Connector- Based Customer Delivery Pool Mailbox (On-premises) Mailbox or Application (On-premises) Higher Risk High Risk Delivery Pool Resolve.

Slides:



Advertisements
Similar presentations
Message Trace & Headers for Office 365 Enhancements (Feb 2014)
Advertisements

1 Effective, secure and reliable hosted security and continuity solution.
TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Comprehensive protection Multi-engine antivirus Continuously evolving anti-spam protection Policy enforcement Enterprise class reliability Geographically.
Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.
Exchange Online Protection & Mail Flow
Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of servers Across dozens of.
On-premises Exchange Online Protection Office 365 Directory Sync ADFS (optional) Single sign on Secure mail flow Existing environment.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Curtis Parker | December 2010 | Microsoft Corporation.
Microsoft Ignite /16/2017 1:30 PM
Fact check True or False: Over half of the messages received today in Exchange Online are spam True. About 67 % of all messages are spam True or False:
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Understanding Microsoft Forefront Online Protection for Exchange Robert Gillies Solution Architect Microsoft Corporation EXL201.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Security challenges Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of.
Office 365 SMTP Relay June Relay Method Send to rcpts in domain Relay to Internet via O365 Configuration Requirements Requires Authentication.
IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.
How to Get The Most Out of Outlook 2003 Michele Schwartzman Division of Customer Support Summer 2006.
SIM334. Internet Comprehensive Protection Multi-Engine Antivirus and Multi layered continuously evolving Anti-spam In the Leader’s quadrant in the.
Protect communications Multi-engine anti-malware and enhanced spam filtering to help protect your environment from threats Enforce policy Flexible.
Overview of Exchange 2013 Architecture Transport components shipping with Exchange 2013 Mail Routing Scenarios Transport High Availability SMTP Client.
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
Message Trace Office 365 May 2013.
TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
SIM331 High-accuracy spam filtering Multiple virus-scanning engines Hub Transport Mailbox External About 90% of is junk Tuned for enterprise.
Exchange 2010 Recipient and Mailbox Management IT:Network:Applications.
Managing Client Access
Copyright© Microsoft Corporation Speaker:Engagement consultant Title of presentation:Assessment of the Environment Length of presentation: 45 minutes Audience:Customer.
CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.
SIM309. Connection Analysis (IP-based edge blocks) Reputation Analysis Connection Filtering Protect businesses from receiving –borne viruses.
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
Securing Microsoft® Exchange Server 2010
Module 6: Manage and Configure Messaging. Configuring Internet Mail Using Small Business Server (SBS) 2008 Console Configuring Protection Configuring.
Exchange Online Protection. About Speaker Prabhat Nigam Microsoft MVP: Exchange Server MCSE: Messaging 2013, MCITP 2010/2007, MS Ex – Microsoft Exchange.
Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.
Module 9 Configuring Messaging Policy and Compliance.
Module 6 Planning and Deploying Messaging Security.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Module 9 Configuring Messaging Policy and Compliance.
Outlook 2007 basics. Create an account An account must be created before sending/receiving . Follow these steps to create an account:
Module 5 Managing Message Transport. Module Overview Overview of Message Transport Configuring Message Transport.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
Module 7: Managing Message Transport. Overview Introduction to Message Transport Implementing Message Transport.
Module 5 Managing Message Transport. Module Overview Overview of Message Transport Configuring Message Transport.
Module 12 Integrating Exchange Server 2010 with Other Messaging Systems.
Module 5 Planning and Deploying Message Transport in Microsoft® Exchange Server 2010.
Module 7 Planning and Deploying Messaging Compliance.
“SaaS secure web and gateways frequently provide efficiency and cost advantages, and a growing number of offerings are delivering an improved.
Understanding Microsoft Forefront Online Protection for Exchange Nathan Winters Microsoft Corporation EXL201.
Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.
Implementing Microsoft Exchange Online with Microsoft Office 365
Exchange Hybrid: Deployment, best practices, and what’s new
BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Microsoft Exchange Server 2013 Security Mick Tomlinson– Technical Instructor New Horizons.
Scott Schnoll Senior Content Developer Microsoft Corporation Securing Your Exchange Deployment.
Fighting Spam in an Exchange Environment Tzahi Kolber IT Supervisor - Polycom Israel.
On-premises Exchange Online Protection Office 365 Directory Sync Secure mail flow Existing environment.
Office 365 Migration Challenges Drew St. John 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Consultant
Planning and Configuring Message Hygiene
How to Implement Exchange Online Protection (EOP)
12 | Monitoring Office 365 Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.
Microsoft - Managing Office 365 Identities and Requirements
Securing the Network Perimeter with ISA 2004
Demo Advanced Threat Protection
Migrating to Office 365 from Google mail and exchange
06 | Planning Exchange Online and Configuring DNS Records
Real World Advanced Threat Protection
Presentation transcript:

Connector- Based Customer Delivery Pool Mailbox (On-premises) Mailbox or Application (On-premises) Higher Risk High Risk Delivery Pool Resolve host name to EOP DC (contoso- com.mail.protection.outlook. com) Resolve host name to EOP DC (contoso- com.mail.protection.outlook. com) Virus Scanning AV Engine 1 AV Engine 2 AV Engine 3 Edge Blocks & Tenant Attribution IP-based block lists Directory-based (Recipient) Blocks Internet mail is routed based on MX record resolution Outbound Pool Normal Score Internet mail is routed based on MX record resolution Mailbox (O365) Transport Rules / Policy Enforcement Custom Rules Encryption Quarantine Allows/Rejects SPAM Protection Content scanning and Heuristics Content Filter Advanced Options Outlook Safe Sender/Recipient Bulk Mail Filtering

Deployment: Basic Mail Flow

Filtering only…or with Exchange Online, including Hybrid:

is the correct URL to use when connecting to EOP SA

liveid/ Is the correct URL to use when connecting to Exchange Online Migration planning is key

 Routing between Exchange on-premises & Exchange Online MUST NOT pass through any 3 rd party  Use CBR connectors or centralized mail transport if you must for non-Hybrid mail flow  If you keep MX record pointed to on-premises:  EOP scanning will have reduced effectiveness  On-premises IP reputation & ability to keep the bad stuff out is critical to maintaining mail flow

Domain Validation

Domain Validation – Wizard completion

Once verified, domain will appear in EOP/EXO as an “AcceptedDomain”  For EOP, will default to “internal relay”  For EXO, will default to “authoritative”

Test & enable mail flow Test  Simply VALIDATE your new connector in the Office 365 Admin Center  Or telnet to assigned host record (contoso-com.mail.protection.outlook.com) and attempt to send a test message to on-premises mailbox DNS changes  MX record (domain-suffix.mail.protection.outlook.com)  SPF record (v=spf1 ip4: include:spf.protection.outlook.com –all)  Do not change Autodiscover CNAME DNS entries for filtering-only customers On-premises changes  Create smart host from on-premises environment to EOP  Restrict on premises firewall to only accept port 25 traffic from EOPEOP

When you are done: HINT: Keep your on-premises IP addresses in here too!

Recommend: Enable Directory Synchronization Automated user/group management Ease of administration for rules based on addresses Synchronize Outlook safe/block sender lists Enable directory-based edge (recipient) blocking On-premisesExchange Online Protection Office 365 Directory Sync

Protection: Anti-Spam & Anti-Malware

Setting expectations  May see a change in patterns  Every product needs to be tuned to your environment  Features may function differently Porting configuration  Good opportunity to trim old safe/block lists  Spam filtering rules may not be needed  Review filtering policies (transport rules)

Spam and Policy customization

 EOP and the Junk Mail folder  Standalone only (should not be required for proper Hybrid deployment):  Set-OrganizationConfig –SCLJunkThreshold 4  At least two rules need to be added to the on premises environment: At least two rules  New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" - HeaderContainsWords "SFV:SPM" -SetSCL 6  New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" - HeaderContainsWords "SFV:SKS" -SetSCL 6  Make sure Outlook updates are always applied to prevent false negatives (SCL -1 is not recognized without update and will take the spam action)  It is EASY to educate end users to use the Junk Mail folder in Outlook!

 EOP and the quarantine  Messages are kept in EOP datacenters away from the user’s view.  Administrator can grant access to the quarantine for end-user self- management.  Administrator can also configure end-user spam notifications (ESNs)

Publish an SPF record (Sender Policy Framework)  Include EOP IPs and on-premises public IPs  Use the Microsoft Configuration WizardMicrosoft Configuration Wizard  Avoid safe-listing own domains - this by-passes the SPF check and negates the check’s effectiveness Publish a DMARC policy (Domain-based Message Authentication, Reporting and Conformance)  If you can’t publish p=reject or p=quarantine, you can still publish p=none and collect feedback.

Publish a DKIM signature (DomainKeys Identified Mail) Recommend reporting Spam to Microsoft  Get the Junk reporting toolJunk reporting tool  Attach to a new , copy headers into body of new and send to Recommend reporting False Positives to Microsoft  Attach to a new , copy headers into body of new and send to

Protection against unknown malware and viruses  Through a feature called Safe Attachments Real time, time-of-click protection against malicious URLs  Through a feature called Safe Links Rich reporting and URL trace capabilities A new filtering service coming this summer

 Microsoft has begun to get more aggressive against bulk  New anti-spam header X-Microsoft-AntiSpam  Improvements to bulk filtering:  Bulk Complain Levels (BCL) – use it today

Have application send via EOP Find a 3 rd party in the business of sending Use same on-premises IPs as core business s Use a separate domain or subdomain for mass s Make sure SPF record(s) include all apps & 3 rd parties X ✓ X ✓ ✓

 Make adjustments to rules or settings as needed  Evaluate effectiveness of spam settings  Did you report that to the Microsoft Anti-spam team?  Reports (Office 365 Portal or Mail Protection Reports for Office 365) – Updates Coming! Monitor and fine tune

 Transport Layer Security (TLS)  Great for securing between Office 365 and on-premises or with specific partner/external servers  All Office 365 SMTP is defaulted to opportunistic; TLS secure ciphers  Office 365 Message Encryption  Allows recipient to be external and on any device; if recipient’s mailbox can be accessed, then the message can be decrypted  Information Rights Management (Azure AD)  Keys held on RMS server; organization can set usage rights and custom templates; requires organizational authentication; does not get in the way of e-Discovery  S/MIME  Secure from client-to-client, as long as the private keys remain secure

Who can fix it? Indicates error details Who generated the NDR?

Remote Connectivity Analyzer ( Message Header Analyzer

Can be added to OWA & Outlook as an app

 Find out everything about a message that Office 365 handled  Search up to 90 days  Get routing details Message Trace

N e w! “Basic” Message Trace “Extended” Message Trace (Historical Search) Data SetBetween approx. 15 minutes & 7 daysBetween approx. 8 hours & 90 days View ResultsIn UIDownload ResultsIn seconds In minutes/hours (can configure notification address) Routing DetailsBasic detail onlyFull detail optional Maximum Size5005,000 (3,000 for detail) Max Queries / DayReasonable limits15 per tenant

Finding Message Trace  Go to Exchange Admin Center  Click mail flow  Click message trace

Using the UI  Two features share the same UI for simplicity

Using Historical Search  After selecting a period outside of 7 days, new options appear  “Include message events and routing details with report”  Enter Notification address

Completed Historical Search  Click to see running & completed reports  Reports available for 10 days  Results of 5000 (or 3000 for detailed) should not be trusted to be complete (truncated warning message)  Scroll to bottom to download the results

Reviewing Historical Search Results  Recommend using Excel  DATA -> Filter  Sort by date_time  More information about the fields & value meanings: oft.com/en- us/library/bb124375( v=exchg.150).aspx oft.com/en- us/library/bb124375( v=exchg.150).aspx

 Basic: Get-MessageTrace, Get-MessageTraceDetail  Extended: Start-HistoricalSearch, Stop-HistoricalSearch, Get-HistoricalSearch  Pull results inside of (and shorter than) 7 days (but still >8 hours)  Search on advanced criteria such as find all messages that hit a particular DLP rule PowerShell Start-HistoricalSearch [[-Organization] ] -ReportType {MessageTrace | MessageTraceDetail | DLP | TransportRule | SPAM | Malware} -ReportTitle -StartDate -EndDate [-NotifyAddress ] [-DeliveryStatus ] [-SenderAddress ] [-RecipientAddress ] [-OriginalClientIP ] [-MessageID ] [-DLPPolicy ] [-TransportRule ] [-Locale ] [-Direction {All | Sent | Received}]

 Check to see if there is any record of the message (if no record, then you’ll need to check with the sender)  Check hygiene results  Look for hints about where it may have gone (forwards, rules, etc.) Scenario: Inbound

 Make sure the message was received from Outlook client (if not, troubleshoot Outlook)  Look for SMTP SEND Event Scenario: Outbound

Connector- Based Customer Delivery Pool Mailbox (On-premises) Mailbox or Application (On-premises) Higher Risk High Risk Delivery Pool Resolve host name to EOP DC (contoso- com.mail.protection.outlook. com) Resolve host name to EOP DC (contoso- com.mail.protection.outlook. com) Virus Scanning AV Engine 1 AV Engine 2 AV Engine 3 Edge Blocks & Tenant Attribution IP-based block lists Directory-based (Recipient) Blocks Internet mail is routed based on MX record resolution Outbound Pool Normal Score Internet mail is routed based on MX record resolution Mailbox (O365) Transport Rules / Policy Enforcement Custom Rules Encryption Quarantine Allows/Rejects SPAM Protection Content scanning and Heuristics Content Filter Advanced Options Outlook Safe Sender/Recipient Bulk Mail Filtering SMTP Client Submission (EXO only) Mailbox (O365)

Failover configuration  Using a second MX record to accomplish failover Contoso.com has 3 on-premises IPs: Site A & , Site B , Site C Contoso.com wants mail to route to Site A but if it is down wants mail to go to Site B, and Site C as last resort. Specify onprem.contoso.com in the outbound connector smart host field & create the following DNS records: contoso.com MX preference = 10 contoso-com.mail.protection.outlook.com (routes all mail for contoso.com) onprem.contoso.com MX preference = 10 mail-a.contoso.com onprem.contoso.com MX preference = 20 mail-b.contoso.com onprem.contoso.com MX preference = 30 mail-c.contoso.com mail-a.contoso.comA , mail-b.contoso.comA mail-c.contoso.comA

You do/type thisServer responds with this Telnet tenantDomainMxRecordHere HELO your_sending_server_fqdn 250 (followed by human readable message) MAIL FROM: Sender OK RCPT TO: Recipient OK DATA (followed by the enter key)Tells you to send data and how to end. SUBJECT: Test (hit enter twice)Hitting enter twice conforms to the standard. Enter the body message. To end put a single period on a line by itself and press enter. You should see something about message accepted or message queued. QUIT