Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exchange Online Protection & Mail Flow Jayant Gupta Premier Field Engineer 200 E, Randolph St Aon center, Chicago -IL.

Similar presentations


Presentation on theme: "Exchange Online Protection & Mail Flow Jayant Gupta Premier Field Engineer 200 E, Randolph St Aon center, Chicago -IL."— Presentation transcript:

1 Exchange Online Protection & Mail Flow Jayant Gupta Premier Field Engineer 200 E, Randolph St Aon center, Chicago -IL

2 Conditions and Terms of Use Microsoft Confidential This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in such packages is strictly prohibited. The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, address, logo, person, place, or event is intended or should be inferred. Copyright and Trademarks © 2013 Microsoft Corporation. All rights reserved. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. For more information, see Use of Microsoft Copyrighted Content at Microsoft®, Internet Explorer®, Outlook®, SkyDrive®, Windows Vista®, Zune®, Xbox 360®, DirectX®, Windows Server® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

3 Overview 3 This module explores the various capabilities of the Exchange Online Protection service, including: Anti-Malware protection Anti-Spam protection, including connection and content filtering Quarantining messages Reporting

4 Exchange Online Protection 4 What is Exchange Online Protection (EOP)? EOP is the new version of Forefront Online Protection for Exchange (FOPE), Microsoft’s hosted gateway Provides comprehensive protection through multi-engine antivirus and continuously evolving anti-spam protection Built on Exchange 2013 Transport architecture Geographically load-balanced datacenters Queuing capabilities to help ensure no mail is lost Currently processes 1 billion messages per day EOP is available: As a stand-alone cloud service for on-premises customers As part of Office 365 subscriptions

5 Simple to Deploy 5 1.Add and verify domain ownership in Office Change your MX record to point to.mail.protection.outlook.com 3.Create an SPF TXT record for your domain v=spf1 include:spf.protection.outlook.com -all 4.Fine tune anti-malware and anti-spam settings 5.Create rules to meet business needs

6 EOP Administration 6 Unlike FOPE, Exchange Online Protection administration is incorporated into the Exchange Admin Center

7 EOP inbound filtering 7

8 EOP outbound filtering 8

9 Anti-Malware 9

10 Definition of Malware 10 What is Malware? Malware is any kind of unwanted software that is installed without your adequate consent What is Spyware? Spyware is a general term used to describe software that performs certain behaviors, generally without appropriately obtaining your consent first; such as: Advertising Collecting personal information Changing the configuration of your computer

11 Malware Filter Configuration 11 What you can do in the Exchange Administration Center (EAC)? The Malware detection response (action) The custom alert text (deletion txt) The notifications (who to send to and the ability to customize the notifications)

12 Anti-Spam 12

13 Multi-layered anti-spam protection 13 Connection filtering Blocks up to 80% of all spam based on IP block/allow lists Sender-recipient filtering Blocks up to 15% of all spam based on internal lists and sender reputation Content filtering Blocks up to 5% of all spam based on internal lists and heuristics

14 Connection Filter 14 What is Connection Filtering ? It is blocking or allowing inbound messages based on the originating IP address The connection filter checks IP Allow and IP Block lists prior to checking the content of each message Messages from specifically allowed IP addresses bypass filtering Messages from senders in the IP Block list are blocked, except in cases where they also appear in the IP Allow list You can add an IP address or address range to an IP Allow list or IP Block list in EAC

15 Content Filter 15

16 Content Filter Actions 16 Delete Quarantine Add x-header Move to Junk folder Prepend subject line with text Redirect to address Filter messages from particular countries, or by language

17 Content Filter Advanced Options 17 Increase Spam Score Mark As Spam Test Mode Options

18 Spam Confidence Level 18 SCL RatingSpam Confidence InterpretationDefault Action Non-spam coming from a safe sender, safe recipient, or safe listed IP address (trusted partner) Deliver the message to the recipients’ inbox. 0, 1 Non-spam because the message was scanned and determined to be clean Deliver the message to the recipients’ inbox. 5, 6Spam The initial default is to deliver the message to the quarantine. However, if the default spam content filter policy is modified, by default the message will instead be delivered to the Junk folder. 9High confidence The initial default is to deliver the message to the quarantine. However, if the default spam content filter policy is modified, by default the message will instead be delivered to the Junk folder.

19 Outbound Spam 19 Why do you need outbound spam filtering? Outbound spam filtering is needed because malicious programmers and their malware are out there taking over computers inside corporate networks every day. This means that users in your organization can be sending large amounts of outbound spam without your knowledge

20 Quarantine 20

21 Quarantined Messages 21 Messages that are identified as spam or that match an Exchange transport rule can be sent to the quarantine If you are an administrator, you can perform the following actions against quarantined messages via EAC: - Search for quarantined messages - View details about quarantined messages - Release specific messages to a recipient within your organization - Quickly report a quarantined message as a false positive

22 Working with Quarantined Messages and PowerShell 22 To retrieve information about quarantined s Get-QuarantineMessage -StartReceivedDate 02/13/ EndReceivedDate 02/14/2013 To release a quarantined message Get-QuarantineMessage -MessageID | Release-QuarantineMessage

23 Junk Management 23 Users can now receive spam notifications for messages destined to them that were marked as junk and quarantined Users can choose to either release or report on quarantined messages

24 Reporting 24

25 Built-in Reporting 25 Provides a clear view on spam filtering and malware attacks

26 Testing changes to Malware and Content filters 26 Testing Malware filter Create a file called EICAR.txt with the following text: FILE!$H+H* Attach EICAR.TXT to a new mail message, and send it through the service. Confirm your antimalware filter settings have taken affect (policy changes can take up to an hour to replicate across datacenters) This “EICAR” test attachment will cause the message to be treated as malicious antivirus/antimalware engines Testing Content filter Test Content filter using GTUBE message. A GTUBE message should always be detected as spam by the content filter, and the actions that are performed upon the message should match your configured settings. Include the following GTUBE text in a mail message on a single line, without any spaces or line breaks: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST- *C.34X

27 Module Review 27 1.What are the three main topics which make up the suite in Exchange Online Protection ? Anti-Malware, Anti-Spam, Quarantine 2.What are the three types of filtering available ? Malware Filtering, Content Filtering, Connection Filtering 3.What does the outbound spam policy do ? If an outbound message is determined to be spam, it is routed through the high risk delivery pool, which reduces the probability of the normal outbound-IP pool being added to a block list. If a customer continues to send outbound spam through the service, they will be blocked from sending messages

28 Exchange Online Mail Flow

29 Overview 29 This module covers the mail flow capabilities of Exchange Online, including Transport rules Delivery reports and message tracing Inbound and outbound connectors

30 Rules 30

31 Types Of Rules 31 Transport Rules Let you apply messaging policies to messages in the transport pipeline Actions, such as redirecting a message or adding recipients, rights-protecting messages, and rejecting or silently deleting a message can be taken Transport Protection Rules Administrators can use transport protection rules to implement messaging policies to inspect message content, encrypt sensitive content, and use rights management to control access to the content Outlook Protection Rules In Exchange Online, Outlook, and OWA users and administrators can apply Information Rights Management (IRM) protection to messages by applying an Active Directory Rights Management Services (AD RMS) rights policy template. This requires an AD RMS deployment in the organization

32 Transport Rules 32 Use transport rules to look for specific conditions on messages that pass through your organization and take action on them Transport rules allow you to: - Prevent inappropriate content from entering or leaving - Filter confidential organization information - Track or copy messages that are sent to or received from specific individuals - Redirecting inbound and outbound messages for inspection before delivery - Applying disclaimers to messages as they pass through the organization You can only create a maximum of 100 transport rules in Exchange Online

33 Transport Rule Components 33 A transport rule consists of the following components: Conditions: identify the messages that you want the rule to apply to Actions: specify what you want to do to the messages that are identified by the conditions Exceptions: override conditions and prevent the rule from acting on specific messages Choose a mode for this rule: (Enforce, Test with Policy Tips, Test without Policy Tips)

34 How to Create a New Rule? 34

35 Transport Rules via PowerShell 35 How to create a New Transport Rule New-TransportRule -Name "Mark messages from the Internet to Sales DG" -FromScope NotInOrganization -SentTo "Sales Department" - PrependSubject "External message to Sales DG:“ How to verify the Rule was created Get-TransportRule "Mark messages from the Internet to Sales DG“ How to view all rules in your Exchange Online Tenant Get-TransportRule

36 Delivery Reports 36

37 Delivery Reports 37 Message tracking within your Exchange Organization only Track delivery information about messages sent by or received from any specific mailbox in your organization Optionally add words to search for in the subject line Subject line is displayed in the results, not message content Track messages for up to 14 days after they were sent or received Note: It does not track messages sent from POP or IMAP clients, such as Windows Mail, Outlook Express, or Mozilla Thunderbird

38 Message Tracking 38

39 Message Trace 39 The message trace feature enables an administrator to follow messages as they pass through your Exchange Online or Exchange Online Protection service It helps you determine whether a targeted message was received, rejected, deferred, or delivered by the service within the past 7 days It also shows what actions have occurred to the message before reaching its final status Obtaining detailed information about a specific message lets you efficiently answer your user’s questions, troubleshoot mail flow issues, validate policy changes, and alleviates the need to contact technical support for assistance

40 How to Run a Message Trace 40 Navigate to Mail Flow > Message Trace in EAC Select Fields (to narrow search) Options include: Sender Recipient Message was Sent or Received Delivery Status or Message ID None is also an allowed option, which will display the previous 7 days of information. Please note that only 7 days is retained by the Service Click Search to run the Message Trace *Message Trace information is available for up to 90 days

41 View Message Trace Results 41 After running a search, the results will be listed in the Message Trace Results pane below the search section The following information is displayed about each message: Date Sender Recipient Subject Status Each column can be sorted by clicking on the column name. Clicking it will switch the current sort order If results exceed 500 entries there will be a page navigation section which will appear for use

42 Message Tracing via PowerShell 42 Using Get-MessageTrace to see information Get-MessageTrace -SenderAddress -StartDate 06/13/2012 -EndDate 06/15/2012 Obtain more detailed information by pipelining the results to the Get- MessageTraceDetail cmdlet Get-MessageTrace -Id 2bbad36aa4674c7ba82f4b307fff549f - SenderAddress -StartDate 06/13/2012 -EndDate 06/15/2012 | Get-MessageTraceDetail

43 Connectors 43

44 Connector Types 44 Connectors are used to control inbound and outbound mail flow With connectors, you can route mail to and receive mail from recipients outside of your organization, a partner through a secure channel, or a message-processing appliance The most commonly used connector types are Outbound connectors, which control outbound messages, and Inbound connectors, which control inbound messages Connectors can be configured to enforce IP address and domain restrictions, as well as TLS encryption, for both inbound and outbound mail

45 Using Connectors 45 Mail flows into and out of Exchange Online through EOP without the need to create any inbound or outbound connectors by default Create connectors when you need to customize inbound and outbound mail flow between: Exchange Online and On-Premises Exchange Online and External Recipients Exchange Online and Partner Organizations An example scenario where connectors using TLS are created to enforce encrypted mail flow between EOP and a partner

46 Secure Mail 46 On-Premises Organization External Recipient Exchange Exchange Online Exchange Online Protection Internet Third Party Security System “David” On-premises Mailbox Secure Mail Encrypted & Authenticated Mail Flow MX resolves to on-premises gateway MX is switched to Exchange Online Protection Outbound Exchange Online traffic is delivered direct You can choose to route outbound on- premises mail via EOP

47 Centralized Transport 47 Exchange Online Exchange Online Protection On-Premises Organization Exchange Third Party Security System External Recipient Internet “David” On-premises Mailbox Secure Mail Encrypted & Authenticated Mail Flow MX resolves to on-premises gateway All in and out of the Exchange Online tenant must go via on- premises MX is switched to Exchange Online Protection

48 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION Contact Jayant Gupta Office 365, Premier Field Engineer © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION Who Wants to Ask Questions??


Download ppt "Exchange Online Protection & Mail Flow Jayant Gupta Premier Field Engineer 200 E, Randolph St Aon center, Chicago -IL."

Similar presentations


Ads by Google