1. Exchange Deployment Planning Services Forefront for Exchange On-Premises

2. Agenda Forefront Protection [for Office] Overview Forefront Online Protection for Exchange Forefront Protection 2010 for Exchange Exchange Hosted Encryption

3. Forefront Protection [for Office] Overview

4. The Need For Cost-Effective Email Protection Cost-effective email protection is a necessity Protection against spam, viruses, and phishing attacks Reducing IT costs  More than 95% of all email is spam; spam hinders worker productivity  Email viruses and malware are constantly evolving  Spear-phishing attacks are becoming increasingly more sophisticated  Loss of customer or employee data results in legal and reputational issues  Spam increases bandwidth costs and administrative overhead  Organizations want business-class protection at an affordable price  Constrained budgets force organizations to do more with existing hardware and software

5. Forefront Products for Exchange Microsoft offers three security products that work seamlessly with Exchange Forefront Online Protection for Exchange (FOPE) Forefront Protection 2010 for Exchange Server (FPE) Exchange Hosted Encryption (EHE) A cloud-based protection service that helps stop email threats before they reach the network with no hardware or software to install or maintain An on-premises solution designed to provide inbound, outbound, and internal protection against spam, viruses, phishing attacks, and to help secure sensitive business communications An add-on service for FOPE that provides convenient, easy-to- use e-mail encryption to help safely deliver sensitive business communications

6. Gartner Magic Quadrant for Secure Email Gateways The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft. -- Gartner, Inc. Magic Quadrant for Secure Email Gateways, Peter Firstbrook, Eric Ouellet, August, 2011.

7. Benefits Secure MessagingManage IT Costs Optimized for Exchange Microsoft Forefront products for Exchange help safeguard your inbound, outbound, and internal business email from spam, viruses, and phishing attacks; secure your sensitive business information; and help you manage costs and complexity.  Multi-layered / multi-engine protection against email threats  Email encryption to secure sensitive business communication  Five financially backed SLAs  Microsoft is a recognized leader in email and email security  FOPE filters 1B messages for 10M users, worldwide, everyday  FOPE helps reduces bandwidth costs by eliminating email threats before they reach your network  24x7 technical support at no additional cost  Intuitive self-service tools for end users  Delivered through cost-effective licensing suites  Monthly subscription-based payment model  Optimize detection without compromising performance  Works with Active Directory to provide RMS capabilities  Single console to simplify multi-product administration  Protect against internal threats by deploying FPE on-premises

8. User Inbox User Junk Email Folder Administrator Quarantine Connection Filtering 1 Content Filtering 3 Sender-Recipient Filtering 2 Blocks up to 80% of all spam based on IP block/allow lists. Blocks up to 5% of all spam based on internal lists and heuristics. Blocks up to 15% of all spam based on internal lists and sender reputation. Multi-Layered Anti-Spam Protection Connection Filtering Sender-Recipient Filtering Content Filtering Filtering based on connection, sender, recipient and content for best results

9. Internet Exchange Server & Exchange Online Multiple, market-leading anti-malware engines FOPE & FPE each run multiple engines simultaneously on any scan job Most up-to-date engine automatically selected for optimal performance A B C Multiple scans by up-to-date engines ensure optimal performance

10. Rapid response to new threats Fail-safe protection through redundancy Diversity of antivirus engines and heuristics Response time 1 (in hours) WildList Number Malware Name Forefront Engines Vendor AVendor BVendor C 1/2011 agent!itw162.ex_4.6839.523599.1091.35 1/2011 autoit!itw155.ex_4.27182.933598.68 1/2011 autoit!itw156.ex_0.4339.522.605.43 1/2011 autoit!itw157.ex_4.683599.10721.185.43 1/2011 autoit!itw158.ex_0.4339.522.605.43 1/2011 autorun!itw708.ex_0.4339.522.605.43 1/2011 autorun!itw794.ex_0.4339.522.605.43 1/2011 autorun!itw799.ex_0.4339.522.605.43 1/2011 autorun!itw946.ex_4.683599.10 5.43 1/2011 autorun!itw947.ex_89.43255.68146.85173.10 1/2011 autorun!itw948.ex_0.4339.522.605.43 1/2011 autorun!itw949.ex_4.6839.522.605.43 1/2011 autorun!itw950.ex_125.43199.853135.52 1/2011 autorun!itw951.ex_4.6839.522.605.43 1/2011 autorun!itw952.ex_4.683599.10 5.43 1/2011 autorun!itw953.ex_4.6839.523599.105.43 1/2011 autorun!itw954.ex_0.4339.522.605.43 1/2011 autorun!itw955.ex_4.6839.523599.10 1/2011 bybz!itw25.ex_810.52927.771010.18796.60 1/2011 conficker!itw1.dl_0.4339.522.605.43 1/2011 cossta!itw2.ex_0.4339.522.605.43 1/2011 cossta!itw3.ex_4.6839.523599.105.43 1/2011 cycbot!itw18.ex_0.1055.68257.43123.77 1/2011 dogrobot!itw17.ex_0.4339.522.605.43 1/2011 gamania!itw33.ex_0.4339.522.605.43 1/2011 hakaglan!itw1.ex_0.4339.522.605.43 1/2011 ircbot!itw633.ex_0.4339.522.605.43 ** 0.00 denotes proactive detection 1 Source: AV-Test.org January 2011 (www.av-test.org) Single-engine solutions Less than 5 hours The Multiple Engine Advantage 5 to 24 hours More than 24 hours

11. Customer Testimonials Clifford ChanceClifford Chance – one of the largest law firms in the world saw a 59% reduction in infrastructure costs; 20–30 mail gateways down to 4 Johnstons of ElginJohnstons of Elgin – stopping over one million messages a day and reducing bandwidth by 1.5 gigabytes (GBs) Edinburgh Napier UniversityEdinburgh Napier University – 93% reduction in administration burden; 85% spam reduction over the previous solution International Speedway CorporationInternational Speedway Corporation – Reduced spam incidents by 25% and avoided costs of more than $120,000 Sunbelt Rentals Sunbelt Rentals – reduced help-desk calls, saved IT management time, improved productivity, and reduced costs over the previous solution

12. Forefront Online Protection for Exchange

13. Edge Blocking End User Quarantine Administrator Console Corporate Network Messaging Administrator Employees Inbound Filtered Email About 90% of Email is junk Outbound Filtered Email Also incorporates technology from… External Senders/ Recipients Exchange Server Anti-spam Antivirus Policy Automatic Spooling * Encryption * Requires additional Exchange Hosted Encryption License Active Directory FOPE Directory Synchronization Tool Multilayer spam and virus protection and policy enforcement Legitimate Email Junk Email

14. FOPE Core Product Capabilities Connection Analysis (IP-based edge blocks) Reputation Analysis Connection Filtering Protect businesses from receiving email–borne viruses and other malicious code with scan engines and heuristic detection Multiple engine support AntiVirus Anti-spam filter can detect all types of spam before they reach the corporate network NDR Backscatter Support Anti-Spam Policy rules to regulate email flow for compliance Policy-based encryption (for EHE subscribers) Enhanced RegEx support Policy

15. FOPE Implementation Scenarios Every Exchange Online (BPOS)/Office 365 customer is a FOPE customer! Office 365 Protect on-premises or hosted email implementations Is server agnostic Standalone Protect on-premises Exchange servers and integrates FPE/FOPE policies (On-prem/Cloud Policies) Hybrid Protection

16. FOPE Service Level Agreement (SLAs) Five financially backed SLAs attest to a high quality of service Rapid Email Delivery (Average delivery commitment of less than 1 minute) Network Uptime > 99.999% 100% Known Virus Protection > 98% Spam Detection < 1:250,000 False Positive Ratio Filtering Network Performance Spam and Virus Filtering Effectiveness

17. Run real-time reports on: Spam filtering Virus detection Email traffic Customize spam settings Org-level safe/blocked senders Configure policy filtering Perform message tracking FOPE Admin Center What can customers do in the Admin Center?

18. FOPE Connectors: Flexibility and control in mail routing Route outbound email through on-premises servers or DLP appliances Force TLS for secure B2B communication Bypass spam filters for trusted partners And much, much more… Outbound smart host DLP appliance Forced TLS Inbound safe listing

19. Source IP Source Domain Reject non Source IP Opportunistic TLS Forced TLS Spam Connection Policy Opportunistic TLS Forced TLS Smart host MX Destination domain FOPE Connector Architecture

20. FOPE From: Joe@contoso.com To: sales@fabrikam.com From: Joe@contoso.com To: sales@fabrikam.com service.contoso.com FOPE routes outbound email to smart host for custom mail process or delivery Virus scanning is performed by FPE for Exchange Online mailboxes INTERNET Value Proposition Use DLP or encryption appliances from third parties Perform custom processing or address rewrite Maintain “total mail control” during coexistence (inbound and outbound mail is all routed through on-prem server Outbound Smart Host scenario contoso.com EXCHANGE ONLINE

21. Business Partner FOPE woodgrovebank.com contoso.com Opportunistic TLS is on by default for Office 365 customers (no action is required to enable it) TLS can be forced for inbound connections, outbound connections, or both FOPE attempts to set up a TLS connection If TLS cannot be established, email is not sent/received Virus scanning is performed by FPE for Exchange Online mailboxes Forced TLS can be configured using the methods shown here Value Proposition Maintain secure and trusted communication channel with partners Avoid email interception/ eavesdropping Forced TLS EXCHANGE ONLINE

22. FOPE From: jane@fabrikam.com To: salesman@contoso.com From: jane@fabrikam.com To: salesman@contoso.com contoso.com fabrikam.com Inbound mail is filtered by FOPE IP filtering is skipped for trusted domains Optionally, also skip spam and policy filtering Virus scanning is performed by FPE for Exchange Online mailboxes Safe-listed Partner Value Proposition Reduce the chance of false positives (legitimate email from trusted partner being flagged as spam) Inbound Safe Listing scenario EXCHANGE ONLINE

23. Controlling Email Flow with FOPE Policies FOPE policies route email and apply actions in transit Scope Action Match

24. Policy Enforcement Scope Apply the policy to one or all domains Apply to Inbound or Outbound messages Match Words and phrases in the subject and body Message sizeAttachment typesNumber of recipients Sender and recipient addresses and domains IP address or domain name Take Action Reject messageAllow message Quarantine message for review Redirect message to an alternate recipient Deliver message with BCCForce TLS Encrypt message (requires EHE) … Indicate when a rule is to expire, if at all Create text or HTML e-mail disclaimers or footers Add a description Notify sender, recipient, or administrator

25. FOPE Directory Synchronization Tool Communicates with your Active Directory and Exchange Server to build an address list for FOPE Collects and shares safe senders, as defined by end users Reduce the risk of false positives Free download: http://go.microsoft.com/fwlink/?LinkId=153911 http://go.microsoft.com/fwlink/?LinkId=153911

26. My Reports tab Access reporting data from your FOPE service Enable scheduled report delivery: emails the report on a one time, weekly, or monthly basis 4 Available Reports Email Traffic Report Top Viruses Report Deferral Report Top Users Report

27. Message Trace subtab Search for specific messages by: Sender Recipient Date Message ID Results will tell you: If and when the message was received by FOPE Whether the message was scanned, blocked, or deleted Whether the message was delivered successfully Whether the message hit a policy rule

28. Audit Trail subtab Track important events that have occurred in the FOPE service Sort events by Email address of logged on user Company Domain Activity Date and time Filter results and search for events to narrow your search

29. Traditional FOPE quarantine can be used instead of the integrated Outlook experience Admins will have SSO access to Quarantine, but users do not Junk Mail Management (cont.) Flexibility to use FOPE Spam Quarantine

30. Professional Support

31. Forefront Protection 2010 for Exchange Server

32. FPE: Industry-Leading Performance West Coast Labs: −Spam Catch Rate above 99% −Premium Anti-spam certification Virus Bulletin: Continuous Live Spam Catch Rate above 99%: −99.77% (September 2009) −99.46% (November 2009) −99.32% (January 2010) −99.86% (March 2010) −99.93% (May 2010) −99.96% (July 2010)

33. Forefront Protection 2010 for Exchange Server Protection Availability: Exchange 2010 Exchange 2007 SP1 Enterprise Network External Mail Unified Messaging Voice mail & voice access Hub Transport Routing & Policy Web browser Outlook (remote user) Mobile phone Outlook (local user) Line of business applications Mailbox Storage of mailbox items Phone system (PBX or VOIP ) Edge Transport Client Access Client connectivity Web services

34. Scanning Capabilities Transport scan −Scans email messages that are inbound or outbound from an Exchange Transport stack and all internal mail Realtime scan −Scans email messages and attachments that are accessed in mailboxes and public folders on your Exchange server Scheduled scan −Similar to Realtime scanning, scanning occurs in the Exchange information store. Scheduled scans are typically used to scan the entire information store On-demand scan −Typically used to immediately scan specific mailboxes to localize a known issue

35. Scanning & Architecture Strategy For maximum protection, deploy FPE on all Exchange Server roles To optimize server performance, implement a scanning strategy using one or more of the following tips: −Antimalware stamp ensures a message is scanned only once −Enable anti-spam scanning on the Edge Transport servers and disable on Hub Transport and Mailbox servers −Use different scan engines on different servers −Deploy both Edge Transport and Hub Transport servers −FPE will scan and stamp inbound mail on the Edge server −FPE will scan and stamp outbound mail on the Hub Transport server −Internal mail is scanned and stamped on the Hub Transport server

36. FPE Anti-spam Functional Highlights

37. Keyword Filtering Searches the message body for matches to keywords in selected lists Can be imported from an existing file Can filter phrases Supports operators: AND, OR, NOT Actions: SkipDetect, Delete, Suspend

38. File Filtering Filter by name, type, or size −*.exe, *.doc, *>10mb Filters can be combinations of size, name, and type − 10mb, *.mp3>5mb, *>10mb Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM, and BAT Actions: SkipDetect, Suspend (Realtime), Delete (Scheduled/OnDemand)

39. Filter Rules: Delete *.exe Quarantine Container behavior (zip, rar, etc.) Forefront scans within ZIP and other compressed formats and deletes only the offending file Container file before scan EXEDOC JPGBMP Container file after scan TXTDOC JPGBMP Custom deletion text Quarantine EXE

40. Exchange Hosted Encryption

41. Send encrypted email to any recipient without prior setup Encryption is performed via policy rules and enforced in the FOPE cloud Identity-Based Encryption (IBE) uses email address as ID for public key −EHE saves public keys so users should use strong passwords as their credentials No cost for recipient non-licensed user All replies and forwards remain encrypted for any mail recipient Encrypted emails are not saved by EHE GLOBAL DATA CENTER NETWORK TLS ENCRYPTED EMAIL SECURE REPLY VIA ZDM Exchange Hosted Services Encryption

42. Zero Download Manager Recipients use a secure, web-based decryption provided by the Zero Download Manager (ZDM) ZDM is an HTML attachment that contains encrypted messages in encoded form When a user clicks to access the message, the encrypted message is sent back to EHE via POST method No software installed on sender/recipient machines

43. FOPE Encryption Prerequisites Requires FOPE EHE is purchased separately from FOPE Administrator of domain is expected to set policy rules for encryption Policy rules can trigger based on Specific Header values Keywords in Subject Keywords in body Sender address Recipient address Attachment type Email encryption can be triggered by information workers Specify keyword in subject line

44. What is Identity Based Encryption (IBE)? IBE is a form of Asymmetric Encryption All Entities have a Public and Private Key Pair In IBE A Key Server has a master public and private key pair Anyone can derive a user’s Public key from the email address (eliminates need for prior key establishment) and encrypt messages A Key Server decrypts messages with the user’s private key

45. How IBE Works – Simplified Instance Get the Public Key Encrypt message using Public Key Send message back to EHE for Decryption bob@contosocorp. com alice@fabrikam.co m EHE Server 1. Requests Alice’s public key 3. Send Alice the encrypted mail 2. Alice’s public key is returned 4. Send the message for decryption

46. Mail Flow within FOPE EHE Key Servers EHE Secure Gateway Outbound Exchange Message SwitchWindows Mail Host Email from Customer Standard AV/ Spam filtering 1. Email from Customer

47. EHE Key Servers EHE Secure Gateway Outbound Exchange Message SwitchWindows Mail Host Create encrypted email Should email be encrypted? 2. Evaluate policy 3. Create encrypted mail 1. Email from Customer Mail Flow within FOPE (cont.)

48. EHE Key Servers EHE Secure Gateway Outbound Exchange Message SwitchWindows Mail Host Route Encrypted email out 2. Evaluate policy 3. Create encrypted mail 1. Email from Customer Mail Flow within FOPE (cont.)