Module 7 Planning and Deploying Messaging Compliance

Module Overview Designing Transport Compliance Designing AD RMS Integration with Exchange Server 2010 Designing Message Journaling and Archiving Designing Messaging Records Management

Lesson 1: Designing Transport Compliance Identifying Transport Compliance Requirements and Options Planning Transport Rules Planning Message Classifications Planning Message Moderation

Identifying Transport Compliance Requirements and Options RequirementExchange Server 2010 option Disclaimers must be attached to all external messages Transport rule Specified users must not be able to send to other users Transport rule Moderated recipients Messages with specific content must be blocked or retained Transport rule Message classifications Recipients must be restricted in what they can do with specified s AD RMS integration Messages sent to specific domains must be blocked Transport rule

Planning Transport Rules Test the application of transport rules to avoid rule conflicts or duplication Plan for transport rule limitations with encrypted and digitally signed messages Use transport rules on Edge Transport servers to apply outbound message policies Document the transport rule configurations Use regular expressions to check message contents Plan conditions and exceptions carefully

Planning Message Classifications Plan for the distribution of the client files for Office Outlook 2007 and Office Outlook 2010 clients Configure transport rules to apply message classifications and to apply restrictions Plan for localized versions message classifications in multilingual organizations Develop custom message classifications to address other classification requirements

Planning Message Moderation Consider using message moderation for large or confidential distribution groups Select an appropriate moderator Consider the role of group owners Plan for message moderation during the upgrade from previous Exchange Server versions Consider using either moderated groups or transport rules to enforce moderation Configure appropriate moderation exceptions for groups

Lesson 2: Designing AD RMS Integration with Exchange Server 2010 Options for Integrating AD RMS and Exchange Server 2010 Planning AD RMS Integration Planning AD RMS Integration with External Organizations Considerations for Implementing and Managing AD RMS Integration

Options for Integrating AD RMS and Exchange Server 2010 OptionDescription Transport protection rules Apply an AD RMS template by using a transport rule Outlook protection rules Apply an AD RMS template to messages as they are sent from an Outlook 2010 client Transport decryptionEnables the Hub Transport server to decrypt message content to apply messaging policies Journal report decryption Enables the Journaling agent to save an unencrypted copy of the message in the journal report

Planning AD RMS Integration Consider adding additional templates Define the boundaries for AD RMS-protected messages Configure transport protection rules to apply AD RMS templates for all clients Train users to use the built-in AD RMS functionality Ensure that AD RMS server deployment is available for Exchange Server 2010 integration

Planning AD RMS Integration with External Organizations Considerations for choosing an integration option: Options for integrating AD RMS with external organizations: Deploy an AD RMS server that is accessible to the Internet Configure trusted user or publishing domains Configure AD RMS integration with Windows Live ID Configure a federated trust using AD FS Can you create external user accounts in your Active Directory forest? Have the external organizations deployed AD RMS? Do you need to enable AD RMS integration for all users in the external organizations? Have the external organizations deployed AD FS?

Considerations for Implementing and Managing AD RMS Integration Provide Outlook Web App for external users Develop a plan for distributing custom AD RMS templates Ensure that only trusted users have access to the journal mailbox Develop a communication plan for informing users Monitor the performance impact of encryption on Hub Transport servers Extra configuration is required to support Windows Mobile devices

Lesson 3: Designing Message Journaling and Archiving Identifying Message Journaling and Archiving Requirements and Options Options for Implementing Message Journaling Planning Message Journaling Considerations for Managing the Journal Mailbox Planning Personal Archiving Planning Legal Hold Planning Multi-Mailbox Search

Identifying Message Journaling and Archiving Requirements and Options RequirementExchange Server 2010 option Messages sent to or by members of a distribution group must be retained Message journaling Messages sent or received by specific users must be retained Legal hold Messages must be searchable for specific types of content Multi-Mailbox Search Users must store all in an Exchange Server database Personal Archives, disable PSTs Messages sent by users in a specific mailbox database must be retained Message journaling

Options for Implementing Message Journaling You can configure message journaling: On a specific mailbox database On a specific recipient As part of MRM Message journaling enables you to send copies of messages to any mailbox or valid SMTP address

Planning Message Journaling Identify the journal mailbox Plan for multiple sites in large organizations Consider legal hold as an alternative to journaling Identify the type of message journaling to implement Identify which messages you should journal

Considerations for Managing the Journal Mailbox Use MRM to routinely automate message removal Control who can access journal mailboxes Ensure legal compliance Define a process for addressing over-quota journal mailboxes Plan for the maximum size of the journal mailbox

Planning Personal Archiving Consider disabling access to PST files Train users to automate message archiving Develop policies for managing archive mailbox contents and quotas Selectively enable Personal Archives Consider the impact of Personal Archives on mailbox databases

Planning Legal Hold Legal hold: Considerations: Ensures that deleted and modified items are retained Is an option for single-item recovery Is enabled for individual mailboxes Enable legal hold only when required Messages in recoverable items are not part of a mailbox quota Configure quotas for recoverable items Use the Legal Hold role to delegate management of legal hold

Planning Multi-Mailbox Search Multi-Mailbox Search is based on Exchange Search Configure separate Discovery Search mailboxes for each group with different search permissions Consider assigning auditors to the Discovery Search and Legal Hold management role groups Provide guidance for optimizing mailbox search queries

Lesson 4: Designing Messaging Records Management Identifying Messaging Records Management Requirements and Options Planning a Retention Policy Deployment Planning a Managed Folder Deployment Planning the Integration of Managed Folders and Retention Policies Discussion: Designing a User Communication Plan for Messaging Compliance

Identifying Messaging Records Management Requirements and Options RequirementExchange Server 2010 option Retain messages related to specific projects Personal tags Managed custom folders Delete messages in specified mailbox folders after a specified time Default policy tags Managed default folders Allow users to mark specific messages for retention Personal tags Journal messages when they are deleted from user mailboxes Manage folders Automatically move mailboxes to the archive mailbox at specified times Retention policies

Planning a Retention Policy Deployment Minimize the number of personal tags Base retention policies on compliance requirements Provide training on how to use retention policies and AutoTagging Plan default policy tag for untagged items in folders Plan retention policy tags for default folders

Planning a Managed Folder Deployment Implement a default managed folder policy for all users, and also custom managed folder policies as needed Provide user training for default folders and custom folders Use managed custom folders and journaling to assist with message retention Plan managed folder policies based on departments or project groups

Planning the Integration of Managed Folders and Retention Policies Retention policies do not require users to move messages to specific folders Retention policies override managed folder policies You can only manage retention policies from Office Outlook 2010 Migrate managed folder settings to retention policies as you deploy Office Outlook 2010

Discussion: Designing a User Communication Plan for Messaging Compliance How do you communicate IT environment changes to users? What information would you include in a communication plan? How do you pilot and implement significant changes to your environment? How will you ensure that users follow messaging policies?

Lab: Planning and Deploying Messaging Compliance Exercise 1: Planning a Message Transport Implementation Exercise 2: Planning a Message Journaling and Archiving Solution Exercise 3: Planning a Messaging Records Management Implementation Exercise 4: Implementing a Message Compliance Plan Logon information Estimated time: 75 minutes

Lab Scenario You are a messaging engineer for A. Datum Corporation, an enterprise-level organization with multiple locations. A. Datum is an international corporation involved in technology research and investment, and it is planning to upgrade from Exchange Server 2003 to Exchange Server You are aware of the new messaging compliance features in Exchange Server 2010, and need to determine how you will implement them to meet the needs of your organization.

Lab Review What is the relationship between a retention policy and a retention policy tag? How can you use a message classification to prevent specific messages from being sent to the Internet?

Module Review and Takeaways Review Questions Best Practices