News

Microsoft Unveils Managed Solutions Gallery for SharePoint

Microsoft recently unveiled a new Managed Solutions Gallery for SharePoint Server that's designed to assure users that code for SharePoint applications is trusted.

Aimed at organizations that have built custom SharePoint applications, the new security capability can be used in SharePoint 2010, 2013 and 2016. Organizations running those servers will get the Managed Solutions Gallery as part of an October software update, according to an announcement last week at the Microsoft Tech Community. However, Microsoft's TechNet article on using the Managed Solutions Gallery describes it as being part of a "September Public Update."

Microsoft's announcement last week might have been missed because it was published in the Microsoft Tech Community, which is Microsoft's replacement for a Yammer-based technical support forum. Microsoft rolled out this new tech portal because the Yammer-based one wasn't considered search-friendly. However, Microsoft Tech Community posts still seem somewhat obscure. For instance, a Google search still doesn't find them readily.

A Sandbox Alternative?
The new Managed Solutions Gallery seems to be an alternative to Microsoft's deprecated sandbox approach for running managed code in SharePoint applications.

Microsoft basically told organizations about two years ago to stop using the sandbox approach for SharePoint Online applications. In late July, it disabled the sandbox for SharePoint Online. This move meant that the sandbox was no longer available to run managed code, such as C# or Visual Basic, although it was still possible to run declarative or no-code solutions, such as JavaScript, with SharePoint Online applications.

Microsoft's removal of the sandbox for running managed code has meant a scramble of sorts for some organizations. They've needed to find where managed code was run for applications that were built perhaps years ago. For instance, the sandbox was once a popular way for SharePoint Server 2010 users to add application capabilities to InfoPath forms. The idea back then was to run custom code on the server to unburden the client, but Microsoft doesn't like this approach anymore for security reasons.

Support for finding such older sandbox applications is available using tools from both Microsoft and its partner Rencore. Microsoft's "transformation" guidance away from the sandbox approach can be found at this page.

Microsoft's New Guidance
Last week, Microsoft introduced the Managed Solutions Gallery for SharePoint Server 2010, 2013 and 2016 and indicated that it had updated its "guidance for code-based sandbox solutions in SharePoint Server on premises." According to this new guidance, organizations "should allow only known and trusted code-based sandbox solutions to execute in their on-premises SharePoint farms." The Managed Solutions Gallery appears to be Microsoft's means for making that happen for its SharePoint Server customers.

The Managed Solutions Gallery will create a document library that defines which code gets trusted. The library is just accessible to SharePoint farm administrators or personnel with contribute authority. Code in SharePoint applications will only activate if it matches the version that exists in the Managed Solutions Gallery, according to the Microsoft Tech Community description.

IT pros will have to set up the Managed Solutions Gallery if they want to use it. The setup process requires running a few PowerShell cmdlets, according to the TechNet article.

InfoPath Support?
Even though the Managed Solutions Gallery is available to support SharePoint Server environments, it doesn't seem to be designed to work with InfoPath forms that contain code. At least that's what Microsoft seems to be saying in this support article. Possibly, the article is saying that InfoPath 2013 has to be used. It's not too clear.

In general, Microsoft now seems to be signaling that it is moving away from the sandbox server approach for running managed code in applications for SharePoint Server products, as well as for SharePoint Online (which is already deprecated). However, the Microsoft Tech Community article on the Managed Solutions Gallery didn't indicate use the word "deprecation," so the shift seems to more at the advisory level right now.

Ultimately, Microsoft's preferred approach for running managed code for SharePoint applications is to use its client-side add-ins model.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.