Scenario: Configure Federated Sharing Between Exchange Organizations

In this scenario, you're the administrator for Contoso, Ltd. and your organization entered into an agreement with Fabrikam, Inc. to develop a product that will be jointly marketed and sold by both organizations. To enable collaboration between the two organizations, management has directed that users from the Marketing and Engineering departments of both organizations must be able to access each other's availability information. Management for both organizations also prefers that this collaboration should occur with minimal or no effort by users.

Contoso also collaborates with Litware, Inc. This collaboration is limited to a small subset of users, and management directs that users from both organizations should be able to establish sharing relationships with each other. Sharing of contacts and free/busy information should be allowed, however no additional calendar information should be shared between the organization users.

Additionally, Contoso users want to share their calendar information with family members to help coordinate outside activities that they manage in Outlook.

Lastly, the IT management of Contoso, Fabrikam, and Litware has directed that sharing should occur without having to:

• Create any Active Directory forest or domain trusts.
• Use Exchange credentials between the organizations or individuals.
• Establish a VPN between the organizations or individuals.

For additional management tasks related to federated sharing, see Sharing.

What do you need to know before you begin?

• Estimated time to complete this task: 30 minutes.
• Procedures in this topic require specific permissions. See each procedure for its permissions information.
• All external Exchange organizations must have a federation trust configured with the Microsoft Federation Gateway.
• For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in the Exchange Administration Center.

How do you do this?

Step 1: Configure a federation trust

To configure federated sharing with Fabrikam and Litware, create a federation trust with the Microsoft Federation Gateway (if one hasn't already been created). This isn't required for sharing information with Contoso users' family members. This one-time procedure is required to use Exchange 2013 federated sharing features.

To determine if the Fabrikam and Litware organizations already have federation established with the Microsoft Federation Gateway, run the Get-FederationInformation cmdlet.

For detailed instructions, see Configure a Federation Trust.

Step 2: Create an organization relationship

Create an organization relationship for the organizations that need to collaborate with users in the Contoso organization.

Use the EAC to create an organization relationship

You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the “Calendar and Sharing Permissions” section in the Recipients Permissions topic.

1. On an Exchange 2013 server in your on-premises organization, navigate to the Organization > Sharing.
2. Under Organization Sharing, and click New.
3. In Organization Relationship, in the Relationship name box, type a friendly name for the organization relationship. For example, “Fabrikam”.
4. In the Domain to share with box, type the federated domain or federated subdomain for the external federated Exchange organization you want to configure for federated sharing. If you need to enter multiple domains for the external federated Exchange organization, separate the domains with a comma. For example, fabrikam.com.
5. Select the Enable calendar free/busy information sharing check box to set the sharing level for calendar free/busy information and to define the internal users who can share calendar free/busy information.
   To set the free/busy access level, select one of the following:
   • Calendar free/busy information with time only
   • Calendar free/busy with time, subject, and location
     To specify that internal users in the Marketing and Engineering departments will be sharing calendar free/busy information, select:
   • A specified security group
     To specify a security group, click Browse and select the Marketing and Engineering department security groups.
6. Click Save to create the organization relationship.
7. To allow users in both organizations to see availability information for each other, the administrator from Fabrikam, Inc. must also create an organization relationship with your organization.

Use the Shell to create an organization relationship

1. The Contoso administrator uses the following to create an organization relationship with Fabrikam in the Shell:

   New-OrganizationRelationship -Name "Fabrikam" -DomainNames "fabrikam.com" -FreeBusyAccessEnabled $true -FreeBusyAccessLevel LimitedDetails - FreeBusyAccessScope "Marketing","Engineering"
   

2. To allow users in both organizations to see availability information for each other, the administrator from Fabrikam, Inc. must also create an organization relationship with your organization.

How do you know this step worked?

The successful completion of the New organization relationship wizard will be your first indication that the creation of the organization relationship worked as expected.

To further verify that you have successfully created the organization relationship, run the following Shell command to verify the organization relationship information:

Get-OrganizationRelationship | format-list

Step 3: Create and configure a sharing policy

Create a sharing policy for users who need to collaborate with users in the Litware.com domain. Create the sharing policy with the following specifications:

• To determine if the Litware organization already has federation established with the Microsoft Federation Gateway, use the Get-FederationInformation cmdlet.
• Add the Litware.com domain to the sharing policy.
• Select the Calendar sharing with free/busy information only, Contacts sharing action for the policy.
• Assign the policy to users in your organization who need to collaborate with users from Litware.

Use the EAC to create a sharing policy

You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the “Calendar and Sharing Permissions” section in the Recipients Permissions topic.

1. On an Exchange 2013 server in your on-premises organization, navigate to Organization > Sharing.
2. In the Sharing tab, navigate to the Individual Sharing section and click to start the new sharing policy wizard.
3. In the Sharing Policy dialog, type a friendly name for the sharing policy in the Policy name field. For example “Litware”.
4. Click to define the sharing rules for the sharing policy.
5. In the Sharing Rule dialog, select the Sharing with a specific domain radio button to define the domains you wish to share with.
6. Type the domain you wish to share with, in this scenario it would be “litware.com”.
7. To define the calendar sharing levels you want to enforce for the sharing policy, select the Share your calendar folder check box. Since we only want to share basic free/busy information, we select the following radio button:
   • Free/busy information with time only
8. Since we also want to allow the sharing of contacts for the sharing policy, select the Share your contacts folder check box.
9. Click Save to set the rules for the sharing policy.
10. Since we only want this policy to apply to a small group of users, you don’t want to make this sharing policy the default sharing policy for users in your Exchange organization. Make sure the Make this policy my default sharing policy check box isn’t selected.
11. Click Save to create the sharing policy.
12. Apply the sharing policy to the users or groups that should use this sharing policy. You can either assign to individual user mailboxes or use bulk editing to apply to more than one user mailbox. For more information, see Manage User Mailboxes.

Use the Shell to create a sharing policy

1. The Contoso administrator uses the following to create an organization relationship with Litware in the Shell:

   New-SharingPolicy -Name "Litware" -Domains 'litware.com: CalendarSharingFreeBusySimple', ContactsSharing'
   

2. Apply the sharing policy to the users or groups that should use this sharing policy. You can either assign to individual user mailboxes or use bulk editing to apply to more than one user mailbox. For more information, see Manage User Mailboxes.

How do you know this step worked?

The successful completion of the New sharing policy wizard will be your first indication the creation of the sharing policy worked as expected.

To further verify that you have successfully created the sharing policy, run the following Shell command to verify the sharing policy information.

Get-SharingPolicy <policy name> | format-list

Step 4: Create a sharing policy for Internet Calendar Publishing

Create a dedicated anonymous sharing policy or update the default sharing policy for Contoso users who need to collaborate with their family members.

For detailed instructions, see Enable Internet Calendar Publishing.

How do you know this task worked?

To verify that the administrator has configured sharing correctly, the administrator would verify the following:

• All users can view the availability information for users in the Marketing and Engineering departments of Fabrikam.
• Users in the organization who have the new sharing policy applied can send individual sharing invitations to users from Litware, Inc.
• Contoso users can invite their friends and family to view their calendar information by providing a link to their published calendar. Family members don't need special credentials to access the information.