Scott Schnoll Senior Content Developer Microsoft Corporation Securing Your Exchange Deployment
Agenda Anti-spam and anti-malware Policy and Reporting Encryption Exchange Online Protection
Inspirirani ljudima. Anti-spam and Anti-malware
~2.9 million messages per second ~300 billion messages per day ~100 trillion messages per year
1.3 billion messages per day 740 million Spam messages per day
Multi-layered anti-spam protection Connection filtering Blocks up to 80% of all spam based on IP block/allow lists Sender-Recipient Filtering Blocks up to 15% of all spam based on internal lists and sender reputation Content Filtering Blocks up to 5% of all spam based on internal lists and heuristics
Granular anti-spam filtering controls Connection filtering Static IP allow/block list Opt-in to Microsoft-maintained reputable sender list Content spam categories Obvious spam High confidence spam Content Filtering Actions Delete Quarantine Add X-Header Modify Subject Redirect
Improved spam blocking Bulk Mail control Mark all bulk messages as spam Block external threats quickly Advanced fingerprinting technologies that identify and stop new spam and phishing vectors in real time.
International spam Block unwanted based on language or geographic origin Block based on language Block based on geography
Junk mail management Recommendation: Send suspected junk mail to the Outlook junk mail folder Users can manage safe senders and block lists through Outlook Spam quarantine managed by administrators
End User Spam Notification Set Frequency from 1-15 days Localized ESN
Reporting False Negatives & False Positives Outlook Junk Mail Reporting Tool for missed spam us/download/details.aspx?id=18275 Send spam as an attachment to Send false positive messages to
Simple configuration Delete messages Delete attachments Robust, customizable notifications Sender notifications Admin notifications
Simple configuration Delete messages Delete attachments Robust, customizable notifications Sender notifications Admin notifications
Inspirirani ljudima. Policy and Reporting
Simple Policy Management Built on Exchange transport rules engine Conditions Actions Exceptions Conditions Actions Exceptions
Flexible rule conditions The sender…IP matches any of these addresses Attachment scanning Any attachment…has executable content The message…size exceeds
Flexible rule actions Block or redirect messages Modify messages Apply additional security Route messages through specific connectors
Rule options Rules can be configured to run for a specific time period time Rules can be run in Test Mode
Built-in granular reporting options Provides a clear view on spam filtering and malware attacks
Reporting O365 Reports Page
Reporting Received Mail
Reporting Sent Mail
Reporting Received Spam
Reporting Malware Detections
Reporting Rule Matches
Excel mail protection reports Excel Workbook available to enable self-service analysis Connects to the reporting web service Data can be refreshed from within the workbook at any time Drill through from recent summary data to the underlying detailed information
Message tracing Powerful troubleshooting tools for mail flow issues Simple search interface (no required fields) EOP keeps 7 days of data Subject text provided for each message Top 1000 of the last 48h of message results Wildcard support for multiple addresses or domain names Results include date, from, to, subject, summary status
Inspirirani ljudima. Encryption
TLS Network Encryption Opportunistic TLS enabled by default Forced inbound/outbound transport layer security (TLS) can be set up to secure all routing channels with business regulated partners Message-level Encryption Policy-based encryption from sender to recipient with no end-user training or software installation provided through Microsoft Exchange Hosted Encryption (EHE)
Exchange Hosted Encryption Send Encrypted to any recipient without prior setup Encryption is performed via policy rules and enforced in the EOP cloud Encrypted s are not saved by EHE Identity-Based Encryption (IBE) uses address as ID for public key EHE saves public keys so users should use strong passwords as their credentials No cost for recipient non-licensed user All replies and forwards remain encrypted for any mail recipient
Data protection at rest Information protection using RMS Data Protection in motion Information can be protected with RMS at rest or in motion Data protection at rest
RMS over standard approaches FunctionalityRMS in Office 365 S/MIMEACLs (Access Control Lists) BitLockerCloud Encryption Gateways (CEGs) Data is encrypted in the cloud Encryption persists with content Protection tied to user identity Protection tied to Policy (edit, print, do not forward, expire after 30 days) Secure collaboration with teams and individuals Native integration with my services (Content Indexing, eDiscovery, BI, Virus/Malware scanning) Lost or stolen hard disk *RMS can be applied to Office documents and PDF using FOX IT pro.
Enable RMS RMS can be activated right inside Office 365 Admin console Enable Rights Management in the tenant admin
Enable RMS RMS can be applied to s RMS can be applied to SharePoint libraries RMS can be applied to any Office documents Apply RMS to content Files are protected if they are viewed using Webapps or downloaded to a local machine
How do I know my data and private information are safe? To learn more about the steps we’ve taken to ensure the safety of your data and private information, go to the Office 365 Trust Center – All of the Office 365 Trust Center promises apply to EOP
Inspirirani ljudima. Exchange Online Protection
Protect communications Multi-engine anti-malware and enhanced spam filtering to help protect your environment from threats Enforce policy Flexible tools for policy enforcement that provide the right level of control Streamlined management Flexible administration of anti-spam, anti-malware and policy rules
EOP Service Level Agreements EOP SLAs 100% known virus detection 99% spam detection rate False positive ratio of less than 1:250,000 messages EOP Standalone Customer SLAs % uptime* Average delivery time of less than 1 minute*
EOP Connection to Exchange
EOP Deployment scenarios Works with any SMTP platform! Every Office 365 customer is an EOP customer Easy transition from EOP stand-alone to Office 365 On-premises server - Inbound and Outbound filtered through EOP On Premise Corporate Network EOP O365 Exchange Online
Inspirirani ljudima. EOP Architecture
EOP Inbound Filtering is routed to EOP DC’s based on MX record resolution (mail.messaging.microsoft.com) IP-based edge blocking Reputation blocking Virus scanning AV Engine 1 AV Engine 2 AV Engine 3 SPAM protection Safe Sender/Recipient Policy enforcement Custom Rules Content scanning and Heuristics Bulk Mail filtering SPF & Sender ID Filter Quarantine *International Spam* Advanced SPAM management Customer feedback False +ve / -ve Customer feedback False +ve / -ve Spam analysts Corporate network Regular expressions URL block lists Envelope blocks Forefront blocks Allows/Rejects
Outbound Pool EOP Outbound Filtering High Risk Delivery Pool High Score Outbound Pool Low Score SPAM protection Content scanning and Heuristics Advanced SPAM management Virus scanning AV Engine 1 AV Engine 2 AV Engine 3 Policy enforcement Custom Rules Quarantine Spam Analysts Corporate network Bulk Delivery Pool Bulk Mail Internet Encryption
Directory Synchronization On-premises Exchange Online Protection Office 365 Directory Sync Secure mail flow Existing environment
Management console Anti-spam, anti-malware, and policy controls accessed through the Office 365 Admin Center
Inspirirani ljudima. Summary
Exchange provides multi-layered anti-spam and anti- malware protection with granular filtering controls Exchange supports encryption of messages and Office documents in transit and at rest Exchange Online includes built-in granular reporting that provides a clear view on spam filtering and malware attacks Exchange Online Protection can work with any SMTP platform and provide robust inbound and outbound message filtering
Inspirirani ljudima. Pitanja i odgovori. Scott Schnoll Blog: