequisites -To successfully provision the NEO sites via the SharePoint look book, the person doing the provisioning must be a site collection admin of the tenant where the NEO site(s) will be provisioned. If you have never provisioned a template from the Look book, [review overview guidance](./add-sample-site.md). +To successfully provision the NEO sites via the SharePoint look book, the person doing the provisioning must be a site collection admin of the tenant where the NEO sites will be provisioned. If you have never provisioned a template from the Look book, [review overview guidance](./add-sample-site.md). ### Provision the NEO sites To successfully provision the NEO sites via the SharePoint look book, the person 1. Go to the [SharePoint look book](https://lookbook.microsoft.com/), and under the **Solutions** tab, select one of the following employee onboarding options for provisioning: - - Provision the [New employee pre-onboarding site](https://lookbook.microsoft.com/details/8fefcc9a-7ca4-457f-bd10-acee3ae63b63) + - Provision the [New employee preonboarding site](https://lookbook.microsoft.com/details/8fefcc9a-7ca4-457f-bd10-acee3ae63b63) - Provision the [New employee corporate onboarding site](https://lookbook.microsoft.com/details/388a159f-475b-4557-9088-c9073a26c576) - Provision the [New employee department onboarding site](https://lookbook.microsoft.com/details/99d3b7ea-6ca0-430e-96bc-922d4d2de2ab) As the site collection admin, you may not be the person customizing the sites, s ## Step 2: Customize the onboarding experience -The New Employee Onboarding (NEO) sites consist of three SharePoint site templates that can be customized to fit the needs of your users and organization. Many of the core pages are already built and pre-populated with content. Review content on sites and pages, then plan on customizing content, images, branding, web parts, and pages. +The New Employee Onboarding (NEO) sites consist of three SharePoint site templates that can be customized to fit the needs of your users and organization. Many of the core pages are already built and prepopulated with content. Review content on sites and pages, then plan on customizing content, images, branding, web parts, and pages. -Before you customize NEO site content, ensure you understand the needs of your users and the business objectives of your organization. New hires will need different kinds of support and resources depending on the onboarding phase and culture of your organization. Begin by signing into your account and reviewing pre-populated content. Then, customize content and prepare to share the site with new hires. +Before you customize NEO site content, ensure you understand the needs of your users and the business objectives of your organization. New hires will need different kinds of support and resources depending on the onboarding phase and culture of your organization. Begin by signing into your account and reviewing prepopulated content. Then, customize content and prepare to share the site with new hires. It's important to make sure the right content is available to users at the right time. It's also important to make new employees feel welcome before their first day. Organizations with a standardized onboarding process report 50% greater new-hire productivity. Alternatively, employees who have a negative onboarding experience are twice as likely to look for new opportunities shortly after starting a new job. ### NEO site options: -|Pre-onboarding site|Corporate onboarding site|Departmental onboarding site| +|Preonboarding site|Corporate onboarding site|Departmental onboarding site| |::|::|::| |![Image of the pre-onboarding site](media/neo-preonboarding-thumb.png)|![Image of the corporate onboarding site](media/neo-corp-onboarding-thumb.png)|![Image of thedepartment onbaording site](media/neo-department-onboarding-thumb.png)|-|Share the Pre-onboarding site with new hires as soon as the job offer has been accepted|Share the Corporate onboarding site with new hires on their first day|Managers and onboarding buddies should share their respective Departmental onboarding site| +|Share the Preonboarding site with new hires as soon as the job offer has been accepted|Share the Corporate onboarding site with new hires on their first day|Managers and onboarding buddies should share their respective Departmental onboarding site| > [!NOTE] > There are three NEO site templates that can be used alone or all together. Check with your site collection administrator to confirm which NEO sites were provisioned and are available for customizations. -1. **New employee pre-onboarding site:** A site for new hires, who have yet to officially join the company, to learn more about the company they have joined and to get ready for their official start date. External guest access can be used for pre-start hires who don't already have corporate credentials to give them access to the Pre-onboarding site only. +1. **New employee pre-onboarding site:** A site for new hires, who have yet to officially join the company, to learn more about the company they have joined and to get ready for their official start date. External guest access can be used for prestart hires who don't already have corporate credentials to give them access to the Preonboarding site only. > [!IMPORTANT] > Enable external sharing for the Pre-onboarding site. The Pre-onboarding site is intended to be shared with new hires as soon as they sign their offer letter, but before they start their first day at work. Therefore, this site needs to be shared with external users. External sharing is off by default for SharePoint communication sites. In order for site owners to share externally, [turn on external sharing](./change-external-sharing-site.md?branch=hokavian-neo-sites) for the Pre-onboarding site. 2. **New employee corporate onboarding site:** A place for new hires to visit to get the information and connections they need to successfully onboard to the organization. -3. **New employee departmental onboarding site:** A place for new hires to visit to learn more about the department they are joining, its people, culture, and priorities. Consider associating departmental onboarding sites with existing department portals if you have them. +3. **New employee departmental onboarding site:** A place for new hires to visit to learn more about the department they're joining, its people, culture, and priorities. Consider associating departmental onboarding sites with existing department portals if you have them. ### Get started - Sign into your Microsoft 365 account It's important to make sure the right content is available to users at the right 3. Navigate to the location of the site using the URL supplied by your site collection admin, or select SharePoint from the Microsoft 365 home page, and then select the site. -### Explore and review pre-populated content +### Explore and review prepopulated content To deliver a flexible and consistent new hire onboarding experience the NEO sites consists of three different SharePoint site templates, that are designed to work alone or as one cohesive and familiar experience for new hires. Check with your site collection administrator to confirm which NEO sites were provisioned and are available for customizations. -- Review content in the [Pre-onboarding site](/SharePoint/provision-neo-hub?branch=neo-overview#pre-onboarding-site)+- Review content in the [Preonboarding site](/SharePoint/provision-neo-hub?branch=neo-overview#pre-onboarding-site) - Review content in the [Corporate onboarding site](/SharePoint/provision-neo-hub?branch=neo-overview#corporate-new-hire-site) - Review content in the [Department onboarding site](/SharePoint/provision-neo-hub?branch=neo-overview#departmental-onboarding) > [!NOTE] > The NEO sites come with many pre-built pages that can be identified in the site navigation with this symbol ">>." Determine which pages and content to keep, edit, or delete based on the needs of your organization. -#### New employee pre-onboarding site +#### New employee preonboarding site ![Image the Pre-onboarding site](media/neo-preonboarding.png) -The pre-onboarding site is where a new hire starts their onboarding journey. This site is for new hires who have accepted their job offer but have not officially joined the company yet. In this stage, new hires will be interested in learning more about the company, how to get ready for their official start date, and who to go to for questions. +The preonboarding site is where a new hire starts their onboarding journey. This site is for new hires who have accepted their job offer but have not officially joined the company yet. In this stage, new hires will be interested in learning more about the company, how to get ready for their official start date, and who to go to for questions. ##### Pre-populated site content The corporate onboarding site is the landing place for the new employee onboardi - **Home page** ΓÇô Provide a high-level view of significant concepts that will be relevant to new users. This page is a great location to help new employees build their network and learn from more experienced and knowledgeable employees with [Microsoft Teams live events](/microsoftteams/teams-live-events/what-are-teams-live-events#:~:text=Microsoft%20365%20live%20events%20bring%20live%20video%20streaming,community%20resides%2C%20using%20Microsoft%20Stream%2C%20Teams%2C%20or%20Yammer.) -- **Start here** ΓÇô Specify what new hires should do in their first 30, 60, and 90 days of onboarding by creating an onboarding process in on the Start your journey here page. The new hire checklist found in this section comes pre-populated with a set of generic onboarding activities. Customize list content to meet your needs. [Learn more about working with SharePoint lists](https://support.microsoft.com/office/introduction-to-lists-0a1c3ace-def0-44af-b225-cfa8d92c52d7).+- **Start here** ΓÇô Specify what new hires should do in their first 30, 60, and 90 days of onboarding by creating an onboarding process in on the Start your journey here page. The new hire checklist found in this section comes prepopulated with a set of generic onboarding activities. Customize list content to meet your needs. [Learn more about working with SharePoint lists](https://support.microsoft.com/office/introduction-to-lists-0a1c3ace-def0-44af-b225-cfa8d92c52d7). - **Who we are** ΓÇô Introduce users to more detail about the organization in the Our story, Our leadership, Our teams pages. Customize these pages and the Office locations page for your organization. Or, link to an existing leadership page instead. Here, users need to learn about departmental leadership, culture, goals, and res ### Customize the content and look of your NEO sites -Now that you've reviewed the pre-built pages and pre-populated content, you are ready to customize the NEO experience for your organization. +Now that you've reviewed the pre-built pages and prepopulated content, you are ready to customize the NEO experience for your organization. #### Navigation Considering associating the departmental onboarding site to an existing corporat ## Step 3: Share the NEO sites with end users -After customizing content, get ready to share the new onboarding experience with new hires. Different permissions will apply to the Pre-onboarding site since users will be external guests. Once new hires start working, use internal permissions sharing instructions to give access to the corporate onboarding site. +After customizing content, get ready to share the new onboarding experience with new hires. Different permissions will apply to the Preonboarding site since users will be external guests. Once new hires start working, use internal permissions sharing instructions to give access to the corporate onboarding site. -### Share the Pre-onboarding site +### Share the Preonboarding site > [!NOTE] > If you are unable to add visitors (external users, also referred to as guests) to the pre-boarding site, work with your SharePoint Administrator to [turn on external sharing for a SharePoint site](./change-external-sharing-site.md). |
SharePoint | Provision Sss Lookbook | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/provision-sss-lookbook.md | Last updated 09/10/2020 Title: Provision the SharePoint Success Site from the look book --++ recommendations: true audience: Admin |
SharePoint | Provision Sss | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/provision-sss.md | Last updated 08/21/2020 Title: Provision the SharePoint Success Site --++ recommendations: true audience: Admin Before getting started, [watch the provisioning instructional video](https://www ## Meet the requirements -Before provisioning the SharePoint Success Site, meet the requirements for both the **person** provisioning and the **tenant.** Your tenant's configuration will determine what path you need to take to install the SharePoint Success Site. Start by reviewing the SharePoint Success Site requirements below to prepare your tenant. +Before provisioning the SharePoint Success Site, meet the requirements for both the **person** provisioning and the **tenant.** Your tenant's configuration determines what path you need to take to install the SharePoint Success Site. Start by reviewing the SharePoint Success Site requirements below to prepare your tenant. |Admin role requirements|+|Tenant requirements|=|Ready to provision| |::|::|::|::|::| ### Admin requirements -The **person** doing the provisioning must be a Global Administrator (sometimes called a tenant admin) where the SharePoint Success Site will be provisioned *and must also be* a site admin for the App Catalog. +The **person** doing the provisioning must be a Global Administrator (sometimes called a tenant admin) where the SharePoint Success Site is provisioned *and must also be* a site admin for the App Catalog. |Global Administrator role|+|Admin of the App Catalog|=|Admin role requirements met| |::|::|::|::|::| The **person** doing the provisioning must be a Global Administrator (sometimes - **Yes** - Next, confirm your tenant has already enabled the App Catalog. - **No** - Partner with your global admin to get the site provisioned. [Learn more about admin roles](/microsoft-365/admin/add-users/about-admin-roles). -If you aren't sure, you can confirm your role by signing in to office.com. If you're a Global Administrator, you'll see an Admin center app icon in the app launcher next to your Microsoft 365 apps. +If you aren't sure, you can confirm your role by signing in to office.com. If you're a Global Administrator, you see an Admin center app icon in the app launcher next to your Microsoft 365 apps. **Are you a site administrator for the App Catalog?** If you aren't sure, you can confirm your role by signing in to office.com. If yo #### Tenant requirements -The **tenant** where the site will be provisioned must have the [App Catalog](./use-app-catalog.md) installed *and* have the latest version of [Microsoft 365 learning pathways](/office365/customlearning/#:~:text=Microsoft%20365%20learning%20pathways%20is%20a%20customizable%2C%20on-demand,adoption%20of%20Microsoft%20365%20services%20in%20your%20organization.) installed. Your tenant must have **version 4.0 or higher** of Microsoft 365 learning pathways. +The **tenant** where the site is provisioned must have the [App Catalog](./use-app-catalog.md) installed *and* have the latest version of [Microsoft 365 learning pathways](/office365/customlearning/#:~:text=Microsoft%20365%20learning%20pathways%20is%20a%20customizable%2C%20on-demand,adoption%20of%20Microsoft%20365%20services%20in%20your%20organization.) installed. Your tenant must have **version 4.0 or higher** of Microsoft 365 learning pathways. |App Catalog installed|+|Microsoft 365 learning pathways 4.0 or higher installed|=|Tenant requirements met| |::|::|::|::|::| Ready to get started provisioning? Review the [provisioning instructions](#provi **Does your tenant have the App Catalog installed?** -- **Yes** - Next, confirm you are an administrator of the App Catalog.-- **No** - Next, [enable the App Catalog](https://www.bing.com/videos/search?q=where+to+find+the+app+catogue+in+sharepoint&docid=608008189208497248&mid=99CF7FB554B328AC189899CF7FB554B328AC1898&view=detail&FORM=VIRE) (this will take about 30 minutes).+- **Yes** - Next, confirm you're an administrator of the App Catalog. +- **No** - Next, [enable the App Catalog](https://www.bing.com/videos/search?q=where+to+find+the+app+catogue+in+sharepoint&docid=608008189208497248&mid=99CF7FB554B328AC189899CF7FB554B328AC1898&view=detail&FORM=VIRE) (this takes about 30 minutes). -If you are unsure, navigate to the SharePoint admin center, then select **Sites** > <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites**</a>. The **App Catalog** will appear in the list of sites. +If you're unsure, navigate to the SharePoint admin center, then select **Sites** > <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites**</a>. The **App Catalog** appears in the list of sites. ![Active sites in the SharePoint admin center](media/sss-active-sites.png) If you are unsure, navigate to the SharePoint admin center, then select **Sites* **Does your tenant have Microsoft 365 learning pathways provisioned?** -- **Yes** - Next, confirm you are using version 4.0 or higher.+- **Yes** - Next, confirm you're using version 4.0 or higher. - **No** - [Provision Microsoft 365 learning pathways](/office365/customlearning/) for the first time. -If you are unsure, navigate to the SharePoint admin center, then select **Sites** > <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites**</a>. **Microsoft 365 learning pathways** will appear in the list of sites. +If you're unsure, navigate to the SharePoint admin center, then select **Sites** > <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites**</a>. **Microsoft 365 learning pathways** appear in the list of sites. **Is your tenant's version of learning pathways version 4.0 or higher?** -- **Yes** - You are ready to [provision the SharePoint Success Site](#provision-the-sharepoint-success-site-1).+- **Yes** - You're ready to [provision the SharePoint Success Site](#provision-the-sharepoint-success-site-1). - **No** - Update to version 4.0 or higher and then provision the SharePoint Success Site from the Microsoft 365 learning pathways administration page. -If you are unsure, navigate to your tenant's **Microsoft 365 learning pathways administration page** and select the ellipses **(...)** +If you're unsure, navigate to your tenant's **Microsoft 365 learning pathways administration page** and select the ellipses **(...)** > [!div class="mx-imgBorder"] > ![Image learning pathways admin page](media/sss-lp-version.png) In this step, you upload the Microsoft 365 learning pathways 4.0 web part to the 6. Select **Upload > Choose Files**. 7. Select the customlearning.sppkg file you downloaded, then select **OK > Deploy**. 8. From the Learning Pathways site, select Learning pathways administration from the Home menu.-9. You'll see a prompt asking if you want to update, then select **Start**. +9. You see a prompt asking if you want to update, then select **Start**. 10. When the update is complete, select **Close**. ## Provision the SharePoint Success Site -Once you've confirmed the following, you are ready to provision: +Once you've confirmed the following, you're ready to provision: -- You are signed in as a Global Administrator.+- You're signed in as a Global Administrator. - Your tenant has the App Catalog enabled.-- You are a site administrator for the App Catalog.+- You're a site administrator for the App Catalog. - Your tenant has version 4.0 or higher of Microsoft 365 learning pathways provisioned. -We recommend that you install the SharePoint Success Site by using the following steps. As an alternative, you [can install the SharePoint Success Site from the look book](./provision-sss-lookbook.md), just make sure you follow all instructions. Before getting started, [watch the provisioning instructions video](https://www.youtube.com/watch?v=HZjxBAKVnJs&feature=youtu.be) +We recommend that you install the SharePoint Success Site by using the following steps. As an alternative, you [can install the SharePoint Success Site from the look book](./provision-sss-lookbook.md), just make sure you follow all instructions. Before getting started, [watch the provisioning instructions video.](https://www.youtube.com/watch?v=HZjxBAKVnJs&feature=youtu.be) ### Provision the SharePoint Success Site to your tenant from the Learning pathways administrative page We recommend that you install the SharePoint Success Site by using the following 8. Fill out the email address and URL details and then select **Provision**. 9. Select **Complete**. -10. When you see **Provisioning completed** on the provisioning page, you'll see a new tab appear in your browser called **CustomLearningAdmin**. Select the **CustomLearningAdmin** tab as shown in the following image: +10. When you see **Provisioning completed** on the provisioning page, you see a new tab appear in your browser called **CustomLearningAdmin**. Select the **CustomLearningAdmin** tab as shown in the following image: > [!div class="mx-imgBorder"] > ![Image of the Microsoft 365 learning pathways solution tab](media/custom-learning-admin-tab.png) We recommend that you install the SharePoint Success Site by using the following ## Add Site owners -Assign a few Site owners to grant administrative privileges to customize the site and training content. In order to hide, show, or enable playlists, users will need Site owner or Site member permissions to the Microsoft 365 learning pathways site. In order to edit the look, navigation, and site content, users will need Site owner or Site member permissions to the SharePoint Success Site. +Assign a few Site owners to grant administrative privileges to customize the site and training content. In order to hide, show, or enable playlists, users need Site owner or Site member permissions to the Microsoft 365 learning pathways site. In order to edit the look, navigation, and site content, users need Site owner or Site member permissions to the SharePoint Success Site. **Add Site owners or members to both sites**: Assign a few Site owners to grant administrative privileges to customize the sit ### Next steps - customize the SharePoint Success Site -Share the URLs for the Microsoft 365 learning pathways administration site and the SharePoint Success site with the Site owners and members who will be responsible for customizing the site. Then, [customize](./customize-sss.md) Microsoft 365 learning pathways playlist content and the look and feel of your SharePoint Success Site to meet the needs of your organization. +Share the URLs for the Microsoft 365 learning pathways administration site and the SharePoint Success site with the Site owners and members who are responsible for customizing the site. Then, [customize](./customize-sss.md) Microsoft 365 learning pathways playlist content and the look and feel of your SharePoint Success Site to meet the needs of your organization. ### Site provisioning help Share the URLs for the Microsoft 365 learning pathways administration site and t Answer: - Ensure SharePoint Online is enabled in your environment.-- The individual that will provision the SharePoint Success Site must be the Global Administrator of the target tenant for install.-- The tenant where the site will be provisioned must have:+- The individual that provisions the SharePoint Success Site must be the Global Administrator of the target tenant for install. +- The tenant where the site is provisioned must have: - The App Catalog installed - Version 4.0 or higher of [Microsoft 365 learning pathways](/office365/customlearning/#:%7E:text=Microsoft%20365%20learning%20pathways%20is%20a%20customizable%2C%20on-demand,adoption%20of%20Microsoft%20365%20services%20in%20your%20organization.) installed Answer: A Global Administrator. Answer: -It is likely that the content pack has not been fully installed. You must return to the **CustomLearningAdmin** page that will appear when site provisioning is done to complete the installation. Confirm you have followed steps 10 through 12 above. Review the [provisioning video](https://www.youtube.com/watch?v=HZjxBAKVnJs&feature=youtu.be) for more detail. +It's likely that the content pack hasn't been fully installed. You must return to the **CustomLearningAdmin** page that will appear when site provisioning is done to complete the installation. Confirm you have followed steps 10 through 12 above. Review the [provisioning video](https://www.youtube.com/watch?v=HZjxBAKVnJs&feature=youtu.be) for more detail. **Question: Who has permission to customize the site template?** |
SharePoint | Publish Content Type | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/publish-content-type.md | Last updated 06/19/2020 Title: "Publish a content type" --++ recommendations: true audience: Admin |
SharePoint | Publishing Sites Classic To Modern Experience | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/publishing-sites-classic-to-modern-experience.md | Last updated 09/19/2018 Title: "Why move from publishing sites to communication sites? - SharePoint" --++ recommendations: true audience: Admin |
SharePoint | Query Throttling | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/query-throttling.md | Last updated 07/11/2018 Title: "Manage query client types" --++ recommendations: true audience: Admin |
SharePoint | Refinement Web Part | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/refinement-web-part.md | Title: "Change settings for the Refinement Web Part" --++ recommendations: true Last updated 6/29/2018 |
SharePoint | Remove Columns Content Type | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/remove-columns-content-type.md | Last updated 06/19/2020 Title: "Remove columns from a content type" --++ recommendations: true audience: Admin |
SharePoint | Remove Hub Site | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/remove-hub-site.md | Last updated 07/11/2018 Title: "Remove a hub site" --++ recommendations: true audience: Admin search.appverid: - SPO160 - MET150 ms.assetid: 8b1f8b6b-09c6-41c9-b1ca-88cbeee86ba2-description: "In this article, you'll learn about how to remove (un-register) a hub site so that it no longer remains a hub site." +description: "In this article, you learn about how to remove (unregister) a hub site so that it no longer remains a hub site." # Unregister a site as a hub site -If you're a Global Administrator or SharePoint Administrator in Microsoft 365, you can make a hub site no longer a hub site (unregister it as a hub site). Make sure you do this before you delete the hub site. When you unregister a hub site, the associated sites will not automatically disassociate from the hub site. Disassociating a site will remove the hub site navigation bar from the top of the site. The look that the site inherited from the hub site will stay the same and features such as additional navigation links, applications, or custom lists with specific columns that were added as part of the inherited hub site design will remain. Any hub-site-related web parts added to the home page will only show information from the site instead of from sites associated with the hub. +If you're a Global Administrator or SharePoint Administrator in Microsoft 365, you can make a hub site no longer a hub site (unregister it as a hub site). Make sure you do this before you delete the hub site. When you unregister a hub site, the associated sites won't automatically disassociate from the hub site. Disassociating a site removes the hub site navigation bar from the top of the site. The look that the site inherited from the hub site stays the same and features such as additional navigation links, applications, or custom lists with specific columns that were added as part of the inherited hub site design will remain. Any hub-site-related web parts added to the home page will only show information from the site instead of from sites associated with the hub. ## Unregister a hub site in the new SharePoint admin center If you're a Global Administrator or SharePoint Administrator in Microsoft 365, y 3. Select **OK**. -## Related topics +## Related articles To learn how to use Microsoft PowerShell to manage and delete hub sites, see [Manage SharePoint hub sites](/sharepoint/dev/features/hub-site/hub-site-powershell). |
SharePoint | Remove Search Results | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/remove-search-results.md | Last updated 07/11/2018 Title: "Remove search results" --++ recommendations: true audience: End User |
SharePoint | Remove Users | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/remove-users.md | Last updated 01/07/2019 Title: Troubleshoot user profile removal issues in SharePoint --++ recommendations: true audience: Admin search.appverid: - GSP150 - MET150 ms.assetid: 494bec9c-6654-41f0-920f-f7f937ea9723-description: "In this article, you'll learn how to troubleshoot user profile removal issues in SharePoint." +description: "In this article, you learn how to troubleshoot user profile removal issues in SharePoint." # Troubleshoot user profile removal issues in SharePoint This article describes how to remove users so they no longer appear in SharePoin - **Scenario 1: Someone is deleted from the Microsoft 365 admin center but still appears in SharePoint.** - When a user or guest browses to a SharePoint site, their user information is cached in the UserInfo list. When the user or guest is deleted, their related UserInfo information is not removed. Their profile still appears, which may cause confusion when people view the people picker. + When a user or guest browses to a SharePoint site, their user information is cached in the UserInfo list. When the user or guest is deleted, their related UserInfo information isn't removed. Their profile still appears, which may cause confusion when people view the people picker. - **Scenario 2: Site User ID Mismatch.** For the steps to delete a user in the Microsoft 365 admin center, see [Delete a 3. Select **Delete a user**. -4. Select the user, click **Select**, and then click **Delete**. +4. Select the user, select **Select**, and then select **Delete**. ## Delete a guest by using the SharePoint Online Management Shell The preceding steps removed access to Microsoft 365 and SharePoint. However, the ### Browsing site by site in SharePoint -You'll have to browse to each site collection that the user or guest visited, and then follow these steps: +You have to browse to each site collection that the user or guest visited, and then follow these steps: > [!NOTE] > This option is available only if the user previously browsed to the site collection. They won't be listed if they were granted access but never visited the site. 1. Browse to the site and edit the URL by adding the following string to the end of it: **/_layouts/15/people.aspx?MembershipGroupId=0** - For example, the full URL will resemble the following: **`https://fabrikam.sharepoint.com/_layouts/15/people.aspx?membershipGroupId=0`** + For example, the full URL resembles the following: **`https://fabrikam.sharepoint.com/_layouts/15/people.aspx?membershipGroupId=0`.** 2. Select the person from the list, and then on the **Actions** menu, select **Delete Users from Site Collection**. You'll have to browse to each site collection that the user or guest visited, an ## Clear browser history -SharePoint uses browser caching in several scenarios, including in the people picker. Even when a user is fully removed, he or she may still remain in the browser cache. Clearing the browser history resolves this issue. For info about doing this in Edge, see [View and delete browser history in Microsoft Edge](https://support.microsoft.com/help/10607). +SharePoint uses browser caching in several scenarios, including in the people picker. Even when a user is fully removed, he or she may still remain in the browser cache. Clearing the browser history resolves this issue. For info about doing this in Microsoft Edge, see [View and delete browser history in Microsoft Edge](https://support.microsoft.com/help/10607). When you clear the browser history, make sure that you also select to clear cookies and website data. |
SharePoint | Request App Installation Permissions | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/request-app-installation-permissions.md | Title: "Overview of apps in SharePoint in Microsoft 365" --++ recommendations: true Last updated 5/22/2018 At this point, site owners can check the **Your Requests** list to view the stat ## Delegate approval authority -As a Global Administrator or SharePoint Administrator in your organization, you can delegate app approval authority as a way of spreading the approval work around, or alleviating approval bottlenecks. Remember that apps are stored and managed in the Apps site. To grant app approval permission to select users, you can add them as site admins on the Apps site. +As a Global Administrator or SharePoint Administrator in your organization, you can delegate app approval authority as a way of spreading the approval workaround, or alleviating approval bottlenecks. Remember that apps are stored and managed in the Apps site. To grant app approval permission to select users, you can add them as site admins on the Apps site. > [!CAUTION] > When you add users as site admins on the Apps site, you are giving them the ability to approve the installation of apps that have organization-wide impact. Consider this decision carefully. |
SharePoint | Required Urls And Ports | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/required-urls-and-ports.md | Title: "Required URLs and ports for OneDrive consumer" --++ Last updated 04/3/2018 audience: Admin |
SharePoint | Restore Deleted Site Collection | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/restore-deleted-site-collection.md | Last updated 07/11/2018 Title: "Restore deleted sites" --++ recommendations: true audience: Admin |
SharePoint | Review Communication Apps | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/review-communication-apps.md | Last updated 07/26/2021 Title: "Review communication tools" --++ recommendations: true audience: Admin Build communities of interest, gather ideas, request feedback, and keep everyone | Logo | Details | | :: | :- |-| ![Viva Engage logo.](mediIAnUrWBA) until the conversation picks up naturally over time <br><br> **Analytics:** <br> - View [insights about questions and answers](https://support.microsoft.com/office/view-insights-about-questions-and-answers-in-viva-engage-fcde33cf-ee3f-4cc8-aa47-c6d0f3fc5dc0) in Viva Engage <br> - View insights about [Viva Engage community or group activity](https://support.microsoft.com/office/view-community-or-group-insights-in-yammer-06c5494a-d77c-410c-9464-98bc0b9dad84) <br> - [Determine how many people have seen a Viva Engage conversation](/microsoft-365/admin/activity-reports/viva-engage-activity-report) +| ![Viva Engage logo.](mediIAnUrWBA) until the conversation picks up naturally over time <br><br> **Analytics:** <br> - View [insights about questions and answers](https://support.microsoft.com/office/view-insights-about-questions-and-answers-in-viva-engage-fcde33cf-ee3f-4cc8-aa47-c6d0f3fc5dc0) in Viva Engage <br> - View insights about [Viva Engage community or group activity](https://support.microsoft.com/office/view-community-or-group-insights-in-yammer-06c5494a-d77c-410c-9464-98bc0b9dad84) <br> - [Determine how many people have seen a Viva Engage conversation](https://support.microsoft.com/topic/analytics-in-viva-engage-0d9f6fd5-6b0c-45a2-a0aa-0576ae1f6895) Microsoft Stream is video service where people in your organization can upload, | ![Microsoft Stream logo.](media/logo-stream-1.png) |**Engagement options:** <br> - [Share Stream videos](/stream/portal-share-video) in email, Teams channels and chats, or in Viva Engage <br> - [Use the Stream web part](https://support.microsoft.com/office/use-the-stream-web-part-b97fa87c-1337-4271-a059-17f0d2b26e8b) to embed a video in a SharePoint page or news post <br> - [Upload recordings from Teams meetings into Stream](/stream/portal-upload-teams-meeting-recording) to organize and store content <br> - Consider using [Stream for live events](https://support.microsoft.com/office/get-started-with-microsoft-teams-live-events-d077fec2-a058-483e-9ab5-1494afda578a) when you need to reach large audiences and want to record the session to share with others <br><br> **Set up and maintenance options:** <br> - Stream uses [Microsoft 365 groups](/stream/portal-create-groups) and [channels](/stream/portal-create-channel) to make it easy to share and collaborate on content and manage access <br> - There are [video quotas and limitations](/stream/quotas-and-limitations) depending on your organizationΓÇÖs license. ## Viva: Personalized employee experiences -Microsoft Viva is made up of several apps that focus on specific employee experience areas and can be accessed in Teams. Viva apps are integrated with existing M365 apps like SharePoint, Viva Engage, and Teams. Some Viva apps can help organize, personalize, and amplify organizational communications. Other Viva apps will compliment popular business scenarios and can be combined to create more powerful experiences. [Learn more about Microsoft Viva](/viva/microsoft-viva-overview). +Microsoft Viva is made up of several apps that focus on specific employee experience areas and can be accessed in Teams. Viva apps are integrated with existing M365 apps like SharePoint, Viva Engage, and Teams. Some Viva apps can help organize, personalize, and amplify organizational communications. Other Viva apps will complement popular business scenarios and can be combined to create more powerful experiences. [Learn more about Microsoft Viva](/viva/microsoft-viva-overview). | Logo | Details | | :: | :- | |
SharePoint | Roll Out Sharepoint Onedrive | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/roll-out-sharepoint-onedrive.md | Last updated 06/10/2022 Title: Roll out SharePoint and OneDrive --++ recommendations: true audience: Admin |
SharePoint | Safeguarding Your Data | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/safeguarding-your-data.md | Title: "Cloud data security measures in SharePoint & OneDrive" recommendations: true--++ Last updated 5/25/2018 audience: Admin f1.keywords: |
SharePoint | Switch From Enterprise Search Center To Basic | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/switch-from-enterprise-search-center-to-basic.md | Title: "Switch from an Enterprise Search Center to Basic in SharePoint" --++ recommendations: true Last updated 7/25/2019 description: "Learn how to swap your default search center from Enterprise back >This feature is gradually rolling out and might not be available yet for your organization. -The Basic Search Center is a classic search experience. To offer your users a richer search experience, you can either switch from a Basic Search Center to an Enterprise Search Center or rely on the modern search experience that SharePoint comes with. [Learn about differences between classic and modern search](./differences-classic-modern-search.md) and [when to choose which search experience](./get-started-with-modern-search-experience.md) for your organization. +The Basic Search Center is a classic search experience. To offer your users a richer search experience, you can do one of the two things: +- Switch from a Basic Search Center to an Enterprise Search Center +- Rely on the modern search experience that SharePoint comes with. +[Learn about differences between classic and modern search](./differences-classic-modern-search.md) and [when to choose which search experience](./get-started-with-modern-search-experience.md) for your organization. -If you are currently using the Enterprise Search Center, you can easily replace (swap) it with the Basic Search Center if needed. This will result in your users seeing the classic search experience in their default search home page and default search results page. You can use the [Invoke-SPOSiteSwap](/powershell/module/sharepoint-online/invoke-spositeswap) PowerShell cmdlet to do this. +If you're currently using the Enterprise Search Center, you can easily replace (swap) it with the Basic Search Center if needed. This feature results in your users seeing the classic search experience in their default search home page and default search results page. You can use the [Invoke-SPOSiteSwap](/powershell/module/sharepoint-online/invoke-spositeswap) PowerShell cmdlet to swap the Search Centers. ## How to use Invoke-SPOSiteSwap to swap your Search Center sites Invoke-SPOSiteSwap |-|--| | -SourceUrl | The site you want to promote. | | -TargetUrl | The site you want to replace. |-| -ArchiveUrl | URL that the target site will be archived to. | +| -ArchiveUrl | URL that the target site is archived to. | Here's an example of how to use these parameters when swapping an existing Enterprise Search Center to Basic: -- **For your -SourceUrl**, you need the URL of your Basic Search Center site. The site must exist before running the cmdlet. For our example, we'll use \<spam\>\<spam\>https://contoso.sharepoint.com/sites/SiteSearch\<spam\>\<spam\>.+- **For your -SourceUrl**, you need the URL of your Basic Search Center site. The site must exist before running the cmdlet. For our example, we use \<spam\>\<spam\>https://contoso.sharepoint.com/sites/SiteSearch\<spam\>\<spam\>. You can [create a Basic Search Center site](https://support.office.com/article/449eccec-ff99-4cf3-b62e-dcfee37e8da4) from an Enterprise site template.-- **For your -TargetUrl**, you need the URL of your Enterprise Search Center site that you want to replace. For our example, we'll use \<spam\>\<spam\>https://contoso.sharepoint.com/search\<spam\>\<spam\>.-- **For your -ArchiveUrl**, use a Url that does not currently exist at the location. Your Enterprise Search Center site will be archived to this site location. For our example, we'll use \<spam\>\<spam\>https://contoso.sharepoint.com/sites/ArchivedEntSearch\<spam\>\<spam\>. +- **For your -TargetUrl**, you need the URL of your Enterprise Search Center site that you want to replace. For our example, we use \<spam\>\<spam\>https://contoso.sharepoint.com/search\<spam\>\<spam\>. +- **For your -ArchiveUrl**, use a Url that doesn't currently exist at the location. Your Enterprise Search Center site is archived to this site location. For our example, we use \<spam\>\<spam\>https://contoso.sharepoint.com/sites/ArchivedEntSearch\<spam\>\<spam\>. Here's how to use the examples above in the Invoke-SPOSiteSwap cmdlet: Invoke-SPOSiteSwap -SourceUrl https://contoso.sharepoint.com/sites/SearchSite -T ``` Successfully running the cmdlet above would result in:-- Basic Search will be the default Search Center experience. When users go to \<spam\>\<spam\>https://contoso.sharepoint.com/search\<spam\>\<spam\>, they will now be using the Basic Search Center.+- Basic Search is the default Search Center experience. When users go to \<spam\>\<spam\>https://contoso.sharepoint.com/search\<spam\>\<spam\>, they'll now be using the Basic Search Center. - The Enterprise Search Center site will no longer be available as the default Search Center experience. |
SharePoint | Teams Connected Sites | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/teams-connected-sites.md | Last updated 07/28/2023 Title: Teams and SharePoint integration --++ recommendations: true audience: Admin |
SharePoint | Trad Vs Modern Intranet | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/trad-vs-modern-intranet.md | Last updated 05/21/2020 Title: How to think about your intelligent intranet--++ recommendations: true audience: Admin |
SharePoint | Training Change Management | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/training-change-management.md | Last updated 06/10/2022 Title: Training and change management for rolling out SharePoint and OneDrive --++ recommendations: true audience: Admin description: Learn about how to help your users adopt and use SharePoint and One # Training and change management for rolling out SharePoint and OneDrive -Using SharePoint and OneDrive can be a big change for your users, depending on what your current systems are. Spend time understanding your user journeys - those sequences of tasks that users regularly follow in the course of their work. Determine how using SharePoint and OneDrive fit into these journeys and use that information to create a transition plan and resources to help your users. +Using SharePoint and OneDrive can be a significant change for your users, depending on what your current systems are. Spend time understanding your user journeys - those sequences of tasks that users regularly follow in the course of their work. Determine how using SharePoint and OneDrive fit into these journeys and use that information to create a transition plan and resources to help your users. As part of your change management plan, review how your users do core tasks such as: As part of your change management plan, review how your users do core tasks such - How to share files with people outside the organization - How to create a site or other location for collaboration with others -Your users will need to learn how to do these tasks in SharePoint and OneDrive. The resources in this article can help users learn how to do these and other tasks. If you have specific business processes around these tasks, you may need to create separate documentation for your users to incorporate that. +Your users need to learn how to do these tasks in SharePoint and OneDrive. The resources in this article can help users learn how to do these and other tasks. If you have specific business processes around these tasks, you may need to create separate documentation for your users to incorporate that. -If you'll be using both your existing solution and Microsoft 365 during your rollout, consider how users will navigate back and forth and include that in the guidance you give your users. +If you are using both your existing solution and Microsoft 365 during your rollout, consider how users navigate back and forth and include that in the guidance you give your users. Consider these options for helping your users navigate the transition to SharePoint and OneDrive: - Office hours where users can attend or call in to ask questions. - Special support channels for users in the process of migrating to SharePoint and OneDrive.-- Single-page or very brief printouts or electronic documents that give steps to core tasks.+- Single-page or brief printouts or electronic documents that give steps to core tasks. - Before and after guidance that shows the old and new way of doing tasks. ## Resources for your users -The training resources in this section can help your users learn the everyday tasks they'll need to know to be successful with SharePoint and OneDrive. +The training resources in this section can help your users learn the everyday tasks they need to know to be successful with SharePoint and OneDrive. ### Getting started For more information about Viva Learning, see [Overview of Microsoft Viva Learni > [!div class="nextstepaction"] > [Roll out SharePoint and OneDrive](roll-out-sharepoint-onedrive.md) -## Related topics +## Related articles [Plan for SharePoint and OneDrive in Microsoft 365](plan-for-sharepoint-onedrive.md) |
SharePoint | Understanding Permission Levels | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/understanding-permission-levels.md | Last updated 10/15/2018 Title: "Understanding permission levels in SharePoint" --++ recommendations: true audience: ITPro The following table describes the default permission levels and associated permi |**Group**|**Permission level**| |:--|:--| |**Visitors** <br/> |**Read** This level includes these permissions: <br/> Open <br/> View Items, Versions, pages, and Application pages <br/> Browse User Information <br/> Create Alerts <br/> Use Self-Service Site Creation <br/> Use Remote Interfaces <br/> Use Client Integration Features <br/> |-|**Members** <br/> |**Edit** This level includes all permissions in Read, plus: <br/> View, add, update and delete Items <br/> Add, Edit and Delete Lists <br/> Delete Versions <br/> Browse Directories <br/> Edit Personal User Information <br/> Manage Personal Views <br/> Add , Update, or Remove Personal Web Parts <br/> | +|**Members** <br/> |**Edit** This level includes all permissions in Read, plus: <br/> View, add, update and delete Items <br/> Add, Edit and Delete Lists <br/> Delete Versions <br/> Browse Directories <br/> Edit Personal User Information <br/> Manage Personal Views <br/> Add, Update, or Remove Personal Web Parts <br/> | |**Owners** <br/> |**Full Control** This level includes all available SharePoint permissions. <br/> | ## Site permissions and permission levels |
SharePoint | Use App Catalog | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/use-app-catalog.md | Last updated 07/11/2018 Title: "Manage apps using the Apps site - SharePoint" --++ recommendations: true audience: Admin When you add an app from the SharePoint Store to the Apps site, you make it avai 6. Review app permissions and data access. -7. Some apps have the option to be added to all sites in the organization so that site owners don't have to. If you want to do this, select **Add this app to all sites**. +7. Some apps can be added to all sites in the organization so that site owners don't have to. If you want to do this, select **Add this app to all sites**. 8. Select **Add**. -9. If the app requires additional permissions, a message will appear. Select **Go to API access page** to approve the permission request. +9. If the app requires additional permissions, a message appears. Select **Go to API access page** to approve the permission request. ## Add custom apps <a name="__add_custom_apps"> </a> When you upload a custom app to the Apps site, it's available for users to insta 1. Make sure the **Enabled** checkbox is selected so that users are able to add this app to sites. -1. If it appears, in the **Hosting Licenses** box, specify the number of licenses you think you will need. +1. If it appears, in the **Hosting Licenses** box, specify the number of licenses you think you need. 1. Close the panel. When you upload a custom app to the Apps site, it's available for users to insta App developers can choose to allow administrators to automatically add an app to all sites. This makes the app available for site owners. -If you did not choose to add an app to all sites when you enabled it, you can do so later on the Apps site. +If you didn't choose to add an app to all sites when you enabled it, you can do so later on the Apps site. To add an app to all sites-1. On the Manage apps page, select the app that you want to add to all sites. +1. On the **Manage apps page**, select the app that you want to add to all sites. 1. Select **Add to all sites**. 1. Select **Confirm**. 1. Select **Close**. If you want to prevent users from using an app that you've already enabled, you ## Remove an app from the Apps site <a name="__toc347303053"> </a> -If you no longer want a specific app to be available for users to add, you can remove it from on the Manage apps page. Any instances of the app that have already been added to sites by users will remain, but the app will no longer be available for users to add to additional sites. +If you no longer want a specific app to be available for users to add, you can remove it from on the Manage apps page. Any instances of the app that have already been added to sites by users remain, but the app will no longer be available for users to add to additional sites. > [!IMPORTANT] > If you delete an app, existing instances of the app will no longer work. If you no longer want a specific app to be available for users to add, you can r 1. Select **Delete** to confirm that you want to send the app to the recycle bin. -## Related topics +## Related articles <a name="__toc347303053"> </a> [Configure settings for the SharePoint Store](configure-sharepoint-store-settings.md) |
SharePoint | Use Result Types And Display Templates | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/use-result-types-and-display-templates.md | Title: "Change how search results look by using result types and display templates" --++ recommendations: true Last updated 4/5/2018 |
SharePoint | User Profile Sync | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/user-profile-sync.md | Title: "About user profile synchronization" --++ recommendations: true Last updated 5/21/2020 |
SharePoint | View Popularity Trends And Most Popular Items | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/view-popularity-trends-and-most-popular-items.md | Title: "View Popularity Trends and Most Popular Items" --++ recommendations: true Last updated 6/21/2018 |
SharePoint | View Search Usage Reports Modern Sites | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/view-search-usage-reports-modern-sites.md | Title: "View search usage reports in modern sites" -+ recommendations: true |
SharePoint | What Is Permissions Inheritance | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/what-is-permissions-inheritance.md | Last updated 07/11/2018 Title: "What is permissions inheritance?" --++ recommendations: true audience: Admin |
SharePoint | What S New In Admin Center | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/what-s-new-in-admin-center.md | Last updated 07/11/2018 Title: "What's new in the SharePoint admin center" --++ recommendations: true audience: Admin |
SharePoint | What S New In Sharing In Targeted Release | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/what-s-new-in-sharing-in-targeted-release.md | Last updated 07/11/2018 Title: "Secure external sharing in SharePoint" --++ recommendations: true audience: Admin |
SharePoint | Word Email Summaries | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/word-email-summaries.md | Last updated 09/10/2020 Title: "Summaries in sharing emails for Word docs" --++ recommendations: true audience: Admin |
SharePoint | Install And Configure Workflow For Sharepoint Server | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/governance/install-and-configure-workflow-for-sharepoint-server.md | description: "Learn how to install and configure workflow in SharePoint Server." [!INCLUDE[appliesto-2013-2016-2019-SUB-xxx-md](../includes/appliesto-2013-2016-2019-SUB-xxx-md.md)] This article contains the information and procedures required to configure SharePoint Workflow Manager (SPWFM) for SharePoint Server.+ > [!NOTE] >There are two separate workflow engine products that power the SharePoint 2013 Workflow platform: Microsoft Workflow Manager ("Classic WFM") and SharePoint Workflow Manager (SPWFM). Microsoft Workflow Manager is no longer available to be installed, whereas SharePoint Workflow Manager has been released to replace it. Hence, the instructions outlined in this document explain how to install SharePoint Workflow Manager. - +> [!IMPORTANT] +> The steps in this article apply to SharePoint Server. The SharePoint 2013 Workflow platform is not supported in SharePoint Foundation 2013. + +> [!NOTE] +> You can watch a video series that walks through the process of installing and configuring the SharePoint 2013 Workflow platform. To view the videos, see [Video series: Install and configure Workflow in SharePoint Server 2013](video-series-install-and-configure-workflow-in-sharepoint-server-2013.md). ++Learn about [Workflows for SharePoint in Microsoft 365](../../SharePointOnline/extend-and-develop.md). ## Overview <a name="section1"> </a> The only platform available when you first install SharePoint Server is the Shar |**SharePoint 2010 Workflow** <br/> |Windows Workflow Foundation 3 <br/> |Installs automatically with SharePoint Server. <br/> | |**SharePoint 2013 Workflow** <br/> |Windows Workflow Foundation 4 <br/> |Requires SharePoint Workflow Manager or Microsoft Workflow Manager, and SharePoint Server. <br/> | |**SharePoint 2013 Workflow - Project Server** <br/> |Windows Workflow Foundation 4 <br/> |Requires SharePoint Workflow Manager or Microsoft Workflow Manager, and Project server. <br/> |+ > [!NOTE] > SharePoint Workflow Manager must be downloaded and installed separately from SharePoint Server. It does not install automatically when you install SharePoint Server. ## New installation of SharePoint Workflow Manager SharePoint Workflow Manager may be installed on the same servers as SharePoint or on separate, dedicated servers. It's recommended that SharePoint Workflow Manager is installed on its own dedicated servers for performance and reliability reasons. + > [!NOTE] > SharePoint Workflow Manager is supported in farms having an odd number of hosts, for example, 1, 3, or 5. A farm with 2 or 4 SharePoint Workflow Manager hosts is not supported. ### Prerequisites -SharePoint Workflow Manager requires the server role of Web Server (IIS). If you're installing SharePoint Workflow Manager on a server without the IIS server role installed, the Workflow Manager Configuration Wizard fails with a message like *Could not load file or assembly 'Microsoft.Web.Administration'*. In addition to the features that are installed by default with the Web Server role, SharePoint Workflow Manager requires the following Web Server features: +SharePoint Workflow Manager requires the server role of Web Server (IIS). If you're installing SharePoint Workflow Manager on a server without the IIS server role installed, the Workflow Manager Configuration Wizard fails with messages like *Could not load file or assembly 'Microsoft.Web.Administration'*. Apart from the features that are installed by default, the SharePoint Workflow Manager work requires the following IIS features: - Windows Authentication (under Security) - .NET Extensibility 4.7 (under Application Development) - ASP.NET 4.7 (under Application Development) -> [!NOTE] -> SharePoint Workflow Manager may not be installed and configured correctly with only RODCs (read-only domain controllers) available in the network environment. It requires a RWDC (read/write domain controller). +SharePoint Workflow Manager might not be installed and configured correctly with only RODC (read-only domain controller) provided in the network environment as it requires RWDC (read/write DC, full DC). + SharePoint Workflow Manager requires Azure Service Fabric, which must be installed before you run SharePoint Workflow Manager setup. If the Azure Service Fabric Runtime isn't already installed, follow these steps below to install it: 1. The minimum version of Azure Service Fabric Runtime supported by SharePoint Workflow Manager is 9.1.1583.9590, and you can download it from [Azure Service Fabric Runtime](https://download.microsoft.com/download/b/8/a/b8a2fb98-0ec1-41e5-be98-9d8b5abf7856/MicrosoftServiceFabric.9.1.1583.9590.exe). Or you can find and download any higher version of its Windows Installer from [here](/azure/service-fabric/service-fabric-get-started#install-the-sdk-and-tools). SharePoint Workflow Manager requires Azure Service Fabric, which must be install `.\MicrosoftServiceFabric.9.1.1583.9590.exe /accepteula` 3. To verify the Azure Service Fabric is installed, you should be able to find it in the Programs and Features of the Control Panel.+ > [!NOTE]-> SharePoint Workflow Manager supports the version 9.1 CU2 (9.1.1583.9590) of Azure Service Fabric and [higher versions](/azure/service-fabric/service-fabric-versions). -> -> If **Windows Fabric** is already installed on your machine, you must uninstall it before installing Azure Service Fabric. -> -> ItΓÇÖs been reported that Azure Service Fabric might generate a large number of logs, reducing the disk space. This can occur regardless of the SharePoint Workflow Manager workload. You can identify this issue by looking at the files generated in the `%ProgramData%\Microsoft Service Fabric\Log\Traces` directory. You can't control the log size through the [cluster configuration](/azure/service-fabric/service-fabric-cluster-fabric-settings#diagnostics), with only Azure Service Fabric Runtime installed. You might need to delete expired logs manually, or for example, create a periodic task through the Windows Task Scheduler to do it. +> SharePoint Workflow Manager supports the version 9.1 CU2 (9.1.1583.9590) of Azure Service Fabric and [higher versions](/azure/service-fabric/service-fabric-versions). If **Windows Fabric** is already installed on your machine, you must uninstall it before installing Azure Service Fabric. +> +> ItΓÇÖs been reported that Azure Service Fabric might generate a large amount of logs squeezing the disk space regardless of the SharePoint Workflow Manager workload, and you can identify it under the `%ProgramData%\Microsoft Service Fabric\Log\Traces`. But you can't control the log size through the [cluster configuration](/azure/service-fabric/service-fabric-cluster-fabric-settings#diagnostics), with only Azure Service Fabric Runtime installed. You might need to delete expired logs manually, or for example, create a periodic task through the Windows Task Scheduler to do it. + ### Install SharePoint Workflow Manager SharePoint Workflow Manager and SharePoint Workflow Manager Client can be downloaded from [here](https://www.microsoft.com/download/details.aspx?id=104867). The system requirements can be found on that page as well. -Install **both** SharePoint Workflow Manager and SharePoint Workflow Manager Client on all servers in the **Workflow Manager** farm. +Install both SharePoint Workflow Manager and SharePoint Workflow Manager Client on all servers in the Workflow Manager farm. Install only the SharePoint Workflow Manager Client on all servers in the SharePoint Server farm. -Install **only** the SharePoint Workflow Manager **Client** on all servers in the **SharePoint Server** farm. > [!NOTE] > Though it is supported to install SharePoint Workflow Manager on servers running SharePoint Server, it is recommended that SharePoint Workflow Manager is installed on its own dedicated servers for performance and reliability reasons. ### Configure SharePoint Workflow Manager farm -To create a SharePoint Workflow Manager farm and join your servers to the farm, you can configure SharePoint Workflow Manager through the Workflow Manager Configuration Wizard. +To create a SharePoint Workflow Manager farm and join your servers to the farm, you can configure SharePoint Workflow Manager through the Workflow Manager Configuration Wizard, see [Video series Install and configure Workflow](/SharePoint/governance/video-series-install-and-configure-workflow-in-sharepoint-server-2013#episode-3-install-and-configure-workflow-manager). -Logon to the SharePoint Workflow Manager server, click on ΓÇ£Workflow Manager ConfigurationΓÇ¥ and click on ΓÇ£Configure Workflow Manager with Default settingsΓÇ¥ or ΓÇ£Configure Workflow Manager with Custom SettingsΓÇ¥, depending on the requirements. If you want to use different ports, custom certificates, or custom database names, you'll want to use the "Configure Workflow Manager with Custom Settings" option. --In this example, we will use the Default Settings option. --> [!NOTE] -> By default, only HTTPS (TLS / SSL) port 12290 is configured for the Workflow Management site. If you'd like to also allow communication over unencrypted HTTP port 12291, you must select the "Allow Workflow Management over HTTP on this computer" check box. This is a factor when running the Register-SPWorkflowService cmdlet later. -Provide the necessary SQL Server and service account details in the workflow wizard. ---The configuration wizard will provide a summary of your choices before they are committed. - > [!NOTE]-> Some of the values are selected for you when you use the ΓÇ£Configure Workflow Manager with Default settingsΓÇ¥ option. If they are not correct for your environment, you may have to start the wizard over and choose ΓÇ£Configure Workflow Manager with Custom SettingsΓÇ¥. --The configuration wizard should complete successfully. If it fails, please select the "View Log" link, find the problem and correct it before running the wizard again. ---If you are creating a multi-server SharePoint Workflow Manager farm, you must run the workflow configuration wizard on the other nodes and chose the "Join an Existing Workflow Manager Farm" option. ---### Configure App Management and Subscriptions Settings services in the SharePoint farm -The App Management and Subscription Settings services are required in the SharePoint farm for SharePoint 2013-platform workflows to function. -If not already set up in the SharePoint farm, on the SharePoint server, set up App Management and Subscription Settings services, service applications and service application proxies. --The App Managment service can be created using Central Administration. --You can use PowerShell to create a Subscription Settings Service application: --```powershell -$sa = New-SPSubscriptionSettingsServiceApplication -ApplicationPool 'SharePoint Web Services Default' -Name 'Subscriptions Settings Service Application' -DatabaseName 'Subscription' --New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $sa -``` +> The SharePoint 2010 Workflow platform installs automatically when you install SharePoint Server. The SharePoint 2013 Workflow platform requires either Microsoft Workflow Manager ("Classic WFM") or SharePoint Workflow Manager (SPWFM) and must be installed separately and then configured to work with your SharePoint Server farm. To function correctly, SharePoint 2013 Workflows require that the App Management Service and Site Subscription Service are provisioned. It is not required to set up a wildcard certificate and DNS registration but both instances need to be running. ### Configure SharePoint Workflow Manager to work with the SharePoint Server farm <a name="section5"> </a> -Consider the following key factors before configuring SharePoint Workflow Manager to work with SharePoint Server. +Consider the following two key factors before configuring SharePoint Workflow Manager to work with SharePoint Server. + +- Is SharePoint Workflow Manager installed on a server that is part of the SharePoint farm? + +- Will communication between SharePoint Workflow Manager and SharePoint Server use **HTTP** or **HTTPS** ? -- Will communication between SharePoint Workflow Manager and SharePoint Server use **HTTP** or **HTTPS** ? +These factors translate into four scenarios. Each scenario configures a SharePoint Server farm to communicate and function with the SharePoint Workflow Manager farm. Follow the scenario that matches your circumstance. + +|Scenario Number and Description|Scenario Number and Description| +|:--|:--| +|1: SharePoint Workflow Manager is installed on a server that is part of the SharePoint Server farm. Communication takes place by using HTTP. <br/> |2: SharePoint Workflow Manager is installed on a server that is part of the SharePoint Server farm. Communication takes place by using HTTPS. <br/> | +|3: SharePoint Workflow Manager is installed on a server that is NOT part of the SharePoint Server farm. Communication takes place by using HTTP. <br/> |4: SharePoint Workflow Manager is installed on a server that is NOT part of the SharePoint Server farm. Communication takes place by using HTTPS. <br/> | + > [!NOTE] > For security reasons, we recommend HTTPS for a production environment. -**To configure SharePoint Workflow Manager in an environment where communication takes place using HTTP** -> [!NOTE] -> By default, only HTTPS (TLS / SSL) port 12290 is configured for the Workflow Management site. In order to configure the use of HTTP, the "Allow Workflow Management over HTTP on this computer" check box should have been selected when running the ΓÇ£Workflow Manager ConfigurationΓÇ¥ wizard in an earlier step. --1. Sign-in to each server in the SharePoint Server farm. + +**To configure SharePoint Workflow Manager on a server that is part of the SharePoint Server farm and on which communication takes place by using HTTP** + +1. Sign-in to the computer in the SharePoint Server farm where SharePoint Workflow Manager was installed. + +2. Open the SharePoint Management Shell as an administrator by right-clicking the **SharePoint Management Shell** and choosing **Run as administrator**. + +3. Run the **Register-SPWorkflowService** cmdlet. + + **Example**: + + ```powershell + Register-SPWorkflowService -SPSite "http://myserver/mysitecollection" -WorkflowHostUri "http://workflow.example.com:12291" -AllowOAuthHttp + ``` -1. Install the SharePoint Workflow Manager **Client** on each server in the SharePoint farm. - > [!IMPORTANT] - > You must install the SharePoint Workflow Manager Client on each server in the SharePoint farm before you run the Register-SPWorkflowService cmdlet. +4. Sign-in to each server in the SharePoint Server farm. + + Each server in the SharePoint Server farm must have the Workflow Manager Client installed. -3. On one SharePoint server, open the SharePoint Management Shell as an administrator by right-clicking the **SharePoint Management Shell** command and choosing **Run as administrator**. + > [!NOTE] + > SharePoint Workflow Manager servers need both the SharePoint Workflow Manager and the SharePoint Workflow Manager client software installed. SharePoint servers only need the client installed. + +5. Install the SharePoint Workflow Manager Client on each server in the SharePoint farm. + +**To configure SharePoint Workflow Manager on a server that is part of the SharePoint Server farm and on which communication takes place by using HTTPS** + +1. Determine if you need to install SharePoint Workflow Manager certificates in SharePoint. + + Under some circumstances, you have to obtain and install SharePoint Workflow Manager certificates. If your installation requires that you obtain and install these certificates, you must complete that step before continuing. To learn whether you need to install certificates, and for instructions, see [Install Workflow Manager certificates in SharePoint Server](install-workflow-manager-certificates-in-sharepoint-server.md). + +2. Sign-in to the computer in the SharePoint Server farm where SharePoint Workflow Manager was installed. + +3. Open the SharePoint Management Shell as an administrator by right-clicking the **SharePoint Management Shell** and choosing **Run as administrator**. + +4. Run the **Register-SPWorkflowService** cmdlet. -1. Run the **Register-SPWorkflowService** cmdlet to connect the SharePoint farm with the SharePoint Workflow Manager farm. The cmdlet should be run only once and can be run from any of the servers in the SharePoint farm. - > [!NOTE] - > The value for the -SPSite parameter can be any valid site collection within the SharePoint farm. - > The correct value for the -WorkflowHostUri parameter can be found by running PowerShell `Get-WFFarm | select endpoints` on the SharePoint Workflow Manager server. + **Example**: + + ```powershell + Register-SPWorkflowService -SPSite "https://myserver/mysitecollection" -WorkflowHostUri "https://workflow.example.com:12290" + ``` +5. Sign-in to each server in the SharePoint Server farm. + + Each server in the SharePoint Server farm must have the Workflow Manager Client installed. + + > [!NOTE] + > SharePoint Workflow Manager servers need both the SharePoint Workflow Manager and the SharePoint Workflow Manager client software installed. SharePoint servers only need the client installed. + +6. Install the SharePoint Workflow Manager Client on each server in the SharePoint farm. + +**To configure SharePoint Workflow Manager on a server that is NOT part of the SharePoint Server farm and on which communication takes place by using HTTP** + +1. Sign-in to each server in the SharePoint Server farm. + +2. Install the SharePoint Workflow Manager Client on each server in the SharePoint farm. + + Before you can run the workflow pairing cmdlet, you must install SharePoint Workflow Manager Client on each of the servers in the SharePoint farm. + +3. Open the SharePoint Management Shell as an administrator by right-clicking the **SharePoint Management Shell** command and choosing **Run as administrator**. + +4. Run the **Register-SPWorkflowService** cmdlet. The cmdlet should be run only once and can be run from any of the servers in the SharePoint farm. + **Example**:+ ```powershell Register-SPWorkflowService -SPSite "http://myserver/mysitecollection" -WorkflowHostUri "http://workflow.example.com:12291" -AllowOAuthHttp ``` -**To configure SharePoint Workflow Manager in an environment where communication takes place using HTTPS** +> [!IMPORTANT] +> You must install the SharePoint Workflow Manager Client on each server in the SharePoint farm before you run the pairing cmdlet. + +**To configure SharePoint Workflow Manager on a server that is NOT part of the SharePoint Server farm and on which communication takes place by using HTTPS** -1. Determine whether you need to install SharePoint Workflow Manager certificates on the SharePoint servers. +1. Determine whether you need to install SharePoint Workflow Manager certificates in SharePoint Server. - Under some circumstances, you must obtain and install SharePoint Workflow Manager certificates. If your installation requires that you obtain and install these certificates, you must complete that step before continuing. To learn whether you need to install certificates, and for instructions, see [Install Workflow Manager certificates in SharePoint Server](install-workflow-manager-certificates-in-sharepoint-server.md). + Under some circumstances, you have to obtain and install SharePoint Workflow Manager certificates. If your installation requires that you obtain and install these certificates, you must complete that step before continuing. To learn whether you need to install certificates, and for instructions, see [Install Workflow Manager certificates in SharePoint Server](install-workflow-manager-certificates-in-sharepoint-server.md). 2. Sign-in to each server in the SharePoint Server farm. -1. Install the SharePoint Workflow Manager **Client** on each server in the SharePoint farm. - > [!IMPORTANT] - > You must install the SharePoint Workflow Manager Client on each server in the SharePoint farm before you run the Register-SPWorkflowService cmdlet. +3. Install the SharePoint Workflow Manager Client on each server in the SharePoint farm. + + Before you can run the workflow pairing cmdlet, you must install SharePoint Workflow Manager Client on each of the servers in the SharePoint farm. 4. Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking the **SharePoint Management Shell** command and choosing **Run as administrator**. -1. Run the **Register-SPWorkflowService** cmdlet to connect the SharePoint farm with the SharePoint Workflow Manager farm. The cmdlet should be run only once and can be run from any of the servers in the SharePoint farm. - > [!NOTE] - > The value for the -SPSite parameter can be any valid site collection within the SharePoint farm. - > The correct value for the -WorkflowHostUri parameter can be found by running PowerShell `Get-WFFarm | select endpoints` on the SharePoint Workflow Manager server. -+5. Run the **Register-SPWorkflowService** cmdlet. + **Example**:+ ```powershell Register-SPWorkflowService -SPSite "https://myserver/mysitecollection" -WorkflowHostUri "https://workflow.example.com:12290" ``` +> [!IMPORTANT] +> You must install the SharePoint Workflow Manager Client on each server in the SharePoint farm before you run the pairing cmdlet. + ## Upgrade existing Microsoft Workflow Manager -Microsoft Workflow Manager cannot be upgraded in-place, and SharePoint Workflow Manager can't be placed on top of Microsoft Workflow Manager. In order to update Microsoft Workflow Manager (Classic WFM) to SharePoint Workflow Manager (SPWFM), you must uninstall any prior versions of Workflow Manager, Workflow Manager Client, and Service Bus. +In order to update Microsoft Workflow Manager (Classic WFM) to SharePoint Workflow Manager (SPWFM), SharePoint Workflow Manager can't be placed on top of Microsoft Workflow Manager. Installing this build requires first uninstalling any prior versions of Workflow Manager, Workflow Manager Client, and Service Bus. -> [!NOTE] -> You can upgrade to SharePoint Workflow Manager from any version of Microsoft Workflow Manager. -> Because you are upgrading an existing "Classic WFM" farm to SPWFM, the WFM databases will be reused, and your existing registration and workflows should remain intact. +You can upgrade to SharePoint Workflow Manager from any version of Microsoft Workflow Manager. Follow the steps below to uninstall Microsoft Workflow Manager and install SharePoint Workflow -> [!IMPORTANT] -> Because the upgrade steps require that you disjoin and then rejoin an existing WFM farm, you will need the WFM "Certificate Generation Key", when rejoining. If you are not sure what that key is, and have not documented it somewhere, you may need to [Reset Certificate Generation Key](/SharePoint/governance/reset-certificate-generation-key-sharepoint-workflow-manager) before proceeding. -> You will not be able to join the existing workflow farm without a valid Certificate Generation Key. --1. Run the Workflow Manager Configuration Wizard. --1. Select **Leave Workflow Manager Farm**. -1. Confirm the subsequent steps until the end of the wizard. --1. Repeat this step on every Microsoft Workflow Manager server in the workflow farm. +1. Open Workflow Manager Configuration Wizard. +2. Select **Leave Workflow Manager Farm**. +3. Confirm the subsequent steps until the end. > [!NOTE]- > Each database used by Workflow Manager and Service Bus will need to be specified when rejoining the farm with SharePoint Workflow Manager. For example, the SQL Server instance and database name for the Workflow Manager farm management database and the Service Bus farm management database. -1. Uninstall Microsoft Workflow Manager, Workflow Manager Client, Service Bus for Windows Server, and Windows Fabric if they're installed. You can uninstall them from the Control Panel. If Windows Fabric is installed, ensure you install Azure Service Fabric after uninstalling Windows Fabric. - > [!IMPORTANT] - > If you are installing SharePoint Workflow Manager on a SharePoint server, you may see both "Windows Fabric" and "AppFabric 1.1 for Windows Server" installed. Be sure to only uninstall Windows Fabric. **Do not uninstall AppFabric 1.1**. It is a different service, and is required for SharePoint Distributed Cache. -1. If the folders "*%ProgramFiles%\Workflow Manager\1.0"* or *"%Program Files%\Service Bus\1.0"* already exist, you must manually remove them for the next steps to succeed. --1. Reboot the SharePoint Workflow Manager server. --1. If it's not already installed, use the steps from the [Prerequisites section above](/SharePoint/governance/install-and-configure-workflow-for-sharepoint-server#prerequisites) to install Azure Service Fabric. --1. Install SharePoint Workflow Manager and SharePoint Workflow Manager Client. SharePoint Workflow Manager and SharePoint Workflow Manager Client can be downloaded from [here](https://www.microsoft.com/download/details.aspx?id=104867). The system requirements can be found on that page as well. + >Each database used by Workflow Manager and Service Bus will need to be specified when rejoining the farm with SharePoint Workflow Manager. For example, the SQL Server instance and database name for the Workflow Manager farm management database and the Service Bus farm management database. -1. Run the Workflow Manager Configuration Wizard and choose the "Join an Existing Workflow Manager Farm" to rejoin the previous farm. Use the database, service account, and Certificate Generation Key information used in the previous "Classic WFM" farm. +4. Uninstall Microsoft Workflow Manager, Workflow Manager Client, Service Bus for Windows Server, and Windows Fabric if they're installed. You can uninstall them from the Control Panel. If Windows Fabric is installed, ensure you install Azure Service Fabric after uninstalling Windows Fabric. +5. If the folder *%ProgramFiles%\Workflow Manager\1.0* already exists, you must manually remove it for the next steps to succeed. +6. Install SharePoint Workflow Manager and SharePoint Workflow Manager Client. +7. If there's more than one server in your Workflow Manager farm, repeat the previous steps on all farm servers. +8. Run the Workflow Manager Configuration Wizard and rejoin the previous farm with the databases you noted in the previous steps on all servers in your Workflow Manager farm. > [!NOTE]- > When upgrading, there is typically no need to delete the existing Workflow Service Application Proxy and reconnect using the Register-SPWorkflowService cmdlet. If you encounter the invalidity of the Certificate Generation Key for SharePoint Workflow Manager and Service Bus, you may need to reset it, see [Reset Certificate Generation Key](/SharePoint/governance/reset-certificate-generation-key-sharepoint-workflow-manager). -1. Rerun the Workflow Manager Configuration Wizard, select **Upgrade Workflow Manager Farm**, and confirm subsequent steps until the end. + >There is no need to delete the existing Workflow Service Application Proxy, and there is no need to re-register SPWorkflowService. If you encounter the invalidity of the Certificate Generation Key for SharePoint Workflow Manager and Service Bus, you may reset it, see [Reset Certificate Generation Key](/SharePoint/governance/reset-certificate-generation-key-sharepoint-workflow-manager). ++9. Rerun the Workflow Manager Configuration Wizard, select **Upgrade Workflow Manager Farm**, and confirm subsequent steps until the end. > [!NOTE] > This step should be run on all servers in the SharePoint Workflow Manager farm.- > The "Upgrade Workflow Manager Farm" option is always presented in the Workflow Manager Configuration Wizard, whether an upgrade is required or not. There's no harm in running it multiple times, or when there's no upgrade pending. -1. If there's more than one server in your Workflow Manager farm, repeat the previous steps on all workflow farm servers. + > The "Upgrade Workflow Manager Farm" option is always presented in the Workflow Manager Configuration Wizard, whether an upgrade is required or not. There's no harm in running it multiple times. -1. Install the SharePoint Workflow Manager **Client** on each server in the SharePoint Server farm after uninstalling any previous versions. +10. Install SharePoint Workflow Management Client on each server in the SharePoint Server farm after uninstalling any previous versions. ## Validate the installation <a name="section6"> </a> Follow these steps to validate that you have successfully installed and configur **To validate the installation** -1. Add a user to your SharePoint site and grant the user Site Designer permissions. -2. Install SharePoint Designer 2013 on a client machine and create a workflow based on the SharePoint 2013 Workflow platform. For more information, see [Creating a workflow by using SharePoint Designer 2013 and the SharePoint 2013 Workflow platform](/sharepoint/dev/general-development/creating-a-workflow-by-using-sharepoint-designer-and-the-sharepoint-wo). +1. Add a user to your SharePoint site, and grant the user Site Designer permissions. +2. Install SharePoint Designer 2013 and create a workflow based on the SharePoint 2013 Workflow platform. For more information, see [Creating a workflow by using SharePoint Designer 2013 and the SharePoint 2013 Workflow platform](/sharepoint/dev/general-development/creating-a-workflow-by-using-sharepoint-designer-and-the-sharepoint-wo). 3. Run this workflow from the SharePoint user interface. ## Troubleshooting You can determine which ports SharePoint Server and Workflow Manager are using f ![View ports in IIS Manager.](../media/WF15-.png) -SharePoint Workflow Manager communicates by using TCP/IP or Named Pipes. Ensure that the appropriate communication protocol is enabled on the SQL Server instance that hosts the SharePoint Workflow Manager databases. -+Sharepoint Workflow Manager communicates by using TCP/IP or Named Pipes. Ensure that the appropriate communication protocol is enabled on the SQL Server instance that hosts the SharePoint Workflow Manager databases. + The SQL Browser Service must be running on the SQL Server instance that hosts the Workflow Manager databases. The System Account can't be used to develop a workflow. To troubleshoot SharePoint Server, see [Troubleshooting SharePoint Server](../administration/troubleshoot.md).-- |
SharePoint | Set Up Oidc Auth In Sharepoint Server With Msaad | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/security-for-sharepoint-server/set-up-oidc-auth-in-sharepoint-server-with-msaad.md | description: "Learn how to set up OIDC authentication in SharePoint Server with When you configure OpenID Connect (OIDC) with Microsoft Entra ID, you need the following resources: -1. A SharePoint Server Subscription Edition (SPSE) farm -+1. A SharePoint Server Subscription Edition farm 2. Microsoft Entra Global Administrator role of the M365 tenant This article uses the following example values for Microsoft Entra OIDC setup: Perform the following steps to set up OIDC with Microsoft Entra ID: :::image type="content" source="../media/sharepoint-oidc-manifest.png" alt-text="Manifest"::: +9. Get OIDC authentication information from OIDC discovery endpoint. ++In Microsoft Entra ID, there are two versions of OIDC authentication endpoints. Therefore, there are two versions of OIDC discovery endpoints respectively: ++- V1.0: `https://login.microsoftonline.com/<TenantID>/.well-known/openid-configuration` +- V2.0: `https://login.microsoftonline.com/<TenantID>/v2.0/.well-known/openid-configuration` ++> [!NOTE] +> When using OIDC authentication with SharePoint Server, currently only the V1.0 endpoint is supported. +Replace TenantID with the **Directory (tenant) ID** saved in the third step mentioned previously and connect to the endpoint through your browser. Then, save the following information: ++| Value | Link | +||| +| authorization_endpoint | `https://login.microsoftonline.com/<tenantid>/oauth2/authorize` | +| end_session_endpoint | `https://login.microsoftonline.com/<tenantid>/oauth2/logout` | +| issuer | `https://sts.windows.net/<tenantid>/` | +| jwks_uri | `https://login.microsoftonline.com/common/discovery/keys` | ++Open jwks_uri (`https://login.microsoftonline.com/common/discovery/keys`) and save all the **x5c** certificate strings for later use in SharePoint setup. ++ ## Step 2: Change SharePoint farm properties -In this step, you need to modify the SharePoint Server farm properties based on the version of your SharePoint Server farm. +In this step, you need to modify the SharePoint Server farm properties based on the version of your SharePoint Server. ++> [!Note] +> Start the SharePoint Management Shell as a farm administrator to run the following script. Read the instructions mentioned in the following PowerShell script carefully, and you will need to enter your own environment-specific values in certain places. - For more information on configuring SharePoint farm properties for SharePoint Server Subscription Edition Version 24H1, see [Configure SPSE Version 24H1 or higher version](#configure-sharepoint-server-subscription-edition-version-24h1-or-higher-versions). - For more information on configuring SharePoint farm properties for SharePoint Server Subscription Edition Version preceding 24H1, see [Configure SPSE prior to Version 24H1](#configure-sharepoint-server-subscription-edition-prior-to-version-24h1). #### Configure SharePoint Server Subscription Edition Version 24H1 or higher versions -Starting with SharePoint Server Subscription Edition Version 24H1 (March 2024), you can configure SharePoint Server farm properties by employing SharePoint Certificate Management to manage the nonce cookie certificate. The nonce cookie certificate is part of the infrastructure to ensure OIDC authentication tokens are secure. Run the following script to configure: +Starting with SharePoint Server Subscription Edition Version 24H1, you can configure SharePoint Server farm properties by employing SharePoint Certificate Management to manage the nonce cookie certificate. The nonce cookie certificate is part of the infrastructure to ensure OIDC authentication tokens are secure. Run the following script to configure: -> [!Note] -> Start the SharePoint Management Shell as a farm administrator to run the following script. Read the instructions mentioned in the following PowerShell script carefully. You will need to enter your own environment-specific values in certain places. ```powershell # Set up farm properties to work with OIDC $certPassword = ConvertTo-SecureString -String <password> -Force -AsPlainText Export-PfxCertificate -Cert $cert -FilePath $certPath -Password $certPassword $nonceCert = Import-SPCertificate -Path $certPath -Password $certPassword -Store "EndEntity" -Exportable:$true -# Update farm property $farm = Get-SPFarm $farm.UpdateNonceCertificate($nonceCert,$true) ``` #### Configure SharePoint Server Subscription Edition prior to Version 24H1 -Prior to the 24H1 (March 2024) update, the nonce cookie certificate must be managed manually. This includes manually installing it on each server in the farm and setting permissions on the private key. The following PowerShell script can be used to accomplish that. --> [!Note] -> Start the SharePoint Management Shell as a farm administrator to run the following script. Read the instructions mentioned in the following PowerShell script carefully. You will need to enter your own environment-specific values in certain places. ```powershell # Set up farm properties to work with OIDC $cert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -Subject "CN=SharePoint Cookie Cert" $access_rule = New-Object System.Security.AccessControl.FileSystemAccessRule(<We $permissions.AddAccessRule($access_rule) Set-Acl -Path $path -AclObject $permissions -# Then update farm properties +# Then we update farm properties $farm = Get-SPFarm $farm.Properties['SP-NonceCookieCertificateThumbprint']=$cert.Thumbprint $farm.Properties['SP-NonceCookieHMACSecretKey']='seed' $farm.Update() ```-> [!IMPORTANT] -> The nonce cookie certificate, with private key, must be installed on all SharePoint servers in the farm. Also, permission to the private key must be given to the web application pool service account on each server. Failure to complete this step will result OIDC authentication failures. -> It's recommended to use the PowerShell example above to set permission on the private key file to ensure it's done correctly. ## Step 3: Configure SharePoint to trust the identity provider -In this step, you create a `SPTrustedTokenIssuer` that stores the configuration that SharePoint needs to trust Microsoft Entra OIDC as the OIDC provider. - You can configure SharePoint to trust the identity provider in either of the following ways: -- Configure SharePoint to trust Microsoft Entra ID as the OIDC provider by using the **metadata endpoint**.- - By using the metadata endpoint, several parameters you need are automatically retrieved from the metadata endpoint. - Configure SharePoint to trust Microsoft Entra ID as the OIDC provider **manually**.+- Configure SharePoint to trust Microsoft Entra ID as the OIDC provider by using the **metadata endpoint**. + - By using the metadata endpoint, several parameters you need in 'Configure SharePoint to trust Microsoft Entra ID as the OIDC provider manually' is automatically retrieved by metadata endpoint. > [!NOTE]-> Follow either the manual configuration steps or the metadata endpoint steps, but not both. -> Using the metadata endpoint is recommended because it simplifies the process. -### Configure SharePoint to trust Microsoft Entra OIDC by using metadata endpoint +> Follow either the manual configuration steps or the metadata endpoint steps, but not both. -SharePoint Server Subscription Edition now supports using the OIDC metadata discovery capability when creating the Trusted Identity Token Issuer. --In Microsoft Entra ID, there are two versions of OIDC discovery endpoints: --- V1.0: `https://login.microsoftonline.com/<TenantID>/.well-known/openid-configuration`-- V2.0: `https://login.microsoftonline.com/<TenantID>/v2.0/.well-known/openid-configuration`--> [!IMPORTANT] -> Currently, SharePoint Server only supports the v1.0 metadata endpoint when used to create the Trusted Identity Token Issuer. The example PowerShell script below uses the V1.0 endpoint. --When you use the metadata endpoint provided by the OIDC identity provider, some of the configuration is retrieved from the OIDC provider metadata endpoint directly, including: --1. Certificate -2. Issuer -3. Authorization Endpoint -4. SignoutURL --This can simplify the configuration of the OIDC token issuer. +### Configure SharePoint to trust Microsoft Entra ID as the OIDC provider manually -With the following PowerShell example, we can use metadata endpoint from Microsoft Entra ID to configure SharePoint to trust Microsoft Entra OIDC. +In this step, you create a `SPTrustedTokenIssuer` that stores the configuration that SharePoint needs to trust Microsoft Entra OIDC as the OIDC provider. Start the SharePoint Management Shell as a farm administrator, and run the following script to create it: > [!NOTE] > Read the instructions mentioned in the following PowerShell script carefully. You will need to enter your own environment-specific values in certain places. For example, replace \<tenantid\> with your own Directory (tenant) ID. ```powershell # Define claim types-# In this example, we're using Email Address as the Identity claim. +# In this example, we're using Email Address as the identity claim. $emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming -# Set the AAD metadata endpoint URL. Please replace <TenantID> with the value saved in step #3 in the Entra ID setup section -$metadataendpointurl = "https://login.microsoftonline.com/<TenantID>/.well-known/openid-configuration" +# Public key of the AAD OIDC signing certificate. Please replace <x5c cert string> with the encoded cert string which you get from x5c certificate string of the keys of jwks_uri from Step #1 +$encodedCertStrs = @() +$encodedCertStrs += <x5c cert string 1> +$encodedCertStrs += <x5c cert string 2> +... +$certificates = @() +foreach ($encodedCertStr in $encodedCertStrs) { + $certificates += New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 @(,[System.Convert]::FromBase64String($encodedCertStr)) +} -# Please replace <Application (Client) ID> with the value saved in step #3 in the Entra ID setup section +# Set the AAD OIDC URL where users are redirected to authenticate. Please replace <tenantid> accordingly +$authendpointurl = "https://login.microsoftonline.com/<tenantid>/oauth2/authorize" +$registeredissuernameurl = "https://sts.windows.net/<tenantid>/" +$signouturl = "https://login.microsoftonline.com/<tenantid>/oauth2/logout" ++# Please replace <Application (Client) ID> with the value saved in step #3 in AAD setup section $clientIdentifier = "<Application (Client)ID>" # Create a new SPTrustedIdentityTokenIssuer in SharePoint-New-SPTrustedIdentityTokenIssuer -Name "contoso.local" -Description "contoso.local" -ClaimsMappings $emailClaimMap -IdentifierClaim $emailClaimMap.InputClaimType -DefaultClientIdentifier $clientIdentifier -MetadataEndPoint $metadataendpointurl -Scope "openid profile" +New-SPTrustedIdentityTokenIssuer -Name "contoso.local" -Description "contoso.local" -ImportTrustCertificate $certificates -ClaimsMappings emailClaimMap -IdentifierClaim $emailClaimMap.InputClaimType -RegisteredIssuerName $registeredissuernameurl -AuthorizationEndPointUri $authendpointurl -SignOutUrl $signouturl -DefaultClientIdentifier $clientIdentifier -Scope "openid profile" ``` +Here, `New-SPTrustedIdentityTokenIssuer` PowerShell cmdlet is extended to support OIDC by using the following parameters: + | Parameter | Description | ||-| |Name | Gives a name to the new token issuer. | |Description | Gives a description to the new token issuer. |-|ImportTrustCertificate | A certificate that is used to validate `id_token` from OIDC identifier. | +|ImportTrustCertificate | Imports a list of X509 Certificates, which is used to validate `id_token` from OIDC identifier. If the OIDC identity provider (IDP) uses more than one certificate to digital sign the `id_token`, import these certificates and SharePoint validates `id_token` by matching the digital signature generated by using these certificates. | | ClaimsMappings | A `SPClaimTypeMapping` object, which is used to identify which claim in the `id_token` is regarded as identifier in SharePoint. | | IdentifierClaim | Specifies the type of identifier. |+| RegisteredIssuerName | Specifies the issuer identifier, which issues the `id_token`. It's used to validate the `id_token`. | +| AuthorizationEndPointUrl | Specifies the authorization endpoint of the OIDC identity provider. | +| SignoutUrl | Specifies the sign out endpoint of the OIDC identity provider. | | DefaultClientIdentifier | Specifies the `client_id` of SharePoint server, which is assigned by OIDC identity provider. This is validated against aud claim in `id_token`. |-| MetadataEndPoint | Specifies the well-known metadata endpoint from OIDC identity provider, which can be used to retrieve latest certificate, issuer, authorization endpoint, and sign out endpoint. | --### Configure SharePoint to trust Microsoft Entra ID as the OIDC provider manually +| ResponseTypesSupported | Specifies the response type of IDP, which is accepted by this token issuer. It can accept two strings: `id_token` and `code id_token`. If this parameter isn't provided, it uses `code id_token` as default. | -When configuring manually, several additional parameters must be specified. You can retrieve the values from the OIDC discovery endpoint. +> [!IMPORTANT] +> The relevant certificate must be added to the SharePoint root authority certificate store: +> +> `New-SPTrustedRootAuthority -Name "AAD OIDC signing root authority" -Certificate $signingCert` -In Microsoft Entra ID, there are two versions of OIDC authentication endpoints. Therefore, there are two versions of OIDC discovery endpoints respectively: +<a name='configure-sharepoint-to-trust-azure-ad-oidc-by-using-metadata-endpoint'></a> -- V1.0: `https://login.microsoftonline.com/<TenantID>/.well-known/openid-configuration`-- V2.0: `https://login.microsoftonline.com/<TenantID>/v2.0/.well-known/openid-configuration`+### Configure SharePoint to trust Microsoft Entra OIDC by using metadata endpoint -Replace TenantID with the **Directory (tenant) ID** saved in [Step 1: Setup identity provider](#step-1-setup-identity-provider) and connect to the endpoint through your browser. Then, save the following information: +SharePoint Server Subscription Edition now supports OIDC metadata discovery capability during configuration. -| Value | Link | -||| -| authorization_endpoint | `https://login.microsoftonline.com/<tenantid>/oauth2/authorize` | -| end_session_endpoint | `https://login.microsoftonline.com/<tenantid>/oauth2/logout` | -| issuer | `https://sts.windows.net/<tenantid>/` | -| jwks_uri | `https://login.microsoftonline.com/common/discovery/keys` | +When you use the metadata endpoint provided by the OIDC identity provider, some of the configuration is retrieved from the OIDC provider metadata endpoint directly, including: -Open jwks_uri (`https://login.microsoftonline.com/common/discovery/keys`) and save all the **x5c** certificate strings for later use in SharePoint setup. +1. Certificate +2. Issuer +3. Authorization Endpoint +4. SignoutURL +This can simplify the configuration of the OIDC token issuer. -Start the SharePoint Management Shell as a farm administrator, and after entering the values you obtained above, run the following script to create the Trusted identity Token Issuer: +With the following PowerShell example, we can use metadata endpoint from Microsoft Entra ID to configure SharePoint to trust Microsoft Entra OIDC. > [!NOTE] > Read the instructions mentioned in the following PowerShell script carefully. You will need to enter your own environment-specific values in certain places. For example, replace \<tenantid\> with your own Directory (tenant) ID. ```powershell # Define claim types-# In this example, we're using Email Address as the identity claim. +# In this example, we're using Email Address as the Identity claim. $emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming -# Public key of the AAD OIDC signing certificate. Please replace <x5c cert string> with the encoded cert string which you get from x5c certificate string of the keys of jwks_uri from Step #1 -$encodedCertStrs = @() -$encodedCertStrs += <x5c cert string 1> -$encodedCertStrs += <x5c cert string 2> -... -$certificates = @() -foreach ($encodedCertStr in $encodedCertStrs) { - $certificates += New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 @(,[System.Convert]::FromBase64String($encodedCertStr)) -} --# Set the AAD OIDC URL where users are redirected to authenticate. Please replace <tenantid> accordingly -$authendpointurl = "https://login.microsoftonline.com/<tenantid>/oauth2/authorize" -$registeredissuernameurl = "https://sts.windows.net/<tenantid>/" -$signouturl = "https://login.microsoftonline.com/<tenantid>/oauth2/logout" +# Set the AAD metadata endpoint URL. Please replace <TenantID> with the value saved in step #3 in the Entra ID setup section +$metadataendpointurl = "https://login.microsoftonline.com/<TenantID>/.well-known/openid-configuration" -# Please replace <Application (Client) ID> with the value saved in step #3 in AAD setup section +# Please replace <Application (Client) ID> with the value saved in step #3 in the Entra ID setup section $clientIdentifier = "<Application (Client)ID>" # Create a new SPTrustedIdentityTokenIssuer in SharePoint-New-SPTrustedIdentityTokenIssuer -Name "contoso.local" -Description "contoso.local" -ImportTrustCertificate $certificates -ClaimsMappings emailClaimMap -IdentifierClaim $emailClaimMap.InputClaimType -RegisteredIssuerName $registeredissuernameurl -AuthorizationEndPointUri $authendpointurl -SignOutUrl $signouturl -DefaultClientIdentifier $clientIdentifier -Scope "openid profile" +New-SPTrustedIdentityTokenIssuer -Name "contoso.local" -Description "contoso.local" -ClaimsMappings $emailClaimMap -IdentifierClaim $emailClaimMap.InputClaimType -DefaultClientIdentifier $clientIdentifier -MetadataEndPoint $metadataendpointurl -Scope "openid profile" ``` -Here, `New-SPTrustedIdentityTokenIssuer` PowerShell cmdlet is extended to support OIDC by using the following parameters: - | Parameter | Description | ||-| |Name | Gives a name to the new token issuer. | |Description | Gives a description to the new token issuer. |-|ImportTrustCertificate | Imports a list of X509 Certificates, which is used to validate `id_token` from OIDC identifier. If the OIDC identity provider (IDP) uses more than one certificate to digital sign the `id_token`, import these certificates and SharePoint validates `id_token` by matching the digital signature generated by using these certificates. | +|ImportTrustCertificate | A certificate that is used to validate `id_token` from OIDC identifier. | | ClaimsMappings | A `SPClaimTypeMapping` object, which is used to identify which claim in the `id_token` is regarded as identifier in SharePoint. | | IdentifierClaim | Specifies the type of identifier. |-| RegisteredIssuerName | Specifies the issuer identifier, which issues the `id_token`. It's used to validate the `id_token`. | -| AuthorizationEndPointUrl | Specifies the authorization endpoint of the OIDC identity provider. | -| SignoutUrl | Specifies the sign out endpoint of the OIDC identity provider. | | DefaultClientIdentifier | Specifies the `client_id` of SharePoint server, which is assigned by OIDC identity provider. This is validated against aud claim in `id_token`. |-| ResponseTypesSupported | Specifies the response type of IDP, which is accepted by this token issuer. It can accept two strings: `id_token` and `code id_token`. If this parameter isn't provided, it uses `code id_token` as default. | +| MetadataEndPoint | Specifies the well-known metadata endpoint from OIDC identity provider, which can be used to retrieve latest certificate, issuer, authorization endpoint, and sign out endpoint. | ## Step 4: Configure the SharePoint web application In this step, you configure a web application in SharePoint to be federated with the Microsoft Entra OIDC, using the `SPTrustedIdentityTokenIssuer` created in the previous step. > [!IMPORTANT]+> > - The default zone of the SharePoint web application must have Windows authentication enabled. This is required for the Search crawler. > - The SharePoint URL that will use Microsoft Entra OIDC federation must be configured with Hypertext Transfer Protocol Secure (HTTPS). Once the site collection is created, you're able to sign-in using either the Win In OIDC authentication, the People Picker doesn't validate the input, which can lead to misspellings or users accidentally selecting the wrong claim type. This can be addressed using the new UPA-backed claim provider in SharePoint Server. -> [!IMPORTANT] -> In order for the UPA-backed claim provider to work, users and groups must be imported into the User Profile Service Application. This can be challenging for cloud-only users and groups. You may instead consider implementing a [custom claims provider](/sharepoint/dev/general-development/how-to-create-a-claims-provider-in-sharepoint) to provide "People Picker" functionality. - To do this, perform the following steps: ### 1. Create a new claim provider An example of this command is: ### 3. Synchronize profiles to user profile service application +Now, customers can start to synchronize profiles into the SharePoint user profile service application (UPSA) from the identity provider used in the organization so that the newly created claim provider can work on the correct data set. + There are two ways to synchronize user profiles into the SharePoint UPSA: - Create a new SharePoint Active Directory Import (AD Import) connection with **Trusted Claims Provider Authentication** as the **Authentication Provider Type** in the connection setting. To utilize AD Import, see [Manage user profile synchronization in SharePoint Server](../administration/manage-profile-synchronization.md). :::image type="content" source="../media/add-new-sync-connection-2.png" alt-text="Add New Synchronization Connections"::: - > [!IMPORTANT] - > AD Import cannot import user profiles from Microsoft Entra ID. It can only import user profiles from on-premises Active Directory. In order to get cloud-only users and groups into the UPSA, you may need to utilize MIM. - > You may also consider implementing a [custom claims provider](/sharepoint/dev/general-development/how-to-create-a-claims-provider-in-sharepoint) to provide "People Picker" functionality. - - Use Microsoft Identity Manager (MIM). To utilize MIM, see [Microsoft Identity Manager in SharePoint Servers 2016 and 2019](../administration/microsoft-identity-manager-in-sharepoint-server.md). - There should be two agents inside the MIM Synchronization Service Manager UX after MIM is set up. One agent is used to import user profiles from the source IDP to the MIM database. The other agent is used to export user profiles from the MIM database to the SharePoint UPSA. |