Presentation is loading. Please wait.

Presentation is loading. Please wait.

Damian Scoles | Project Leadership Associates Microsoft Exchange Server MVP

Published byNancy Evans Modified over 9 years ago

Similar presentations

Presentation on theme: "Damian Scoles | Project Leadership Associates Microsoft Exchange Server MVP"— Presentation transcript:

1 Damian Scoles | Project Leadership Associates Microsoft Exchange Server MVP dscoles@projectleadership.net http://justaucguy.wordpress.com/

2 Edge Transport Role DLP Enhancements MAPI over HTTP IP Less DAGs EAC Command Logging OWA Enhancements Miscellaneous

3 Microsoft Confidential Edge role in production: Deployed in DMZ o Talks directly to CAS/MBX through the firewall

4 Reduce attack surface o Reduced set of services o Reduced set of PowerShell commands o Member server with AD LDS installed Provides mail routing as well as message hygiene No GUI o No interface like the EAC for other roles o Configurable via PowerShell only

5 Policy Tips in OWA Document Finger Printing Sensitive information types expanded http://technet.microsoft.com/en-us/library/jj150541%28v=exchg.150%29.aspx

6 No longer limited to just Outlook. Can Enforce – warn, block or allow exceptions – as well as test Seamless user experience – OWA/Outlook operate the same Above example warns on SSN or Bank Numbers

7 What is fingerprinting? What can we use it for? o Government forms o HIPPA o Employee forms (HR) o Patent forms o Custom Forms (proprietary to your company) Limitations o Password protected files will not work o Documents with images only How are the documents stored? o XML Hash file Microsoft Confidential

8 Source - http://technet.microsoft.com/en-us/library/jj919236(v=exchg.150).aspx

9 Create a document finger print from an existing document. − EAC –> DLP –> Manage document finger prints -> Add document Create DLP Policy that uses this document fingerprint o Add a custom rule o Edit the ‘Sensitive Information types’, select the fingerprint o Finish the rules you want applies to the policy. The same process can be performed in PowerShell o get-content o new-fingerprint o New-transportrule Microsoft Confidential

10 Exchange 2013 SP1

11 More types have been added to DLP: o Finland National ID o Poland National ID (PESEL) o Poland Identity Card o Poland Passport o Taiwan National ID Microsoft Confidential

12 Replacement for RPC over HTTP o RPC is a legacy protocol with no real updates in a decade o Design for LANs and not communication over the Internet o RPC is sensitive to interruptions o More information (history of RPC and reasoning for HTTP transition)  http://windowsitpro.com/exchange-server-2013/exchange-server-2013-transition-rpc-http Provides a common communication platform for Exchange communications – HTTP o Active Sync o OWA o Outlook Uses POST Commands based on HTTP 1.1 No metrics on actual performance yet. Still pending from Microsoft.

13 How to enable this in Exchange? o Set-MapiVirtualDirectory -Identity "Contoso\mapi (Default Web Site)" - InternalUrl https://Contoso.com/mapi -IISAuthenticationMethods Negotiate o Set-OrganizationConfig -MapiHttpEnabled $true Caveats o May not be able to access legacy Public Folders. o All Exchange servers at 2013 Service Pack 1 o All clients at Outlook 2013 Service Pack 1

14 What is an IP Less DAG? o Windows cluster has no IP Address – no resource in cluster core group o No cluster name – no resource in cluster core group o No DNS entry for cluster o No computer objects (CNO) are created in Active Directory o Cluster managable with PowerShell and not Failover Clustering o Reduces attack surface of Exchange 2013 o Can convert an existing DAG Requirements o Windows Server 2012 R2 o Exchange 2013 SP1 ** Caveat - "We do not recommend this deployment method for any scenario that requires Kerberos authentication.“ Source - http://technet.microsoft.com/en-us/library/dn265972.aspx#BKMK_ADAg

15 IP Address is entered as 255.255.255.255 No object in Active Directory

16 Originally in Exchange 2007 and 2010 What is it? Why do we care? How do I turn it on Logging? What does it actually do? Actual Output:

17 Caveats/Information o Displays only current actions o When closed, previous results are lost o Up to 500 entries at a time o Searchable Microsoft Confidential

18

19 S/MIME o Can be enabled in the Outlook Web App Policy via PowerShell Set-OWAVirtualDirectory -identity "owa (Default Web Site)" -SMimeEnabled $true o Requires IE 7+, recommend IE 9+ (supported clients) o Uses Rich Text Editor o Improvements in the user interface for easier use  Copy and Paste  Better format options Firefox - Offline Mode o Controlled by Outlook Web App Policies (on by default) o Offline-supported folders include:  Inbox  Drafts  Any folder viewed from the browser in the last week Microsoft Confidential

20 Loose truncation ExBPA in Exchange 2013 SP1 2012 Server R2 Supported OS Forest/Domain - 2012 R2 Enhancements in Managed Availability Enhancements in Cluster stability o Hotfix that was available for Windows 2008 OS released for 2012 Schema Updates – minor changes SSL Offloading Post Hot Fix ‘required’: http://support.microsoft.com/kb/2938053

21 Prior to Exchange 2013 SP1 – two options for database logging o Full: truncate on backup o Circular: self truncating Disabled by default Enabled via registry entries o HKLM\Software\Microsoft\ExchangeServer\v15\BackupInformation  LooseTruncation_MinCopiesToProtect  LooseTruncation_MinDiskFreeSpaceThresholdInMB  LooseTruncation_MinLogsToProtect Purpose o Prevent disks from running out of space (i.e. during maintenance windows) o Keeps only the logs that are needed – unverified logs not replicated to other servers o Ignores the farthest copy out of sync

22 Microsoft Confidential No longer requires Office 365 tenant to download Does not run on Edge server Only gives results for one server at a time Can be run on a non-Exchange server

23 Microsoft Confidential

24 SOURCE: http://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx

25 http://support.microsoft.com/kb/2938053 − After you install Microsoft Exchange Server 2013 Service Pack 1 (SP1) or you upgrade an existing Microsoft Exchange Server 2013 installation to Exchange Server 2013 SP1, third-party or custom-developed transport agents cannot be installed correctly. Additionally, the Microsoft Exchange Transport service (MSExchangeTransport.exe) cannot start automatically. Specifically, you cannot enable third-party products that rely on transport agents. For example, you cannot enable anti- malware software or custom-developed transport agents. When the installation fails, you also receive an error message that resembles the following: The TransportAgentFactory type must be the Microsoft.NET class type of the transport agent factory. Why does this happen? − This problem occurs because the global assembly cache (GAC) policy configuration files contain invalid XML code. So what does this mean? Microsoft Confidential

26 Q & A Damian Scoles | Project Leadership Associates Microsoft Exchange Server MVP dscoles@projectleadership.net http://justaucguy.wordpress.com

Download ppt "Damian Scoles | Project Leadership Associates Microsoft Exchange Server MVP"

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Installation and Deployment in Microsoft Dynamics CRM 4.0

Installation and Deployment in Microsoft Dynamics CRM 4.0
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology.

Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology.
Installing Exchange 2010 IT:Network:Applications.

Installing Exchange 2010 IT:Network:Applications.
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Installing software on personal computer

Installing software on personal computer
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Introduction to UTORexchange For IT support providers.

Introduction to UTORexchange For IT support providers.
SP2 Mikael Nystrom. Agenda Översikt Installation.

SP2 Mikael Nystrom. Agenda Översikt Installation.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
CRMUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Implementing CRM 2011 Claims-Based Authentication, ADFS and IFD Best Practices and Tips.

CRMUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Implementing CRM 2011 Claims-Based Authentication, ADFS and IFD Best Practices and Tips.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Similar presentations

Ads by Google