1 / 26

Exchange 2013: What’s New in Service Pack 1?

Exchange 2013: What’s New in Service Pack 1?. Damian Scoles | Project Leadership Associates Microsoft Exchange Server MVP dscoles@projectleadership.net http://justaucguy.wordpress.com/. What’s New In Service Pack 1. Edge Transport Role DLP Enhancements MAPI over HTTP IP Less DAGs

jorryn
Download Presentation

Exchange 2013: What’s New in Service Pack 1?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exchange 2013:What’s New in Service Pack 1? Damian Scoles | Project Leadership Associates Microsoft Exchange Server MVP dscoles@projectleadership.net http://justaucguy.wordpress.com/

  2. What’s New In Service Pack 1 • Edge Transport Role • DLP Enhancements • MAPI over HTTP • IP Less DAGs • EAC Command Logging • OWA Enhancements • Miscellaneous

  3. Edge Transport Role • Edge role in production: • Deployed in DMZ • Talks directly to CAS/MBX through the firewall Microsoft Confidential

  4. Edge Transport Role • Reduce attack surface • Reduced set of services • Reduced set of PowerShell commands • Member server with AD LDS installed • Provides mail routing as well as message hygiene • No GUI • No interface like the EAC for other roles • Configurable via PowerShell only

  5. DLP Enhancements • Policy Tips in OWA • Document Finger Printing • Sensitive information types expanded http://technet.microsoft.com/en-us/library/jj150541%28v=exchg.150%29.aspx

  6. Policy Tips in OWA • No longer limited to just Outlook. • Can Enforce – warn, block or allow exceptions – as well as test • Seamless user experience – OWA/Outlook operate the same • Above example warns on SSN or Bank Numbers

  7. DLP Fingerprinting • What is fingerprinting? • What can we use it for? • Government forms • HIPPA • Employee forms (HR) • Patent forms • Custom Forms (proprietary to your company) • Limitations • Password protected files will not work • Documents with images only • How are the documents stored? • XML Hash file Microsoft Confidential

  8. DLP Fingerprinting (con’t) Source - http://technet.microsoft.com/en-us/library/jj919236(v=exchg.150).aspx Microsoft Confidential

  9. How DLP Fingerprinting Works • Create a document finger print from an existing document. • EAC –> DLP –> Manage document finger prints -> Add document • Create DLP Policy that uses this document fingerprint • Add a custom rule • Edit the ‘Sensitive Information types’, select the fingerprint • Finish the rules you want applies to the policy. • The same process can be performed in PowerShell • get-content • new-fingerprint • New-transportrule Microsoft Confidential

  10. DLP Interface Change Exchange 2013 CU3 Exchange 2013 SP1 Microsoft Confidential

  11. DLP Sensitive Information • More types have been added to DLP: • Finland National ID • Poland National ID (PESEL) • Poland Identity Card • Poland Passport • Taiwan National ID Microsoft Confidential

  12. MAPI over HTTP • Replacement for RPC over HTTP • RPC is a legacy protocol with no real updates in a decade • Design for LANs and not communication over the Internet • RPC is sensitive to interruptions • More information (history of RPC and reasoning for HTTP transition) • http://windowsitpro.com/exchange-server-2013/exchange-server-2013-transition-rpc-http • Provides a common communication platform for Exchange communications – HTTP • Active Sync • OWA • Outlook • Uses POST Commands based on HTTP 1.1 • No metrics on actual performance yet. Still pending from Microsoft.

  13. MAPI over HTTP • How to enable this in Exchange? • Set-MapiVirtualDirectory -Identity "Contoso\mapi (Default Web Site)" -InternalUrl https://Contoso.com/mapi -IISAuthenticationMethods Negotiate • Set-OrganizationConfig -MapiHttpEnabled $true • Caveats • May not be able to access legacy Public Folders. • All Exchange servers at 2013 Service Pack 1 • All clients at Outlook 2013 Service Pack 1

  14. IP Less DAGs • What is an IP Less DAG? • Windows cluster has no IP Address – no resource in cluster core group • No cluster name – no resource in cluster core group • No DNS entry for cluster • No computer objects (CNO) are created in Active Directory • Cluster managable with PowerShell and not Failover Clustering • Reduces attack surface of Exchange 2013 • Can convert an existing DAG • Requirements • Windows Server 2012 R2 • Exchange 2013 SP1 ** Caveat - "We do not recommend this deployment method for any scenario that requires Kerberos authentication.“ Source - http://technet.microsoft.com/en-us/library/dn265972.aspx#BKMK_ADAg

  15. IP Less DAGs (con’t) • IP Address is entered as 255.255.255.255 • No object in Active Directory

  16. EAC Command Logging • Originally in Exchange 2007 and 2010 • What is it? Why do we care? • How do I turn it on Logging? • What does it actually do? • Actual Output:

  17. EAC Command Logging • Caveats/Information • Displays only current actions • When closed, previous results are lost • Up to 500 entries at a time • Searchable Microsoft Confidential

  18. DEMO Microsoft Confidential

  19. OWA Enhancements • S/MIME • Can be enabled in the Outlook Web App Policy via PowerShell Set-OWAVirtualDirectory -identity "owa (Default Web Site)" -SMimeEnabled $true • Requires IE 7+, recommend IE 9+ (supported clients) • Uses • Rich Text Editor • Improvements in the user interface for easier use • Copy and Paste • Better format options • Firefox - Offline Mode • Controlled by Outlook Web App Policies (on by default) • Offline-supported folders include: • Inbox • Drafts • Any folder viewed from the browser in the last week Microsoft Confidential

  20. Miscellaneous • Loose truncation • ExBPA in Exchange 2013 SP1 • 2012 Server R2 • Supported OS • Forest/Domain - 2012 R2 • Enhancements in Managed Availability • Enhancements in Cluster stability • Hotfix that was available for Windows 2008 OS released for 2012 • Schema Updates – minor changes • SSL Offloading • Post Hot Fix ‘required’: • http://support.microsoft.com/kb/2938053

  21. Loose Truncation • Prior to Exchange 2013 SP1 – two options for database logging • Full: truncate on backup • Circular: self truncating • Disabled by default • Enabled via registry entries • HKLM\Software\Microsoft\ExchangeServer\v15\BackupInformation • LooseTruncation_MinCopiesToProtect • LooseTruncation_MinDiskFreeSpaceThresholdInMB • LooseTruncation_MinLogsToProtect • Purpose • Prevent disks from running out of space (i.e. during maintenance windows) • Keeps only the logs that are needed – unverified logs not replicated to other servers • Ignores the farthest copy out of sync

  22. ExBPA – Exchange 2013 SP1 • No longer requires Office 365 tenant to download • Does not run on Edge server • Only gives results for one serverat a time • Can be run on a non-Exchange server Microsoft Confidential

  23. ExBPA – Exchange 2013 SP1 Microsoft Confidential

  24. Windows 2012 R2 Support SOURCE: http://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx

  25. Hot Fix required - kb2938053 • http://support.microsoft.com/kb/2938053 • After you install Microsoft Exchange Server 2013 Service Pack 1 (SP1) or you upgrade an existing Microsoft Exchange Server 2013 installation to Exchange Server 2013 SP1, third-party or custom-developed transport agents cannot be installed correctly. Additionally, the Microsoft Exchange Transport service (MSExchangeTransport.exe) cannot start automatically. Specifically, you cannot enable third-party products that rely on transport agents. For example, you cannot enable anti-malware software or custom-developed transport agents. When the installation fails, you also receive an error message that resembles the following:The TransportAgentFactory type must be the Microsoft .NET class type of the transport agent factory. • Why does this happen? • This problem occurs because the global assembly cache (GAC) policy configuration files contain invalid XML code. • So what does this mean? Microsoft Confidential

  26. Q & A Damian Scoles | Project Leadership Associates Microsoft Exchange Server MVP dscoles@projectleadership.net http://justaucguy.wordpress.com

More Related