Presentation is loading. Please wait.

Presentation is loading. Please wait.

Comprehensive protection Multi-engine antivirus Continuously evolving anti-spam protection Policy enforcement Enterprise class reliability Geographically.

Similar presentations


Presentation on theme: "Comprehensive protection Multi-engine antivirus Continuously evolving anti-spam protection Policy enforcement Enterprise class reliability Geographically."— Presentation transcript:

1

2

3

4

5 Comprehensive protection Multi-engine antivirus Continuously evolving anti-spam protection Policy enforcement Enterprise class reliability Geographically load-balanced datacenters Queuing capabilities to help ensure no mail is lost Live phone support Streamlined administration console Office 365 integration Detailed reporting

6

7 Spam Protection Outlook Safe/Blocked Senders Content Scanning Bulk Mail Filtering Content Filter Advanced Options Customer Feedback False Positive/Negatives Customer Feedback False Positive/Negatives Policy Quarantine Policy Quarantine Edge Blocks is routed to EOP data centres based on MX record resolution Policy Enforcement Custom Rules Allows/Rejects SPAM Quarantine SPAM Quarantine Spam Analysts - The Big Picture Virus Scanning AV Engine 1 AV Engine 2 AV Engine 3 Envelope blocks IP-based edge blocking

8 NDR Delivery Pool Bulk Delivery Pool Internet Outbound Pool High Risk Delivery Pool Higher Risk Outbound Pool Normal Score Spam Protection Content Scanning and Heuristics Content Filter Advanced Options Virus Scanning AV Engine 1 AV Engine 2 AV Engine 3 Policy Enforcement Custom Rules Quarantine Encryption Spam Analysts – The Big Picture

9

10

11 Step 1: Verify prerequisites Step 2: Configure mail flow (connectors) Step 3: Add and validate domains Step 4: Customize spam and policy settings Step 5: Enable mail flow Step 6: Monitor and fine tune

12

13

14 On-Prem Mail Environment Exchange Online Protection Outbound Connector Inbound Connector Outbound TLS Connector Inbound TLS Connector EOP connectors between on-premises and EOP need to be created *Additional connectors can be created between EOP and partners to force TLS Configure mail flow (connectors) Partner Environment

15 Prior to EOP (Fabrikam uses EOP) With EOP (Fabrikam uses EOP) Contoso Fabrikam Cert CN = mail.contoso.com Cert CN = mail.fabrikam.com Contoso EOP Fabrikam Cert CN = mail.contoso.com Cert CN = mail.protection.outlook.com Cert CN = mail.fabrikam.com

16 On-Prem Mail APAC Exchange Online Protection On-Prem Mail AMER On-Prem Mail EMEA Outbound Connector 1 Outbound Connector 3 Outbound Connector 2 Inbound Connector 1

17

18

19 Spam and policy customization

20 EOP and the Junk Mail folder Two rules Two rules need to be added to the on premise environment if you would like spam moved to the junk mail folder. Set-OrganizationConfig –SCLJunkThreshold 4 New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam- Report" -HeaderContainsWords "SFV:SPM" -SetSCL 6 New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam- Report" -HeaderContainsWords "SFV:SKS" -SetSCL 6 End users need to be educated about the use of the Junk Mail folder in Outlook

21

22 Spam and policy customization (ESN)

23 End user access to quarantine

24 Enable mail flow DNS changes MX record (domain-suffix.mail.protection.outlook.com) SPF record (v=spf1 include:spf.protection.outlook.com –all) Do not change CNAME DNS entries for stand alone customers On-premise changes Create smart host from on premise environment to EOP Restrict on premises firewall to only accept port 25 traffic from EOPEOP

25

26 Monitor and fine tune Goals Is the service operating as expected? Make adjustments to rules or settings as needed Evaluate effectiveness of spam settings Tools Reports (Office 365 Portal or Mail Protection Reports for Office 365) Submitting spam and false positive messages to Microsoft Junk Mail Reporting ToolJunk Mail Reporting Tool for Outlook

27

28 Exchange Server 2013 Exchange Online EOP Stand Alone

29

30 Do this Use a test domain, subdomain or low volume domain for trying different service features Create O365 connectors before adding domains Disable EOP inbound connector (type is on-prem) until you are ready to use it Use the Remote Connectivity Analyzer to troubleshootRemote Connectivity Analyzer Restrict inbound SMTP access to allow ONLY from EOP IP rangesEOP IP ranges Enable Microsoft’s IP Safe List in the Connection Filter When creating safe / black lists, use IP first, and if not possible, then use the domain Don’t do this Daisy chain services Use EOP for sending bulk mail Enable all Content Filter Advanced Options out of the box Safe list your own domain

31

32 Existing environment Office 365 directory sync Secure mail flow Exchange Online ProtectionOn-premises

33

34 Telnet is your friend Telnet can be used to test mail flow from EOP to your on-prem environment. This allows verifying mail flow will work before doing the MX cutover. You do/type thisServer responds with this telnet tenantDomainMXRecordHere helo your_sending_server_fqdn250 mail from: Sender OK rcpt to: Recipient OK data followed by the enter keyServer provides directions on how to enter data. subject: Enter the subject and hit enter twice Enter the body text. To finish the message, type a period on a line by itself and hit enter. 250 Message queued for delivery. Quit221 Service closing transmission channel

35

36 Quarantine Online viewer only supports up to 500 messages More can be viewed via PowerShell Get-QuarantineMessage CmdletGet-QuarantineMessage Can only release in bulk through Release-QuarantineMessage CmdletRelease-QuarantineMessage Limits Max message size for EOP delivering to stand-alone customers is 150 MB Max message size for EOP delivering to Office 365 hosted mailboxes is 35 MB Max 100 Transport Rules per tenant – DLP policies consume part of this quota Max of 900 domains per tenant EOP outbound connectors use round robin for delivery

37 Since January 2014 Extended Message trace (90 days) Directory Based Edge Blocking & Match sub-domains Remote PowerShell for customers without hosted mailboxes (EOP stand alone) End user access to the quarantine Office 365 Message Encryption Coming Soon DKIM for inbound Support for IPv6 Future Outbound DKIM and DMARC Improvements to Bulk mail Advanced Spam Filter option

38 What they offer Exchange Online Protection implementation and configuration assistance up to 90 days Administrator training on Exchange Online Protection Advise customer on service best practices Single point of contact for duration of engagement Eligibility Net new customers who purchase seats EOP stand alone, O365D Exception basis for O365 Hybrid How to Engage an IPM Contact your Technical Account Manager for more information.

39

40

41

42

43

44


Download ppt "Comprehensive protection Multi-engine antivirus Continuously evolving anti-spam protection Policy enforcement Enterprise class reliability Geographically."

Similar presentations


Ads by Google