Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Exchange Server 2013 Security Mick Tomlinson– Technical Instructor New Horizons.

Published byAnnabel Terry Modified over 8 years ago

Similar presentations

Presentation on theme: "Microsoft Exchange Server 2013 Security Mick Tomlinson– Technical Instructor New Horizons."— Presentation transcript:

1 Microsoft Exchange Server 2013 Security Mick Tomlinson– Technical Instructor New Horizons

2 Introducing Exchange 2013 New features Exchange 2013 Role Based Access Control Security

3 Introducing Exchange 2013 Exchange 2013 Top Features Exchange Admin Center Architecture Changes Policy and Compliance New Recipient Types Some Other Stuff

4 Exchange Top Features Remain in Control Move to the Cloud on your terms Decrease the amount of time spent on management Keep important data in one place Do More, On Any Device A clean, intuitive inbox experience Working better together Customize using OWA Apps

5 Exchange Top Features Keep Your Organization Safe Protect sensitive data and enforce compliance policies In-Place Discovery across Exchange, SharePoint and Lync from a single interface

6 Exchange Admin Center A single unified management console that allows for ease of use and is optimized for management of on-premises, online, or hybrid deployments Replaces the Exchange 2010 Exchange Management Console and the Exchange Control Panel

7 Exchange Admin Center List View Secure the Virtual Directory Public Folder Management Notifications Role Based Access Control User Editor Unified Messaging Tools

8 Exchange Admin Center

9 Architecture Changes Exchange 2007 and 2010 Five server roles primarily due to CPU limitations Mailbox Server, Client Access Server Hub Transport Server, Edge Transport Server Unified Communications Server Had several restrictions Version Dependency Geo Affinity Session Affinity

10 Architecture Changes New Architecture in Exchange 2013 Only Two Server Roles Mailbox Server Role Includes all the traditional server components: the Client Access protocols, Transport service, Mailbox databases, and Unified Messaging Handles all activity for the active mailboxes on that server Client Access Server Role Provides authentication, limited redirection, and proxy services Doesn’t perform any data rendering No data is cached or stored on the CAS

11 Architecture Changes Some Benefits of the New Design Version upgrade flexibility Session indifference Deployment simplicity CAS is no longer limited to same site access Three More Things RPC is no longer a supported direct access protocol Outlook clients no longer connect to FQDN but a new GUID address learned from Auto Discover Exchange 2013 only supports Outlook 2007 and later

12 Policy and Compliance Data loss prevention (DLP) is a new feature in Exchange 2013 Helps protect your sensitive data by either using built-in or custom policies Helps to keep your organization safe from users mistakenly sending sensitive information to unauthorized people

13 Policy and Compliance In-Place Hold In-Place eDiscovery Simultaneous searches across primary and archive mailboxes Archive Lync content Retention Policy Improvements Calendar and Task Retention Tags

14 New Recipient Types In addition to the recipient types Exchange 2013 carries over from previous versions, a few new ones have either been added or modified: New Public Folders Site Mailboxes Shared Mailboxes

15 New Recipient Types New Public Folders No more public folder databases Public Folder hierarchy and content is now stored in special mailboxes Public Folder replication is now handled by continues replication model used by the mailbox databases This also means Exchange is moving away from a multi-master replication model towards a single- master replication model

16 New Recipient Types Site Mailboxes Email and documents are traditionally kept in two unique and separate data repositories. This usually results in a reduction in user productivity and a degraded user experience Site Mailboxes try to rectify this problem by providing a single interface to access mail stored in Exchange and documents stored in SharePoint

17 New Recipient Types Shared Mailboxes Shared Mailboxes are mailboxes that are accessed by multiple users Did exist in Exchange 2010 but had to be created in a separate multi step process In Exchange 2013, Shared Mailbox is a type of recipient that can be created by a single step from the EAC

18 Some Other Stuff New OWA interface designed for smartphones and tablets Batch mailbox moves Improved and simplified setup process Built-in Anti-Malware Protection Includes Anti-Spam, Anti-Virus and Anti-Spyware High Availability Enhancements Automatic reseed Automatic recovery

19 Exchange 2013 RBAC Security What is RBAC What are the components of RBAC What are Scopes?

20 RBAC Role Based Access Control The permissions to perform certain tasks are granted to roles Users are assigned roles based on their job functions. Permissions are based on the task, rather than the resource. RBAC is the permissions model used by Exchange 2013

21 Three ways to assign permissions Direct user role assignment Management Role Assignment Policies Management Role Groups

22 Direct User Role Assignment Assigning management roles directly to users or groups without using a role group or a role assignment policy. NOT RECOMMENDED!

23 Management Role Assignment Policies Collections of one or more end-user management roles. Enable admins to specify how end-users can manage their own mailboxes and associated settings. All users are assigned a Default Role Assignment Policy Most organizations will choose to use the built in Default Role Assignment Policy

24 Management Role Groups universal security groups used in RBAC permissions model in Exchange 2010 Simplifies the assignment of management roles to users Assigned administrator and specialist user roles Includes several built-in Role Groups, or uses custom Role groups created by Exchange Admins Adding or removing users and groups to Management Role Groups is how you most often assign permissions to administrators or specialist users

25 Role Holders Mailboxes that have been added as members of a Role Group

26 Management Role Group Universal Security Group that contains Role Holders. Is assigned one or more Management Roles. Is located in the “Microsoft Exchange Security Groups” OU in the forest root domain. Role Group

27 Management Role Container for one or more Management Role Entries Logical grouping of cmdlets Used to define specific tasks associated with a job duty Role

28 Management Role Entries One or more cmdlets the role holder will be allowed to run Role Entries can limit the parameters a cmdlet is allowed to touch Role Entries can also reference scripts the role holder is allowed to execute.

29 RBAC Scopes Scopes are used to control WHERE a role can be exercised. Scopes are part of the Management Role Assignment that binds a Role to a Role Group

30 Types of Scopes Scopes can be Implicit or Explicit Scopes can be Regular or Exclusive Custom scope types: OU Scope Recipient Filter Scope Configuration Scope

31 Thanks for Coming Mick Tomlinson mtomlinson@nhaustin.com

Download ppt "Microsoft Exchange Server 2013 Security Mick Tomlinson– Technical Instructor New Horizons."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
Office 365 for Enterprises ITExpo February 2, 2012.

Office 365 for Enterprises ITExpo February 2, 2012.
Daniel Kenyon-Smith UC Consultant – MCS UK. Optimize for Software + Services Deployment Flexibility Continuous Availability Simplify Administration Manage.

Daniel Kenyon-Smith UC Consultant – MCS UK. Optimize for Software + Services Deployment Flexibility Continuous Availability Simplify Administration Manage.
| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.

| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.
Overview of Server Roles in Exchange Server 2010 In Exchange Server 2010, servers are installed with specific functional roles: Mailbox Server role Edge.

Overview of Server Roles in Exchange Server 2010 In Exchange Server 2010, servers are installed with specific functional roles: Mailbox Server role Edge.
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 14 Upgrading to Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 14 Upgrading to Exchange Server 2003.
 They’re available in Exchange Online  Great for simple sharing and distribution list archiving in Outlook  Site Mailboxes and SharePoint are better.

 They’re available in Exchange Online  Great for simple sharing and distribution list archiving in Outlook  Site Mailboxes and SharePoint are better.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Version 2.0 for Office 365 Wave 15. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync.

Version 2.0 for Office 365 Wave 15. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync.
IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.

IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.
Exchange Deployment Planning Services Exchange 2010 Management Tools and RBAC.

Exchange Deployment Planning Services Exchange 2010 Management Tools and RBAC.
Why Compliance Legal and Regulatory requirements Organizational governance requests Internal and external threats Today’s Challenges Duplicate solutions.

Why Compliance Legal and Regulatory requirements Organizational governance requests Internal and external threats Today’s Challenges Duplicate solutions.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Configuring Hybrid Exchange the Easy Way

Configuring Hybrid Exchange the Easy Way
Agenda: Compliance Vision Archive Preserve (Hold) Delete (Messaging Records Management) Q&A.

Agenda: Compliance Vision Archive Preserve (Hold) Delete (Messaging Records Management) Q&A.

Similar presentations

Ads by Google