1 / 56

Understanding Microsoft Forefront Online Protection for Exchange

EXL201. Understanding Microsoft Forefront Online Protection for Exchange. Robert Gillies Solution Architect Microsoft Corporation. Agenda. FOPE Overview? Setup and Configuration Policies and Connectors Routing Operations Questions. FOPE. Overview.

yoshe
Download Presentation

Understanding Microsoft Forefront Online Protection for Exchange

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EXL201 Understanding Microsoft Forefront Online Protection for Exchange Robert Gillies Solution Architect Microsoft Corporation

  2. Agenda • FOPE Overview? • Setup and Configuration • Policies and Connectors • Routing • Operations • Questions

  3. FOPE Overview

  4. Forefront Online Protection for Exchange Multi-layer spam and malware protection with flexible policy enforcement Corporate Network External Senders/ Recipients Exchange Server Legitimate Email Antivirus Inbound FilteredEmail Anti-spam Active Directory Edge Blocking FOPE Directory Synchronization Tool Policy Outbound Filtered Email * Encryption Junk Email Automatic Spooling Messaging Administrator Administrator Console Employees About 90% of Email is junk End User Quarantine *Requires additional Exchange Hosted Encryption License

  5. Where can FOPE be deployed?

  6. FOPE Service Level Agreements These are part of the Exchange Online SLA & FOPE SLA > 98%SpamDetection 100%Known VirusProtection < 1:250,000False Positive Ratio Spam & Malware Filtering Network Performance FOPE SLA only Rapid Email Delivery Average delivery commitment of less than 1 minute Network Uptime> 99.999%

  7. Multi-Layered Anti-Spam Protection Filtering based on connection, sender, recipient and content for best results 1 Connection Filtering Blocks up to 80% of all spam based on IP block/allow lists. Connection Filtering 2 Sender-Recipient Filtering Blocks up to 15% of all spam based on internal lists and sender reputation. Sender-Recipient Filtering Content Filtering 3 Content Filtering Administrator Quarantine Blocks up to 5% of all spam based on internal lists and heuristics. User Junk Email Folder User Inbox

  8. FOPE Inbound Filtering If server down, E-mail queued for up to 5 days Queue Look up e-mail filtering settings for domain E-mail enters the global data center network – MX (mail.messaging.microsoft.com) Delivered in a flow-controlled fashion when server is available Sync Policy Enforcement SPAM Protection Virus Scanning SpamPrevention SPAM prevention DirectoryServices Safe senders Custom Policy Rules Engine 1 Mail addressed to non existent users if rejected Mail form IP Spammers are blocked Custom Spam Filter management Engine 2 IP Reputation based Filtering Attachment and message attribute management Fingerprint Engines Engine 3 Mailbox Store Reputation database Rules Based Scoring E-mail server available? SMTP Reject: 5xx Customer Feedback False +ve / -ve SPAM SPAM Content and Policy Quarantine SPAM Quarantine Spam Analysts SEWR SPAM SPAM SPAM

  9. FOPE Outbound Filtering Look up e-mail filtering settings for domain SPAM Protection Virus Scanning Policy Enforcement Low Spam Score Outbound Pool Safe senders Custom Policy Rules Engine 1 Custom Spam Filter management Engine 2 Attachment and message attribute management High Spam Score Rules Based Scoring Engine 3 High Risk Delivery Pool Fingerprint Engine Mail Server Content and Policy Quarantine

  10. FOPE Setup and Configuration http://www.microsoft.com/exchange/en-us/forefront-online-protection-for-exchange.aspx

  11. FOPE Setup and Provisioning

  12. Best Practices for Configuring FOPE • Directory Synchronization • Setup SPF Records • "v=spf1 include:spf.messaging.microsoft.comip4:127.0.0.3 -all" • Network Connection Settings (SMTP config) • Security • Setup Routing with Virtual Domains • Allow users to report false positives • false_positive@messaging.microsoft.com

  13. demo Administration Name Title Group

  14. Reporting • Access reporting data from your FOPE service • Create, edit, and delete reports in the My Reports tab • Report on all or some of your domains • 4 Available Reports: • Email Traffic Report • Top Viruses Report • Deferral Report • Top Users Report • Information is returned in graphs and tables • Enable scheduled report delivery: emails the report on a one time, weekly, or monthly basis

  15. Quarantine, Reporting, Trending & DR numbers • Message Trace is past 30 days • Deferral, Policy, Virus Detail data for 90 days • User Traffic for 14 weeks • 15 days of quarantine by default • Data held in queue for 5 days

  16. FOPE Managing Junk Mail

  17. Junk Mail Management • Two additional configurations can be done in FOPE: • Spam Redirection • Subject Modification

  18. Junk Mail Management in Exchange Online Default approach: users manage junk mail in Outlook/OWA Manage safe/block sender lists directly in Outlook or Outlook Web App Direct access to Junk Mail folder Block/allow senders directly within message

  19. Junk Mail Management (cont.) Flexibility to use FOPE Spam Quarantine FOPE quarantine can be used instead of the integrated Outlook experience Admins will have SSO access to Quarantine

  20. Junk Email Reporting Tool • The Junk Email Reporting Tool add-in provides a single click spam reporting directly back to Microsoft • Allows end users to report “False Negatives Submissions” which are spam messages not caught by the FOPE filters • Sends email to abuse@messaging.microsoft.com which is monitored by the FOPE Spam Team for analysis

  21. FOPE Connectors and Policies

  22. FOPE Connector Architecture Inbound Connector (controls email sent to your domain) Source IP Source Domain Connection Spam Policy Opportunistic TLS Reject non Source IP Forced TLS Connection Connection Filtering Security Security Delivery Outbound Connector (controls email sent from your domain) Destination domain Opportunistic TLS Forced TLS Smart host MX

  23. Policy Enforcement

  24. Create or Edit a Policy Rule • Basic syntax: uses comma-separated values mixed with string-wildcard syntax • Basic syntax examples: • appl* matches appl1234, apple, application, etc. • appl? matches appl1, apple, apply, etc. • RegEx syntax: specify more complex expressions that match patterns of text, numbers, or special characters • RegEx syntax examples: • ^abc matches abc1234 but not 1234abc • abc$ matches 1234abc but not abc1234 • ab.c matches ab1c, abxc, abyc, etc. • \d\d\d\d\s\d\d\d\d\s\d\d\d\d\s\d\d\d\d matches a credit card

  25. Filters • Add and manage “Dictionaries” for multiple policy rules • Dictionaries are large lists of values • Dictionaries can contain • IP addresses • Domains • Email addresses • Keywords • File names and extensions • Dictionaries must be .txt or .csv • Basic syntax • Maximum size per dictionary: 2 MB or 9,000 characters

  26. Exchange Hosted Encryption Send encrypted mail to anyone; no prior setup by / for external recipients • Encryption via policy rules & enforced in the FOPE cloud; based on Voltage SecureMail technology • Identity-Based Encryption (IBE) uses email address as ID for public key • No cost for recipient non-licensed user • All replies and forwards remain encrypted for any mail recipient • Encrypted emails are not saved by EHE

  27. When to use Admin Center vs. the Exchange Admin Tools Use Exchange Admin Tools for these tasks Use FOPE Admin Center for these tasks • Track messages within your organization • Set up transport rules to: • Add disclaimers to e-mails • Look for keywords and regular expressions in attachments • Block e-mail sent to the outside world (by sender, domain, etc) • Moderate e-mail delivery • Configure journaling of e-mails to external archive • Track messages outside your organization • Perform transport-related tasks not available in transport rules: • Specific header attributes • Custom dictionaries, character sets • Actions such as quarantine or encrypt • Configure org-wide safe/blocked senders • Configure granular antispam settings (e.g. backscatter, SPF) • View reports on spam/virus filtering • Configure forced TLS

  28. FOPE Mail Routing Basics

  29. Secure Messaging with TLS FOPE Opportunistic TLS is on by default for Office 365 customers (no action is required to enable it) Inbound Connector • TLS can be forced for inbound & or outbound connections • FOPE attempts to set up a TLS connection • If TLS cannot be established, email is not sent/received Edge Outbound Connector Policy Spam Inbound Forced TLS option can be used to secure end-to-end communication Virus* woodgrovebank.com • Maintain secure and trusted communication channel with partners • Avoid email interception/ eavesdropping BUSINESS PARTNER ON-PREM / HOSTED Mailboxes Mailboxes *Virus scanning is performed by FPE for O365 tenants contoso.com

  30. Setting the TLS configuration on Connectors

  31. Outbound Smart Hosting On Premises / Hosted Journal • FOPE routes outbound email to smart host for custom mail process or delivery Internet FOPE contoso.com Edge From: Joe@contoso.com To: sales@fabrikam.com Virus* Policy Outbound Connector Spam Value Proposition • Use data leakage protection (DLP) or encryption appliances from third parties • Perform custom processing or address rewrite • Maintain “total mail control” during coexistence (inbound and outbound mail is all routed through on-prem server Exchange Online / On Prem DLP appliance or service Mailboxes Contoso.mail.onmicrosoft.com *Virus scanning is performed by FPE for O365 tenants

  32. Choosing mail routing settings in Hybrid setup

  33. Inbound Safe Listing • Inbound mail is filtered by FOPE • FOPE IP filtering is skipped for trusted domains • Optionally, skip policy and spam filtering Inbound Connector FOPE fabrikam.com Edge From: jane@fabrikam.com To: salesman@contoso.com Virus* Policy Value Proposition • Reduce the chance of false positives (legitimate email from trusted partner being flagged as spam) Spam SAFE-LISTED PARTNER Exchange Online / On Prem Mailboxes Mailboxes contoso.com *Virus scanning is performed by FPE for O365 tenants

  34. Setting the safe listing configuration on Connectors

  35. FOPE Mail Routing in Action

  36. Mail Routing During Migration to O365Two options for mail routing Why? Least disruptive option for most customers. Recommended in our documentation for Exchange Online coexistence (Simple and Rich) Mail forwarders are auto-configured when a mailbox is moved to the cloud using our tools MX record pointed on-premises MX record pointed to the cloud • Why? Customers can stop doing Anti Spam or Mail server blacklist management themselves and reduce dependence on local mail server • How? • FOPE passes all email to Exchange Online • User objects route mail to on-prem users • Note: FOPE subscriptions are required for on-premises users

  37. Shared Address Space (On-Premises Relay MX Points to On-Prem) - Inbound • MX points to on premises for initial filtering • Custom filtering, archival etc. done on-premises • Cloud mail is re-directed to FOPE where it is filtered • Delivered to Exchange Online Internet Customer Mail Processing/Filtering Outbound Exchange Send Connector Inbound FOPE Connector FOPE Edge Exchange Online Virus* Inbound From: sales@fabrikam.com To: Joe@contoso.com Policy contoso.com Spam ON-PREMISES Mailboxes Mailboxes *Virus scanning is performed by FPE for O365 tenants Contoso.mail.onmicrosoft.com

  38. Shared Address Space (On-Premises Relay MX Points to On-Prem) - Outbound • Hosted mailbox sends mail outbound • Virus scanning is performed by FPE for Exchange Online mailboxes • Filtered by FOPE • Delivered to on-premises • Custom processing on-premises • Delivery by on-premises Internet Customer Mail Processing/Filtering Outbound FOPE Connector Inbound Exchange Receive Connector FOPE Edge Exchange Online Virus* Outbound From: joe@contoso.com To: sales@fabrikam.com contoso.com Policy Spam ON-PREMISES Mailboxes Mailboxes Contoso.mail.onmicrosoft.com

  39. Shared Address Space Cross Premises Mailflow– Intra Org • It is an internal mail • Custom processing on-premises • Delivery to FOPE • Filtering skipped • Delivery to Exchange Online by FOPE Customer Mail Processing/Filtering Outbound Exchange Send Connector Inbound FOPE Connector FOPE Intra Org From: salesman@contoso.com To: Joe@contoso.com Edge Exchange Online Virus Policy contoso.com Spam ON-PREMISES Mailboxes Mailboxes Contoso.mail.onmicrosoft.com

  40. Shared Address Space with FOPE Relay (MX Points to FOPE O365) – Inbound*Migration to FOPE / Office 365 • MX points to FOPE for spam processing, filtering, and scanning • Mail is routed to Exchange Online, and if mailbox does not exist in the Exchange Online, mail is routed back to FOPE • FOPE forwards mail to On-Premise Exchange Internet Customer Mail Processing/Filtering FOPE Inbound From: sales@fabrikam.com To: Joe@contoso.com Edge Exchange Online Virus* contoso.com Policy Outbound FOPE Connector Spam Inbound Exchange Receive Connector ON-PREMISES Mailboxes Mailboxes Contoso.mail.onmicrosoft.com

  41. Shared Address Space with FOPE Relay (MX Points to FOPE O365) – Outbound*Migration to FOPE / Office 365 • Scanning by Forefront Protection for Exchange on Microsoft Exchange Online mail hubs • Delivery to FOPE for scanning • FOPE delivers to destination • Mail from On premises routed directly • Mail from On premises could be routed via FOPE after support call to setup connectors. Internet Customer Mail Processing/Filtering `Exchange Send Connector FOPE Edge Exchange Online Outbound From: Joe@contoso.com To: sales@fabrikam.com Virus* Policy contoso.com Spam Inbound FOPE Connector ON-PREMISES Mailboxes Mailboxes Contoso.mail.onmicrosoft.com

  42. Resources • Admin Center: https://admin.messaging.microsoft.com • Administrators Guide: http://go.microsoft.com/fwlink/?LinkId=135918 • RSS Subscription Feed: http://rss.messaging.microsoft.com • FOPE Escalation path and Support SLO: http://go.microsoft.com/fwlink/?LinkId=183846 • Get Help Customer Escalations: http://gethelp/Default.aspx • Spam submission guide: http://technet.microsoft.com/en-us/library/ff715038.aspx • Junk mail reporting tool: http://go.microsoft.com/fwlink/?LinkID=214016 • FOPE Setup and Provisioning: http://technet.microsoft.com/en-us/library/ff715252.aspx • FOPE Service Description: http://www.microsoft.com/download/en/details.aspx?id=26126 • FOPE Support Service Description: http://www.microsoft.com/download/en/details.aspx?id=26803

  43. Q&A • Any questions? • rgillies@microsoft.com • @_rgillies

  44. Related Content • EXL301 – Archiving in the Cloud with Exchange Online Archiving (EOA) EXL303 – Configuring Hybrid Exchange the Easy Way

  45. Track Resources • Exchange Team Blog: http://blogs.technet.com/b/exchange/ • Exchange TechNet Tech Center: http://technet.microsoft.com/exchange • Geek Out with Perry Blog: http://blogs.technet.com/b/perryclarke/ • MEC Website and Registration: http://www.mecisback.com/

More Related