1 / 53

Exchange Server 2010 Information Protection and Control

Exchange Server 2010 Information Protection and Control. Ilse Van Criekinge Technology Advisor Microsoft BeLux Session Code: UNC306. Content. Introduction MailTips Transport Rules Moderation Information Rights Management Ethical Wall Search, Transport and Journal Report Decryption

gina
Download Presentation

Exchange Server 2010 Information Protection and Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exchange Server 2010 Information Protection and Control Ilse Van Criekinge Technology Advisor Microsoft BeLux Session Code: UNC306

  2. Content • Introduction • MailTips • Transport Rules • Moderation • Information Rights Management • Ethical Wall • Search, Transport and Journal Report Decryption • Session Takeaways

  3. The High Cost of Data Leakage “Public-relations firm faces PR nightmare after unintentionally e-mailing journalists about one of its clients.” “HR executive accidentallye-mails lay-off plan to entire organization.” “A Wyoming bank sent an e-mail containing sensitive customer data to the wrong mail account, and now wants mail provider to reveal the identity of the account holder who received the data..” “Secret Service agent sends unencrypted e-mail revealing details of vice presidential tour.”

  4. Information Protection and Control (IPC) • Exchange Server 2010 helps prevent the unauthorized transmission of sensitive information with tools that can automatically: • MONITOR e-mail for specific content, recipients and other attributes • CONTROL distribution with automated, granular polices • PROTECT access to data wherever it travels using rights management • PREVENT • Violations of corporate policy and best practices • Non-compliance with government and industry regulations • Loss of intellectual property and proprietary information • High-profile leaks of private information and customer records • Damage to corporate brand image and reputation

  5. Benefits of Automated Controls • Reduce User Error • Majority of data loss incidents are accidental • Users forget policies or apply incorrect policy • Enable More Consistent Policy • Automation facilitates rapid policy changes across the organization • Critical for internal/external governance and compliance • Improve Efficiency • Offload complex data polices from users • Enable centralized policy creation, execution and management

  6. Benefits of Granular Controls Alert “Allow delivery but add a warning.” Modify “Allow delivery but modify message.” Protect “Allow delivery but prevent forwarding.” Redirect “Block delivery and redirect.” LESS RESTRICTIVE MORE RESTRICTIVE Classify “Allow delivery but apply classification.” Append “Allow delivery but add a disclaimer.” Review “Block delivery until reviewed.” Block “Do not deliver.” • Apply the right level of control based on the sensitivity of the data • Maximize control and minimize unnecessary user disruptions

  7. Content • Introduction • MailTips • Transport Rules • Moderation • Information Rights Management • Ethical Wall • Search, Transport and Journal Report Decryption • Session Takeaways

  8. MailTips Alert Alert users about potential risks Protect sensitive data from accidental distribution Create custom MailTips to prompt policy reminders Apply multiple alerts

  9. MailTips - Architecture Alert • Web service in Exchange 2010 • Supported by • Outlook Web App • Microsoft Outlook 2010 • Triggered when • Add a recipient • Add an attachment • Reply or Reply to all • Open a message, already addressed to recipients, from the Drafts folder

  10. MailTips - Evaluation Alert 2 3a 1 4 3c 3b 3a

  11. MailTips - Offline Support Alert • Offline Address Book structure expanded • Message delivery restrictions • Custom MailTips • Maximum receive size • Moderation enabled • Distribution Group - Total member count • Distribution Group - External member count • Not available offline • Invalid internal recipient • Mailbox full • Automatic replies

  12. MailTips - Limits Alert • Individual mailbox MailTips not evaluated • Message sent to a distribution group (Except external recipient) • Messsage sent to more than 200 recipients • Custom MailTips limited to 250 characters • Time out = 10 seconds

  13. MailTips – Group Metrics Alert • Used to support Mailtips • Large Audience • External Recipients • Generated on same Mailbox server as OAB • Full Group Metrics data generation on Sunday • Associated files • GroupMetrics-<date>T<time>.bin • GroupMetrics-<servername>.xml • ChangedGroups.txt

  14. MailTips – Organizational Settings Set-OrganizationConfig -MailTipsAllTipsEnabled -MailTipsLargeAudienceTreshold -MailTipsExternalRecipientsTipsEnabled -MailTipsMailboxSourcedTipsEnabled -MailTipsGroupMetricsEnabled

  15. Demo MailTips

  16. Content • Introduction • MailTips • Transport Rules • Moderation • Information Rights Management • Ethical Wall • Search, Transport and Journal Report Decryption • Session Takeaways

  17. << >> Transport Rules Easily enforce granular policies • Conditions If the message... Is from a member of the group ‘Executives’ • And is sent to recipients that are 'Outside the organization' And contains the keyword ‘Merger’ Do the following... Redirect message to: arleneh@contoso.com Except if the message... Is sent to ‘shanek@contoso.com Actions • Exceptions • Executed on the Hub Transport Server • Structured like Inbox rules • Apply to all messages sent inside and outside the organization • Configured with simple GUI in Exchange Management Console

  18. << >> Conditions Fine tune rules with detailed criteria Conditions When the message contains…

  19. << >> Actions Apply the appropriate level of control Actions …do the following…

  20. Dynamic Signatures Append Automatically apply signatures per user attributes Option of basic text or HTML Signatures integrated with Active Directory attributes

  21. Demo Dynamic Signatures

  22. Content • Introduction • MailTips • Transport Rules • Moderation • Information Rights Management • Ethical Wall • Search, Transport and Journal Report Decryption • Session Takeaways

  23. Moderation Review Enable review and approval of e-mail before delivery Approve or Reject with option to send response Moderator can be a specific user or sender’s manager Moderate based on sender, DL, content

  24. Moderated Transport Message Flow 3 4 2 1 6b 5 6a

  25. Moderated Transport Review • Relies on the Exchange 2010 Approval Framework • Handles multiple moderated recipients • Bypassing moderation • Moderator bypasses • Owners of distribution groups and dynamic distribution groups do not bypass by default • Previous versions of Exchange don’t support moderated recipients • Designate Exchange 2010 Hub Transport server as expansion server

  26. Demo Moderated Transport

  27. Content • Introduction • MailTips • Transport Rules • Moderation • Information Rights Management • Ethical Wall • Search, Transport and Journal Report Decryption • Session Takeaways

  28. Information Rights Management Protect Granular protection that travels with the data • Persistent protection • Protects your sensitive information no matter where it is sent • Usage rights locked within the document itself • Protects online and offline, inside and outside of the firewall • Granular control • Users apply IRM protection directly within an e-mail • Organizations can create custom usage policy templates such as "Confidential—Read Only" • Limit file access to only authorized users Information Rights Management (IRM) provides persistent protection to control who can access, forward, print, or copy sensitive data within an e-mail.

  29. IRM – S/MIME Signing/Encryption

  30. Transport Protection Rules Protect Automatically apply IRM Apply RMS policies automatically using Transport Rules Apply “Do Not Forward” or custom RMS templates • IRM protection can be triggered based on sender, recipient, content and other conditions • Office 2003, 2007, and 2010 attachments also protected

  31. Outlook Protection RulesProvide users more IRM protection options Protect Adding recipient or distribution list can trigger IRM protection automatically before sending User can be granted option to turn off rule for non-sensitive e-mail IRM protection can still be applied manually

  32. Outlook Protection Rules Protect

  33. Demo Protection Rules

  34. IRM in Outlook Web App Protect Read and reply to protected messages Native support for IRM in OWA eliminates need for Internet Explorer Rights Management add-on Access to standard and custom RMS templates Office documents also protected • Cross-browser support enables Firefox and Safari users to create and consume IRM-protected messages

  35. Protected Voice Mail Protect Prevent forwarding of voice mail • Integration with AD RMS and Exchange Unified Messaging • Permissions designated by sender (by marking the message as private) or by administrative policy

  36. Content • Introduction • MailTips • Transport Rules • Moderation • Information Rights Management • Ethical Wall • Search, Transport and Journal Report Decryption • Session Takeaways

  37. Ethical Wall Control • Zone of non-communication between distinct departments of a business or organization to prevent conflicts of interest that might result in the inappropriate release of sensitive information • Configurable using EMC or EMS

  38. Demo Ethical Wall

  39. Content • Introduction • MailTips • Transport Rules • Moderation • Information Rights Management • Ethical Wall • Search, Transport and Journal Report Decryption • Session Takeaways

  40. IRM Search Protect Index and search protected items Conduct full-text search of IRM-protected mail and attachments in Outlook (online) and OWA Multi-mailbox search includes option to search IRM-protected items

  41. Journal Report Decryption • Journal Report Decryption Agent • Attaches clear-text copies of RMS protected messages and attachments to journal mailbox • Requires super-user privileges, off by default • Requires Premium Journaling Archive/Journal

  42. Transport Pipeline Decryption Protect • Enables Hub Transport Agents scan/modify • messages IRM-protected by the user in OWA • messages IRM-protected by the user in Outlook 2010 • messages IRM-protected automatically by Outlook Protection Rules in Outlook 2010 • Messages protected in-transit using Transport Protection Rules are not required to be decrypted by the Decryption agent

  43. Transport Pipeline Decryption Protect • Pipeline Decryption Agent • uses Super-User privileges to decrypt • decrypts message and attachments protected with same Publishing License • Option to NDR messages that can’t be decrypted • Low performance impact • message decrypted at 1st Hub of each forest • Agents not prevented from copying decrypted content

  44. Configuring IRM - Exchange Protect • To enable • Transport Decryption • Journal Report Decryption • IRM in OWA • IRM for Search • Add the Federated Delivery Mailbox (system mailbox created by Exchange 2010 setup), to the SuperUsers group on the AD RMS cluster

  45. Demo IRM Decryption - Journaling

  46. Content • Introduction • MailTips • Transport Rules • Moderation • Information Rights Management • Ethical Wall • Search, Transport and Journal Report Decryption • Session Takeaways

  47. Session Takeaways Automatically monitor and control the distribution of sensitive information • MailTips guide users with automatic alerts before sending • Transport Rules automatically enforce granular polices • Ensure the right level of control is applied to the right messages • Expanded Transport Rule conditions enable more specific policies • New actions: Dynamic Signatures, Moderation, IRM Protection Better protect access to data with persistent Information Rights Management • Apply by policy with Transport Protection Rules, Outlook Protection Rules • Extend user access with IRM in OWA, Outlook, Windows Mobile • Enable search, AV/AS scanning, filtering, journaling of protected mail

  48. Required Slide Speakers, please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session. Related Content UNC316 Microsoft Exchange Server 2010 Management and Operations Ilse Van Criekinge 11/12/2009 * 17:00 - 18:15 SIA05-IS Secure Messaging Using Active Directory Rights Management Services (AD RMS) and Microsoft Exchange Server 2010 Cristian Mora 11/11/2009 * 13:30 - 14:45 SIA304 Windows Server 2008 R2 Active Directory Rights Management Services Deep Dive 11/12/2009 * 17:00 - 18:15 UNC16-HOL Microsoft Exchange Server 2010 Compliance: Information Leakage Protection and Control

  49. UNC Track Call to Action! Learn More! • Related Content at TechEd on “Related Content” Slide • Attend in-person or consume post-event at TechEd Online • Check out learning/training resources at Microsoft TechNet • Exchange Server and Office Communications Server • Check out Exchange Server 2010 atVirtual Launch Experience (VLE) at thenewefficiency.com Try It Out! • Download the Exchange Server 2010 Trial • Take a simple Web-based test drive of UC solutions through the 60-Day Virtual Experience

  50. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Unified Communications Resources • www.microsoft.com/teched Sessions On-Demand & Community • www.microsoft.com/learning • Microsoft Certification & Training Resources • http://microsoft.com/technet • Resources for IT Professionals • http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources

More Related