Scenario guidance updates

Author: VesaJuvonen

docs/scenario-guidance/Line-of-Business-integration.md

@@ -10,7 +10,7 @@ In order to access and consume LOB data and systems from within SharePoint, you
 Here follow some high-level guidelines and general rules that you should consider whenever you need to integrate SharePoint with any LOB system:
 
 * Try to consume REST-based APIs, rather than SOAP services or custom APIs, in order to being able to leverage modern development techniques and to use modern security protocols (OAuth 2.0, OpenID Connect, etc.).
-* Use a data cache intermediary, instead of directly consuming any external service, so that you can speed up the consumption process and avoid useless network roundtrips to retrieve data that you already requested from the LOB system.
+* Use a data cache intermediary, instead of directly consuming any external service, so that you can speed up the consumption process and avoid useless network round trips to retrieve data that you already requested from the LOB system.
 * Make your best to list data page by page, rather than listing all the data in "one huge shot", to avoid flooding the data cache and to overload the network bandwidth.
 * From an Authentication and Authorization perspective, tend to use services that leverage well-known protocols like OAuth 2.0, OpenID Connect, etc. and which are possibly registered in Azure Active Directory, in order to share a unique security infrastructure.
 
@@ -22,6 +22,8 @@ Whenever you need to consume LOB systems from a client-side solution, like a cli
 
 ### Articles
 * [Connect to API secured with Azure Active Directory](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/guidance/connect-to-api-secured-with-aad)
+* [Connect to Azure AD-secured APIs in SharePoint Framework solutions](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient)
+* [Consume enterprise APIs secured with Azure AD in SharePoint Framework](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient-enterpriseapi)
 
 ### Samples
 * [Call custom Web API secured with AAD from SharePoint Framework client-side web part](https://github.com/SharePoint/sp-dev-fx-webparts/tree/master/samples/react-aad-webapi)
@@ -56,6 +58,9 @@ _**Applies to:** Office 365 | SharePoint Online_
 
 While consuming LOB systems, another option that you have is to create SharePoint Online solutions that leverage on-premises data through an hybrid topology. For example, you can create an Azure App Service that connects to an on-premises infrastructure and consumes a SQL Server database, or any other on-premises data repository, through an Hybrid Connection.
 
+> [!NOTE]
+> This kind of solution architecture can have challenges with network latency. Due the direct hybrid connectivity, services in SharePoint Online would have a dependency on the on-premises services which is not optimal. It's recommended to have data cache intermediary in Azure side rather than connecting directly to the on-premises, even though technically this can be implemented relatively easily.
+
 ### Articles
 * [Create hybrid connectivity apps for SharePoint](https://docs.microsoft.com/en-us/sharepoint/dev/general-development/create-hybrid-connectivity-apps-for-sharepoint)
 * [Azure Relay Hybrid Connections protocol](https://docs.microsoft.com/en-us/azure/service-bus-relay/relay-hybrid-connections-protocol)

docs/scenario-guidance/Long-running-scheduled-operations.md

@@ -24,6 +24,7 @@ In this pattern, the long-running or scheduled operation is implemented in an Az
 
 - Does not require additional hardware to run the Azure Function (scheduling and implementation code).
 - Advantageous because it uses the Azure Function for scheduling as well as the implementation code, which makes it easy to manage in one ___location.
+- Maximum timeout for execution is 10 minutes (default 5 minutes), which means that if your process takes longer thant that, alternative options should be considered.
 
 #### Related resources
 

docs/scenario-guidance/Multi-geo-capabilities.md

@@ -1,8 +1,15 @@
+---
+title: Multi-Geo Capabilities
+ms.date: 03/21/2018
+---
+
 # Multi-Geo Capabilities
 
 ## Summary
 Multinational companies that have offices around the world often have needs to store their employee data at-rest in specific regions to meet their data residency requirements. The Multi-Geo Capabilities in Office 365, are a feature introduced in late 2017 that helps multinational customers address their regional, industry specific or organizational data residency requirements in Office 365.
+
 Multi-Geo enables a single Office 365 tenant to span across multiple Office 365 datacenter geographies (geos), and gives customers the ability to store their Exchange, SharePoint, and OneDrive data, at-rest, on a per-user basis, in their chosen geos.
+
 In this article you can find further details about the Multi-Geo Capabilities, as well as code samples, and videos. 
 
 ### Articles

docs/scenario-guidance/Performance.md

@@ -15,34 +15,26 @@ Implementing customizations in SharePoint places an even greater emphasis on eff
 - When referencing scripts and other assets, allow users to cache them for as long as possible to minimize the number of requests to the server and the amount of data to load.
 - Avoid excessive DOM manipulation that would trigger re-rendering of the page and delay its loading.
 
-## Available options
-
-### General recommendations
-
-### Handling SharePoint Online throttling
+## Handling SharePoint Online throttling
 
 _**Applies to:** Office 365_
 
 SharePoint Online uses throttling to prevent users from over-consuming resources. When a user runs CSOM or REST code that exceeds usage limits, SharePoint Online throttles any further request from the user for a period of time.
 
-#### Related resources
-
-##### Articles
+### Articles
 
 - [Handle SharePoint Online throttling by using exponential back off](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/handle-sharepoint-online-throttling-by-using-exponential-back-off)
 - [Avoid getting throttled or blocked in SharePoint Online](https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online)
 
-##### Samples
+### Samples
 
 - [SharePoint Online Throttling](https://github.com/SharePoint/PnP/tree/master/Samples/Core.Throttling)
 
-### SharePoint Framework
+## SharePoint Framework
 
 _**Applies to:** Office 365 | SharePoint Server_
 
-#### Related resources
-
-##### Articles
+### Articles
 
 - [Optimize builds for production](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/toolchain/optimize-builds-for-production)
 - [JavaScript Patterns and Performance](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/javascript-patterns-and-performance)
@@ -51,42 +43,38 @@ _**Applies to:** Office 365 | SharePoint Server_
 - [Use existing JavaScript libraries in SharePoint Framework client-side web parts](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/guidance/use-existing-javascript-libraries)
 - [Use the Office 365 content delivery network (CDN)](https://docs.microsoft.com/en-us/sharepoint/dev/general-development/office-365-cdn)
 
-### SharePoint Add-ins
+## SharePoint Add-ins
 
 _**Applies to:** Office 365 | SharePoint Server_
 
 The approaches you take to ensure optimal performance with SharePoint is different in the new SharePoint Add-in model than it was with Full Trust Code. In a typical Full Trust Code (FTC) / Farm Solution scenario most code operations took place in the SharePoint Server-side Object Model code.
 
-#### Related resources
-
-##### Articles
+### Articles
 
 - [JavaScript Patterns and Performance](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/javascript-patterns-and-performance)
 - [Performance considerations in the SharePoint add-in model](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/performance-considerations-sharepoint-add-in)
 - [Improve performance in SharePoint provider-hosted add-ins](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/improve-performance-in-sharepoint-provider-hosted-add-ins)
 - [Make batch requests with the REST APIs](https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/make-batch-requests-with-the-rest-apis)
 
-##### Videos
+### Videos
 
 - [Office Dev PnP Web Cast – JavaScript performance considerations with SharePoint](https://dev.office.com/blogs/javascript-performance-considerations-with-sharepoint)
 
-##### Samples
+### Samples
 
 - [Caching examples](https://github.com/SharePoint/PnP/tree/master/Samples/Performance.Caching)
 
-### Portals
+## Portals
 
 _**Applies to:** Office 365 | SharePoint Server_
 
-#### Related resources
-
-##### Articles
+### Articles
 
 - [Proven Practices for SharePoint Online Portals - Performance](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/portal-performance)
 - [Proven Practices for SharePoint Online Portals - Navigation Solutions](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/portal-navigation)
 - [JavaScript Patterns and Performance](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/javascript-patterns-and-performance)
 - [Optimize page performance in SharePoint](https://docs.microsoft.com/en-us/sharepoint/dev/general-development/optimize-page-performance-in-sharepoint)
 
-##### Videos
+### Videos
 
 - [Learn how to build a fast, responsive SharePoint portal in SharePoint Online](https://www.youtube.com/watch?v=tD3mkbfhIbM)

docs/scenario-guidance/Responding-to-changes.md

@@ -9,9 +9,7 @@ Before digging into the details of the various options that you have to handle c
 * If you are processing a synchronous event, try to avoid as much as you can blocking SharePoint. Rather refer to the asynchronous pattern described in the previous bullet.
 * Consider using an App-Only security model, whenever you need to do background processing of an event, so that you will not need to make the users' credentials flow into your event handling service/solution. Nevertheless, there are some activities which simply cannot be executed within an App-Only context. If that is the case, try to pass in a secure way an OAuth Access Token to the background job, rather than a set of user's credentials. The fact that an Access Token expires, and has a limited and pre-defined set of permission scopes associated, will keep the overall solution more secure.
 
-## Available options
-
-### Webhooks
+## Webhooks
 
 _**Applies to:** Office 365 | SharePoint Online_
 
@@ -36,7 +34,7 @@ For further details about Webhooks you can read the following articles, inspect
 * [Introduction to SharePoint webhooks](https://www.youtube.com/watch?v=P4a1_EWokwM)
 * [Getting started with SharePoint Webhooks](https://www.youtube.com/watch?v=IbVlDkmsh8w)
 
-### Remote Event Receivers
+## Remote Event Receivers
 
 _**Applies to:** SharePoint 2013 | SharePoint 2016 | SharePoint Online_
 
@@ -62,7 +60,7 @@ The Remote Event Receivers are a capability introduced with the SharePoint Add-I
 * [Introducing remote event receivers in SharePoint 2013](https://www.youtube.com/watch?v=jHoBgkUlK2M)
 * [Using appinstalled events to attach remote event receivers to SharePoint Host Webs](https://channel9.msdn.com/Blogs/Office-365-Dev/Using-appinstalled-events-to-attach-remote-event-receivers-to-SharePoint-Host-Webs-Office-365-Develo)
 
-### Event Receivers
+## Event Receivers
 
 _**Applies to:** SharePoint 2013 | SharePoint 2016_
 
@@ -73,7 +71,7 @@ The Event Receivers are a server-side event handling model, available in SharePo
 * [How to: Create an Event Receiver for a Specific List Instance](https://msdn.microsoft.com/en-us/library/ff398052.aspx)
 * [Table of SharePoint Events, Event Receivers, and Event Hosts](https://msdn.microsoft.com/en-us/library/office/ff408183(v=office.14).aspx)
 
-### Workflows
+## Workflows
 
 _**Applies to:** SharePoint 2013 | SharePoint 2016 | SharePoint Online_
 

docs/scenario-guidance/Security.md

@@ -10,17 +10,13 @@ SharePoint supports security for user access at the website, list, list or libra
 
 Authorization refers to the process by which SharePoint provides security for websites, lists, folders, or items by determining which users can perform specific actions on a given object. The authorization process assumes that the user has already been authenticated, which refers to the process by which SharePoint identifies the current user. SharePoint does not implement its own system for authentication or identity management, but instead relies on external systems, whether Windows authentication or non-Windows authentication.
 
-## Available options
-
-### General recommendations
-
-### General information
+## General information
 
 _**Applies to:** Office 365 | SharePoint Server_
 
-#### Related resources
+### Related resources
 
-##### Articles
+### Articles
 
 - [Authentication, authorization, and security in SharePoint](https://docs.microsoft.com/en-us/sharepoint/dev/general-development/authentication-authorization-and-security-in-sharepoint)
 - [Authorization and authentication of SharePoint Add-ins](https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/authorization-and-authentication-of-sharepoint-add-ins)
@@ -38,13 +34,13 @@ _**Applies to:** Office 365 | SharePoint Server_
 - [Moving Full Trust Code to the Cloud](https://github.com/OfficeDev/TrainingContent/blob/master/O3651/O3651-4%20Moving%20Full%20Trust%20Code%20to%20the%20cloud%20using%20repeatable%20patterns%20and%20best%20practices/Lab.md)
 - [A Series of Visual Studio Solutions to Accompany the MSDN Tutorial Series about Provider-hosted Add-ins](https://github.com/OfficeDev/SharePoint_Provider-hosted_Add-ins_Tutorials)
 
-##### Videos
+### Videos
 
 - [PnP Shorts - Implementing Web Application Policy alternatives in SharePoint Online](https://www.youtube.com/watch?v=zcmngkgQdTU&feature=youtu.be)
 - [PnP Webcast - Calling external APIs securely from SharePoint Framework](https://www.youtube.com/watch?v=SDjKRfHA1nw)
 - [PnP Webcast - Azure AD implicit flow with SPFx client-side web part with developer preview](https://www.youtube.com/watch?v=KRgHjF84xZc)
 
-##### Samples
+### Samples
 
 - [Dynamically request permissions for an add-in](https://github.com/SharePoint/PnP/tree/dev/Samples/Core.DynamicPermissions)
 - [PnP-IdentityModel](https://github.com/SharePoint/PnP-IdentityModel)
@@ -55,13 +51,11 @@ _**Applies to:** Office 365 | SharePoint Server_
 - [Access SharePoint data with the Cross Domain JavaScript Library](https://dev.office.com/code-samples-detail/5814)
 - [Access SharePoint data with the Cross Domain JavaScript Library and the REST\OData endpoints](https://dev.office.com/code-samples-detail/5815)
 
-### App-only access to SharePoint
+## App-only access to SharePoint
 
 _**Applies to:** Office 365 | SharePoint Server_
 
-#### Related resources
-
-##### Articles
+### Articles
 
 - [Add-in authorization policy types in SharePoint](https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-authorization-policy-types-in-sharepoint)
 - [Accessing SharePoint using an application context, also known as app-only](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly)
@@ -70,70 +64,48 @@ _**Applies to:** Office 365 | SharePoint Server_
 - [Developing using Tenant permissions with App-Only in SharePoint Online](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/development-experience-tenant-apponly-permissions-in-sharepoint-online)
 - [Getting Started with azure WebJobs ("timer jobs") for your Office 365 Sites](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/getting-started-with-building-azure-webjobs-for-your-office365-sites)
 
-##### Samples
+### Samples
 
 - [External Sharing APIs for SharePoint and OneDrive for Business (Core.ExternalSharing)](https://github.com/SharePoint/PnP/tree/master/Samples/Core.ExternalSharing)
 
-### Elevating privileges
+## Elevating privileges
 
 _**Applies to:** Office 365 | SharePoint Server_
 
 If your solution allows users to perform actions for which they don't have adequate individual permissions, it needs to elevate user's privileges to complete that operation. Different methods are used to elevate privileges in SharePoint Add-ins and farm solutions. Farm solutions elevate privileges by using `RunWithElevatedPrivileges(SPSecurity.CodeToRunElevated)`, which belongs to the SharePoint server-side object model. SharePoint Add-ins use either the app-only policy or service accounts.
 
-#### Related resources
-
-##### Articles
+### Articles
 
 - [Elevated privileges in SharePoint Add-ins](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/elevated-privileges-in-sharepoint-add-ins)
 - [Add-in authorization policy types in SharePoint](https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-authorization-policy-types-in-sharepoint#Scenario)
 - [App-only and elevated privileges in the SharePoint add-in model](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/app-only-elevated-privileges-sharepoint-add-in)
 
-### Azure AD Authentication/Authorization
+## Azure AD Authentication/Authorization
 
 _**Applies to:** Office 365_
 
 When using SharePoint Online you can define applications in Azure AD and these applications can be granted permissions to SharePoint, but also to all the other services in Office 365. This model is the preferred model in case you’re using SharePoint Online, if you’re using SharePoint on-premises you have to use the SharePoint Only model via based Azure ACS.
 
-> [!IMPORTANT]
-> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact SharePoint add-in model which is using `https://accounts.accesscontrol.windows.net` hostname, which is not impacted by this retirement. See more details on this from [Impact of Azure Access Control retirement for SharePoint add-ins](https://dev.office.com/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins).
-
-#### Related resources
-
-##### Articles
+### Articles
 
 - [Accessing SharePoint using an application context, also known as app-only](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly)
 
-##### Videos
+### Videos
 
 - [Access Microsoft SharePoint with the Microsoft Graph](https://www.youtube.com/watch?v=bBILnF5Tf_k)
 
-##### Samples
+### Samples
 
 - [PowerShell to enable low trust authentication model at on-premises](https://github.com/SharePoint/PnP-Tools/tree/master/Scripts/SharePoint.LowTrustACS.Configuration)
 - [SharePoint Web Hooks Azure AD reference implementation](https://github.com/SharePoint/sp-dev-samples/tree/master/Samples/WebHooks.List.AzureAD)
 
-### Government environments
-
-_**Applies to:** Office 365_
-
-When your Office 365 tenant is hosted in an specific environment like the Germany, China or US Government environments there are some additional considerations that you have to take into account.
-
-#### Related resources
-
-##### Articles
-
-- [Authorization considerations for tenants hosted in the Germany, China or US Government environments](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/extending-sharepoint-online-for-germany-china-usgovernment-environments)
-- [Office 365 US Government](https://technet.microsoft.com/library/mt774581.aspx)
-
 ### Authorization considerations for tenants hosted in Germany, China or US
 
 _**Applies to:** Office 365_
 
 When your Office 365 tenant is hosted in an specific environment like the Germany, China or US Government environments there are some additional considerations that you have to take into account.
 
-#### Related resources
-
-##### Articles
+### Articles
 
 - [Authorization considerations for tenants hosted in the Germany, China or US Government environments](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/extending-sharepoint-online-for-germany-china-usgovernment-environments)
 - [Learn about Office 365 Germany](https://support.office.com/en-US/article/Learn-about-Office-365-Germany-8a5a4bbc-667a-4cac-8769-d8ac9015db4c)