SIM309
Connection Analysis (IP-based edge blocks) Reputation Analysis Connection Filtering Protect businesses from receiving –borne viruses and other malicious code with scan engines and heuristic detection Multiple engine support AntiVirus Anti-spam filter can detect all types of spam before they reach the corporate network NDR Backscatter Support Anti-Spam Policy rules to regulate flow for compliance Policy-based encryption (for EHE subscribers) Enhanced RegEx support Policy
Every Exchange Online (BPOS)/Office 365 customer is a FOPE customer! Office 365 Protect on-premises or hosted implementations Is server agnostic Standalone Protect on-premises Exchange servers and integrates FPE/FOPE policies (On-prem/Cloud Policies) Hybrid Protection Live EDU (This CY 2011) Others
Edge Blocking End User Quarantine Administrator Console Corporate Network Messaging Administrator Employees Inbound Filtered About 90% of is junk Outbound Filtered Also incorporates technology from… External Senders/ Recipients Exchange Server Anti-spam Antivirus Policy Automatic Spooling * Encryption * Requires additional Exchange Hosted Encryption License Active Directory FOPE Directory Synchronization Tool Multilayer spam and virus protection and policy enforcement Legitimate Junk Policy rules regulate flow for compliance and message control
ProductFOPE Admin Center Access FOPE Admin Center Login Method Use FOPE Admin Center to configure domains and change IP addresses Virus Scanning, Edge Blocking, Anti-Spam, Message Hygiene Use FOPE Connectors for complex scenarios Directory Synchronization Method FOPE StandaloneYesFOPE credentialsYes Yes, for certain scenarios FOPE Directory Synchronization Tool Office 365 Beta or Professionals and Small Businesses NoN/ANoNoYesNoNone Office 365 Beta for enterprises or education YesSingle sign-on via FOPE link in Exchange Control Panel NoYes Office 365 Directory Synchronization Tool sign-on via FOPE link in Exchange Control Panel NoYes Outlook Live Directory Synchronization Tool Business Productivity Online Suite – Standard Yes, limited access by request to Technical Support FOPE credentialsNoYesNoExchange Online Directory Synchronization Tool Business Productivity Online Suite – Dedicated YesFOPE credentialsYes Exchange Online Directory Synchronization Tool Note: For Microsoft Office 365 Beta customers, antivirus scanning is performed by Forefront Protection 2010 for Exchange Server (FPE) on the Exchange Online servers rather than by FOPE
Antivirus and anti-spam protection for Exchange Server 2010/2007 Server Roles On-Premises Software Online Anti MalwareAnti-spamManagement Forefront Online Protection for Exchange Symantec Authentium Kaspersky Inbound Messaging Hygiene Stop Foreign Spam Outbound Spam Mitigation Anti-spam Feedback Loop Message Tracing IT Admin Improvements Forefront Protection 2010 for Exchange Server MS AV + AntiSpyware Kaspersky Authentium Virus Buster Norman Internal mail filtering Industry-leading 3 rd party content filtering Forefront Protection Server Management Console SMTP Exchange Server Edge Role Hub Role Mailbox Role Internet
Source IP Source Domain Reject non Source IP Opportunistic TLS Forced TLS Spam Connection Policy Opportunistic TLS Forced TLS Smart host MX Destination domain
Secure inbound and outbound mail with TLS Validated with CA certificates Forced TLS Redirect all or part of your outbound mail to flow through an on-premises server Apply additional processing Outbound Smart Host Add partners to a safe list Mail from those organizations bypass FOPE IP filtering Optionally, skip FOPE spam and policy filtering Inbound Safe Listing
Business Partner FOPE woodgrovebank.com contoso.com Opportunistic TLS is on by default for Office 365 customers (no action is required to enable it) TLS can be forced for inbound connections, outbound connections, or both FOPE attempts to set up a TLS connection If TLS cannot be established, is not sent/received Virus scanning is performed by FPE for Exchange Online mailboxes Forced TLS can be configured using the methods shown here Value Proposition Maintain secure and trusted communication channel with partners Avoid interception/ eavesdropping
FOPE From: To: From: To: service.contoso.com FOPE routes outbound to smart host for custom mail process or delivery Virus scanning is performed by FPE for Exchange Online mailboxes INTERNET Value Proposition Use DLP or encryption appliances from third parties Perform custom processing or address rewrite Maintain “total mail control” during coexistence (inbound and outbound mail is all routed through on-prem server contoso.com
FOPE From: To: From: To: contoso.com fabrikam.com Safe-listed Partner Value Proposition Reduce the chance of false positives (legitimate from trusted partner being flagged as spam)
All mailboxes hosted in the cloud with Exchange Online Fully Hosted Scenario Some mailboxes hosted in the cloud with Exchange Online Some mailboxes hosted on-premises MX record points to FOPE FOPE subscriptions are required for on-premises users Current FOPE Customer: Shared Address Space with On- Premises Relay Scenario (MX Points to FOPE) Some mailboxes hosted in the cloud with Exchange Online Some mailboxes hosted on-premises MX record points to on-premises Shared Address Space with On- Premises Relay Scenario (MX Points to On-Premises) Some mailboxes hosted in the cloud with Exchange Online Some mailboxes hosted on-premises MX record points to FOPE FOPE subscriptions are required for on-premises users Non-FOPE Customer: Shared Address Space with On- Premises Relay Scenario (MX Points to FOPE)
FOPE EXCHANGE ONLINE INTERNET Mail is sent outbound Virus scanning is performed by FPE on Exchange Online servers FOPE filters as outbound FOPE delivers to Internet Contoso signs up for Exchange Online Exchange Online has provisioned tenant in FOPE Mail sent to FOPE FOPE filters inbound mail Virus scanning is performed by FPE on Exchange Online servers Mail is delivered to the recipient’s mailbox Inbound From: To: Inbound From: To: Outbound From: To: Outbound From: To:
On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET MX points to FOPE for spam processing, filtering, and scanning Mail is routed to on-premises server, and if mailbox does not exist on- premises, mail is routed back to FOPE FOPE forwards mail to hosted mailbox Virus scanning is performed by FPE for Exchange Online mailboxes Inbound From: To: Inbound From: To:
On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET Scanning by Forefront Protection for Exchange on Microsoft Exchange Online mail hubs Delivery to FOPE for scanning Delivered to on-premises Exchange server Custom processing on premises Outbound delivery to FOPE Delivery to Internet Outbound From: To: Outbound From: To:
On-Premises Exchange EXCHANGE ONLINE FOPE Hosted mailbox sends mail outbound Delivery to FOPE (virus scanning disabled by default; policy rules dependent on customer configuration) Delivery to on-premises mailbox Outbound From: To: Outbound From: To:
On-Premises EXCHANGE ONLINE FOPE INTERNET MX points to on premises for initial filtering Custom filtering, archival etc. done on- premises Cloud mail is re-directed to FOPE where it is filtered Delivered to Exchange Online Virus scanning is performed by FPE for Exchange Online mailboxes Inbound From: To: Inbound From: To:
On-Premises EXCHANGE ONLINE FOPE INTERNET Hosted mailbox sends mail outbound Virus scanning is performed by FPE for Exchange Online mailboxes Filtered by FOPE Delivered to on-premises Custom processing on-premises Delivery by on-premises Outbound From: To: Outbound From: To:
EXCHANGE ONLINE FOPE On-Premises MX points to on-premises for initial filtering Custom processing on-premises Delivery to FOPE Filtering skipped Delivery to Exchange Online by FOPE Intra Org From: To: Intra Org From: To:
On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET MX points to FOPE for spam processing, filtering, and scanning Mail is routed to Exchange Online, and if mailbox does not exist in the Exchange Online, mail is routed back to FOPE FOPE forwards mail to On-Premise Exchange Virus scanning is performed by FPE for Exchange Online and mailboxes Inbound From: To: Inbound From: To:
On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET Scanning by Forefront Protection for Exchange on Microsoft Exchange Online mail hubs Delivery to FOPE for scanning Delivered to Internet Directly (Could also direct outbound back to on-premises Exchange server) Outbound From: To: Outbound From: To:
On-Premises Exchange EXCHANGE ONLINE FOPE Hosted mailbox sends mail outbound Delivery to FOPE (virus scanning disabled by default; policy rules dependent on customer configuration) Delivery to on-premises mailbox Outbound From: To: Outbound From: To:
31
demo
Sessions On-Demand & CommunityMicrosoft Certification & Training Resources Resources for IT ProfessionalsResources for Developers Connect. Share. Discuss.
Scan the Tag to evaluate this session now on myTechEd Mobile