1. Forefront Online Protection for Exchange Renato Francesco Giorgini Evangelist IT Pro RenatoFrancesco.Giorgini@microsoft.com

2. Agenda  Panoramica  Architettura  Funzionalità Anti-Spam  Funzionalità Anti-Virus  Policy Enforcment  Setup Iniziale  Reporting & Auditing  Scenari Misti

3. Business Challenges Reduce security costs  Implement security that integrates with existing IT assets more effectively  Reduce administrative costs through simplified management and deployment Protect information so your business can grow  Prevent spam from undermining user productivity and safety  Provide a timely response to the latest malware and vulnerabilities  Add new technology to enable productivity without adding security risk Share information while maintaining compliance  Restrict the distribution of inappropriate content  Prevent loss of sensitive information  Uniformly enforce compliance across an organization

4. Choices for Exchange Message Filtering  Forefront Protection for Exchange Server (FPE)  On-premises antivirus and antispam with local configuration  Internal mail filtering and content filtering  Forefront Online Protection for Exchange (FOPE)  Antispam and antivirus protection in the cloud  SLA backed e-mail security performance  Hybrid scenario  Solutions compliment each other Antivirus Filtering Anti-spam Filtering

5. FOPE Architecture Overview FOPE Online Service Internal Mail server Spam quarantine Internet Cloud Internet

6.  Real-time threat prevention  Layered anti-spam and antivirus  Customized policy enforcement  Uninterrupted e-mail accessibility  Rapid recovery from unplanned disasters and network outages  Thirty-day rolling historical e-mail store  Gateway, policy-based e-mail encryption  No public and private key management  Full e-mail encryption  E-mail and IM retention for organizational governance and e-discovery  Customized report generation for demonstrating compliance  Fully indexed, searchable archive Exchange Hosted Services

7. Exchange Online Protection - Features  Antispam  Antivirus  Policy Enforcment  Disaster Recovery  Directory Services Syncronization

8. Architettura

9. FOPE Global Network Infrastructure  Network infrastructure that delivers reliability and scalability  Hosted services provisioned across a global network infrastructure  Fully redundant, load-balanced architecture  Scalability to handle all message volume variations

10. Rapid E-mail Delivery (Average delivery commitment of less than 1 minute) 99.999% Network Uptime Service Level Agreements  Each SLA is backed by a financial commitment from Microsoft  http://go.microsoft.com/fwlink/?LinkID=133205 100% Known virus Protection 98% Spam Detection 1:250,000 False Positive Ratio Filtering Network Performance Spam and Virus Filtering Effectiveness Terms and conditions apply. Please visit the Admin Center Resource Center at http://admin.global.frontbridge.com You may have to login to the system to view the service level agreement. Please contact your reseller or Microsoft Account Manager if you wish to view these prior to signing up for the service.http://admin.global.frontbridge.com

11. Demo

12. Funzionalità Anti-Spam

13. Edge Blocking End User Quarantine Administrator Console Corporate Network Messaging Administrator Employees Inbound Filtered E-mail About 90% of E-mail is junk Outbound Filtered E-mail Also incorporates technology from… External Senders/ Recipients Exchange Server Anti-spam Antivirus Policy Disaster Recovery * Encryption * Requires additional Exchange Hosted Encryption License Active Directory FOPE Directory Synchronization Tool Multilayer spam and virus protection and policy enforcement Legitimate E-mail Junk E-mail Forefront Online Protection for Exchange

14. Antispam Protection  IP Repudiation Blocking  IP-Based Authentication  SMTP Connection Analysis  Real Time Attack Protection  Reputation Analysis  Junk Email Protection  Additional Spam Filtering Options  Cloudmark: Message Fingerprinting  Non-Delivery Report Backscatter Mitigation  Rules-Based Scoring  Outbound Spam filtering

15. Enhanced Reputation Lists URIBL.comSpam Rules Database Forefront Online Protection Spam Filter BadURLs Internet Service Providers Non-PermittedIPs Clean-up Process

16.  Message reduced to fingerprints  Fingerprints compared to local cache  No Match? Apply heuristics Spam Legit. FSE-protected Exchange recipient Fingerprint Cache Reject Cloudmark Content Engine

17. Outbound Spam Mitigation Customer 1 FOPE Spam Filter Customer 2Customer 3 FOPE Regular Outbound FOPE Higher Risk Delivery Pool

18. Spam Quarantine  Quarantined and stored for review for 15 days  Web Access  Redirected to SMTP Mailbox  Tagged with X-Header  Tagged in Subject Line

19. Demo

20. Funzionalità Anti-Virus

21. Antivirus Protection  Multi-AV-Engine  Layered Defenses  Real-Time Threat Response  Fast Antivirus Signature Deployment

22. Demo

23. Policy Enforcment

24. Protect Sensitive Information in E-mail  Automatically protect sensitive e-mail  Can leverage Exchange Server integration with Active Directory Rights Management Services  Filter  Email attachments  Messages  FOPE possible Actions:  Encrypt/Decrypt  Allow/Reject  Quarantine  Redirect/BCC  Use TLS ON PREMISES

25. Demo

26. Setup Iniziale

27. Firewall Setting up Hosted Protection SMTP Mail FOPE Service Mail Your Organization Mail Server Create Account MX record Allow only FOPE SMTP traffic

28. Directory Syncronization Tool  Synchronize users, groups  Future basis for Forefront services in the cloud  User attribute differences synchronized  Requires install on Windows Server  https connection  PowerShell enabled  Outlook spam plug-in  Allows reporting of spam to FOPE Admins through a button

29. Virtual Domains  Not a real DNS Name Domain  Group of Users with shared configuration settings

30. Demo

31. Disaster Recovery  Five days of email queued online  Email can be routed to a different server

32. Reporting & Auditing

33. Demo

34. Scenari Misti

35. FPE, FOPE or Hybrid?  Forefront Protection for Exchange Server  On-premise antimalware and antispam protection with local configuration  Concerned with internal mail filtering  Forefront Online Protection for Exchange  External antispam is primary concern  No issues around hosting  Hybrid scenario

36. Hybrid Messaging Security Firewall Antivirus and anti-spam protection for Exchange Server 2007/2010 Server Roles On-Premise – Company LAN Mailbox Server SMTP Exchange Edge FOPE Gateway Exchange Hub Mail Spam policy Full Management Policy Internet

37. FOPE Gateway  Managed from on-premise systems  Forefront Protection Manager console  FPE Stand alone UI  Synchronizes on-premise data with FOPE  Active Directory information  FPE Antispam policy  Collects data from FOPE to on-premise systems  Quarantine information  Statistics

38. Deploying FOPE Hybrid Scenario  Follow these steps to prepare your Exchange environment and enable management of the FOPE gateway in FPE:  Register with FOPE and create an account  http://go.microsoft.com/fwlink/?LinkId=128194 http://go.microsoft.com/fwlink/?LinkId=128194  Install the FOPE Gateway  Configure the FOPE settings in FPE and retrieve the FOPE datacenter IP addresses.  Redirect your mail to the FOPE datacenter by changing your Mail Exchange (MX) records  Configure your firewall rules and Exchange Edge receive connector information  This will ensure that only mail that has been filtered by FOPE is accepted into your organization.

39. Active Protection Enterprise Class Reliability  High availability Software as a Service (SaaS)  Disaster recovery and e-mail continuity  SLA-supported uptime and performance Simplified Management  Multiple engine antivirus and antispam protection updated multiple times a day  98%+ spam detection SLA  Ability to address security concerns outside the network  In-the-cloud filtering frees up server & network resources  Integration with Forefront Protection Manager  Directory Synchronization eases management overhead  User managed quarantine reduces administrator burden

40. Windows 7 Windows Server 2008 R2 Hyper-V Server R2 Internet Information Services 7.5 Exchange Server 2010 SharePoint Server 2010 System Center Internet Explorer 8.0 Forefront Protection Suite (Codename “Stirling”) RenatoFrancesco.Giorgini@microsoft.com http://bit.ly/itpromomentum

41. Per approfondimenti  www.microsoft.com/online/exchange-hosted- services/filtering.mspx  www.microsoft.com/downloads/details.aspx?displaylang=en &FamilyID=be5963ee-917f-4677-94c5-02985d7e077e  www.microsoft.com/downloads/details.aspx?displaylang=en &FamilyID=f5714ed7-f14d-499e-b7d9-3365c9008113

42. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. RenatoFrancesco.Giorgini@microsoft.com http://blogs.technet.com/italy