400 likes | 785 Views
SIM334. Microsoft Forefront Online Protection for Exchange Deep Dive. Conor Morrison Senior Program Manager Microsoft. Agenda and Session Objectives. Agenda Microsoft® Forefront™ Online Protection for Exchange (FOPE) Overview FOPE Support and Service Level Agreements (SLAs)
E N D
SIM334 Microsoft Forefront Online Protection for Exchange Deep Dive Conor Morrison Senior Program Manager Microsoft
Agenda and Session Objectives • Agenda • Microsoft® Forefront™ Online Protection for Exchange (FOPE) Overview • FOPE Support and Service Level Agreements (SLAs) • FOPE Architecture • Managing FOPE in your Organization – Best Practices • Session Objectives • Understand in detail what happens to mail as it passes through FOPE • Understand some best practices for using FOPE • Understand the benefits and best practices for integrating Forefront Protection for Exchange and FOPE
Email Protection • More than 95% of email is spam • Obnoxious and time wasting at best • Dangerous and criminal at worst • The remaining 5% can be business critical • Mail protection is a must-have • If your protection solution dies, you can’t reach your customers – and they can’t reach you Internet
Why FOPE for Email Protection? FOPE is the largest commercial Online service at Microsoft with >8M deployed seats
Customer Testimonials Clifford Chance – one of the largest law firms in the world saw a 59% reduction in infrastructure costs; 20–30 mail gateways down to 4 Sunbelt Rentals – reduced help-desk calls, saved IT management time, improved productivity, and reduced costs over the previous solution Johnstons of Elgin – stopping over one million messages a day and reducing bandwidth by 1.5 gigabytes (GBs) Edinburgh Napier University – 93% reduction in administration burden; 85% spam reduction over the previous solution International Speedway Corporation – Reduced spam incidents by 25% and avoided costs of more than $120,000
FOPE Overview Send mail to: conor@luckypm.com
FOPE Support • Four Tiers of support: • Tier 1 – responding directly to calls, web requests • Tier 2 – for escalations or requests that require more privilege • Tier 3 (Operations) – for troubleshooting potential production and infrastructure issues • Tier 4 (Engineering Team) – for troubleshooting potential code issues • Response within 24 hours, if not sooner • Available via phone and Web submission • Get Help Now link from the FOPE Administration Center • Translation services available • Onboarding support include Implementation Project Manager for new customers with 1000 or more seats.
Actual Performance 99.999%+ network uptime 5–15 seconds delivery FOPE Service Level Agreement (SLAs) < 1:250,000False Positive Ratio > 98%SpamDetection 100%Known VirusProtection Spam and VirusFiltering Effectiveness • Actual Performance vs. SLA • Spam effectiveness: >99% of spam caught • Around 1 in 480,000 false positives Filtering Network Performance Network Uptime> 99.999% Rapid Email Delivery (Average delivery commitment of less than 1 minute for 95th percentile)
Truly Shared Architecture FOPE Datacenters • No PODs, no segmentation, no clusters • Lots of copies and clear logic/data separation • Spam attack versus one customer? • Every FOPE server is at your service • Network geo-diversity • Whole data center (DC) having problems? • Capacity to handle historical peak traffic with major DC out. • Take DC ‘offline’, no service impact • Regular mail flow is not interrupted Mail.messaging.microsoft.com
Health Checking and Proactive Load Balancing • System Center Operations Manager is used throughout the service • Custom ‘heatmap’ shows up to the minute status at a glance across all machines • Alerting and datacenter automation tools used to resolve issues ahead of customer impact • Pushback application load balancing • Servers can request to be taken ‘offline’ if they are having issues • Effectively enables application-level load balancing transparently to the customer • Avoids FOPE Exchange Edge ever going in to ‘backpressure’. • Central “brain” uses global data to accept or deny requests • Prevents the entire service from going out of rotation at once Internet
FOPE Architecture – Inbound Mailflow If server down, email queued for up to 5 days Queue Email enters the global data center network – MX (mail.messaging.microsoft.com) Delivered in a flow-controlled fashion when server is available Look up email filtering settings for domain Sync Policy Enforcement SPAM Protection Virus Scanning SpamPrevention SPAM prevention IP-based edge blocks Safe senders Envelope blocks Custom Policy Rules Kaspersky Additional Spam Filter management Symantec DirectoryServices Attachment and message attribute management Fingerprint Engines Authentium Corporate Network Connector settings Rules Based Scoring SMTP Reject: 55x Customer Feedback False +ve / -ve Content and Policy Quarantine SPAM Quarantine Spam Analysts SPAM SPAM SPAM
FOPE Architecture – Outbound Mailflow Internet Look up email filtering settings for domain Outbound Pool SPAM Protection Virus Scanning Policy Enforcement Score < 30 Safe senders Custom Policy Rules Kaspersky High Risk Delivery Pool Custom Spam Filter management Symantec Attachment and message attribute management Score >= 30 Rules Based Scoring Authentium Corporate Network Encryption* Fingerprint Engine SPF Content and Policy Quarantine Spam Analysts
Managing FOPE in your Organization Best Practices Demo
Additional Spam Options • Enable Additional Spam Filtering Options to: • Increase a message’s spam score • Mark as spam • Recommended • Images from remote sites • Numeric IP in URL • Empty messages
False Positives • “No False Positives” a deep part of FOPE team culture • Rigorously evaluate all designs for false positive risk • “Not Junk” button in spam quarantine • ~6,500 confirmed false positive submissions/week • Junk Email Reporting Add-in for Microsoft Outlook • Self-serve tools for customers • Per-customer IP Block List Exceptions • Exchange/Outlook SafeSender support
Policy Filtering • Create custom “Policy Rules” that automatically take action on mail based on Admin-defined triggers • Actions include Reject, Allow, Inbound Quarantine, Force TLS, Redirect, Deliver with Bcc, and Test • Encrypt and decrypt are available for Exchange Hosted Encryption subscribers • Triggers can include header, sender, recipient, attachment, keywords, phrases, etc. • Block EXE, PIF, SCR and VBS extensions. • Block ‘executable content’ as attachments (regardless of extension type) • Basic and Regular expressions support • Best Practice: Check for outbound PCI/PII and inbound phishing attempt • Custom dictionaries
Advanced Reporting • Access reporting data from your FOPE service • Create and view reports in the Admin Center • 4 Available Reports: • Email Traffic Report • Top Viruses Report • Deferral Report • Top Users Report • Enable scheduled report delivery: emails the report on a one time, weekly, or monthly basis
Near Real-Time Message Trace • Search for specific messages using the following criteria: • Sender • Recipient • Date • Message ID • Results will tell you • If and when the message was received by FOPE • Whether the message was scanned, blocked, or deleted • Whether the message was delivered successfully
Hybrid Messaging Protection: FOPE + FPE On-Premises Software Online Exchange Server Internet SMTP Edge Role Hub Role Mailbox Role Antivirus and anti-spam protection for Exchange Server 2010/2007 Server Roles
FPE Sync to FOPE • Sync DNSBL • Sync safelist • Sync blocklist • Quarantine in service or on premise • And more with FPSMC
Route outbound email through on-premises servers or DLP appliances Force TLS for secure B2B communication Bypass spam filters for trusted partners And much, much more… FOPE Connectors: Flexibility and control in mail routing Forced TLS contoso.com nwtraders.com Inbound safe listing Outbound smart host litware.com External recipients DLP appliance
Best Practices • Apply strong password policy for user login to Admin Center • Use Directory Sync to upload your valid recipients • Use Quarantine for Spam and Policy • Use ‘Not Junk’ in quarantine to report false positives • Use Junk e-mail reporting plugin for outlook • Use ‘Additional Spam Filters’ to tighten up checks for spam. • Opt in to NDR backscatter blocking • Configure policy filter for: • Extensions: EXE, PIF, SCR, VBS • Check for outbound PCI / PII and inbound phishing attempts • Use FOPE for Outbound • Configure your SPF record • Use Message Trace to troubleshoot mail issues • Synchronize FPE settings with FOPE
Takeaways • FOPE service provides leading protection against mail threats and is backed by industry-leading support and SLA • FOPE Architecture is built to scale and maintain high reliability • Research and apply best practices to further improve protection • FOPE + FPE provides great defense in depth and can be configured to keep settings in sync
Additional Resources • Related Sessions • SIM331 Microsoft Forefront Online Protection for Exchange and Microsoft Office 365: Better Together! • SIM 333 Centralized Management of Anti-Malware/Anti-Spam Using Microsoft Forefront Protection Server Management Console • Links • Forefront Site: http://www.microsoft.com/forefront/ • Forefront on TechNet Library: http://technet.microsoft.com/en-us/library/ff684056.aspx • Forefront Videos on TechNet Edge: http://technet.microsoft.com/en-us/edge/ff832960.aspx?category=Forefront
Track Resources • Don’t forget to visit the Cloud Power area within the TLC (Blue Section) to see product demos and speak with experts about the Server & Cloud Platform solutions that help drive your business forward. • You can also find the latest information about our products at the following links: • Cloud Power - http://www.microsoft.com/cloud/ • Private Cloud - http://www.microsoft.com/privatecloud/ • Windows Server - http://www.microsoft.com/windowsserver/ • Windows Azure - http://www.microsoft.com/windowsazure/ • Microsoft System Center - http://www.microsoft.com/systemcenter/ • Microsoft Forefront - http://www.microsoft.com/forefront/
Resources • Connect. Share. Discuss. http://northamerica.msteched.com Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.