Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Virtual Academy Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers.

Published byAlexia Wilkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Microsoft Virtual Academy Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers."— Presentation transcript:

1 Microsoft Virtual Academy Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers

2 Course Topics Solving Office 365 Client Deployment Scenarios 01 | System Center Configuration Manager (SCCM) Deployment Best Practices 02 | Multi-language Deployment Considerations for Office 365 ProPlus 03 | Office 365 ProPlus with Azure Rights Management Services for IRM/Encryption 04 | Controlling access to Office 365 ProPlus & Services 05 | Office 365 and Exchange Migration Troubleshooting Common Gotchas 06 | New Office 365 ProPlus Customizations via Group Policy or XML 07 | New Updating and Repair Command-Line Options for Office 365 ProPlus

3 Microsoft Virtual Academy Module 3: Office 365 ProPlus with Azure Rights Management Services for IRM/Encryption Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers

4 Azure Rights Management for Office 365 Office 365 Message Encryption Customizing Office 365 Message Encryption Module Overview

5 Azure Rights Management for Office 365

6 About Microsoft Azure Rights Management Prevent unauthorized access to information, using Microsoft encryption and rights management technology. ARM enables: –Information Rights Management (IRM) Policy-based permissions rules to help protect data across different workloads such as SharePoint, Exchange, and Office documents. –Office 365 Message Encryption Deliver confidential business communications with enhanced security, allowing users to send and receive encrypted email as easily as regular email directly from their desktops.

7 Requirements for Azure RM in Office 365 Setup An active Exchange Online or Exchange Online Protection subscription Administrator must be part of the following role groups under Office 365 Exchange Online –Compliance Management –Organization Management –Records Management Azure Rights Management Administration Tool installed

8 Activating Azure Rights Management on Office 365

9

10 Configure IRM to Use Microsoft Azure RM 1. Configure the RMS online key-sharing in Exchange Online: 2. Import the Trusted Publishing Domain (TPD) from RMS Online 3. Enable IRM for Exchange Online 4. OPTIONAL – Disable IRM templates in OWA and Outlook

11 Rights Management Services Key Sharing URLs LocationRMS key sharing location North Americahttps://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc European Unionhttps://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc Asiahttps://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc South Americahttps://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc Office 365 for Government (Government Community Cloud) https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc * Note: * Only customers who have purchased Office 365 for Government SKUs (Government Community Cloud) should use this RMS key sharing location. http://msdn.microsoft.com/en-us/library/dn569291.aspx

12 CONFIGURING IRM FOR OFFICE 365 WITH POWERSHELL demo

13 Configure IRM to Use Microsoft Azure RM with PowerShell StepsPowerShell Cmdlet Enable-OrganizationCustomization Configure the RMS online key- sharing in Exchange Online Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp- rms.na.aadrm.com/TenantManagement/ServicePartner.svc" Import the Trusted Publishing Domain (TPD) from RMS Online Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online“ Enable IRM for Exchange OnlineSet-IRMConfiguration -InternalLicensingEnabled $true OPTIONAL – Disable IRM templates in OWA and Outlook Set-IRMConfiguration –ClientAccessServerEnabled $false

14 Default Azure Rights Management Templates Read-only viewing for the protected content –Display name: - Confidential View Only –Specific permission: View Content Read or Modify permissions for the protected content –Display name: - Confidential –Specific permissions: View Content, Save File, Edit Content, View Assigned Rights, Allow Macros, Forward, Reply, Reply All Do Not Forward

15 DEFAULT INFORMATION RIGHTS MANAGEMENT TEMPLATES IN OUTLOOK AND OWA demo

16 Default Azure Rights Management Templates

17 Office 365 Message Encryption

18 About Office 365 Message Encryption Office 365 Message Encryption is an online service that’s built on Microsoft Azure Rights Management (Azure RMS) and available through Exchange Online –Admins enable message encryption by defining transport rules that determine the conditions for encryption A rule can require the encryption of all messages addressed to a specific recipient

19 S/MIME Requires a certificate and publishing infrastructure Is often used in business-to- business (B2B) and business-to- consumer (B2C) scenarios Is a requirement for certain government business cases The user controls the keys Outlook searches the local client machine to for digital signing and verification Office 365 Message Encryption Policy-based encryption configured and enforced by an administrator Encrypts mail sent to anyone inside or outside of the organization. Includes the ability to customize the mail with organization’s brand Office 365 Message Encryption vs. S/MIME

20 About Office 365 Message Encryption

21 Send Encrypted Messages Two Ways Automatic –Admin-defined encryption rules that automatically encrypt all messages meeting specific criteria Manual –Admin-defined rules that allow the sender to encrypt messages at will

22 Requirements for Office 365 Message Encryption An active Exchange Online or Exchange Online Protection subscription Azure Rights Management must be activated Defined transport rules to trigger message encryption –Create transport rules to determine the conditions for encrypting messages –Create transport rules to define conditions where encryption should be removed from messages Microsoft Rights Management connector*

23 Microsoft Rights Management connector Enables existing on-premises servers to use their Information Rights Management (IRM) functionality with the cloud-based Microsoft Rights Management services Acts as a communications relay between the on-premises servers and the cloud service Supports Exchange Server, SharePoint Server, and file servers that run Windows Server and use File Classification Infrastructure to classify and apply policies to documents in a folder Small-footprint service runs on Windows Server 2008 R2 or later

24 Microsoft Rights Management connector

25 Create an Encrypted Message Rule in PowerShell Use the ApplyOME attribute New-TransportRule “Encrypt rule for drtoniramos" -SentTo “drtoniRamos@hotmail.com" - ApplyOME $true This parameterSpecifies: New-TransportRule “Encrypt rule for drtoniramos"Name of the new rule -SentTo “USER@hotmail.com"Condition 1 -SentToScope "NotinOrganization"Condition 2 -ApplyOME $trueEncrypt the message

26 Create an Encrypted Message Rule in EAC

27 CREATING MAIL ENCRYPTION RULES IN EXCHANGE ADMIN CENTER demo

28 Receiving an Encrypted Message The message is delivered to the recipient’s inbox It contains an HTML file attachment The recipient is required to sign in* or use a one-time passcode to view the message on the Office 365 Message Encryption Portal *The recipient can choose to sign in with a work account associated with Office 365 or with a Microsoft account.

29 RECEIVING AND OPENING AN ENCRYPTED MESSAGE demo

30 Receiving an Encrypted Message

31

32

33 The passcode expires after 15 minutes. If that happens, or if you can’t open the message for any reason, start over by opening the attachment again and following the steps

34 Customizing Office 365 Message Encryption

35 What can be customized Introductory text of the email that contains the encrypted message Disclaimer text of the email that contains the encrypted message Portal text that will appear in the message viewing portal Logo that will appear in the email message and viewing portal

36 Customizing Office 365 Message Encryption Use the Set-OMEConfiguration cmdlet Feature of the encryption experienceUse these Windows PowerShell commands Default text that accompanies encrypted email messages. The text appears above the instructions for viewing encrypted messages Set-OMEConfiguration -Identity - EmailText " " Disclaimer statement in the email that contains the encrypted message Set-OMEConfiguration -Identity DisclaimerText " " Text that appears at the top of the encrypted mail viewing portal Set-OMEConfiguration -Identity - PortalText " " Logo Set-OMEConfiguration -Identity -Image Note 1.Supported file formats:.png,.jpg,.bmp, or.tiff 2.Optimal size of logo file: less than 40 KB 3.Optimal size of logo image: 170x70 pixels

37 CUSTOMIZING THE OFFICE 365 ENCRYPTED MESSAGE PORTAL AND MESSAGING demo

38 DEMO - Customizing Office 365 Message Encryption Set-OMEConfiguration -Identity "OME Configuration" -EmailText "Encrypted message from ContosoPharma secure messaging system“ Set-OMEConfiguration -Identity "OME Configuration" -DisclaimerText "This message is confidential for the use of the addressee only" Set-OMEConfiguration -Identity "OME Configuration" -PortalText "ContosoPharma secure email portal" Set-OMEConfiguration -Identity "OME configuration" -Image (Get-Content "C:\Temp\contosologo.png" -Encoding byte)

39 DEMO - Customized Office 365 Message Encryption

40 You must accomplish the following three tasks: 1.Make sure that ALL email messages sent to the @NorthWindtraders.com and @Contoso.com domains are encrypted 2.Make sure all encrypted replies are decrypted for users internally 3.Allow users to encrypt messages by typing “ENCRYPT” to the subject line Real World Scenario

41 CREATION OF MAIL FLOW RULES TO TRIGGER MESSAGE ENCRYPTION demo

42 Create the Outbound Message Encryption Rule

43 Create the Remove Encryption on Replies Rule New-transportrule -name "Remove encryption from incoming mail" -SentToScope "InOrganization" -RemoveOME $true

44 Create the “At Will” User Encryption Rule

45 Additional Resources http://msdn.microsoft.com/en-us/library/dn569286.aspxhttp://msdn.microsoft.com/en-us/library/dn569286.aspx http://msdn.microsoft.com/en-us/library/use-a-one-time- passcode-to-view-an-encrypted-message.aspxhttp://msdn.microsoft.com/en-us/library/use-a-one-time- passcode-to-view-an-encrypted-message.aspx http://msdn.microsoft.com/en-us/library/dn569292.aspx http://msdn.microsoft.com/en-us/library/dn569289.aspx http://msdn.microsoft.com/en-us/library/dn569291.aspx http://products.office.com/en-us/exchange/office-365- message-encryptionhttp://products.office.com/en-us/exchange/office-365- message-encryption

46 ©2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Virtual Academy Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers."

Similar presentations

Admin: Simple to provision and configure Policy driven via Transport Rules Customizable branding of encrypted emails and mail reading portal Allows.

Admin: Simple to provision and configure Policy driven via Transport Rules Customizable branding of encrypted s and mail reading portal Allows.
Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Joe Schulman Program Manager, Forefront For Office

Joe Schulman Program Manager, Forefront For Office
Understanding Active Directory

Understanding Active Directory
As Never Seen Before Ronen Gabbay Microsoft Exchange Regional Director U-BTech & Hi-Tech CTO.

As Never Seen Before Ronen Gabbay Microsoft Exchange Regional Director U-BTech & Hi-Tech CTO.
03 | Administering Office 365 Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.

03 | Administering Office 365 Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory
1 Outlook Live Live Messenger SkyDrive Office Live Live Spaces Live Groups.

1 Outlook Live Live Messenger SkyDrive Office Live Live Spaces Live Groups.
Office 365 Message Encryption – Encrypt messages to any SMTP address Personal account statement from a financial institutions Information Rights Management.

Office 365 Message Encryption – Encrypt messages to any SMTP address Personal account statement from a financial institutions Information Rights Management.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
02 | Install and Configure Team Foundation Server Anthony Borton | ALM Consultant, Enhance ALM Steven Borg | Co-founder & Strategist, Northwest Cadence.

02 | Install and Configure Team Foundation Server Anthony Borton | ALM Consultant, Enhance ALM Steven Borg | Co-founder & Strategist, Northwest Cadence.
Module 9 Configuring Messaging Policy and Compliance.

Module 9 Configuring Messaging Policy and Compliance.
Module 9 Configuring Messaging Policy and Compliance.

Module 9 Configuring Messaging Policy and Compliance.
What’s new for the Exchange 2010 Developer? Developing Exchange-enabled Enterprise Applications Creating “Cloud Ready” Exchange-enabled Applications Deploying.

What’s new for the Exchange 2010 Developer? Developing Exchange-enabled Enterprise Applications Creating “Cloud Ready” Exchange-enabled Applications Deploying.
Module 7 Planning and Deploying Messaging Compliance.

Module 7 Planning and Deploying Messaging Compliance.

Similar presentations

Ads by Google