Notes to Presenter: This slide deck was designed to consolidate the relevant content into a single...

2

Slide # Slides Presentation

3-13 Exchange Planning Kickoff Exchange Planning Kickoff

14-24 Exchange Planning Summary Exchange Planning Summary

25-39 Exchange Online Protection Exchange Online Protection

40-53 EOP Requirements vs. Feature Mapping

EOP Requirements vs. Feature Mapping

54-66 EOP Kickoff Presentation EOP Kickoff Presentation

67-79 EOP Assessment of the Environment

EOP Assessment of the Environment

80-167 EOP Technical Review EOP Technical Review

168-191 EOP Deployment Planning EOP Deployment Planning

192-202 Exchange DLP Kickoff Presentation Exchange DLP Kickoff Presentation

203-216 DLP Understanding the Environment

DLP Understanding the Environment

217-225 DLP Requirements Gathering DLP Requirements Gathering

226-271 DLP Technical Review DLP Technical Review

272-280 DLP Req. vs. Feature Mapping DLP Reg. vs. Feature Mapping

281-283 DLP Deployment Scenarios DLP Deployment Scenarios

Table of Contents

Exchange Deployment Planning

4

Partner MUST customize prior to deliverySoftware Assurance Planning Services

4

Speaker: Add info here

Title of presentation:

Technical Kickoff Presentation

Length of presentation:

Add info here

Audience: Customer IT Pro

Sales Cycle Alignment:

Engagement

Desired Outcomes:

Kickoff Planning Services engagement Introductions Review agenda

Modular Outline: Add more info hereInstructional slide to Partner:

REMOVE BEFORE PRESENTING TO CUSTOMER

Notes to Presenter: Slide to inform PS partner presenter on how to use and/or customize this deck. This deck contains slide notes on how to the slide. Remove the slide notes if you plan

on leaving this presentation with the customer. Modify the deck as necessary for your presentation

5

Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Exchange Deployment Planning Engagement Kick Off

Software Assurance Planning Services

Agenda

7

Introductions Project Team Engagement Overview / Agenda Q&A

Team {Partner}

8

Name Role

{Partner} Account Team

<Insert name here> Account Executive

<Insert name here> Microsoft Exchange Technical Specialist

<Insert name here> Services Executive

{Partner} Services Team

<Insert name here> Engagement Manager

<Insert name here> Architect

<Insert name here> Consultant

<Insert name here> Technical Account Manager

Customer Sponsor

Customer IT Pros

Business Stakeholders Management

Customer Project Lead

Customer Project

Manager

{Partner} Sponsor

Engagement

Manager

Consultant

Team {Customer}

9

Name Role / Focus area

{CUSTOMER} Core Team

<Insert name here>

Executive Sponsor

<Insert name here>

Project Manager

{CUSTOMER} Technical subject matter experts (SMEs)

<Insert name here>

Engagement Manager

<Insert name here>

Architect

<Insert name here>

Consultant

<Insert name here>

Technical Account Manager

Customer Sponsor

Customer IT Pros

Business Stakeholders Management

Customer Project Lead

Customer Project

Manager

{Partner} Sponsor

Engagement

Manager

Consultant

Name Role / Focus area

Product specific roles

<Insert name here>

Role 1

<Insert name here>

Role 2

<Insert name here>

Role 3

<Insert name here>

Role 4

Participation expectations

Keep to the schedule

Be present

Interact

Ask when things don’t add up

What you get

10

Recommended practices

A plan to get started

Get your questions answered

What we expect

Day 1 Agenda

Deployment Planning Services Agenda

11

Time Topic Description9:00 AM Intro/Kick-off A review of the workshop

and our goals.

9:30 AM Module – Describe Module

10:45 Break

11:00 AM Module – Describe Module

12:00 PM Lunch

1:00 PM Module – Describe Module

1:30 PM Lab/Demo – Describe Lab

2:30 Break

2:45 Lab/Demo – Describe Lab

3:15 PM Lab/Demo – Describe Lab

4:00 Review/Next Steps

Q&A

12

Thank you

13

14

Partner MUST customize prior to deliverySoftware Assurance Planning Services

14

Speaker: Add info here

Title of presentation:

Planning Services Engagement Summary and Plan of Action

Length of presentation:

Add info here

Audience: Customer TDM and IT Pros

Sales Cycle Alignment:

Engagement wrap-up

Desired Outcomes:

Outline the outcomes of the engagement Plan next actions for client Deliver Proposals for ongoing consulting

Modular Outline: Add more info here Instructional slide to Partner: REMOVE BEFORE PRESENTING

TO CUSTOMER

Notes to Presenter: Slide to inform PS partner presenter on how to use and/or customize this deck. This deck contains slide notes on how to use the slides. Remove the slide notes if you

plan on leaving this presentation with the customer. Modify the deck as necessary for your presentation

15

Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Exchange Deployment Planning Engagement SummaryPresenter Name, TitleDate

Software Assurance Planning Services

Agenda

17

Findings Recommendations Next Steps

Discover

Where we are today

18

What did we do? What did we find? What’s next?

Plan DeployTest

Assessment Findings

Validate Design Pilot / Production Deployment

Architecture Design

Findings• Problem and Solution Statement Recap• Notable Current State Items Found• Requirements• Assumptions• Constraints• Issues / Risks

What did we find?

19

Recommendation 1 Recommendation 2 Recommendation 3…

What do we recommend?

20

Partner – insert Solution Concept diagram here• Be prepared to discuss the architecture

Solution Concept Diagram

21

Next step 1 Next step 2 Next step 3…

Next Steps

22

Full Exchange 2013 Architecture Engagement

Proof of Concept Production Pilot Production Deployment

Migration: Connect to our Offerings

23

Thank you

24

Exchange Data loss Prevention & Exchange Online

Protection

Requirements GatheringSpeaker NameTitleOrganization

Exchange Online Protection Deployment Planning and Pilot

Copyright© Microsoft Corporation

• Introduction and context.

• Requirements Discussion.

• Documenting the Requirements.

• Next Steps.

Agenda

29


• Business and technical requirements will be gathered in this session.

• Later in the workshop, these requirements will be mapped against EOP features and settings.

• Final recommendations document will contain a summary of all the requirements gathered during this session.

Introduction and Context

30

Business Requirements

31

# Requirement

BR01

BR02

BR03

BR04

Mail Routing Requirements

32

# Requirement

MRR01

MRR02

MRR03

MRR04

Policy/Compliance Requirements

33

# Requirement

PCR01

PCR02

PCR03

PCR04

Anti-Spam Requirements

34

# Requirement

ASR01

ASR02

ASR03

ASR04

Anti-Malware Requirements

35

# Requirement

AMR01

AMR02

AMR03

AMR04

Reporting Requirements

36

# Requirement

RR01

RR02

RR03

RR04

Administration Requirements

37

# Requirement

AR01

AR02

AR03

AR04

Next Steps…

38

Requirements MappingSpeaker NameTitleOrganization

EOP Deployment Planning and Pilot



• Requirements Vs. Feature/Settings Mapping.

• Next Steps.

Agenda

43


• Business and technical requirements discussed earlier will be reviewed in this session.

• All the requirements will be mapped against EOP features and settings.

• Summary of this discussion will be included in the final recommendation document


44


45

# Requirement Yes/No/Partial

EOP Feature/Setting

BR01

BR02

BR03

BR04

Mail Routing Requirements

46


EOP Feature/Setting

MRR01

MRR02

MRR03

MRR04

Policy/Compliance Requirements

47


EOP Feature/Setting

PCR01

PCR02

PCR03

PCR04

Anti-Spam Requirements

48


EOP Feature/Setting

ASR01

ASR02

ASR03

ASR04

Anti-Malware Requirements

49


EOP Feature/Setting

AMR01

AMR02

AMR03

AMR04

Reporting Requirements

50


EOP Feature/Setting

RR01

RR02

RR03

RR04

Administration Requirements

51


EOP Feature/Setting

AR01

AR02

AR03

AR04

Next Steps…

52

Exchange Online Protection Engagement Kick OffSoftware Assurance Planning Services

57

Agenda


Team {Partner}

58

Name Role



<Insert name here> Microsoft Technical Specialist/Architect




<Insert name here> EOP Technical Consultant

{Partner} Sponsor Engagement Manager Consultant

59

Team {Customer}Name Role / Focus area

{CUSTOMER} CoreTeam <Insert name here> Executive Sponsor

<Insert name here> Project Manager


<Insert name here> IT Manager

<Insert name here> IT Pro

<Insert name here>

<Insert name here>

60



Be present

Interact


What you get


End to end view

Limited production pilot


What we expect

61

Deployment Planning and Limited Pilot3-Day Agenda

62

Day 1 Agenda

Deployment Planning and Limited Pilot

Time Topic Description

9:00 AM Intro/Kick-off A review of the workshop and our goals.

9:15 AM Understanding the environmentUnderstand the solution environment and review the responses to the pre-engagement questionnaire.

10:00 AM Requirements gathering

11:00 AM Break

11:15 AM EOP technical overview Understand the core technical features of EOP

12:30 PM Lunch

1:15 PM EOP Technical overview (continued..)

3:00 Break

3:15 PM Deployment planning.Discuss the various deployment options and identify the one most suitable for the customer.

4:45 PM Solution alignment discussionEnsure that customer requirements are correctly mapped to various EOP features.

63

Day 2 Agenda



9:00 AM Preparing findings and recommendations Deliverable to the customer

12:00 Noon DebriefDiscuss the findings and recommendations with the customer

12:30 PM Lunch

1:15 PM Limited production pilotDeploy EOP in production environment for a limited set of users.

5:30 PM Pilot status checkReview by customer and partner resources to check the status of the limited production pilot.

64

Day 2 Agenda



9:00 AM Preparing findings and recommendations Deliverable to the customer

12:00 Noon DebriefDiscuss the findings and recommendations with the customer

12:30 PM Lunch

1:15 PM Limited production pilotDeploy EOP in production environment for a limited set of users.

5:30 PM Pilot status checkReview by customer and partner resources to check the status of the limited production pilot.

65

Q&A

66

Thank you

Assessment of the EnvironmentSpeaker NameTitleOrganization

Exchange Online Protection Planning Services


• Introductions and context.

• Messaging Environment.

• Current Secure Email Gateway Solution.

• Current Challenges.

Agenda

70


• This is an interactive session to understand the solution environment.

• During this session environmental factors affecting EOP deployment will be discussed.

• Customer can provide the required details either during the discussions or at the end of the session.


71






Agenda

72


Platform

• Exchange 2XXX• Lotus Domino XXX• Exchange Hybrid• Office 365

Architecture

• Mail flow• Network locations• Firewall rules• DirSync with Azure AD

Messaging Environment

73


Domains

• Number of authoritative domains

• List of authoritative domains

Usage

• Bulk mailing within the organization

• Recent incidents of spam

• Recent incidents of virus outbreak


74






Agenda

75


Platform

• Product/service used• Online components• On-premises components• Use of DKIM

Configuration

• Scanning of outbound and inbound flow

• Anti-virus rules• Anti-spam rules• Allow/block IP list• Safe user list• Handling of quarantined

messages

Current Secure Email Gateway Solution

76


Management

• Administration tools• Reporting• Notifications to

administrators and end users

• Managing quarantined messages

Add-Ons

• E-mail encryption• TLS domains• TLS users• Address rewrite• Content filtering

Current Secure Email Gateway Solution

77


Open Discussion

Current Challenges

78

Exchange Online Protection – Technical OverviewSpeaker NameTitleOrganization

83 Copyright© Microsoft Corporation

Agenda

• Introduction

• Getting Started - Basic Management Tasks

• Policy and Compliance Features

• Anti-spam and Anti-malware Protection

• Reporting and Message Tracing

• Best Practices for Configuring EOP

• Exchange Data Loss Prevention

• Office 365 Message Encryption and S/MIME


Introduction

84

• Exchange Online Protection

• is a cloud based email filtering service.

• provides protection against spam and malware.

• includes features to safeguard messaging policy violations.

• Standalone Scenario: EOP can provide protection for any on-premises SMTP email solution.

• Exchange Online Scenario: By default Exchange Online (Office 365) mailboxes are protected by EOP.

• Hybrid Deployment Scenario: EOP can be configured to protect your messaging environment and control mail routing.

85

Comprehensive protectionMulti-engine anti-malware protection Continuously evolving anti-spam protection

Introduction

Enterprise class reliabilityGeographically load-balanced datacenters

Queuing capabilities to help ensure no mail is lost

Live Phone Support

Streamlined administration consoleOffice 365 integration

Detailed reporting

86

• EOP runs on a worldwide network of data centers that are designed to provide the best availability.

• EOP performs load balancing between data centers but only within a region.• In the Americas all email messages are routed through U.S. data

centers.

• In EMEA all messages are routed through EMEA data centers.

• In Asia-Pacific all messages are routed through APAC data centers (CY Q3 2014)

• For the GCC all messages are routed through U.S. data centers.

Geocentric Affinity


Agenda

• Introduction









Sign up for the EOP Service• Try before you buy• EOP Subscription Plans

• Standalone• Built into Exchange Online• Exchange Enterprise CAL with

ServicesClick to insert photo.

88


Deployment Process - Overview

Verify prerequisite

s

Validate domains

Configure mail flow

Customize spam and

policy settings

Enable mail flow

Monitor and fine tune


Prerequisites

Username and password of Office 365 Global Admin

and Exchange Organization

Administrator.

Domain names to be protected by EOP.

Inbound and outbound public IP

addresses.

Open firewall port 25 to Exchange Online

Protection IP Addresses.

Modern web browser.


Domain Validation

• Email domains to be protected should be added in the Office 365 admin center.

• A TXT record is provided for entry into DNS to perform verification.

91


Configure Mail Flow - Standalone• Create an EOP outbound connector

to deliver mail on-premises.

• Create an EOP inbound connector to accept mail from on-premises.


Match subdomainsWhen the match subdomains feature is enabled for a domain, emails can be sent and received for subdomains on this domain

Custom Mail Flow – Connector ScenariosScenario Description

Outbound Smart Hosting

Outbound mail is redirected to an on-premises server that applies additional processing before delivering mail to its final destination.

Regulated Partner with Forced TLS

Forced inbound and outbound transport layer security (TLS) is used to secure communication with a partner.

Conditional Mail Routing

A connector associated with a transport rule routes mail to a specific site.

Hybrid When configuring hybrid deployments manual steps are not recommended for creating connectors. The Office 365 team has created tools to automate the setup process and make it much easier.


Enable Mail Flow - Standalone

Change the MX record.

After 72 hours restrict on-premises firewall to accept port 25 traffic

only from EOP.

Create send connector with EOP as smart

host in the on-premises server for

Internet bound emails.


Monitor and Fine Tune

• Based on customers needs, is the service operating as expected?

• Make any adjustments to rules or settings as needed.

• Evaluate effectiveness of spam settings.

DEMOConnector Configuration

97


Recipient in EOP

Users

• Users are the recipients within your EOP managed domains.

• Transport rules can be applied to users.

• Users can be assigned management roles.

• Users with management role group privileges can access the Exchange admin center (EAC).

Contacts

• Contacts represent recipients outside of the EOP managed domains who can be displayed in the address book.

• Contacts can be used when creating transport rules.

• Can be used with transport rules.

• They can’t sign in to the EAC.


Managing Recipients in EOP

Synchronized

• Recommended when company has existing user accounts in an on-premises Active Directory.

• Microsoft Azure AD Directory Sync tool is required.

• Recipients can be viewed as read only in EAC.

Manual

• Add and manage users in EAC• Created and managed directly

in Office 365 admin center. These recipients are not viewable in the EAC.

Directory Synchronization

100

Automated user/group management• Ideal solution for

organizations with on-premises Active Directory.

• Easier creation of rules based on user addresses.

• Allows for use of security group membership for configuration and rules.

• Synchronize Outlook safe/blocked sender lists.

On-premises Exchange Online Protection

Microsoft Azure Directory Sync

DEMOManaging Recipients

101


Admin Roles in EOP• Role based

administration model.

• A user can be added to multiple role groups.

• Each role group can perform specific tasks in EOP.

• Managed from the EAC.

Click to insert photo.

Feature PermissionsEOP Feature Role Group Membership Required

Anti-malware Organization Management ,Hygiene Management

Anti-spam Organization Management ,Hygiene Management

Domains Organization Management ,View-Only Organization Management

Inbound and Outbound connectors

Organization Management

Message trace Organization Management , View-Only Organization Management

Organization configuration Organization Management

QuarantineOrganization Management , View-Only Organization Management , Hygiene Management

Users, Contacts, and Role Groups

Organization Management ,View-Only Organization Management ,Hygiene Management

View reports Organization Management , View-Only Organization Management

http://technet.microsoft.com/en-us/library/dd335087(v=exchg.150).aspx



























DEMOManaging Admin Role Groups

104


Remote PowerShell can be used to manage• users and domains• permissions• anti-spam and quarantine

settings• anti-malware settings• transport rules• Connectors• message tracing• reports

105

106


Agenda

• Introduction








107


Auditing Reports

Purpose of Reports

• Help meet regulatory, compliance, and litigation requirements.

• Help troubleshoot configuration and security related issues.

Types of Reports

• The administrator role group report lets you view when a user is added to or removed from membership in an administrator role group.

• The administrator audit log records any action, based on an Exchange Management Shell cmdlet, performed by administrators or users who have been assigned administrative privileges.

DEMOAuditing ReportsAdministrator Audit Log

108


Transport Rules

Regulatory requirements and company policies require applying of messaging restrictions, content filtering, disclaimers etc. on emails.

109

Transport rules are created.

Emails are inspected

by transport

rule agent.

If a message fits any of

the transport

rule condition

an action is taken.


Simple Policy Management

Transport rules consists of

Conditions Actions Exceptions

Conditions

Actions

Exceptions


Flexible rule conditions• Conditions can be formed

based on

Message size.

Attachment type.

Sender and recipient properties.

Contents of message subject, body or attachment.


Flexible rule actions• Actions are taken based on

rule conditions and exceptions.

Block or redirect

messages.

Modify messages.

Enforce TLS encryption.

Route messages through specific

connectors.


Transport Rule options• Rules can be configured to run

for a specific time period time

• Rules can be run in Test Mode

DEMO• Manage transport rules.• Domain based safe sender and

blocked sender list using transport rules.

114

115


Agenda

• Introduction




• Reporting and Message Trace





1. Connection filtering Blocks up to 80% of all spam based on IP block/allow lists.

2. Sender-Recipient Filtering

Blocks up to 15% of all spam based on internal lists and sender reputation.

3. Content FilteringBlocks up to 5% of all spam based on internal lists and heuristics.

Multi-layered anti-spam protection

EOP Inbound Filtering

Email is routed to Microsoft DC based on MX record resolution

(Contoso-com.mail.protection.outlook.com)

IP-based edge blocks

Reputation blocks

Malware Scanning

Content FilteringSafe

Sender/Recipient

Policy Enforcement

Custom RulesContent scanning

and Heuristics

Bulk Mail Filtering

SPF & Sender ID Filter

Quarantine

International Spam

Additional ASF Options

Customer Feedback

False Positives and

False Negatives

Spam Analysts

Corporate Network

EOP Network

AV Engine 1

AV Engine 2

AV Engine 3

Regular Expression blocks

URL blocks

Connection & Sender-Recipient Filtering

EOP Network

Outbound PoolOutbound Pool

EOP Outbound Filtering

High Risk Delivery Pool

High Score

Outbound Pool

Low ScoreSpam Protection

Content Scanning and Heuristics

Advanced Spam Management

Malware Scanning

Policy Enforcement

Custom Rules

Quarantine

Spam Analysts

Corporate Network

Bulk Delivery Pool

Bulk Mail

Internet

AV Engine 1

AV Engine 2

AV Engine 3

119


Spam Confidence Level(SCL)

When an email goes through the spam filtering

process it is assigned a score known as the Spam

Confidence Level (SCL) rating.

Based on the SCL rating, the EOP service takes

actions upon the messages.

SCL Ratings and Default Actions

120

SCL Rating

Spam Confidence Interpretation Default Action

-1 Non-spam coming from a safe sender, safe recipient, or safe listed IP address (trusted partner)

Deliver the message to the recipients’ inbox.

0, 1 Non-spam because the message was scanned and determined to be clean

Deliver the message to the recipients’ inbox.

5, 6 Spam Deliver the message to the recipients’ Junk Email folder. This can be changed.

9 High confidence spam Deliver the message to the recipients’ Junk Email folder. This can be changed.

Note: In order to ensure that the Move message to Junk Email folder action will work with on-premises mailboxes, you must configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP

121


• Creating the transport rules on-premises

Set-OrganizationConfig –SCLJunkThreshold 4

New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" - HeaderContainsWords "SFV:SPM" -SetSCL 6

New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" - HeaderContainsWords "SFV:SKS" -SetSCL 6

• End users need to be educated about the use of the Junk Mail folder in Outlook.

Configure Downstream Spam Action

Anti-Spam Policies

122

Connection Filtering

• Based on the reputation of an IP address or a range of IP addresses.

• This policy can be customized by adding IP addresses to Allow and Block lists.

• The “Enable safe list” option prevents missing email from certain well-known senders.

Content Filtering

• Filters inbound messages with inappropriate content.

• Can be customized to filter messages based on languages and countries of origin.

• Advanced spam filtering (ASF) options give administrators the ability to inspect various content attributes of a message.

Anti-Spam Policies

123

Bulk Mails

• By default all Bulk Mails are marked as spam.

• To allow incoming bulk emails, add the SMTP MAIL FROM address to a safe sender list.

Outbound Filtering

• Always enabled and cannot be changed.

• Outbound mails identified as spam are routed via high-risk delivery pool.

• Spamming users are added to blocked list. Service request is required for removal.

• Email notifications can be sent when suspicious or blocked messages have been identified.


Safe/Blocked Senders List• From Outlook and OWA end

users can add specific users and domains to the list

• Messages from blocked senders are not deleted, they land either in Junk folder or quarantine.

• When Directory Sync is run on-premises lists are propagated to the service.

124


International Spam

Messages can be blocked based on regions and languages

125


Directory Based Edge Blocking (DBEB)• Reject messages for invalid

recipients at the service network perimeter.

• If the address is not present in Azure AD, EOP blocks the message before filtering occurs

• NDR is sent to the sender informing them that their message was not delivered


DomainKeys Identified Mail (DKIM)

• EOP will begin supporting inbound validation of DKIM

• DKIM support will start with IPv6, later IPv4 as well

• The results of a DKIM-Signature validation will be stamped in the Authentication-Results header

• Customers will be able to write Exchange Transport Rules (ETRs) on the results of a DKIM validation to filter or route messages as needed. For example:

Authentication-Results: contoso.com; dkim=pass (signature was verified) header.d=example.com;

• In a future release, we will also provide DKIM signing.

DEMO• Connection filtering – customization• Content filtering – custom policy• Outbound filtering – editing default

policy.• Managing Safe Sender Lists for Bulk

Mailers

128

Spam Quarantine

129

• By default content-filtered spam is sent to the recipient’s Junk Email folder. This can be changed to be sent to quarantine.

• Messages are kept in the quarantine for a maximum of 15 days. If required, this number can be lowered.

Spam Quarantine• Advanced

search to locate quarantined messages.

• Available for administrators and end-users.

Spam Quarantine

• False positives can be reported to Microsoft

DEMO• Quarantine features for

administrators and end users.

132


End-User Spam NotificationsFrequency and language of the notifications can be configured.

Not available for messages matching transport rule conditions.

End-users can manage spam from notification emails.

133

End-User Spam Notification• Users can take action on

quarantined mails from their Inbox


Junk Email Reporting Add-in for Outlook• One-click reporting that

enables users to select junk email and submit it to Microsoft for analysis.

• The ability to select and then submit multiple email messages with a single click.

• Selected email messages are moved to the Microsoft Outlook Junk Email folder.

• Multi-language support

DEMO• Configuring end-user spam

notifications.

136

137


Anti-Malware Protection

Layered defense with multiple scan

engines

Real-time threat

response

Fast deployment

of anti-malware

definitions


Simple configuration

Delete messages.

Delete attachments.

Robust, customizable notifications.

Custom policies can be created to change the scope (user, group, or domain) and priority.

Sender notifications

Admin notifications

DEMO• Configuring anti-malware policies

139

140


Agenda

• Introduction









Reports in the Office 365 admin center• Reports on mail, spam and malware

volume

• Reports on how custom rules affects mail traffic

141


Enhanced mail protection report• When you click a report linka

new window opens and displays an interactive chart with summary level information.

• Date range is up-to 90 days.• Detailed data of a specific

point in the graph is displayed in tabular format.


Extended detailed reportDetailed data for messages that are older than 7 days is available for download


Requesting Detailed ReportNotification address can be provided


View the report request queue• Pending or completed requests

can be viewed• Pending requests can be

cancelled• Completed requests can be

downloaded


Excel based reporting for detailed analysis• Plugin can be downloaded from

http://www.microsoft.com/en-us/download/details.aspx?id=30716

• Detailed information about mail traffic, spam, malware etc.





Excel based reporting for detailed analysis• Reports matching transport

rules are also available.

DEMO• Mail Protection Reports Using the

Excel Reporting Workbook

148

Message Tracing

• Follows email messages as they travel through EOP.

• Tracks delivery status and actions taken on specific messages.

• Visibility up to 90 days in the past.

• An efficient tool to troubleshoot issues related mail flow and policy changes without contacting Microsoft technical support.

149

DEMO• Running a message trace.

150

151


Agenda

• Introduction






• Data Loss Prevention



Best Practices

152

Synchronize Recipients using

DirSync.

Restrict on-premises server to accept emails only from EOP.

Add SPF record DNS.

Set up on-premises outbound

connector to send <50 messages.

Make use of anti-spam options.

Fine tune anti-malware options.

Create transport rules for custom rules required for business.

Use reporting tools for

troubleshooting.

153


Agenda

• Introduction








• DLP policies are simple packages that contain sets of conditions, which are made up of transport rules, actions, and exceptions.

• Helps to identify, monitor, protect sensitive data through deep content analysis.

• Anti-spam, anti-malware and DLP controls integrated into the Exchange admin center and Office 365.

• DLP is a premium feature requiring Exchange Online Plan 2 subscription or Exchange Enterprise Client Access License (CAL)

Data Loss Prevention in Exchange

Easy to use

Monitor

Protect

Identify


DLP policy templates• Templates are an easy way to

get started with DLP.• Templates can be customized

to suit business needs.• Built-in templates available

based on common regulations

Note: You should enable your DLP policies in test mode before running them in your production environment.


Custom DLP Policies

• Custom policies are useful when the required conditions, rules, and actions are not covered in pre-existing DLP templates.

Note: You should enable your DLP policies in test mode before running them in your production environment.

Transport rule conditions

DLP specific action – Policy Tip

Exceptions

DLP specific condition

Transport rule actions


Configuring DLP1. Set up connectors for DLP

using Criteria Based Routing (CBR).

2. Identify DLP Policies for your organization.

3. Set up DLP Policy by either using

1. Built in templates2. Starting a new policy3. Importing a third

party/external policy

4. Edit/Configure classification rules and the enforced actions as required.

158


Agenda

• Introduction






• Data Loss Prevention



Introducing Office 365 Message Encryption

Send EncryptedMail to Anyone!

Customize with Your Brand

SimplifiedAdministration

Easy-to-useUser Experience

Scenario ContosoPharma wants to encrypt any message sent outside the organization, that contain health care information about patient.

Sanjay, a practitioner sends an email that contains the sensitive information to John, who is outside the ContosoPharma organization.

Photo


Rule

Scenario in Action

Receiver mailbox

Open Attachment

Read Message

Reply Message


Strong Integration with Exchange Transport rules


Customize mails with your company’s brand


PowerShell support

ETR to Apply Encryption Action New-transportrule EncryptRule <Condition for which to apply encryption> -ApplyOME $true

ETR to Remove OMENew-transportrule DecryptRule <Condition for which to remove encryption> -RemoveOME $true

To Set Email TextSet-OMEConfiguration -Identity default -EmailText "Encrypted message from ContosoPharma secure messaging system"

To Set Portal Text Set-OMEConfiguration -Identity default -PortalText "ContosoPharma secure e-mail portal"

To Set Logo ImageSet-OMEConfiguration -Identity default -Image (Get-Content "C:\Users\admin\Desktop\consoso.png” -Encoding byte)

To Set DisclaimerSet-OMEConfiguration -Identity default -DisclaimerText "This is ContosoPharma disclaimer statement..."


Plan Requires Price

Purchasing Office 365 Message Encryption

* On-premise customers need to route mails through Exchange Online** Microsoft Azure Rights Management is not available for Office 365 Small Business plans

Office 365 Message Encryption is included with Microsoft Azure Rights Management (MARM)

Office 365 E3, E4

Office 365 E1, K1

Office 365 Exchange Online Plan 2, Plan 1, Kiosk

Office 365 SharePoint Plan 2, Plan 1

Office 365 Midsize Business

Exchange on-premises

Microsoft Azure Rights Management

(MARM)

$2 PUPM

<Included <Included


S/MIME

Secure version of MIME

Secure/Multipurpose Internet Mail Extensions is a standard for public key encryption and signing of MIME data (an email message)

Allows the possibility of sending and/or receiving email encrypted

Only intended recipient can read

the message

Recipient knows that

the message came from the apparent

sender

Recipient knows that the message was not changed

on route

Secrecy Authentication Integrity

Exchange Online Protection – Deployment PlanningSpeaker NameTitleOrganization


Agenda

• Introduction and Context

• Setting up the EOP Service

• EOP Deployment Scenarios

• Migration Planning

171

172



• We have completed the following activities

• Assessment of current secure email gateway solution.

• Documented the secure email gateway requirements.

• Discussed the technical features of EOP.

• In this session we will discuss

• The deployment scenarios.

• The high level migration approach, if applicable.


Agenda


• Setting up for the EOP Service



173


Sign up for the EOP Service• Try before you buy• EOP Subscription Plans

• Standalone• Part of Exchange Online• Exchange Enterprise CAL with

ServicesClick to insert photo.

174


Agenda





175


Three Possible Scenarios

EOP Standalone Deployment

• Suitable for customer or Microsoft partner hosted messaging solutions

• Works with on-premises deployment of Exchange or any other SMTP based messaging solution.

EOP with Exchange Online

• Suitable when an organization hosts all it’s mailboxes in Exchange online (Office 365).

• Enabled by default for all mailboxes

EOP Hybrid Deployment

• Suitable when an organization distributes mailboxes between on-premises and online (Office 365) Exchange servers.

• Choice of routing mails through EOP or on-premises servers.


EOP Standalone with Inbound and Outbound Connectors• Creation of inbound and outbound

connectors required.

• Can be used in conjunction with other protection or compliance solutions.


Conditional Mail Routing• Suitable for global

organizations with datacentres across the globe.

• Separate connectors for each location.


Hybrid Deployment – Inbound Routing Option 1• Route mail through the on-

premises organization for both on-premises and Exchange Online mailboxes.Click to insert photo.


Hybrid Deployment – Inbound Routing Option 2Route mail through Exchange Online for both on-premises and Exchange Online organizations with centralized mail transport disabled (default configuration)



Hybrid Deployment – Inbound Routing Option 3Route mail through Exchange Online for both on-premises and Exchange Online organizations with centralized mail transport enabled.


Hybrid Deployment – Outbound Routing for on-premises mailboxesMessages sent from on-premises recipients are always sent directly to Internet recipients using DNS.


Hybrid Deployment – Outbound Routing for Online Mailboxes, Option 1Mail from Exchange Online senders routed directly to the Internet with centralized mail transport disabled (default configuration).


Hybrid Deployment – Outbound Routing for Online Mailboxes, Option 1Mail from Exchange Online senders routed through on-premises organization with centralized mail transport enabled.


EOP with Outbound Smart Hosting• Works with standalone and

hybrid scenarios.• The smart host is typically an

on-premises protection or compliance solution.


Regulated Partner with Forced TLS• Secure communication with

partners.• Works for on-premises and

online mailboxes.


Agenda





187

188


Planning considerations for Migrating from Other Platforms

Set Expectations

• There is no on-premises version available for EOP.

• Customers may see a change in email patterns such as less false positives but more grey mail.

• Every product needs to be tuned to customers environment.

• Features may function differently.

Porting Configuration

• Irrespective of the source platform, the process for switching to EOP is similar.

• EOP with default settings meets most of the requirements.

• Good opportunity to trim old safe/block lists.

• Content filtering rules may not be needed.


Planning considerations for Migrating from Other PlatformsAllow and Block IP Lists• List of IP addresses

allowed/blocked to send emails may need to be copied over to EOP.

Accepted Domains• List of all domains that

you own need to be reconfigured in EOP.

Do you send bulk mails?• By default all bulk emails

are disabled.

Connector Settings• Smart host IP address.• Any conditional routing

requirements.• Partner domains requiring

TLS

Users and Groups• Directory Synchronization.• Manual creation.

Safe/Blocked Senders List• DirSync can preserve this

list.• PowerShell based

scripting can automate this task (requires Exchange Online).

189


Implementation Project Manager - EOP

• Available for free if the number of seats are > 1000

• Project planning• Up to 90 days of deployment assistance

• What do we do and when?

• Architecture • How to integrate EOP into my environment?

• What are the service best practices?

• How do I port my configuration from my previous solution?

190

Exchange DLP Deployment Planning and Pilot Engagement KickoffSoftware Assurance Planning Services

195

Agenda


Team {Partner}

196

Name Role



<Insert name here> Microsoft Technical Specialist/Architect




<Insert name here> Exchange DLP Technical Consultant

{Partner} Sponsor Engagement Manager Consultant

197

Team {Customer}Name Role / Focus area

{CUSTOMER} CoreTeam <Insert name here> Executive Sponsor

<Insert name here> Project Manager


<Insert name here> IT Manager

<Insert name here> IT Pro

<Insert name here>

<Insert name here>

198



Be present

Interact


What you get


End to end view

Limited production pilot


What we expect

199

Deployment Planning and Limited Production PilotAgenda

200

Engagement AgendaTime Topic Description

9:00 AM Intro/Kick-off A overview of the workshop and pilot. Setting goals and expectations.

9:15 AM Understanding the environment Understand the solution environment and review the responses to the pre-engagement questionnaire.

9:45 AM Requirements gathering Understand the business, technical, operational, compliance, security and other requirements.

10:45 AM Exchange DLP Technical Overview Understand the core technical features of Exchange DLP.

12:45 PM Lunch

1:45 PM Solution alignment Ensure that customer requirements are correctly mapped to various DLP features and capabilities.

2:45 PM Deployment planning Discuss the various deployment strategies. Discussion on how to formulate various DLP policies, rules,policy tips, document fingerprints, reports etc.

3:45 PM Limited production pilot Deploying one DLP policy in production environment.

5:00 PM Debrief and conclusion Preparing Findings and Recommendations document and presenting the same to the customer team.

201

Q&A

202

Thank you

Understanding the EnvironmentSpeaker NameTitleOrganization

Exchange DLP Deployment Planning and Pilot



• Review of Pre-Engagement Questionnaire.

• Understanding the Messaging Environment.

• Current DLP Solution.


Agenda

206


• This is an interactive session to understand the solution environment.

• During this session environmental factors affecting Exchange DLP deployment will be discussed.

• Customer can provide the required details either during the discussions or at the end of the session.


207







Agenda

208


Review of Pre-Engagement Questionnaire

209







Agenda

210



Business environment Number of distinct organizations/business units served by the messaging

solution. Types of sensitive data transmitted over email. Relevant regulations and policies.

Server environment Exchange Server version. Architecture (On-premises, hybrid or online).

Client environment Outlook versions. Distribution of desktop, browser and mobile clients.

211







Agenda

212


Existing DLP Solution (if any)

What are the business rules? What are the policies? What are the exceptions?

Do you need a 1 to 1 mapping with the new solution? How integration is done with Exchange? What are the administration tools? What are the reports in use? Are there any notifications configured?

213







Agenda

214


Open Discussion

Current Challenges

215

Requirements GatheringSpeaker NameTitleOrganization

Exchange DLP Deployment Planning and Pilot



• Requirements Discussion.

• Documenting the Requirements.

• Next Steps.

Agenda

220


• Business, technical and operational requirements will be gathered in this session.

• Later in the workshop, these requirements will be mapped against Exchange DLP features and settings.

• Final recommendations document will contain a summary of all the requirements discussed in this session.


221


222

# Requirement

BR01

BR02

BR03

BR04

Operational Requirements

223

# Requirement

OR01

OR02

OR03

OR04

Technical Requirements

224

# Requirement

TR01

TR02

TR03

TR04

Exchange Data Loss Prevention – Technical OverviewSpeaker NameTitleOrganization


Agenda

• Introduction

• Establishing DLP Policies

• Document Fingerprinting

• Policy Tips

• Reporting

What causes a breach?

System glitches

Malicious intent Oops!

39%

24%

37%

97% avoidable!

Online Trust Alliance: 2013 Data Protection and Breach Readiness Guide

Exchange security and protection

Enforce policyProtect communications Simplify management

5


Flexible tools for policy enforcement that provide the right level of control Transport rules

Rights management

Data Loss Prevention

Policy enforcement

7

• DLP policies are simple packages that contain sets of conditions, which are made up of transport rules, actions, and exceptions.

• Helps to identify, monitor, protect sensitive data through deep content analysis and document fingerprinting.

• Policy tips to proactively inform users about violations.

• Easy management using Exchange admin center and Exchange management shell.

Data Loss Prevention in Exchange

Easy to use

Monitor

Protect

Identify

Exchange Online: DLP is a premium feature that requires an Exchange Online Plan 2 subscription. Purchase options include E3, E4, A3,A4, G3 and G4.

Exchange 2013: DLP is a premium feature that requires an Exchange Enterprise Client Access License (CAL).

Exchange Enterprise CAL with Services:

• Includes EOP as well

• DLP policies are applied in Exchange Online.

• Suitable for hybrid deployments.

Buying DLP

232


Agenda

• Introduction



• Policy Tips

• Reporting


Exchange DLP Pre-requisites

Obtain the appropriate license

for Exchange.

Have at least one sender mailbox.


Caution!

You should enable your DLP policies in test mode before running them in production

environment.

During such tests, it is recommended that you configure sample user

mailboxes and send test messages that invoke your

test policies in order to confirm the results.

Use of DLP policies does not ensure compliance with any

regulation.

After testing is complete, make the necessary

configuration changes in Exchange so the

transmission of information complies with your

organization's policies.

When you activate a transport rule or DLP policy, the Exchange transport rules agent compares all messages that your users send with the rule sets that you create.

How DLP Rules Get Applied

Get content

• Spencer Badillo

• Visa: 4111 1111 1111 1111

• Expires: 2/2012

Regular Expression Analysis

• 4111 1111 1111 1111 -> a 16-digit number is detected

Functional Analysis

• 4111 1111 1111 1111 -> matches checksum

• 1234 1234 1234 1234 -> doesn’t match

Corroborative Evidence

• Keyword Visa is near the number.

• A regular expression for a date (2/2012) is near the number.

Verdict

• There is a regular expression that matches a checksum.

• Additional evidence increases confidence

Example: Checking credit card information in messages


Methods of Establishing DLP Policies

Apply an out of the box

template.

Create a custom policy from

scratch.

Import a policy file created outside of Exchange.


Sensitive Information Types in DLP

Sensitive information types are used in DLP policy rules to detect violations and take appropriate actions.

Microsoft provides an inventory of sensitive information types within Exchange in 3 categories

• PII (E.g. driver license and passport numbers)

• Finance (E.g. bank and credit card numbers)

• Health information (E.g. Social security and health numbers)

The list can be extended by authoring XML files and then importing into Exchange.


Sensitive Information TypesThey are used as conditions in rules inside DLP policies.


DLP Policy Templates The policy templates are models from which you can select or build

your own specific rules to create a policy that meets your needs for data loss prevention.

A policy template includes a range of conditions, rules, and actions that you can choose from in order to create and save an actual DLP policy that will help you inspect messages.

You can use DLP policy templates as a starting point for building DLP policies that help you meet your specific regulatory and business policy needs.

You can modify the templates to meet the specific needs of your organization.


DLP Templates

Exchange has built-in templates covering domains such as financial, PII and health care data.


DLP Rules

DLP templates (policies as well) may contain multiple rules.


Custom DLP Templates

Although Microsoft has provided policy templates and sensitive information types within Exchange for you to get started, your unique business needs can require a customization.

For this reason, Microsoft provides a way for you to create and import your own DLP policy templates or your own sensitive information definitions within classification rule packages..

You can develop DLP policy templates as XML files independent of Microsoft Exchange and then import them using the EAC or the EMS.


Managing DLP Policies

You can add, view, change or remove DLP policies in Microsoft Exchange using EAC or EMS.

You need to be a member of Compliance Management management role group to carry out DLP related tasks.

A policy can be in one of the three modes

Enforce Test DLP policy with Policy Tips

Test DLP policy without Policy Tips

Note: An individual rule within a DLP policy can have its own mode settings. When the mode of a policy is different than the mode of a rule within that policy, the rule setting has priority and will be evaluated according to its mode.


DLP in Exchange admin center Manage existing and new

policies from EAC

View reports

Manage policy tips and document fingerprinting


DLP policy rulesBuilt on transport rules

Supports discovery phase of compliance

Take action to enforce policy

Hold, block, audit & provide notification for email that contains sensitive business data

Transport rule conditions

DLP specific action – Policy Tip

Exceptions

DLP specific condition

Transport rule actions


Managing DLP using PowerShell Connect to Exchange Remote

PowerShell to run these cmdlets

Demo

Create DLP policy from a template Create a custom DLP policy

without any existing rule.


Agenda

• Introduction



• Policy Tips

• Reporting


Document Fingerprinting

Useful when organizations have a practice of using certain forms to transmit sensitive information.

This is achieved by converting a standard form into a sensitive information type (fingerprint), which can be used to define transport rules and DLP policies.

This process works with any text-based forms used in your organization. After you upload an empty form to be converted to a document

fingerprint and set up a corresponding policy, the DLP agent will detect any documents in outbound mail that match that fingerprint.


Fingerprint creation and matching The DLP agent identifies the

unique word pattern in the document, creates a document fingerprint (Unicode XML file containing a unique hash value representing the original text)

The fingerprint is saved as a data classification in Active Directory.

The fingerprint then becomes a sensitive information type that you can associate with a DLP policy.


Create a document fingerprint EAC allows you to create document

fingerprint in 3 simple steps.


Creating a DLP policy rule using document fingerprint The document fingerprints that

you create appear as sensitive information types while creating rules in a DLP policy.

Demo

Creating document fingerprint. Creating a DLP policy with

document fingerprint.


Agenda

• Introduction



• Policy Tips

• Reporting


Policy Tips Real time and proactive awareness

about organizational policies on sensitive information

Scans attachments, subject line and body text.

Works with Outlook 2013, OWA and OWA for devices.

Works even when disconnected.

Admin can customize the notifications.



Policy Tips in OWA for devices


Policy Tip in a DLP Rule Policy Tip is implemented as

an action item in a DLP policy rule.

Options include Notify only. Block message. Block unless false positive

override. Block unless silent

override. Block unless explicit

override.


Customizing Policy Tip Message Possible customizations

Notify the sender

Allow the sender to override

Block the message

Link to compliance URL

Demo

Create a notify-only Policy Tip. Create a block-message Policy Tip. Create a block-unless-override

Policy Tip. Create a custom Policy Tip

notification.


Agenda

• Introduction



• Policy Tips

• Reporting


DLP Reporting

Reports help you identify, investigate, and resolve DLP policy violations. Reports are generated using the data stored in message tracking logs

(aka delivery reports). Three types of reports are available

Incident reports: Detailed report available in email format about specific incidents violating DLP policy rules.

Summary reports: Available as reports, charts and tables in the admin portal and helps you understand the overall statistics of DLP detections.

Excel based report: An Excel plugin downloadable from the admin portal helps you slice and analyze DLP policy detections data.


Configuring incident reports. Configured through the transport rule

action Generate Incident Report

An incident management mailbox can be configured to receive all such reports.

Pick the message properties to be included in the report.


Reading the incident report details

[email protected]

Katie, [email protected] < [email protected] >

Audit dataClassificationRule details

mailto:[email protected]




DLP Summary Reports Available at O365 admin

center

266

Available from the DLP Policy editor

Available from the DLP Policy rules editor


DLP Summary Reports The built-in filters allow custom

view of the data. Click to insert photo.

267


Office 365 Excel Plugin for Exchange Online Reporting Detailed analysis is possible

through various filtering options in Excel.

The Excel plugin is available for download in Office 365 admin center.

Demo

DLP reports in Office 365 admin center.

Using EAC to view DLP reports. Excel based reports

Resources

Exchange 2013 DLP introductionhttp://blogs.technet.com/b/exchange/archive/2012/09/28/introducing-data-loss-prevention-in-the-new-exchange.aspxhttp://technet.microsoft.com/en-us/library/jj150527.aspx

DLP policy templateshttp://technet.microsoft.com/en-us/library/jj657730

Managing DLP policieshttp://technet.microsoft.com/en-us/library/jj673559

OOB DLP policy templateshttp://technet.microsoft.com/en-us/library/jj150530

Policy tips in Exchange 2013http://technet.microsoft.com/en-us/library/jj150512

Supported file types http://technet.microsoft.com/en-us/library/jj674307

MessageStats Quick Guide http://mbidemo.quest.com/Insights/#page/home

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Requirements MappingSpeaker NameTitleOrganization

Exchange DLP Deployment Planning and Pilot.


• Introduction.

• Requirements Vs. Feature Mapping.

• Next Steps.

Agenda

275


• Business, operational and technical requirements discussed earlier will be reviewed in this session.

• Discussion on how requirements can be met using Exchange DLP.

• Summary of this discussion will be included in the Findings and Recommendation document

Introduction

276


277


Exchange DLP Feature/Setting

BR01

BR02

BR03

BR04

Operational Requirements

278



OR01

OR02

OR03

OR04

Technical Requirements

279



TR01

TR02

TR03

TR04

Exchange DLP – Deployment Scenarios.Speaker NameTitleOrganization


Deployment Scenarios

Exchange and DLP Online

Requires Plan 2 subscription.

No installation required.

Exchange and DLP On-Premises

Requires Exchange Enterprise CAL.

Requires Exchange Server 2013 or later*

Exchange On-Premises and DLP Online

Required Exchange Enterprise CAL with services.

Suitable for prior version of Exchange server.

Exchange Hybrid and DLP Online

Exchange Enterprise CAL with services required.

DLP works in the cloud.

282

Notes to Presenter: This slide deck was designed to consolidate the relevant content into a single...

Documents

Transcript of Notes to Presenter: This slide deck was designed to consolidate the relevant content into a single...