###BeginCaseStudy###

Topic 5, Contoso Ltd
Background
You are the SharePoint server administrator for Contoso, Ltd. Contoso has a SharePoint 2010
environment hosted on SharePoint Online and a separate on-premises SharePoint 2010 farm. You are
preparing to upgrade the environments to newer versions of SharePoint. You are also planning to
support a hybrid on-premises/cloud deployment that will be available to customers, partners, and thirdparty vendors.
Contoso collaborates with a partner company, Tailspin Toys, on multiple projects.
Technical Environment
All user groups reside in the existing Active Directory Domain Services (AD DS) domain
corp.contoso.com.
The existing SharePoint Online environment is configured as follows:
 The SharePoint Online URL assigned by Microsoft is
http://contoso.sharepoint.com.
 The SharePoint Online Administration Center URL is
https://contoso.admin.sharepoint.com.
 The user name for the Contoso Office 365 administrator is
admin@contoso.com.
 An existing line-of-business application provides an OData service that is
hosted in Microsoft Windows Azure SQL Database.
The site collections are described in the following table.

Business Requirements
The upgraded SharePoint environments must meet the following business requirements:
 All SharePoint 2013 features must be available to all users when
connecting from inside or outside of the corporate network.
 Users of the Partner Projects site collection must be able to share
content from their Microsoft Outlook clients and receive content from external
users who send email directly to the site.
 The Corporate Projects site collection must be available to internal users
who connect from outside of the corporate network and must not require a
VPN connection. Third-party vendors must be able to read and modify documents.
Technical Requirements
You must meet the following technical requirements:
 Before upgrading the Partner Projects site collection, create a duplicate,
upgraded copy of the site for review and verification purposes.
 Use Active Directory Federation Services (AD FS) 2.0 to authenticate
Contoso employees, partners, and customers.
 Automate the sign-in experience by using the local AD FS 2.0 servers for
AD FS single sign-on (SSO).
 Ensure that a web usage report that contains traffic reports, search
reports, and inventory reports can be provided for any site.
The upgraded SharePoint environments must meet the following technical requirements:
 All user profile information that resides in Active Directory must be
available in SharePoint Online.
 All sites must be able to share a mail-enabled document library that
resides in the cloud.
 The existing line-of-business application must be consumed as an
external content type by using Microsoft Business Connectivity Services (BCS).
 The Partner Projects site collection must allow Contoso and Tailspin
Toys users to share documents with third-party vendors on an ad-hoc basis,
without incurring additional licensing requirements.

###EndCaseStudy###

DRAG DROP
You need to provide access to the Corporate Projects site collection to remote internal users.
Which authentication mode and site collection URL should you use? (To answer, drag the appropriate
answer choices to the correct location or locations in the answer area. Each answer choice may be used
once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view
content.)

Answer: See the explanation

Explanation:
Box 1: DirectAccess authentication
Box 2: Path-based site collections
Note:
* From scenario: Automate the sign-in experience by using the local AD FS 2.0 servers for AD FS single
sign-on (SSO).
* The Corporate Projects site collection must be available to internal users who connect from outside of
the corporate network and must not require a VPN connection
* DirectAccess authenticates the computer before the user logs on. Typically, computer authentication
grants access only to domain controllers and DNS servers. After the user logs on, DirectAccess
authenticates the user, and the user can connect to any resources he or she is authorized to access.
DirectAccess supports standard user authentication using a computer certificate and user account name
and password credentials.
DirectAccess supports standard user authentication using a computer certificate and user account name
and password credentials. For greater security, you can implement additional authorization with smart
cards. This type of configuration allows users to access Internet resources without their smart cards, but
requires a smart card before users can connect to intranet resources. A user must insert a smart card in
addition to typing his or her user credentials. Smart card authorization prevents an attacker who
acquires a user’s password (but not the smart card) from accessing the intranet. Similarly, an attacker
who acquires the smart card but does not know the user’s password does not have access.
When smart cards are required for end-to-end authentication, you must use Active DirectoryDomain
Services (AD DS) in Windows Server 2008 R2.* From scenario: Ensure that a web usage report that contains traffic reports, search reports, and
inventory reports can be provided for any site.
* Microsoft SharePoint supports both path-based and host-named site collections. The primary
difference between path-based and host-named site collections is that all path-based site collections in
a Web application share the same host name (DNS name), and each host-named site collection in a Web
application is assigned a unique DNS name.
Path-based site collections
Ex: http://www.company.com/sites/cust1
http://www.company.com/sites/cust2
http://www.company.com/sites/cust3
Host-named site collections
Ex: http://cust1.company.com
http://cust2.company.com