310 likes | 581 Views
Forefront Online Protection for Exchange (FOPE) and Office 365. Curtis Parker | December 2010 | Microsoft Corporation. Agenda. FOPE and Office 365 Scenarios FOPE Connectors Overview Q/A. FOPE Overview. Core Product Capabilities. FOPE Overview. Implementation Scenarios.
E N D
Forefront Online Protection for Exchange (FOPE) and Office 365 Curtis Parker | December 2010 | Microsoft Corporation
Agenda • FOPE and Office 365 Scenarios • FOPE Connectors Overview • Q/A 2 |
FOPE Overview • CoreProductCapabilities
FOPE Overview • ImplementationScenarios
DEMO • Connectors Overview - Inbound and Outbound Connector routing options
Architectural Vision • Building blocks to give granular control over all stages of mail flow: • Enhanced Secure Messaging • B2B Secure Channel • Forced Inbound TLS • Enhanced Outbound TLS • Clear separation of Edge Rules vs. Content based policy • Enable Hybrid deployments • on-premises and hosted mailbox co-exists • on-premises compliance solution continued to serve hosted mailbox Connection Security Filtering Delivery
FOPE Connector - Overview • FOPE Connector is solution to enable complex mail flow paths and provide granular control over every stage of mail flow • Inbound Connector: For mail coming in to the customer • Outbound Connector: For mail sent by customer Connection Connection Security Security Filtering Delivery
Anatomy of the FOPE Connector • Inbound Connector • Inbound Connectors are created to control e-mail coming into customer domains • Outbound Connector • Outbound connectors are created to control mail flow for e-mail sent from customer domains Filtering Delivery Connection Connection Security Security Connection Smarthost SPAM MX Policy Forced TLS Source IP Source Domain Destination Domain Opportunistic TLS Opportunistic TLS Forced TLS Reject non Source IP
Fully Hosted Scenario - Overview • Fully Hosted • Contoso Ltd is all in to the cloud. They elect to host all of their mailboxes in the cloud and retire their on premise mail servers entirely. • Bill is a salesman at Contoso. 13
Fully hosted: Inbound and Outbound FOPE • Contoso signed up for EXO • EXO has provisioned tenant in FOPE • Mail sent to FOPE • FOPE filters inbound mail • FOPE delivers to EXO mailbox Value Proposition All Office 365 Mailboxes • Inbound mailflow protected • Outbound mailflow protected Edge Internet Virus Policy Spam Inbound From: sales@fabrikam.com To: Bill@contoso.com Exchange Online Mailboxes Outbound From: Bill@contoso.com To: sales@fabrikam.com contoso.com • Exchange online sends to FOPE • FOPE filters as outbound • FOPE delivers to internet
Fully hosted: Inter and Intra-Org FOPE • Exchange online delivers directly to user mailbox Value Proposition • Same mail protection for all mail outside the organization • FPE virus scan for intra-org mail Edge Internet Virus Policy Spam Exchange Online Intra Org From: Bill@contoso.com To: Bob@contoso.com Mailboxes Inter Org From: Bill@contoso.com To: Jane@nwtraders.com nwtraders.com contoso.com • Exchange online sends to FOPE which filters as outbound • Sends via MX back to FOPE then filters as inbound and delivers.
Shared Namespace with virtual domains - Inbound FOPE • MX points to FOPE for initial filtering • Cloud mail is re-directed (virtual domains) • Routed to on-premises • Delivered to Exchange Online cloud Value proposition • Gradual migration to the cloud • Maintain control over mailflow • Leverage existing investment Edge Internet Virus Policy Spam Exchange Online contoso.com Inbound From: sales@fabrikam.com To: Joe@contoso.com Mailboxes on-premises Mailboxes hosted.contoso.com
Shared Namespace with virtual domains - Outbound FOPE Value Proposition • Outbound mail protected • Company maintains control • Hosted mailbox and on-premises send mail outbound • Filtered by FOPE • Delivered to Internet Edge Internet Virus Policy Spam Exchange Online On-premises.contoso.com Outbound From: Joe@contoso.com To: sales@fabrikam.com Mailboxes on-premises Mailboxes contoso.com
Shared Namespace with address re-write - Inbound FOPE Value proposition • Gradual migration to the cloud • Maintain control over mailflow • Leverage existing investment • MX points to on premise for initial filtering. • Custom filtering, archival etc. done on-site. • Cloud mail is re-directed (address rewrite) • Filtered by FOPE • Delivered to Exchange Online cloud. Edge Internet Virus Policy Spam Exchange Online contoso.com Inbound From: sales@fabrikam.com To: Joe@contoso.com Mailboxes on-premises Custom Mail Process/Filter Mailboxes hosted.contoso.com
Shared Namespace with address rewrite - Outbound FOPE Value Proposition • Outbound mail protected • Company maintains control • Hosted mailbox sends mail outbound • Filtered by FOPE • Delivered to on-premises • Custom processing on-premises • Delivery by on-premises Edge Internet Virus Policy Spam Exchange Online contoso.com Mailboxes on-premises Outbound From: joe@contoso.com To: sales@fabrikam.com Custom Mail Process/Filter Mailboxes hosted.contoso.com
Shared Namespace with address rewrite – Intra Org FOPE • On-premises mailbox sends mail outbound. • Custom processing on-premises • Delivery to FOPE (address rewrite) • Filtered skipped • Delivery to EXO by FOPE Value Proposition • Secure and seamless cloud and on-premises intra-org mailflow Edge Internet Virus Policy Spam Exchange Online contoso.com Mailboxes on-premises Intra Org From: salesman@contoso.com To: Joe@contoso.com Custom Mail Process/Filter Mailboxes hosted.contoso.com
Regulated Partner TLS • Business Regulated Partner • Now, Contoso has decided to have Woodgrove Bank handling some B2B financial requirements. • Woodgrove Bank mandates that all business partners communicate over TLS with Woodgrove Bank and sign using a third party verified certificate. • Contoso wants to ensure they are compliant with Woodgrove Bank standards.
Regulated Partner TLS FOPE • Business/Regulated Partner • Secure and trusted channel communication with partners Value proposition • Easily configure routing to ensure that the communication channel is secured for all mail Edge Virus Policy Spam WoodgroveBank.com Business Regulated Partner On-Premises Mailboxes Exchange Online Cross Premise Process / Filter Mailboxes Mailboxes contoso.com
Outbound Smarthost FOPE • Outbound mail Filtered by FOPE • Delivery to Smarthost for custom mail process or delivery Value Proposition • Outbound mail protected • Customer maintains control Edge Internet Virus Policy Spam contoso.com on-premises Inter Org From: salesman@contoso.com To: Jane@nwtraders.com Custom Mail Process/Filter Mailboxes
Inbound Safelisting FOPE • Inbound mail Filtered by FOPE • Spam filtering skipped for trusted domains Value Proposition • Bypass Spam filtering • Customer maintains control Edge Internet Virus Policy Spam Exchange Online contoso.com Mailboxes on-premises Inbound Safelisting From: Jane@nwtraders.com To: salesman@contoso.com Mailboxes hosted.contoso.com