News

Microsoft Unveils Managed Solutions Gallery for SharePoint

• By Kurt Mackie
• October 24, 2016

Microsoft recently unveiled a new Managed Solutions Gallery for SharePoint Server that's designed to assure users that code for SharePoint applications is trusted.

Aimed at organizations that have built custom SharePoint applications, the new security capability can be used in SharePoint 2010, 2013 and 2016. Organizations running those servers will get the Managed Solutions Gallery as part of an October software update, according to an announcement last week at the Microsoft Tech Community. However, Microsoft's TechNet article on using the Managed Solutions Gallery describes it as being part of a "September Public Update."

Microsoft's announcement last week might have been missed because it was published in the Microsoft Tech Community, which is Microsoft's replacement for a Yammer-based technical support forum. Microsoft rolled out this new tech portal because the Yammer-based one wasn't considered search-friendly. However, Microsoft Tech Community posts still seem somewhat obscure. For instance, a Google search still doesn't find them readily.

A Sandbox Alternative?
The new Managed Solutions Gallery seems to be an alternative to Microsoft's deprecated sandbox approach for running managed code in SharePoint applications.

Microsoft basically told organizations about two years ago to stop using the sandbox approach for SharePoint Online applications. In late July, it disabled the sandbox for SharePoint Online. This move meant that the sandbox was no longer available to run managed code, such as C# or Visual Basic, although it was still possible to run declarative or no-code solutions, such as JavaScript, with SharePoint Online applications.

Microsoft's removal of the sandbox for running managed code has meant a scramble of sorts for some organizations. They've needed to find where managed code was run for applications that were built perhaps years ago. For instance, the sandbox was once a popular way for SharePoint Server 2010 users to add application capabilities to InfoPath forms. The idea back then was to run custom code on the server to unburden the client, but Microsoft doesn't like this approach anymore for security reasons.

Support for finding such older sandbox applications is available using tools from both Microsoft and its partner Rencore. Microsoft's "transformation" guidance away from the sandbox approach can be found at this page.

Microsoft's New Guidance
Last week, Microsoft introduced the Managed Solutions Gallery for SharePoint Server 2010, 2013 and 2016 and indicated that it had updated its "guidance for code-based sandbox solutions in SharePoint Server on premises." According to this new guidance, organizations "should allow only known and trusted code-based sandbox solutions to execute in their on-premises SharePoint farms." The Managed Solutions Gallery appears to be Microsoft's means for making that happen for its SharePoint Server customers.

The Managed Solutions Gallery will create a document library that defines which code gets trusted. The library is just accessible to SharePoint farm administrators or personnel with contribute authority. Code in SharePoint applications will only activate if it matches the version that exists in the Managed Solutions Gallery, according to the Microsoft Tech Community description.

IT pros will have to set up the Managed Solutions Gallery if they want to use it. The setup process requires running a few PowerShell cmdlets, according to the TechNet article.

InfoPath Support?
Even though the Managed Solutions Gallery is available to support SharePoint Server environments, it doesn't seem to be designed to work with InfoPath forms that contain code. At least that's what Microsoft seems to be saying in this support article. Possibly, the article is saying that InfoPath 2013 has to be used. It's not too clear.

In general, Microsoft now seems to be signaling that it is moving away from the sandbox server approach for running managed code in applications for SharePoint Server products, as well as for SharePoint Online (which is already deprecated). However, the Microsoft Tech Community article on the Managed Solutions Gallery didn't indicate use the word "deprecation," so the shift seems to more at the advisory level right now.

Ultimately, Microsoft's preferred approach for running managed code for SharePoint applications is to use its client-side add-ins model.