SharePoint 2016 Features & Enhancements

What is in the pipeline for On-Premise SharePoint 2016?

Earlier this month Microsoft announced new SharePoint 2016 features and enhancements to a packed house of several thousand attendees at the Ignite conference. With the 2016 on premises version scheduled to be released Q2 2016, some distinct outlines of the finished product are starting to take form.

SharePoint 2016 for IT Professionals Ignite Presentation Cover

Microsoft is Cloud First

As previously declared, Microsoft is pursuing a “Cloud first” strategy, in which Office 365 is regularly updated with new releases, and with on premise deployments catching up every two or three years. Many of the updates to 2016 were already expected, having already been released to cloud customers. On the other hand, on premises version of SharePoint continues to be a distinct product, with unique conditions and challenges, and as such there are some new features to the 2016 release that are uniquely on prem-only features. And there are no actual changes to the Service Application architecture.

Installation Requirements:

* Must use Windows Server 2012R2 or Windows Server 10

* .Net 4.5 (or 4.52 for Windows Server 10) features

* Upgrades only supported from SharePoint 2013 versions

The bulk of the announced updates for 2016 are centered on back-end enhancements. Here’s the rundown…

Authentication is moving away from domain based authentication and towards cloud based identification models. Identity management will be handled over SAML claims by default, normalizing over OAUTH. As this is the standard for O365, this makes transitions to the cloud easier. Former authentication will be supported on a legacy basis.

SMTP encryption would be supported with STARTTLS, and no fallback for non-encrypted SMTP will be officially supported. Although, this could potentially be achieved by using non-default ports.

Boundaries and Limits

* Content DBs can scale into TBs

* 10,000 site collections per content DB

* MaxFile increases to 10GB and removed character restrictions

* Increased List View Threshold beyond 5000

* 2x increase in search scale to 500 million indexed items

Performance Upgrades

Distributed Cache handling has been upgraded, and previous “authentication overload” issues have been resolved. This will result in more scalable and available WFE performance.

Serving of end user files will also be made more efficient by leveraging BITS (Background Intelligent Transfer Service).

The site and site collection creation process has been greatly sped up by changing the underlying provisioning process. Whereas before this was a lengthy process with complicated provisioning logic and feature activations, the new process essentially performs a SPSite-Copy operation to clone a site from a “master copy”. The bulk of the operation is now only at the database level and is much more efficient.

Traffic management promises to perform with more resiliency. New endpoints have been built on Web Front Ends to establish affinity with load balancers, resulting in more intelligent routing scenarios based on web front end health conditions.

User Profile Service changes

Improvements have been made to reliability and ease of setup of the User Profile Service. FIM will no longer be baked into SharePoint installations, and external FIM service will be offered as an alternative.

Durable Links

Durable Links will be featured so that if an end user renames or changes the location of a document, previous URLs will redirect to the new file location. Built using Cobalt endpoints, a Redirect Manager will track documents based on a docID.

New Developer Tools for Office 365

Lessons learned from Ignite 2015: Microsoft is trying to enable cloud development

Office 365 Developer Tools

Microsoft has recently released new developer tools for Office 365. These advancements make development of an Office 365 customization faster, easier, and cheaper to implement. For customizations that span multiple Office 365 applications, a unified endpoint makes the authentication process much easier while connecting to the Office 365 API. Additionally, a new OAUTH sandbox interface and API Explorer makes query building a breeze.

Currently there are many disparate APIs serving individual Office 365 applications, such as OneDrive, Exchange, and User Profile Service. As a developer creates an Office 365 customizations, often several endpoints are required. For example, one such customization could automatically export email attachments to a user’s OneDrive. In this case, the developer would need to interface with three or four separate endpoints. By unifying endpoints, efficiencies are gained for the developer by needing to write less code since only one endpoint connection would need to be made.

When connecting to each endpoint, OAUTH operations are performed for handling authentication to Office 365 servers. This process follows a pattern of four essential steps: app issues authorization request for a given client ID, the user consents to the permissions request, app issues client secret to get a session access token, then finally the app passes the token and client ID when requesting a resource. Additionally session refresh requests need to be made periodically so that the session does not expire. This workflow could involve hundreds of lines of code, and is no easy undertaking for novice developers.

But now, thanks to the new ADAL libraries released by Microsoft, these operations can be performed much more efficiently. This implies considerable time savings to the developer and cost savings to the business.

Is Your SharePoint Farm Ready for Hackers?

If you play a part in managing or administering SharePoint at your company, the Sony hack might be more frightening to you than any scary movie they’ve released. The hackers looted Sony’s network and released sensitive employee information, confidential intellectual property, and even embarrassing emails. You don’t have any of these on your servers, do you?

Sure, your firm might not attract the ire of a rogue nation, but corporate cyber attacks are commonplace. Most malware isn’t directed at a specific target; instead, it sweeps the internet for network vulnerabilities.

Oil is near $50 per barrel, companies are belt-tightening, and the last thing you need is a messy and expensive cleanup when your SharePoint environment is compromised. Here are the tools you should employ to help protect yourself.


If you control the network that contains your SharePoint farm, you first have to make sure that the network is secure through the proper use of firewalls and proxies. After that, look into:

  • Dedicated Service Accounts: By creating the correct number of accounts and restricting their access as much as possible (called principle of least privilege), you can stop a rogue account from gaining access to parts of your farm it shouldn’t be able to access.
  • SQL Transparent Data Encryption: Available with SQL Enterprise, SQL TDE encrypts SharePoint data while in storage, while backed up, and while in use in temporary databases.
  • SSL and IPSec: If messages are being sent to and from SharePoint servers to computers outside of your firewall, such as when you have a corporate extranet, SSL will ensure safe arrival of packets to your SharePoint farm, and IPSec will grant safe communication between the servers in your farm.

SharePoint Online (O365)

If you are using Office 365, Microsoft hosts your farm on their network. Microsoft has put a lot of thought and effort in security, since the success of their offerings hinges on your perception of how secure their network is, and they continue to improve. Microsoft states, as of the beginning of 2015:

Our latest encryption feature with which content in OneDrive for Business and SharePoint Online will be encrypted at rest will start rolling out to customers soon. With this, the encryption technology in Office 365 moves beyond a single encryption key per disk to deliver a unique encryption key per file.

Still, you may be uncomfortable with a third-party holding your data and your encryption keys on shared hardware. You might reasonably conclude that the O365 servers represent a ripe target for unscrupulous individual trawling the web. In the words of famed criminal Willie Sutton when asked why he robs banks, “That’s where the money is.”

If so, you should consider software that makes your data more secure in the cloud by encrypting it before it goes to Microsoft and keeping a copy of the key locally. Other options withhold portions of your data from ever making it to the cloud, while others make monitoring and enforcing your security and governance policies easier and more transparent.

Either On-Prem or Online

Whether you host your own farm or use Office365, you’re going to want to look at these strategies for more secure data:

  • Role Based Access Control: You should have a thoughtful strategy for assigning roles to users and permissions to those roles. If your AD is a mess, the mail clerk who left the company six months ago might have access to your personnel file.
  • AD/Azure RMS: Different names depending on whether you host your farm or whether Microsoft does, but RMS (Rights Management Services) is the tool you use to make sure that someone doesn’t download that sensitive document and email it to the distribution group.

If trying to implement some of these tools on top of your regular workload is less funny than The Interview, give us a call. We’ve helped countless upstream, midstream, downstream, and services companies buy, build, and integrate software.