News

Microsoft Offers Tips To Eliminate Code-Based Sandbox Use in SharePoint

• By Kurt Mackie
• 08/10/2016

Microsoft this week offered some guidance for organizations dealing with the coming demise of code-based sandbox support in SharePoint sites.

Organizations may be reeling a bit after Microsoft's announcement late last month that it planned to go through with a long-planned deprecation of its code-based sandbox support in SharePoint. The sandbox is used to run custom code, such as adding extra functionality to InfoPath forms, but Microsoft is getting rid of that approach in favor of the use of SharePoint Add-ins or "remote-based API solutions" instead.

Microsoft is specifically deprecating the running of managed code in the sandbox (using C# or Visual basic, for instance). The use of declarative or no-code solutions (such as JavaScript) is still supported.

Guide and Script
A few resources were described this week by Vesa Juvonen, a senior program manager for SharePoint engineering at Microsoft and a Microsoft Certified Master, in a blog post. He wrote a "transformation guidance" MSDN article that explains the code-based sandbox approach and the steps to take to identify its use in SharePoint sites. It's an inventory approach to focus on the problem areas. From that point, organizations can perhaps eliminate the unused applications rather than going about building substitute solutions, he suggested.

Microsoft's planned deprecation also applies to SharePoint servers. While Microsoft had described its deprecation plans last month as applying to SharePoint Online, Juvonen noted in the MSDN article that "code-based sandbox solutions are also deprecated in SharePoint 2013 and in SharePoint 2016."

Microsoft is offering a script for SharePoint Online, which can be used to perform a sandbox inventory. The script can be downloaded from a link in Juvonen's blog post. However, Microsoft MVP Mark D. Anderson noted in a blog post that this script seems to just indicate sandbox use. It lacks the ability to indicate the use of managed code, which is the aspect that is getting deprecated.

Rencore's Tool
Alternatively, organizations can use a free tool released by Rencore. This Sandboxed Solutions Inspector application does a little more work than Microsoft's script. It will identify sandbox use with SharePoint Online tenants, but it also identifies the use of active code, showing which site elements are involved, according to a Rencore blog post by Erwin van Hunen, a product manager for transformation at Rencore. He's also a Microsoft MVP and a Microsoft Certified Master.

Rencore's Sandboxed Solutions Inspector carries out an additional step by detecting and automatically removing "empty code elements from the Sandboxed solutions." These empty code elements don't serve any purpose but they are "in every Sandboxed solution that was developed -- unless the developer took special action," van Hunen explained. The tool also flags solutions with complex assemblies and with no assemblies. Users get a report.

Organizations still need to upload the solutions again after running the Sandboxed Solutions Inspector tool, though, van Hunen said.

Microsoft has been working with Rencore on SharePoint patterns and practices as well as transformation guidance, according to a Rencore video featuring Juvonen. He said in that video that organizations have "30 days" before Microsoft will pull the plug on code-based sandbox support in SharePoint. Juvonen added, though, that it's presently not possible right now to activate any new coded sandbox solutions in SharePoint sites.

Rencore's tool works in a "slightly more detailed way" than Microsoft's own script for discovering sandbox use, Juvonen noted. Users don't need to know how to use PowerShell to use Rencore's tool, he added.