Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER
Notes to Presenter: This slide deck was designed to consolidate the relevant content into a single location Use the Sections to find and present the content relevant to the engagement A Table of Contents was designed to make customization and navigation easier for the presenter The Table of Contents slide links will only work in presentation mode The “Slides” column in the Table of Contents will take you directly to the slides chosen The presenter can use this feature to customize the presentation, hide slides, etc. The “Presentation” column in the Table of Contents will take you to a custom slideshow that will only present that section of slides This will help the presenter perform segmented presentations and reduce the need to cut slides out for specific parts of the engagement or switch between multiple presentations. Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Table of Contents Slide # Slides Presentation 3-13
Exchange Planning Kickoff 14-24 Exchange Planning Summary 25-39 Exchange Online Protection 40-53 EOP Requirements vs. Feature Mapping 54-66 EOP Kickoff Presentation 67-79 EOP Assessment of the Environment 80-167 EOP Technical Review EOP Deployment Planning Exchange DLP Kickoff Presentation DLP Understanding the Environment DLP Requirements Gathering DLP Technical Review DLP Req. vs. Feature Mapping DLP Reg. vs. Feature Mapping DLP Deployment Scenarios

Exchange Deployment Planning

Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER
Software Assurance Planning Services Partner MUST customize prior to delivery Speaker: Add info here Title of presentation: Technical Kickoff Presentation Length of presentation: Audience: Customer IT Pro Sales Cycle Alignment: Engagement Desired Outcomes: Kickoff Planning Services engagement Introductions Review agenda Modular Outline: Add more info here Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER 4

Notes to Presenter: Slide to inform PS partner presenter on how to use and/or customize this deck. This deck contains slide notes on how to the slide. Remove the slide notes if you plan on leaving this presentation with the customer. Modify the deck as necessary for your presentation Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Exchange Deployment Planning Engagement Kick Off
Software Assurance Planning Services Exchange Deployment Planning Engagement Kick Off

Agenda Introductions Project Team Engagement Overview / Agenda Q&A

Team {Partner} {Partner} Sponsor Engagement Manager Consultant
4/13/2018 Team {Partner} Name Role {Partner} Account Team <Insert name here> Account Executive Microsoft Exchange Technical Specialist Services Executive {Partner} Services Team Engagement Manager Architect Consultant Technical Account Manager {Partner} Sponsor Engagement Manager Consultant Customer Sponsor Customer IT Pros Business Stakeholders Management Customer Project Lead Customer Project Manager Fill in this information… Add/remove roles as needed © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Team {Customer} {Partner} Sponsor Engagement Manager Consultant
4/13/2018 Team {Customer} Name Role / Focus area {CUSTOMER} Core Team <Insert name here> Executive Sponsor Project Manager {CUSTOMER} Technical subject matter experts (SMEs) Engagement Manager Architect Consultant Technical Account Manager Name Role / Focus area Product specific roles <Insert name here> Role 1 Role 2 Role 3 Role 4 {Partner} Sponsor Engagement Manager Consultant Customer Sponsor Customer IT Pros Business Stakeholders Management Customer Project Lead Customer Project Manager Fill in as appropriate – or if you don’t have this information, use this as a guide during the kickoff to lead the customer through giving you this information. Add/remove roles as needed © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Participation expectations
4/13/2018 Participation expectations What we expect What you get Keep to the schedule Be present Interact Ask when things don’t add up Recommended practices A plan to get started Get your questions answered Remind the participants that we need full participation – we want to understand existing challenges Don’t just be here physically – remain engaged – this is the kick off for a journey Keep questions coming to get the best experience from the engagement. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Deployment Planning Services Agenda
4/13/2018 Deployment Planning Services Agenda Day 1 Agenda Time Topic Description 9:00 AM Intro/Kick-off A review of the workshop and our goals. 9:30 AM Module – Describe Module 10:45 Break 11:00 AM 12:00 PM Lunch 1:00 PM 1:30 PM Lab/Demo – Describe Lab 2:30 2:45 3:15 PM 4:00 Review/Next Steps This is a sample agenda – revise as appropriate Add a slide for each day showing the appropriate agenda Once you have edited the agenda in the “Agenda – Exchange.docx” Word document, you can easily cut and paste the tables into this presentation. When pasting, the font size may decrease. Simply select the table and increase the font size as needed. Give an overview of the engagement and then discuss the agenda details as appropriate. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/13/2018 Thank you © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Software Assurance Planning Services Partner MUST customize prior to delivery Speaker: Add info here Title of presentation: Planning Services Engagement Summary and Plan of Action Length of presentation: Audience: Customer TDM and IT Pros Sales Cycle Alignment: Engagement wrap-up Desired Outcomes: Outline the outcomes of the engagement Plan next actions for client Deliver Proposals for ongoing consulting Modular Outline: Add more info here Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER 14

Notes to Presenter: Slide to inform PS partner presenter on how to use and/or customize this deck. This deck contains slide notes on how to use the slides. Remove the slide notes if you plan on leaving this presentation with the customer. Modify the deck as necessary for your presentation Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Exchange Deployment Planning Engagement Summary
4/13/2018 Software Assurance Planning Services Exchange Deployment Planning Engagement Summary Presenter Name, Title Date © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda Findings Recommendations Next Steps 4/13/2018
Introduce the agenda. We are going to discuss our findings, recommendations, and next steps… © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Pilot / Production Deployment
4/13/2018 Where we are today What did we do? What did we find? What’s next? Discover Plan Test Deploy Start off with “What did we do” Talk through a summary of all of the activities you did in the engagement We looked at the current state and We had sessions on the following topics… We walked through the following labs…  Assessment Findings Architecture Design Validate Design Pilot / Production Deployment © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What did we find? Findings Problem and Solution Statement Recap
4/13/2018 What did we find? Findings Problem and Solution Statement Recap Notable Current State Items Found Requirements Assumptions Constraints Issues / Risks List a summary of the project findings. Use the following list as a guide: Problem and Solution Statement Recap Notable Current State Items Found Requirements Assumptions Constraints Issues / Risks © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What do we recommend? Recommendation 1 Recommendation 2
4/13/2018 What do we recommend? Recommendation 1 Recommendation 2 Recommendation 3… What did we recommend as part of the solution concept… Recommendation guidelines could be Strategic in nature Key takeaways for the audience Provide inputs for the next phase of the engagement, if any Provide inputs based on which decisions for further/new engagements can be made Additionally, Project Approach can also be described. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Solution Concept Diagram
4/13/2018 Solution Concept Diagram Partner – insert Solution Concept diagram here Be prepared to discuss the architecture © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Next Steps Next step 1 Next step 2 Next step 3… 4/13/2018
List the next steps. Be as specific as possible on the next steps. These are items that could be used in the scope section for a follow-on proposal. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Migration: Connect to our Offerings
4/13/2018 Migration: Connect to our Offerings Full Exchange 2013 Architecture Engagement Proof of Concept Production Pilot Production Deployment Use other programs to take to full advantage of the opportunity – modify slide to fit your offerings… © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Exchange Data loss Prevention & Exchange Online Protection

Exchange Online Protection Deployment Planning and Pilot
Partner MUST customize prior to delivery Speaker: Engagement Consultant Title of presentation: Exchange Online Protection Deployment Planning and Pilot Requirements Gathering Length of presentation: 60 minutes Audience: {Customer BDM/TDM/IT Pro} Sales Cycle Alignment: Post-sales Deployment Desired Outcomes: All customer requirements are gathered. Modular Outline: Customer requirements are gathered and documented. Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER

Notes to Presenter Use this slide deck to discuss the customer requirements. Document the requirements. Contents of this slide deck will go as an input to the slide deck 05 Requirements Vs Feature Mapping. If required, add additional categories to gather all the requirements.

Requirements Gathering
Exchange Online Protection Deployment Planning and Pilot Requirements Gathering Speaker Name Title Organization

Agenda Introduction and context. Requirements Discussion.
Documenting the Requirements. Next Steps.

Introduction and Context
Business and technical requirements will be gathered in this session. Later in the workshop, these requirements will be mapped against EOP features and settings. Final recommendations document will contain a summary of all the requirements gathered during this session. Purpose of this session is to discuss the detailed business and technical requirements. They will be captured in this slide deck. Later in the workshop, after learning the capabilities of EOP, these requirements will be mapped against EOP features and settings. Contents of this deck would be a key input to the final recommendations document. Please use the remaining slides of this deck to gather requirements. Additional slides and categories of requirements can be created based on customer scenario.

Business Requirements
# Requirement BR01 BR02 BR03 BR04 Duplicate this slide if content does not fit into one slide.

Mail Routing Requirements
# Requirement MRR01 MRR02 MRR03 MRR04 Duplicate this slide if content does not fit into one slide.

Policy/Compliance Requirements
# Requirement PCR01 PCR02 PCR03 PCR04 Duplicate this slide if content does not fit into one slide.

Anti-Spam Requirements
# Requirement ASR01 ASR02 ASR03 ASR04 Duplicate this slide if content does not fit into one slide.

Anti-Malware Requirements
# Requirement AMR01 AMR02 AMR03 AMR04 Duplicate this slide if content does not fit into one slide.

Reporting Requirements
# Requirement RR01 RR02 RR03 RR04 Duplicate this slide if content does not fit into one slide.

Administration Requirements
# Requirement AR01 AR02 AR03 AR04 Duplicate this slide if content does not fit into one slide.

Next Steps…

4/13/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

EOP Deployment Planning and Pilot
Partner MUST customize prior to delivery Speaker: Delivery Consultant Title of presentation: Exchange Online Protection Requirements Mapping Length of presentation: 75 minutes Audience: Customer TDM/IT Pro Sales Cycle Alignment: Post-sales Deployment Desired Outcomes: Requirements are mapped against EOP features and settings. Modular Outline: Recap of requirements discussion, technical features and deployment options. Map the requirements with EOP capabilities. Document the discussions Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER

Notes to Presenter Copy the requirements gathered in 02 Requirements Gathering.pptx to this deck prior to the presentation. Utilize the time during this session to map customer requirements with EOP features/settings. Document the discussions and use them as input to the Findings and Recommendations document.

Requirements Mapping Speaker Name Title Organization
EOP Deployment Planning and Pilot Requirements Mapping Speaker Name Title Organization

Agenda Introduction and context.
Requirements Vs. Feature/Settings Mapping. Next Steps.

Business and technical requirements discussed earlier will be reviewed in this session. All the requirements will be mapped against EOP features and settings. Summary of this discussion will be included in the final recommendation document Contents of this deck would be a key input to the final recommendations document.

# Requirement Yes/No/Partial EOP Feature/Setting BR01 BR02 BR03 BR04 Duplicate this slide if content does not fit into one slide.

Mail Routing Requirements
# Requirement Yes/No/Partial EOP Feature/Setting MRR01 MRR02 MRR03 MRR04 Duplicate this slide if content does not fit into one slide.

Policy/Compliance Requirements
# Requirement Yes/No/Partial EOP Feature/Setting PCR01 PCR02 PCR03 PCR04 Duplicate this slide if content does not fit into one slide.

Anti-Spam Requirements
# Requirement Yes/No/Partial EOP Feature/Setting ASR01 ASR02 ASR03 ASR04 Duplicate this slide if content does not fit into one slide.

Anti-Malware Requirements
# Requirement Yes/No/Partial EOP Feature/Setting AMR01 AMR02 AMR03 AMR04 Duplicate this slide if content does not fit into one slide.

Reporting Requirements
# Requirement Yes/No/Partial EOP Feature/Setting RR01 RR02 RR03 RR04 Duplicate this slide if content does not fit into one slide.

Administration Requirements
# Requirement Yes/No/Partial EOP Feature/Setting AR01 AR02 AR03 AR04 Duplicate this slide if content does not fit into one slide.

Next Steps…

Software Assurance Planning Services Partner MUST customize prior to delivery Speaker: Add info here Title of presentation: EOP Deployment Planning and Pilot Kickoff Presentation Length of presentation: 15 minutes Audience: IT Professionals, IT Managers, CIO, CTO Sales Cycle Alignment: Engagement Desired Outcomes: Kickoff Planning Services engagement Team introduction Set Agenda for the engagement Modular Outline: Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER 54

Notes to Presenter: Use of this template is recommended, but not a mandatory requirement for the planning services engagement Use the time during this presentation to set the context, know the team members participating in the engagement and set expectations about the output. Please add/remove information as appropriate. Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Exchange Online Protection Engagement Kick Off
Software Assurance Planning Services

Team {Partner} 4/13/2018 {Partner} Sponsor Engagement Manager
Name Role {Partner} Account Team <Insert name here> Account Executive Microsoft Technical Specialist/Architect Services Executive {Partner} Services Team Engagement Manager EOP Technical Consultant {Partner} Sponsor Engagement Manager Consultant © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Team {Customer} Name Role / Focus area {CUSTOMER} CoreTeam
<Insert name here> Executive Sponsor Project Manager {CUSTOMER} Technical subject matter experts (SMEs) IT Manager IT Pro

What we expect What you get Keep to the schedule Be present Interact Ask when things don’t add up Recommended practices End to end view Limited production pilot Get your questions answered

Deployment Planning and Limited Pilot
3-Day Agenda

Day 1 Agenda Time Topic Description 9:00 AM Intro/Kick-off A review of the workshop and our goals. 9:15 AM Understanding the environment Understand the solution environment and review the responses to the pre-engagement questionnaire. 10:00 AM Requirements gathering 11:00 AM Break 11:15 AM EOP technical overview Understand the core technical features of EOP 12:30 PM Lunch 1:15 PM EOP Technical overview (continued..) 3:00 3:15 PM Deployment planning. Discuss the various deployment options and identify the one most suitable for the customer. 4:45 PM Solution alignment discussion Ensure that customer requirements are correctly mapped to various EOP features.

Day 2 Agenda Time Topic Description 9:00 AM Preparing findings and recommendations Deliverable to the customer 12:00 Noon Debrief Discuss the findings and recommendations with the customer 12:30 PM Lunch 1:15 PM Limited production pilot Deploy EOP in production environment for a limited set of users. 5:30 PM Pilot status check Review by customer and partner resources to check the status of the limited production pilot.

EOP Planning Services Partner MUST customize prior to delivery Speaker: Engagement consultant Title of presentation: Assessment of the Environment Length of presentation: 45 minutes Audience: Customer BDM/TDM/IT Pro Sales Cycle Alignment: Post-sales Deployment Desired Outcomes: Partner to have a firm understanding of the current secure gateway solution and the challenges faced by the customer. Modular Outline: Discussion on the current status of the messaging environment, secure gateway solution and challenges. Document the findings. Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER

Notes to Presenter This slide deck should be used as an aid to understand the solution environment and customer challenges. The presenter should take notes from the discussion. These notes should help the presenter in preparing the final recommendation deck. A whiteboard may be used as appropriate for the discussion. Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Assessment of the Environment
Exchange Online Protection Planning Services Assessment of the Environment Speaker Name Title Organization

Agenda Introductions and context. Messaging Environment.
Current Secure Gateway Solution. Current Challenges.

This is an interactive session to understand the solution environment. During this session environmental factors affecting EOP deployment will be discussed. Customer can provide the required details either during the discussions or at the end of the session.

Messaging Environment
Platform Exchange 2XXX Lotus Domino XXX Exchange Hybrid Office 365 Architecture Mail flow Network locations Firewall rules DirSync with Azure AD Platform Objective of this section is to understand customer’s messaging environment. Details such as messaging products used, current state (stable or under migration etc.), overall architecture, number of recipients etc. should be captured. What is the messaging solution? Answer could be Lotus, Exchange, Exchange Hybrid etc. or a mix of them. Document the number of platforms and servers used and their version information. Architecture Request the customer to share the message flow diagram. This can be a white board discussion on network devices, locations, IP addresses, firewalls, messaging servers and existing anti-spam solution. You should also explore if customer has already configured directory synchronization between on-premises and AD and Azure AD or not.

Domains Number of authoritative domains List of authoritative domains Usage Bulk mailing within the organization Recent incidents of spam Recent incidents of virus outbreak Domains Document the following as they are required for configuring EOP. How many authoritative domains does the customer have? What are the names of authoritative domains? Usage Does the customer send bulk mails using their messaging infrastructure? If so, what’s the count and frequency? How many such user accounts? Document the responses. In EOP, all bulk mails are disabled by default. Was there any recent incidents of spam outbreak in customer’s messaging environment? This can be due to a malware infection in a server or desktop inside your organization. If the answer is yes, customer’s SMTP gateways may be blacklisted by different blacklist providers. Customer would either need to initiate the removal of their IP addresses from blacklists or decide to use new IP addresses when moving to EOP.

Current Secure Email Gateway Solution
Platform Product/service used Online components On-premises components Use of DKIM Configuration Scanning of outbound and inbound flow Anti-virus rules Anti-spam rules Allow/block IP list Safe user list Handling of quarantined messages Current Platform EOP is an anti-spam, anti-malware and compliance policy management tool. Customer may be currently using different products to achieve the same results. Understand what is their current secure gateway solution? If the customer is on FOPE, they need to work with the migration team. Is the current gateway solution on-premises or in the cloud? EOP which is a cloud based solution does not provide as many configuration options as a typical on- premises solution. Is DKIM used? If a sender wants to sign their messages using Domain Keys Identified Mail (DKIM) and they want to send outbound mail through the service, they should sign using the relaxed header canonicalization algorithm. Signing with strict header canonicalization may invalidate the signature when it passes through the service Configuration Do you want EOP to be configured for both inbound and outbound mail flows? Discuss and document the various anti-spam and anti-virus rules currently in use. If the list is elaborate, customer can share that info post this session. Is there any allow/block list of IPs? If so, please share them Do you have a safe list of users? Discussion on how the quarantined mail items are managed. By default EOP sends all of them to users’ Junk Mail folder which can be changed Discussion on current reporting mechanism and it’s capabilities Discussion on how notifications are handled? To whom(users or administrators) they are sent and how frequently are they sent Is there any encryption solution used in conjunction with the message hygiene? If so, is this part of the message hygiene or routing via third party Do you force TLS encryption with any specific domains? Do you force TLS encryption for any users? Is address rewrite used as part of hygiene solution Do you have content filtering as part of the solution? Discussion on failover of inbound and outbound connection points? Capture IP addresses and DNS round robin settings

Current Secure Email Gateway Solution
Management Administration tools Reporting Notifications to administrators and end users Managing quarantined messages Add-Ons encryption TLS domains TLS users Address rewrite Content filtering What’s your current hygiene solution? If you are a FOPE customer please work with the migration team Is the current hygiene solution on-premises or in the cloud? EOP which is a cloud based solution does not provide as many configuration options as a typical on- premises solution. Is DKIM used? Do you want EOP to be configured for both inbound and outbound mail flows? Discussion on anti-spam and anti-virus rules Is there any allow/block list of IPs? If so, please share them Do you have a safe list of users? Discussion on how the quarantined mail items are managed. By default EOP sends all of them to users’ Junk Mail folder which can be changed Discussion on current reporting mechanism and it’s capabilities Discussion on how notifications are handled? To whom(users or administrators) they are sent and how frequently are they sent Is there any encryption solution used in conjunction with the message hygiene? If so, is this part of the message hygiene or routing via third party Do you force TLS encryption with any specific domains? Do you force TLS encryption for any users? Is address rewrite used as part of hygiene solution Do you have content filtering as part of the solution? Discussion on failover of inbound and outbound connection points? Capture IP addresses and DNS round robin settings

Current Challenges Open Discussion
Time for open discussion. Utilize this time to capture the challenges faced by the customer with respect to their current solution. Also, try to gain high level understanding of what the customer is expecting from the EOP solution. Close this session by explaining the next steps in the workshop

Software Assurance Planning Services Partner MUST customize prior to delivery Speaker: Engagement Consultant Title of presentation: EOP Technical Overview Length of presentation: 180 minutes Audience: IT Professionals, IT Managers Sales Cycle Alignment: Engagement Desired Outcomes: Audience understands the capabilities of EOP. Modular Outline: Explanation of technical capabilities and how they are useful in business. Live demonstrations. Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER 80

Notes to Presenter: Use of this template is recommended, but not a mandatory requirement for the planning services engagement. Have your demo environment ready before starting this presentation. Use the time during this presentation to explain the technical features of EOP and how they are useful in solving real world challenges. Include as many live demonstrations as possible. Please add/remove information as appropriate. Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Exchange Online Protection – Technical Overview
Speaker Name Title Organization EOP – Exchange Online Protection DLP – Data Loss Prevention OME – Office 365 Message Encryption Objective of this presentation is to introduce technical features of EOP. Technical features of DLP and OME would also be covered in brief. Audience: The intended audience for this presentation are IT Professionals, IT Managers and system administrators. Live demonstrations are key to the successful delivery of this presentation. Ensure that a demo environment is ready prior to the session.

Agenda Introduction Getting Started - Basic Management Tasks
Policy and Compliance Features Anti-spam and Anti-malware Protection Reporting and Message Tracing Best Practices for Configuring EOP Exchange Data Loss Prevention Office 365 Message Encryption and S/MIME Objective of this section is to introduce the service to the audience. Assume that the audience have never heard about EOP before attending this session. EOP TechNet help available here EOP service description description.aspx DLP TechNet help

Introduction Exchange Online Protection
4/13/2018 Introduction Exchange Online Protection is a cloud based filtering service. provides protection against spam and malware. includes features to safeguard messaging policy violations. Standalone Scenario: EOP can provide protection for any on-premises SMTP solution. Exchange Online Scenario: By default Exchange Online (Office 365) mailboxes are protected by EOP. Hybrid Deployment Scenario: EOP can be configured to protect your messaging environment and control mail routing. Highlight the fact that EOP is a cloud based solution. Audience may ask about on-premises or within the country editions of EOP, there are no such editions available. EOP has both anti-spam and anti-malware capabilities. Creation of compliance rules and reporting are possible EOP is capable of protecting both on-premises and cloud based solutions. Focus of this workshop is standalone and hybrid deployment scenarios as the Exchange Online scenario does not require any additional configurations. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Introduction Comprehensive protection Enterprise class reliability
Multi-engine anti-malware protection Continuously evolving anti-spam protection Enterprise class reliability Geographically load-balanced datacenters Queuing capabilities to help ensure no mail is lost Live Phone Support EOP offers comprehensive protection against malware and spam s as part of a single solution. The anti-malware solution consists of scan engines from different Microsoft partners. Audience may ask about the number of scan engines and the names of the scan engine providers. The number of engines and the partner names are subject to change. There is no way to choose one engine over another. Protection against spam is achieved through proprietary anti-spam technology. Microsoft has partnerships with blacklist providers. Also, there are many manual settings possible for anti-spam protection details of which will be covered later. Sender Reputation protection by send through a “high risk” pool to ensure protection of Organizations reputation In EOP everyone gets “regional routing” as just a perk of the service. Their information is sourced within a specific region based on where their company is located. Each customer has a specific list of host records to use for their MX which all route directly to their regional data centers. If they use the provided host records for their MX then all mail TO them will be directed to these data centers for delivery. All mail FROM them will be sourced from these data centers (for ExO). If they set their on-prem smarthost to use the same host record which is provided by the service, then all mail FROM them will relay out from these data centers. Outbound mail from anyone else (not just other EOP customers) destined for them is subject to the physical location of the sending servers which originate the . Messages are queued or deferred if the service is unable to make a connection to the recipient server for delivery. Messages will be held when a connection to the recipient server cannot be made and the recipient’s server is returning a “temporary failure” such as a connection time-out, connection refused, or a 400-series error. If there is a permanent failure, such as a 500-series error, then the message will be returned to the sender. Messages in deferral will remain in our queues for 2 days. Message retry attempts are based on the error we get back from the recipient’s mail system. On average, messages are retried every 5 minutes. Live phone support 24 hours a day, 7 days a week, 365 days a year at no additional cost The Exchange admin center (EAC) is the web-based management console for Microsoft Exchange Online Protection (EOP). The EAC replaces the Microsoft Forefront Online Protection for Exchange (FOPE) Administration Center. Exchange Online Protection is the next release of FOPE (Forefront Online Protection for Exchange). EOP now integrated with Office 365 for management and onboarding, so provisioning EOP is much easier now, and moving from EOP to Office 365 is much more streamlined than the FOPE to Office 365 process. Major Improvements over FOPE: Integrated console Common policy rules ( built on the same stack as Transport Rules ) SPAM improvements Microsoft Exchange Online Protection offers many different reports that can help you determine the overall status and health of your organization. There are also tools to help you troubleshoot specific events (such as a message not arriving to its intended recipients), and auditing reports to aid with compliance requirements Reference Streamlined administration console Office 365 integration Detailed reporting

Geocentric Affinity EOP runs on a worldwide network of data centers that are designed to provide the best availability. EOP performs load balancing between data centers but only within a region. In the Americas all messages are routed through U.S. data centers. In EMEA all messages are routed through EMEA data centers. In Asia-Pacific all messages are routed through APAC data centers (CY Q3 2014) For the GCC all messages are routed through U.S. data centers. EOP runs on a worldwide network of data centers that are designed to provide the best availability. For example, if a data center becomes unavailable, messages are automatically routed to another data center without any interruption in service. Servers in each data center accept messages on your behalf, providing a layer of separation between your organization and the Internet, thereby reducing load on your servers. Through this highly available network, Microsoft can ensure that reaches your organization in a timely manner. EOP performs load balancing between data centers but only within a region. If you’re provisioned in one region all your messages will be processed using the mail routing for that region. The following list shows the how regional mail routing works for the EOP data centers: In the America’s, all Exchange Online mailboxes are located in U.S. data centers, with the exception of Brazil where data centers in Brazil are used. All messages, including messages for customers in Brazil, are routed through U.S. data centers for EOP filtering. In Europe, the Middle East, and Africa (EMEA), all Exchange Online mailboxes are located in EMEA data centers, and all messages are routed through EMEA data centers for EOP filtering. In Asia-Pacific (APAC), all Exchange Online mailboxes are located APAC data centers, but messages are currently routed through EMEA data centers for EOP filtering. This is targeted to be changing in the third quarter of 2014, when messages will be routed through APAC data centers for EOP filtering. For the Government Community Cloud (GCC), all Exchange Online mailboxes are located in U.S. data centers and all messages are routed through U.S. data centers for EOP filtering.

Policy and Compliance Features Anti-spam and Anti-malware Protection Reporting and Message Tracing Best Practices for Configuring EOP Exchange Data Loss Prevention Office 365 Message Encryption and S/MIME

Sign up for the EOP Service
Try before you buy EOP Subscription Plans Standalone Built into Exchange Online Exchange Enterprise CAL with Services Objective: Explain the sign up process and licensing options using this slide. EOP service can be tried for 30 days before you need to purchase it. There are three different subscription plans for EOP 1) Standalone. Suitable for protecting any SMTP based messaging solution 2) Part of Exchange Online. EOP is a standard feature available when customers subscribe to Exchange Online mailboxes 3) Exchange Enterprise CAL with services. This plan is for customers planning to purchase Exchange Server licenses and EOP service subscription together. An overview of Exchange Server 2013 license options can be found here FX aspx If time permits, live demo of sign up process can be performed. Here is the link for signing up for a trial account anti-spam-protection- -security- -spam-FX aspx

Deployment Process - Overview
Verify prerequisites Validate domains Configure mail flow Customize spam and policy settings Enable mail flow Monitor and fine tune Objective: Understand the high level approach for integrating EOP with on-premises messaging environment. Though EOP is a cloud based service, some amount of planning and preparation is required for it’s integration with customer’s messaging environment. Here is the high level process steps that you need to follow Verify prerequisites such as credentials, domain names, IP addresses, firewall port etc. Validate the domain: EOP needs a confirmation that you own all the domains added to it for protection Configure mail flow between EOP and on-premises messaging servers and smart hosts Enable mail flow involves pointing MX entry to EOP and smart host in the on-premises mail server Monitor and fine tune to ensure that EOP service meets your specific needs. Steps needed include monitoring false positive, adjusting spam control settings etc. Discussion on spam and policy setting should be very brief as we will have a separate section with detailed information.

4/13/2018 Prerequisites Username and password of Office 365 Global Admin and Exchange Organization Administrator. Domain names to be protected by EOP. Inbound and outbound public IP addresses. Open firewall port 25 to Exchange Online Protection IP Addresses. Modern web browser. Objective: To understand the major pre-requisites for deploying EOP EOP and Office 365 are well integrated and they share common identity infrastructure. Integration of EOP and on-premises mail server requires administrator access on both sides. Customer may own multiple SMTP domains. Make sure that all those names are handy before starting the deployment process. Make sure that the audience is aware of the process to update DNS records related to those domain names. IP addresses for exchanging s with the on-premises infrastructure. These IPs belong to either on-premises mail servers or smart hosts. EOP exchanges s with the on-premises infrastructure using SMTP protocol. TCP port 25 should be open on all firewalls placed between EOP and on-premises SMTP hosts (mail servers or smart hosts). EOP can be managed from nearly all modern web browsers. Latest version of IE is recommended. Exchange Online Protection IP Addresses us/library/dn163583(v=exchg.150).aspx © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Domain Validation domains to be protected should be added in the Office 365 admin center. A TXT record is provided for entry into DNS to perform verification. Purpose of this step is to validate the ownership of the domains added to Office 365 admin center. Microsoft Exchange Online Protection (EOP) displays a list of domains protected by the service that you have provisioned in the Microsoft Office 365 admin center. You can view these domains on a read-only basis from the Exchange admin center (EAC), or you can add, edit, or remove these and other domains using the Office 365 admin center. The domain ownership validation tool would request you to place a TXT record in the DNS server to successfully complete the process. Detailed steps for doing the same is given in the admin center. You can add up to 900 domains from your Office 365 admin portal or via remote PowerShell.

Configure Mail Flow - Standalone
Create an EOP outbound connector to deliver mail on-premises. Create an EOP inbound connector to accept mail from on-premises. Objective is to help the audience understand what is required for s to flow between EOP and on- premises servers. Most simple of the different possible mail flow scenarios is shown here to illustrate the deployment process. The terms Outbound and Inbound refer to the direction mail is traveling to and from Exchange Online Protection (EOP). An Outbound connector sends to a partner or to your on-premises environment. An Inbound connector receives mail from a partner or from your on-premises environment.

Match subdomains When the match subdomains feature is enabled for a domain, s can be sent and received for subdomains on this domain The match subdomains feature enables you to send and receive s on subdomains of a provisioned domain (aka Accepted Domain) in EOP. When the match subdomains feature is enabled for a domain, s can be sent and received for subdomains on this domain. For example, if contoso.com is a provisioned domain and match subdomains support is enabled, users can send s to or receive s from a.contoso.com, b.contoso.com, a.b.contoso.com, and other subdomains. Reference

Custom Mail Flow – Connector Scenarios
Description Outbound Smart Hosting Outbound mail is redirected to an on-premises server that applies additional processing before delivering mail to its final destination. Regulated Partner with Forced TLS Forced inbound and outbound transport layer security (TLS) is used to secure communication with a partner. Conditional Mail Routing A connector associated with a transport rule routes mail to a specific site. Hybrid When configuring hybrid deployments manual steps are not recommended for creating connectors. The Office 365 team has created tools to automate the setup process and make it much easier. Objective of this slide is to briefly discuss the various other connector scenarios possible. Detailed discussion on which scenario is most suitable for the customer can done later as part of the “Deployment Planning” session. Outbound smart hosting: Customer may want to apply some business rules or additional content filtering prior to delivering s to internal mail servers. In this case EOP will forward s to a smart host configured to perform such function instead of sending directly to a mail server. Regulated Partner with Forced TLS: Customer may want encrypted communication with certain partner organizations. This can be achieved by creating dedicated inbound and outbound connectors with forced TLS using certificates. Conditional Mail Routing: If customer has multiple sites, perhaps spread across the world, they can use connectors and transport rules to route mails to a specific site, based on conditions. Example of a condition can be the City attribute of user accounts. Basically connectors are created with scope mentioned as Use for Criteria Based Routing (CBR). Then, appropriate transport rules should be created to use these connectors. Hybrid scenario represents a situation when customer decides to host mailboxes in both on-premises servers and Exchange Online (Office 365). Automated configuration tools are recommended in this scenario. For more details please refer For additional information please refer

Enable Mail Flow - Standalone
Change the MX record. After 72 hours restrict on-premises firewall to accept port 25 traffic only from EOP. Create send connector with EOP as smart host in the on-premises server for Internet bound s. This is the final step in deploying EOP. Customer’s MX record should be pointed to EOP for s to flow through EOP. It can take up to 72 hours for the MX record to replicate all across the Internet. Once replication is complete, only EOP needs TCP port 25 access through the firewall protecting mail servers,. Firewall access for legacy secure gateway can be removed. In order to route the s sent to he Internet from on-premises server a Send Connector is required to be created in the on-premises server. EOP would be the smart host for this connector. The smart host name is the same as MX record given to you at the time of EOP setup.

Monitor and Fine Tune Based on customers needs, is the service operating as expected? Make any adjustments to rules or settings as needed. Evaluate effectiveness of spam settings. At this point we have mail flow enabled and basics are ready. We may still need to fine tune things to ensure that optimal security and user experience is delivered. Look at performance. Spam getting through or not detected. Submitted items are looked at a network-wide level Spam evaluation is an ongoing process

DEMO Connector Configuration 4/13/2018
Basic inbound and outbound connector demo steps  us/library/jj723133(v=exchg.150).aspx Optionally “test mail flow” can be demonstrated by following the instructions given here Outbound smart host demo steps  Regulated Partner with Forced TLS demo steps  us/library/jj723154(v=exchg.150).aspx Conditional Mail Routing  Connector Configuration © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recipient in EOP Users Users are the recipients within your EOP managed domains. Transport rules can be applied to users. Users can be assigned management roles. Users with management role group privileges can access the Exchange admin center (EAC). Contacts Contacts represent recipients outside of the EOP managed domains who can be displayed in the address book. Contacts can be used when creating transport rules. Can be used with transport rules. They can’t sign in to the EAC. Explain the two different types of recipients in EOP. Users send and receive mails using EOP service. Contact objects are used by users to send mails to recipients outside the organization.

Managing Recipients in EOP
Synchronized Recommended when company has existing user accounts in an on-premises Active Directory. Microsoft Azure AD Directory Sync tool is required. Recipients can be viewed as read only in EAC. Manual Add and manage users in EAC Created and managed directly in Office 365 admin center. These recipients are not viewable in the EAC. This slide is about how recipients in EOP can be managed. There are three methods. The recommended method is to automatically manage through directory synchronization between on-premises Active Directory and the Microsoft Azure Active Directory(MAAD). WAAD functions as the directory of EOP. DirSync process and benefits would be explained in the next slide. The other method is to manage recipients manually from Office 365 admin center. Such recipients would not be visible in EAC, but they can be added to or removed from membership in an administrator role group in the EAC.. For more detailed information on these point please refer Reference

Directory Synchronization
On-premises Exchange Online Protection Automated user/group management Ideal solution for organizations with on-premises Active Directory. Easier creation of rules based on user addresses. Allows for use of security group membership for configuration and rules. Synchronize Outlook safe/blocked sender lists. Microsoft Azure Directory Sync When customers have on-premises Active Directory the ideal way to manage recipients is by using DirSync tool. When DirSync is configured, users and mail enabled security groups appear in EAC. Transport rules can be created for these objects. The safe and blocked sender lists created on-premises would also be synchronized by the DirSync tool. The synchronization happens every three hours. Optionally, synchronization can be initiated manually as well. The DirSync tool is available as a free download (download link is provided in the previous slide note).

DEMO Managing Recipients 4/13/2018
Follow the steps mentioned here ( to demonstrate recipient management. If directory synchronization environment is not available for a live demo please have the relevant screenshots made available to explain the various steps involved. Managing Recipients © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Admin Roles in EOP Role based administration model.
A user can be added to multiple role groups. Each role group can perform specific tasks in EOP. Managed from the EAC. Objective: This slide and the next one should be used to explain the administration model of EOP. An organization may have multiple administrators to manage various EOP features. EOP follows a role based access control (RBAC) permissions model. Various role groups available in EOP can be managed from EAC. A user can be made a member of a role group or groups in order to assign them permissions to perform specific administrative tasks. Additional information available here

Feature Permissions EOP Feature Role Group Membership Required
Anti-malware Organization Management ,Hygiene Management Anti-spam Domains Organization Management ,View-Only Organization Management Inbound and Outbound connectors Organization Management Message trace Organization Management , View-Only Organization Management Organization configuration Quarantine Organization Management , View-Only Organization Management , Hygiene Management Users, Contacts, and Role Groups Organization Management ,View-Only Organization Management ,Hygiene Management View reports This table shows the role group memberships required to manage specific features in EOP. Click on the hyperlinks or refer to the following link to know more about what each role group is capable of doing.

DEMO Managing Admin Role Groups 4/13/2018
For demo steps please refer to this link Managing Admin Role Groups © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Remote PowerShell can be used to manage
users and domains permissions anti-spam and quarantine settings anti-malware settings transport rules Connectors message tracing reports Remote PowerShell is the administrative interface that enables you to manage your Microsoft Exchange Online Protection settings from the command line. For example, you can use remote PowerShell to configure transport rules and connectors. To know more about Remote PowerShell in EOP please refer

Policy and Compliance Features Anti-spam and Anti-malware Protection Reporting and Message Tracing Best Practices for Configuring EOP Exchange Data Loss Prevention Office 365 Message Encryption and S/MIME

Auditing Reports Purpose of Reports
Help meet regulatory, compliance, and litigation requirements. Help troubleshoot configuration and security related issues. Types of Reports The administrator role group report lets you view when a user is added to or removed from membership in an administrator role group. The administrator audit log records any action, based on an Exchange Management Shell cmdlet, performed by administrators or users who have been assigned administrative privileges. Reporting will be covered in detail later in the deck. Focus of this slide is on compliance reports only. You can obtain auditing reports at any time to determine the changes that have been made to your EOP configuration. These reports can help you troubleshoot configuration issues or find the cause of security-related or compliance-related problems. Administrator role group report and Administrator audit log are the two ways of extracting compliance information. For more information please refer

DEMO Auditing Reports Administrator Audit Log 4/13/2018
Demo steps for Run an Administrator Role Group Report in EOP can be found here To demonstrate Administrator Audit Log please follow the steps mentioned here Auditing Reports Administrator Audit Log © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Transport Rules Regulatory requirements and company policies require applying of messaging restrictions, content filtering, disclaimers etc. on s. Transport rules are created. s are inspected by transport rule agent. If a message fits any of the transport rule condition an action is taken. Many organizations today are required by law, regulatory requirements, or company policies to apply messaging policies that limit the interaction between recipients and senders, both inside and outside the organization. In addition to limiting interactions among individuals, departmental groups inside the organization, and entities outside the organization, some organizations are also subject to the following messaging policy requirements: Preventing inappropriate content from entering or leaving the organization Filtering confidential organization information Tracking or archiving copying messages that are sent to or received from specific individuals Redirecting inbound and outbound messages for inspection before delivery Applying disclaimers to messages as they pass through the organization This is how transport rules work 1. You create Transport rules to meet your business needs. 2. As messages go through your organization, the Transport rules agent is invoked. The Transport rules agent is a special component that checks messages against the Transport rules you create. 3. The Transport rules agent scans the message, and if the message fits the conditions you specify in a Transport rule, it takes the specified action on that message. For mode details please refer

Simple Policy Management
Conditions Actions Transport rules consists of Conditions Actions Exceptions Exceptions Key Message: Configuring transport rule is a simple task. It’s very similar to rules in Outlook Transport rules consist of the following components: Conditions Use Transport rule conditions to specify the characteristics of messages to which you want to apply a Transport rule action. Conditions consist of one or more predicates that specify the parts of a message that should be examined. Some predicates examine message fields or headers, such as the To, From, or Cc fields. Other predicates examine message characteristics such as message subject, body, attachments, message size, and message classification. Most predicates require that you specify a comparison operator, such as equals, doesn't equal, or contains, and a value to match. Exceptions: Exceptions are based on the same predicates used to build Transport rule conditions. However, unlike conditions, exceptions identify messages to which Transport rule actions shouldn't be applied. Exceptions override conditions and prevent actions from being applied to an message, even if the message matches all configured conditions. Actions: Actions are applied to messages that match the conditions and don't match any exceptions defined in the Transport rule. Transport rules have many actions available, such as rejecting, deleting, or redirecting messages, adding additional recipients, adding prefixes in the message subject, or inserting disclaimers in the message body. EOP Standalone: Managed separately from on-premises rules Exchange Online: Integrated Rules management

Flexible rule conditions
Microsoft Exchange 4/13/2018 Flexible rule conditions Conditions can be formed based on Message size. Attachment type. Sender and recipient properties. Contents of message subject, body or attachment. Key message: Transport rules are customizable to meet the requirements of business Transport rule conditions are very flexible to accommodate common business requirements. Transport rule conditions (and exceptions) consist of one or more predicates. Predicates instruct the Transport rules agent to examine a specific part of an message, such as sender, recipients, subject, other message headers, and message body. Based on this analysis, the Transport rules agent determines whether the rule should be applied to that message. To determine whether a Transport rule should be applied to a message, most predicates have one or more properties for which you must specify a value. For example, the “The sender is” predicate requires that you specify the sender for the message. Some predicates don't have properties. For example, the Any attachment has executable content predicate simply inspects whether any attachment in a message has executable content, and therefore doesn't require any values. New – Transport rules allows precedence and all the other Transport Rule goodness. No remote PowerShell for EOP standalone. For more details please refer © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Exchange 4/13/2018 Flexible rule actions Actions are taken based on rule conditions and exceptions. Block or redirect messages. Modify messages. Enforce TLS encryption. Route messages through specific connectors. Focus of this slide is to explain what all actions can be performed on an message based on the transport rules you create. Transport rule actions instruct the Transport rules agent to take the specified action on messages that match all specified conditions and don't match any of the exceptions in a Transport rule. Typical actions required by customers include Block or redirect a message based on sensitive content, sender, recipient etc. Modify messages by adding disclaimers Enforce TLS encryption from specific senders or recipients (e.g. executive communication with partner organizations) Route message through separate connectors. E.g. separate connector based on user location Actions: Generating additional notifications won’t be supported. More information on transport rule actions is available here us/library/jj920117(v=exchg.150).aspx © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Transport Rule options
Microsoft Exchange 4/13/2018 Transport Rule options Rules can be configured to run for a specific time period time Rules can be run in Test Mode Transport rules come with different options. Rules can be configured to be active during specific period of time. For example, a rule to deliver large attachments or bulk mails during off work hours. It is always recommended to activate a new rule in test mode prior to enforce. This will help understand the effects of the rule on real users. If time permits, briefly discuss all the options © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

DEMO Manage transport rules.
4/13/2018 DEMO Manage transport rules. Domain based safe sender and blocked sender list using transport rules. Manage transport rules demo steps can be found here us/library/jj657505(v=exchg.150).aspx For the “Domain based safe sender and blocked sender list using transport rules” demo instructions can be found here © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Policy and Compliance Features Anti-spam and Anti-malware Protection Reporting and Message Trace Best Practices for Configuring EOP Exchange Data Loss Prevention Office 365 Message Encryption and S/MIME

Multi-layered anti-spam protection
4/13/2018 Multi-layered anti-spam protection 1. Connection filtering Blocks up to 80% of all spam based on IP block/allow lists. 2. Sender-Recipient Filtering Blocks up to 15% of all spam based on internal lists and sender reputation. 3. Content Filtering Blocks up to 5% of all spam based on internal lists and heuristics. Objective: High level understanding of how anti-spam works. Anti-spam protection is through different layers. Nearly 80% of all the spam is blocked based on the source IP addresses. IP addresses known to be used by spammers are obtained by Microsoft through partnerships. Customers can also add IP addresses to the blocked/allowed list Enhanced support for IPV6: EOP will begin supporting the ability to receive over IPv6 from senders who do not send messages over Transport Layer Security (TLS). Admins can permit users to opt in to receive over IPv6 by requesting it from the EOP Support team. If they do not opt in, they will receive over IPv4. More on IPv6 can be found here enhancements-part-2/ Sender reputation is the next method of defending against spam. End-users can also create their own safe and blocked sender lists. EOP will begin supporting inbound validation of Domain Keys Identified Mail (DKIM; see DomainKeys Identified Mail Signatures). DKIM is a method of validating a digitally signed message that appears in the DKIM-Signature header in the message headers. It ties an message to the organization responsible for the message. Support added for DomainKeys Identified Mail (DKIM) You can find more details here The final layer of defense is based on content analysis. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

EOP Inbound Filtering Corporate Network EOP Network Customer Feedback
Spam Analysts Customer Feedback False Positives and False Negatives is routed to Microsoft DC based on MX record resolution (Contoso-com.mail.protection.outlook.com) Connection & Sender-Recipient Filtering Malware Scanning Policy Enforcement Content Filtering Safe Sender/Recipient Corporate Network Content scanning and Heuristics AV Engine 1 Custom Rules IP-based edge blocks Use this slide to explain the incoming mail flow within the EOP service and the overall filtering process (anti-spam, anti-malware and policy enforcement). Details of each component would be explained in subsequent slides. ASF – Advanced Spam Filtering. More on ASF can be found here There is a separate a slide available later in the deck to discuss the multiple AV engine feature AV Engine 2 SPF & Sender ID Filter Reputation blocks AV Engine 3 Bulk Mail Filtering Regular Expression blocks Quarantine International Spam URL blocks Additional ASF Options EOP Network

EOP Outbound Filtering
Microsoft Exchange 4/13/2018 EOP Outbound Filtering Corporate Network Outbound Pool Outbound Pool Outbound Pool Malware Scanning Policy Enforcement Spam Protection Low Score Bulk Delivery Pool AV Engine 1 Custom Rules Content Scanning and Heuristics Bulk Mail AV Engine 2 Similar to the previous slide, use this slide as well to explain the outbound mail flow within the EOP service and the overall filtering process (anti-malware, policy enforcement and anti-spam). Details of each component would be explained in subsequent slides. EOP Improvement: The outbound delivery pools have been extended to have a three way spilt -- normal, high-risk pool, bulk mail. Within the Normal pool there are around 10 sub pools delivering normal mail, to help with preserving outbound mail reputation. If any mail considered to be SPAM flows out and therefore affects the reputation of EOP service, using multiple outbound pool limits the impact. In addition, the EOP service does pro-active monitoring of external reputation providers, and can take corrective action before it affects customers. AV Engine 3 Advanced Spam Management High Score High Risk Delivery Pool Quarantine Spam Analysts EOP Network Internet © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Spam Confidence Level(SCL)
When an goes through the spam filtering process it is assigned a score known as the Spam Confidence Level (SCL) rating. Based on the SCL rating, the EOP service takes actions upon the messages. Help the audience understand what is SCL and how this rating is used to process each message going through EOP service. When an message goes through spam filtering it is assigned a spam score. That score is mapped to an individual Spam Confidence Level (SCL) rating and stamped in an X-header. The service takes actions upon the messages depending upon the spam confidence interpretation of the SCL rating. Next slide talks about the default actions for various SCL ratings.

SCL Ratings and Default Actions
4/13/2018 SCL Ratings and Default Actions SCL Rating Spam Confidence Interpretation Default Action -1 Non-spam coming from a safe sender, safe recipient, or safe listed IP address (trusted partner) Deliver the message to the recipients’ inbox. 0, 1 Non-spam because the message was scanned and determined to be clean 5, 6 Spam Deliver the message to the recipients’ Junk folder. This can be changed. 9 High confidence spam Default action for messages identified as spam and high confidence spam can be changed by editing the default content filter policy. Possible options are 1) Delete message: Deletes the entire message, including all attachments. 2) Quarantine message: Sends the message to quarantine instead of to the intended recipients. If you select this option, in the Retain spam for (days) field input box, specify the number of days during which the spam message will be quarantined. (It will automatically be deleted after the time elapses. The default value is 15 days which is the maximum value. The minimum value is 1 day.) 3) Add X-header: Sends the message to the specified recipients but adds X-header text to the message header that identifies it as spam. Using this text as an identifier, you can optionally create rules to filter or route the messages as needed. You can customize the X-header text using the Add this X-header text input box. 4) Prepend subject line with text: Sends the message to the intended recipients but prepends the subject line with the text that you specify in the Prefix subject line with this text input box. Using this text as an identifier, you can optionally create rules to filter or route the messages as needed. 5) Redirect message to address: Sends the message to a designated address instead of to the intended recipients. Specify the “redirect” address in the Redirect to this address input box. Please note that non- Exchange users would not benefit from the Junk mail folder. For more information please refer and Note: In order to ensure that the Move message to Junk folder action will work with on-premises mailboxes, you must configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Configure Downstream Spam Action
Creating the transport rules on-premises Set-OrganizationConfig –SCLJunkThreshold 4 New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" - HeaderContainsWords "SFV:SPM" -SetSCL 6 New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" - HeaderContainsWords "SFV:SKS" -SetSCL 6 End users need to be educated about the use of the Junk Mail folder in Outlook. These PowerShell commands create the transport rules required for spam mails in land in Junk Mail folder

Anti-Spam Policies Connection Filtering
Based on the reputation of an IP address or a range of IP addresses. This policy can be customized by adding IP addresses to Allow and Block lists. The “Enable safe list” option prevents missing from certain well-known senders. Content Filtering Filters inbound messages with inappropriate content. Can be customized to filter messages based on languages and countries of origin. Advanced spam filtering (ASF) options give administrators the ability to inspect various content attributes of a message. Spam filtering is automatically enabled company-wide through the default anti-spam policies (connection filter, content filter, and outbound spam). As an administrator, you can view and edit, but not delete, the default anti-spam policies so that they are tailored to best meet the needs of your organization. For greater granularity, you can also create custom content filter policies and apply them to specified users, groups, or domains in your organization. By default, custom policies take precedence over the default policy, but you can change the priority of your policies. Select the Enable safe list check box to prevent missing from certain well-known senders. How? Microsoft subscribes to third-party sources of trusted senders. Using this safe list means that these trusted senders aren’t mistakenly marked as spam. When talking about the ASF options highlight the bulk mail filtering option. Do not spend time explaining each ASF option unless asked. More details on bilk mails in next slide. For additional information pleas refer us/library/jj200718(v=exchg.150).aspx

Anti-Spam Policies Bulk Mails
By default all Bulk Mails are marked as spam. To allow incoming bulk s, add the SMTP MAIL FROM address to a safe sender list. Outbound Filtering Always enabled and cannot be changed. Outbound mails identified as spam are routed via high-risk delivery pool. Spamming users are added to blocked list. Service request is required for removal. notifications can be sent when suspicious or blocked messages have been identified. Bulk mailing is a common requirement for many customers. An example of outbound bulk mails is newsletters used for genuine marketing purposes. However, the ability to bulk mail is disabled by default and it needs to be enabled through a setting under Advanced Spam Filtering (ASF) More information on ASF can be found here us/library/jj200750(v=exchg.150).aspx Outbound filtering serves two purposes 1) reputation of the service and EOP customers 2) protects the recipients. A spate pool of IP addresses are used to deliver messages identified as spam. More information on configuring outbound spam policy us/library/jj200737(v=exchg.150).aspx

Safe/Blocked Senders List
From Outlook and OWA end users can add specific users and domains to the list Messages from blocked senders are not deleted, they land either in Junk folder or quarantine. When Directory Sync is run on- premises lists are propagated to the service. Explain how safe/blocked senders list can be managed from Outlook. As discussed earlier this list would be synchronized to the EOP service if DirSync is deployed.

International Spam Messages can be blocked based on regions and languages International spam protection is the ability to block messages originating from a specific country and region or messages written in specific languages. An experienced messaging administrator understands the regional and language bias of the spam messages his/her organization is receiving.

Directory Based Edge Blocking (DBEB)
Reject messages for invalid recipients at the service network perimeter. If the address is not present in Azure AD, EOP blocks the message before filtering occurs NDR is sent to the sender informing them that their message was not delivered What is Directory Based Edge Blocking? The Directory Based Edge Blocking (DBEB) feature in Exchange Online Protection (EOP) lets you reject messages for invalid recipients at the service network perimeter. DBEB lets admins add mail-enabled recipients to Azure Active Directory and block all messages sent to addresses that aren’t present in Azure Active Directory. If a message is sent to a valid address present in Azure Active Directory, the message continues through the rest of the service filtering layers (anti-malware, anti-spam, transport rules). If the address is not present, the service blocks the message before filtering occurs, and a non-delivery report (NDR) is sent to the sender informing them that their message was not delivered. How is DBEB enabled? Admins can manage the DBEB feature through configuration of the domain type in the Exchange admin center (EAC). The EAC exposes two domain types: Authoritative - is delivered to valid recipients in your organization which may include local recipients as well as recipients whose messages are being routed to a shared environment. All for unknown recipients is rejected. Setting this domain type is what enables DBEB. Internal relay - is delivered to recipients in your organization or relayed to an server at another physical or logical location. More information is available here directory-based-edge-blocking-for-exchange-online-protection.aspx

DomainKeys Identified Mail (DKIM)
EOP will begin supporting inbound validation of DKIM DKIM support will start with IPv6, later IPv4 as well The results of a DKIM-Signature validation will be stamped in the Authentication-Results header Customers will be able to write Exchange Transport Rules (ETRs) on the results of a DKIM validation to filter or route messages as needed. For example: Authentication-Results: contoso.com; dkim=pass (signature was verified) header.d=example.com; In a future release, we will also provide DKIM signing. Support added for DomainKeys Identified Mail (DKIM) EOP will begin supporting inbound validation of Domain Keys Identified Mail (DKIM; see DomainKeys Identified Mail Signatures). DKIM is a method of validating a digitally signed message that appears in the DKIM-Signature header in the message headers. It ties an message to the organization responsible for the message. Initially, DKIM verification will be restricted only to messages over IPv6. In a future release, EOP will verify all inbound messages signed with DKIM over IPv4. The results of a DKIM-Signature validation will be stamped in the Authentication-Results header, which conforms with RFC 7001 (Message Header Field for Indicating Message Authentication Status). Customers will be able to write Exchange Transport Rules (ETRs) on the results of a DKIM validation to filter or route messages as needed.

DEMO Connection filtering – customization
4/13/2018 DEMO Connection filtering – customization Content filtering – custom policy Outbound filtering – editing default policy. Managing Safe Sender Lists for Bulk Mailers Demo connection filtering using steps mentioned here us/library/jj200718(v=exchg.150).aspx Demo custom content filtering policies using the steps mentioned here us/library/jj200684(v=exchg.150).aspx Follow this documentation for demonstrating Outbound filtering us/library/jj200737(v=exchg.150).aspx For the Safe Sender List demo please refer this link us/library/dn463985(v=exchg.150).aspx © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Spam Quarantine By default content-filtered spam is sent to the recipient’s Junk folder. This can be changed to be sent to quarantine. Messages are kept in the quarantine for a maximum of 15 days. If required, this number can be lowered. The default settings in EOP let end-users manage spam through Junk folder in Outlook. However, some customers may want all these spam mails to be centrally stored in quarantine. In such case, administrator would be responsible for reviewing the quarantined messages. Audience may ask about the availability of per-user quarantine. This feature is not available yet.

Spam Quarantine Advanced search to locate quarantined messages.
Available for administrators and end-users. Quarantines messages can be easily located with the help of advanced search. Example scenario: User reports that he is missing a mail which he is expecting from a vendor. Administrator can quickly search and confirm whether it’s stuck in quarantine or not. Please read this blog for details on end-user access to spam quarantine

Spam Quarantine False positives can be reported to Microsoft
While releasing the message administrator has the choice of reporting a message as false positive. It will help Microsoft improve the service quality.

DEMO Quarantine features for administrators and end users. 4/13/2018
Demonstrate the administrator and end user features by following the steps mentioned in this link © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

End-User Spam Notifications
Frequency and language of the notifications can be configured. Not available for messages matching transport rule conditions. End-users can manage spam from notification s. End-user spam notification can be configured for the default (company-wide) content filter policy or for custom policies that are applied to domains. End-users can choose to mark a mail as not Junk from the Junk s folder. Such messages will be moved to Inbox folder.

End-User Spam Notification
Users can take action on quarantined mails from their Inbox Can this be customized by the organization? Different logo? No it can’t. Maybe call out the link that says you can create a new containing all existing quarantined items

Junk Email Reporting Add-in for Outlook
One-click reporting that enables users to select junk and submit it to Microsoft for analysis. The ability to select and then submit multiple messages with a single click. Selected messages are moved to the Microsoft Outlook Junk folder. Multi-language support The Junk Reporting Add-in for Microsoft Office Outlook lets Exchange Online and Exchange Online Protection users easily report junk (spam) to Microsoft for analysis to help reduce the number and impact of future junk messages filtered by the service. Compatible with Microsoft Office Outlook 2013, Outlook 2010, or Outlook 2007 with Windows 7 or Windows 8. The installer for this add-in can be downloaded from

DEMO Configuring end-user spam notifications. 4/13/2018
For demo steps please refer © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Anti-Malware Protection
Layered defense with multiple scan engines Real-time threat response Fast deployment of anti-malware definitions The service offers multi-layered malware protection that’s designed to catch all known malware traveling inbound to or outbound from your organization. The following options help provide anti-malware protection: Layered Defenses Against Malware (this should have been briefly discussed in the inbound filtering and outbound filtering slides) Multiple anti-malware scan engines help protect against both known and unknown threats. These engines include powerful heuristic detection to provide protection even during the early stages of a malware outbreak. This multi-engine approach has been shown to provide significantly more protection than using just one anti-malware engine. Real-time Threat Response During some outbreaks, the anti-malware team may have enough information about a virus or other form of malware to write sophisticated policy rules that detect the threat even before a definition is available from any of the engines used by the service. These rules are published to the global network every 2 hours to provide your organization with an extra layer of protection against attacks. Fast Anti-Malware Definition Deployment The anti-malware team maintains close relationships with partners who develop anti-malware engines. As a result, the service can receive and integrate malware definitions and patches before they are publicly released. Our connection with these partners often allows us to develop our own remedies as well. The service checks for updated definitions for all anti-malware engines every hour. For more details Please read this FAQ document . This will help answer some of the questions from audience.

Microsoft Exchange 4/13/2018 Simple configuration Delete messages. Delete attachments. Robust, customizable notifications. Custom policies can be created to change the scope (user, group, or domain) and priority. FOPE would always block; we are introducing a new action that will remove the attachments and then let the message through. But there are two caveats: (1) The actions will be named “Delete message” (=block) and “Delete attachments” (=replace or strip). EOP introduces the ability to remove the attachments of an infected message, but still deliver the message content. (We attach a note in place of the deleted attachments to inform the recipient that the attachments were removed.) EOP also provides the ability, when configuring sender notifications, to distinguish between inbound and outbound messages. (In FOPE, you had to enable sender notifications for both inbound and outbound or for neither. In EOP, you can enable one without the other, and customize the message for each.) Exchange 2013 on-premises server vs. EOP. Exchange 2013 Server built-in anti-malware provides only the Microsoft anti-malware engine. The anti-malware configuration is identical to EOP. However, because on- premises administrators have control of the server itself, there is an additional set of configuration that is not available in EOP (through the Set-MalwareFilteringEngine cmdlet). Some of these settings are: the ability to bypass inbound or outbound anti-malware during troubleshooting, configuring update frequency and paths, and some error/timeout behavior. Scope and priority customization. Malware filtering is automatically enabled company-wide via the default anti-malware policy. As an administrator, you can view and edit, but not delete, the default anti-malware policy so that it is tailored to best meet the needs of your organization. For greater granularity, you can also create custom malware filter policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (running order) of your custom policies. Sender notifications Admin notifications © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

DEMO Configuring anti-malware policies 4/13/2018
Please follow the instructions here for demo us/library/jj200745(v=exchg.150).aspx © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Policy and Compliance Features Anti-spam and Anti-malware Protection Reporting and Message Tracing Best Practices for Configuring EOP Exchange Data Loss Prevention Office 365 Message Encryption and S/MIME Audit reports and audit logs were covered earlier in the presentation. Please briefly mention about these features before proceeding.

Reports in the Office 365 admin center
Reports on mail, spam and malware volume Reports on how custom rules affects mail traffic Explain the different types of reports. Reports help you understand the volume of spam and malware hitting customer’s EOP tenant. There are also reports available to check the impact of various transport rules on both incoming and outgoing mails. Reference You can learn more about the recent enhancements from the Enhanced mail protection reporting section of this blog There is also an Excel based reporting workbook available for free download to view both summary and detailed protection reports from Microsoft Office 365. Next slide is a placeholder to do a demo of this reporting workbook

Enhanced mail protection report
When you click a report linka new window opens and displays an interactive chart with summary level information. Date range is up-to 90 days. Detailed data of a specific point in the graph is displayed in tabular format. Beginning in the early spring of 2014, mail protection reports will include a more interactive reporting experience for Exchange Online and Exchange Online Protection admins. The reports can be accessed from the Office 365 admin center, just as they are today. When you click a report link, such as the spam detections report, a new window opens and displays an interactive chart with summary level information. You can select the appropriate date range to see up to 90 days of summary data. You can also change the view to see only messages that match specific criteria, by altering the series slicers located on the right side of the graph. For example, if you want to view only content-filtered spam detections, select only Content filtered from the slicers options. Some reports may also have parameters above the graph that let you further narrow your criteria. For detailed message data, click a specific data point in the graph. When you select a point, the message details are displayed below the graph in a table. The table allows you to page through the detailed messages if there are more records than can be displayed on one page.

Extended detailed report
Detailed data for messages that are older than 7 days is available for download Detailed data for messages that are older than 7 days is also available for download. This is displayed as the area in the graph with a light gray background. When you select a data point in the summary graph for data older than 7 days, a Request this report link is displayed on the page. . To view the status of requests, click the Report request queue link from the main page. This opens the pending or completed queries page, where you can see the status of any of your outstanding requests. From here you can cancel pending requests or download a completed request

Requesting Detailed Report
Notification address can be provided When you click the Request this report link, a new page opens that lets you provide notification information and further filter the request. When you click Submit, the query is submitted for processing. If you provided a notification address, the specified recipient will receive an notification when it has completed.

View the report request queue
Pending or completed requests can be viewed Pending requests can be cancelled Completed requests can be downloaded To view the status of requests, click the Report request queue link from the main page. This opens the pending or completed queries page, where you can see the status of any of your outstanding requests. From here you can cancel pending requests or download a completed request

Excel based reporting for detailed analysis
Plugin can be downloaded from us/download/details.aspx?id=30716 Detailed information about mail traffic, spam, malware etc. This reporting workbook provides you with a detailed view into the protection data that is available in the Office 365 Reporting dashboard. This workbook is available to all Exchange Online and Exchange Online Protection customers. The workbook provides summary graphs for a number of different types of message filtering. This includes messages identified as spam, malware, or good mail (mail that cleanly passed all filtering). The data for the summary graphs is pulled locally via a web service call. After loading the summary data into the workbook, you can perform deeper analysis through the use of data slicers. These allow you to change the view of the data in order to identify trends or unusual activity. When such a condition is found, you can click through from the summary to the detail data. Another web service call will be made to pull the detail data that you can use to identify the actual messages that caused the condition seen in the summary graph.

Excel based reporting for detailed analysis
Reports matching transport rules are also available. This tool also shows graphs for messages that were identified by either a transport rule or DLP policy (Exchange Online customers only).

DEMO Mail Protection Reports Using the Excel Reporting Workbook
4/13/2018 DEMO Mail Protection Reports Using the Excel Reporting Workbook For demo instructions please visit © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Message Tracing Follows email messages as they travel through EOP.
Tracks delivery status and actions taken on specific messages. Visibility up to 90 days in the past. An efficient tool to troubleshoot issues related mail flow and policy changes without contacting Microsoft technical support. Messaging tracing is useful in situations like troubleshooting mail flow, investigating a missing mail etc. We recommend using this tool prior to contacting Microsoft support for raising issues related to missing mails or mail flow. When you search for a message sent in the past seven days, you can view the results immediately. When searching for older messages, you have to submit a request for an extended message trace. Just choose the custom date range option and specify any date range in the past 90 days. When you’re creating a new extended trace request, you can choose to receive a summary list report or a detailed message trace report. Summary list report. A summary list report displays basic information about the messages you traced, such as time, whether the message was delivered, the subject of the message, number of bytes, and so on. Detailed message trace report. When you need more details about messages than a summary list report provides, you can get a detailed trace of the events logged for the messages. To get a detailed report, when you’re creating a new trace request, select the Include message events and routing details with report check box. In a detailed trace, all key events with all details that are available in the message tracking logs are exposed, providing a rich data source for detailed investigations. We recommend that Exchange Online administrators use the extended detailed message trace rather than delivery reports for investigating message delivery. Delivery reports are intended for end users and is limited to recent messages only. Typically, trace requests are processed within hours. The list of submitted requests and their status is displayed on the pending or completed traces page in the Exchange admin center, making it easy to check if your request has been completed. Reference FAQ

DEMO Running a message trace. 4/13/2018
For demo instructions please visit © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Policy and Compliance Features Anti-spam and Anti-malware Protection Reporting and Message Trace Best Practices for Configuring EOP Data Loss Prevention Office 365 Message Encryption and S/MIME

Best Practices Synchronize Recipients using DirSync.
4/13/2018 Best Practices Synchronize Recipients using DirSync. Restrict on-premises server to accept s only from EOP. Add SPF record DNS. Set up on-premises outbound connector to send <50 messages. Make use of anti-spam options. Fine tune anti-malware options. Create transport rules for custom rules required for business. Use reporting tools for troubleshooting. This slide is a summary of various things discussed so far. Follow these best-practice recommendations for Microsoft Exchange Online Protection (EOP) in order to avoid common configuration errors and set yourself up for success. We recommend using the default configuration settings as a general rule. However, there are situations where you need to customize a bit to suit your business requirements. For detailed points please refer to this link us/library/jj723164(v=exchg.150).aspx © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Policy and Compliance Features Anti-spam and Anti-malware Protection Reporting and Message Trace Best Practices for Configuring EOP Exchange Data Loss Prevention Office 365 Message Encryption and S/MIME

Data Loss Prevention in Exchange
Identify Monitor DLP policies are simple packages that contain sets of conditions, which are made up of transport rules, actions, and exceptions. Helps to identify, monitor, protect sensitive data through deep content analysis. Anti-spam, anti-malware and DLP controls integrated into the Exchange admin center and Office 365. DLP is a premium feature requiring Exchange Online Plan 2 subscription or Exchange Enterprise Client Access License (CAL) Protect Easy to use Context Data loss prevention (DLP) is an important issue for enterprise message systems because of the extensive use of for business critical communication that includes sensitive data. The DLP feature and it’s management tools are very closely tied to EOP. Configuration of DLP is briefly covered in the next few slides. What is DLP? DLP policies are simple packages that contain sets of conditions, which are made up of transport rules, actions, and exceptions that you create in the Exchange Administration Center (EAC) and then activate to filter messages. You can create a DLP policy, but choose to not activate it. This allows you to test your policies without affecting mail flow. DLP policies can use the full power of existing transport rules. In fact, a number of new types of transport rules have been created in Microsoft Exchange Server 2013 and Exchange Online in order to accomplish new DLP capability. One important new feature of transport rules is a new approach to classifying sensitive information that can be incorporated into mail flow processing. This new DLP feature performs deep content analysis through keyword matches, dictionary matches, regular expression evaluation, and other content examination to detect content that violates organizational DLP policies. Easy to use Exchange DLP offers reduced management overhead due to close integration with EOP management tools. Comment from a customer: "I am looking forward to turning off our Barracuda device and switching to EOP. I like the simple interface design being shown“ Unified Management for EOP and DLP : Mail, anti-spam, anti-malware, and data loss prevention controls in one console Single Set Of Filtering Rules - Integration of EOP policies & transport rules Programmability through PowerShell Role Based Access Control Domain Management Message Tracing Quarantine Management How to buy DLP? Exchange Online: DLP is a premium feature that requires an Exchange Online Plan 2 subscription. For more information, see Exchange Online Licensing. Exchange 2013: DLP is a premium feature that requires an Exchange Enterprise Client Access License (CAL). For more information about CALs and server licensing, see Exchange Server Licensing. Exchange Enterprise CAL with Services: There is a behaviour distinction to take note of if you are an Exchange Enterprise CAL with Services customer with a hybrid deployment, where you have some mailboxes located on premises and some in Exchange Online. DLP policies are applied in Exchange Online. Therefore, messages sent from one on-premises user to another on-premises user do not have DLP policies applied, because the message doesn’t leave the on-premises infrastructure. Additional information is available here

DLP policy templates Templates are an easy way to get started with DLP. Templates can be customized to suit business needs. Built-in templates available based on common regulations Note: You should enable your DLP policies in test mode before running them in your production environment. Templates offer an easy way to start using DLP. They are available from Microsoft and Microsoft partners. Templates can be customized to create DLP policies matching your business requirements. You can create your own templates as well DLP templates are nothing but logical grouping of classification rules, transport rules, and reporting to achieve an objective (PCI, HIPAA) There are several templates in the box – over 40 from various countries and across different regulations. PII, Financial – not everything - we enable partners to do that through our extensibility story) US and Europe Extensibility Classification rules - Open format for classification rule schema ISVs create new packages of classification rules, transport rules, and reporting for specific regulations

Custom DLP Policies Transport rule conditions DLP specific condition Custom policies are useful when the required conditions, rules, and actions are not covered in pre- existing DLP templates. Note: You should enable your DLP policies in test mode before running them in your production environment. DLP specific action – Policy Tip Transport rule actions While DLP templates are useful there are many situations requiring customers to define policies from the scratch. Familiar transport rule interface allows you to configure these policies. The rule conditions that are available to you in a single policy include all the traditional transport rules in addition to the sensitive information types presented in Sensitive Information Types Inventory. More information can be found here Actions Built on Exchange Transport Rules; Supports discovery phase of compliance – 2 clicks to start monitoring sensitive information Predicate to use is “The message contains sensitive information ….” DLP specific actions: Notify the sender with a Policy Tip Other Transport Rule actions are available too Exceptions

Configuring DLP Set up connectors for DLP using Criteria Based Routing (CBR). Identify DLP Policies for your organization. Set up DLP Policy by either using Built in templates Starting a new policy Importing a third party/external policy Edit/Configure classification rules and the enforced actions as required. In order to configure DLP in Exchange several steps are required. Connectors with criteria based routing (CBR) are required to be created from On-premises Exchange Server 2013  EOP EOP  On-premises Exchange Server 2013 EOP  The Internet. Identify the required policies Create DLP policies using any one of the three methods Built in templates Starting a new policy Importing a third party/external policy Finally edit the rules as required

Policy and Compliance Features Anti-spam and Anti-malware Protection Reporting and Message Trace Best Practices for Configuring EOP Data Loss Prevention Office 365 Message Encryption and S/MIME

Introducing Office 365 Message Encryption
Send Encrypted Mail to Anyone! Customize with Your Brand Simplified Administration Easy-to-use User Experience © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Scenario ContosoPharma wants to encrypt any message sent outside the organization, that contain health care information about patient. Sanjay, a practitioner sends an that contains the sensitive information to John, who is outside the ContosoPharma organization. Photo

Scenario in Action Rule Receiver mailbox Open Attachment Read Message
Reply Message

Strong Integration with Exchange Transport rules

Customize mails with your company’s brand

PowerShell support ETR to Apply Encryption Action ETR to Remove OME
New-transportrule EncryptRule <Condition for which to apply encryption> -ApplyOME $true ETR to Remove OME New-transportrule DecryptRule <Condition for which to remove encryption> -RemoveOME $true To Set Text Set-OMEConfiguration -Identity default - Text "Encrypted message from ContosoPharma secure messaging system" To Set Portal Text Set-OMEConfiguration -Identity default -PortalText "ContosoPharma secure portal" To Set Logo Image Set-OMEConfiguration -Identity default -Image (Get-Content "C:\Users\admin\Desktop\consoso.png” -Encoding byte) To Set Disclaimer Set-OMEConfiguration -Identity default -DisclaimerText "This is ContosoPharma disclaimer statement..." PowerShell support

Purchasing Office 365 Message Encryption
Office 365 Message Encryption is included with Microsoft Azure Rights Management (MARM) Plan Requires Price Office 365 E3, E4 Office 365 E1, K1 Office 365 Exchange Online Plan 2, Plan 1, Kiosk Office 365 SharePoint Plan 2, Plan 1 Office 365 Midsize Business Exchange on-premises <Included <Included Microsoft Azure Rights Management (MARM) $2 PUPM * On-premise customers need to route mails through Exchange Online ** Microsoft Azure Rights Management is not available for Office 365 Small Business plans

S/MIME Secure version of MIME
Secure/Multipurpose Internet Mail Extensions is a standard for public key encryption and signing of MIME data (an message) Allows the possibility of sending and/or receiving encrypted Secrecy Authentication Integrity Recipient knows that the message came from the apparent sender Recipient knows that the message was not changed on route Only intended recipient can read the message

Software Assurance Planning Services Partner MUST customize prior to delivery Speaker: Engagement Consultant Title of presentation: Exchange Online Protection Deployment Planning Length of presentation: 90 minutes Audience: IT Professionals, IT Managers. Sales Cycle Alignment: Engagement Desired Outcomes: Customer is educated on various deployment options. Modular Outline: Various deployment options are discussed. Help customer decide the right architecture for them. Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER 168168

Notes to Presenter: Use of this template is recommended, but not a mandatory requirement for the planning services engagement Use the time during this presentation to discuss the various deployment scenarios for EOP. Help the customer identify the right architecture for them. Document the decisions and make them part of the Findings and Recommendations document. Please add/remove information as appropriate. Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Exchange Online Protection – Deployment Planning
Speaker Name Title Organization This slide deck is part of the deployment planning services workshop for Exchange Online Protection

Agenda Introduction and Context Setting up the EOP Service
EOP Deployment Scenarios Migration Planning Objective of this presentation is to discuss various deployment scenarios and choose the most appropriate one for the customer. A high level migration (from the current secure gateway) approach would also be discussed as part of this presentation.

We have completed the following activities Assessment of current secure gateway solution. Documented the secure gateway requirements. Discussed the technical features of EOP. In this session we will discuss The deployment scenarios. The high level migration approach, if applicable. Prior to this presentation the following activities should have been completed with the same audience as this presentation. Assessment of the solution environment to gather information about the existing setup Requirements discussion with the customer. Documentation of the secure gateway requirements Discussion of EOP technical features Mapping of customer requirements Vs. EOP features/settings In this session we will discuss various deployment scenarios possible with EOP. We will also briefly discuss the high level migration approach. A more detailed migration plan preparation is required prior to executing the deployment project.

Agenda Introduction and Context Setting up for the EOP Service
EOP Deployment Scenarios Migration Planning

Sign up for the EOP Service
Try before you buy EOP Subscription Plans Standalone Part of Exchange Online Exchange Enterprise CAL with Services Skim through this slide if you have already covered this topic during the “Technical Overview” presentation. Objective: Explain the sign up process and licensing options using this slide. EOP service can be tried for 30 days before you need to purchase it. There are three different subscription plans for EOP 1) Standalone. Suitable for protecting any SMTP based messaging solution 2) Part of Exchange Online. EOP is a standard feature available when customers subscribe to Exchange Online mailboxes 3) Exchange Enterprise CAL with services. This plan is for customers planning to purchase Exchange Server licenses and EOP service subscription together. An overview of Exchange Server 2013 license options can be found here FX aspx If time permits, live demo of sign up process can be performed. Here is the link for signing up for a trial account anti-spam-protection- -security- -spam-FX aspx

Three Possible Scenarios
EOP Standalone Deployment Suitable for customer or Microsoft partner hosted messaging solutions Works with on-premises deployment of Exchange or any other SMTP based messaging solution. EOP with Exchange Online Suitable when an organization hosts all it’s mailboxes in Exchange online (Office 365). Enabled by default for all mailboxes EOP Hybrid Deployment Suitable when an organization distributes mailboxes between on-premises and online (Office 365) Exchange servers. Choice of routing mails through EOP or on-premises servers. Purpose of this slide is just to reiterate the three options available. This should have been already discussed in the “Technical overview” presentation

EOP Standalone with Inbound and Outbound Connectors
Creation of inbound and outbound connectors required. Can be used in conjunction with other protection or compliance solutions. EOP when deployed in standalone mode requires at least two connectors created with the on-premises mail servers – one each for inbound and outbound traffic. For talking points please refer the following links.

Conditional Mail Routing
Suitable for global organizations with datacentres across the globe. Separate connectors for each location. Large global organizations have mail servers spread across the globe and it may be more efficient to deliver messages to those regional/local datacentres directly by EOP. Creation of multiple connectors are required in this case. More information

Hybrid Deployment – Inbound Routing Option 1
Route mail through the on-premises organization for both on-premises and Exchange Online mailboxes. In this case MX points to on-premises servers and all mails including those sent to Exchange Online mailboxes are routed via on-premises infrastructure. The following steps Illustrate the mail flow path. 1) An inbound message is sent from an Internet sender to the recipients and Chris's mailbox is located on an Exchange 2013 Mailbox server in the on-premises organization. David's mailbox is located in Exchange Online. 2) Because the recipients both have contoso.com addresses, and the MX record for contoso.com points to the on-premises organization, the message is delivered to an Exchange 2013 Client Access server. 3) The Exchange 2013 Client Access server performs a lookup for each recipient using an on-premises global catalog server. Through the global catalog lookup, it determines that Chris's mailbox is located on the Exchange 2013 Mailbox server while David's mailbox is located in the Exchange Online organization and has a hybrid routing address of In this example, the Client Access and Mailbox server roles are installed on the same Exchange 2013 server. 4) The Exchange 2013 Client Access server splits the message into two copies. One copy of the message is sent to the Exchange 2013 Mailbox server where it’s delivered to Chris’s mailbox. 5) The second copy of the message is sent by the Exchange 2013 Client Access server to EOP, which receives messages sent to the Exchange Online organization, using a Send connector configured to use TLS. 6) EOP sends the message to the Exchange Online organization where the message is scanned for viruses and delivered to David's mailbox. For additional talking points please refer

Route mail through Exchange Online for both on-premises and Exchange Online organizations with centralized mail transport disabled (default configuration) In this case MX points to EOP and centralized mail transport is disabled. This is the default configuration for hybrid deployment In this configuration, incoming Internet messages are routed as follows. 1. An inbound message is sent from an Internet sender to the recipients and Chris's mailbox is located on an Exchange 2013 Mailbox server in the on-premises organization. David's mailbox is located in Exchange Online. 2. Because the recipients both have contoso.com addresses, and the MX record for contoso.com points to EOP, the message is delivered to EOP. 3. EOP routes the messages for both recipients to Exchange Online. 4. Exchange Online scans the messages for viruses and performs a lookup for each recipient. Through the lookup, it determines that Chris's mailbox is located in the on-premises organization while David's mailbox is located in the Exchange Online organization. 5. Exchange Online splits the message into two copies. One copy of the message is delivered to David's mailbox. 6. The second copy is sent from Exchange Online back to EOP. 7. EOP sends the message to the Exchange 2013 Client Access servers in the on-premises organization. 8. An Exchange 2013 Client Access server sends the message to the Exchange 2013 Mailbox server where it’s delivered to Chris's mailbox. In this example, the Client Access and Mailbox server roles are installed on the same Exchange 2013 server. When you run the Hybrid Configuration wizard, you can select one of two options: • Enable centralized mail transport Selecting this option routes outbound messages sent from the Exchange Online organization through your on-premises organization. Except for messages sent to other recipients in the same Exchange Online organization, all messages sent from recipients in the Exchange Online organization are sent through the on-premises organization. This enables you to apply compliance rules to these messages and any other processes or requirements that must be applied to all of your recipients, regardless of whether they're located in the Exchange Online organization or the on-premises organization. Note: Centralized mail transport is only recommended for organizations with specific compliance-related transport needs. Our recommendation for typical Exchange organizations is not to enable centralized mail transport. • Don’t enable centralized mail transport Selected by default in the Hybrid Configuration wizard, this option routes outbound messages sent from the Exchange Online organization directly to the Internet. Use this option if you don't need to apply any on-premises compliance policies or other processing rules to messages that are sent from recipients in the Exchange Online organization. For more talking points please refer

Route mail through Exchange Online for both on-premises and Exchange Online organizations with centralized mail transport enabled. This setup is very similar to the previous one with MX pointing to EOP. The difference in this case is that centralized mail transport is enabled. Incoming Internet messages are routed as follows 1. An inbound message is sent from an Internet sender to the recipients and Chris's mailbox is located on an Exchange 2013 Mailbox server in the on-premises organization. David's mailbox is located in Exchange Online. 2. Because the recipients both have contoso.com addresses, and the MX record for contoso.com points to EOP, the message is delivered to EOP and scanned for viruses. 3. Since centralized mail transport is enabled, EOP routes the messages for both recipients to the on-premises Exchange 2013 Client Access server. 4. The Exchange 2013 Client Access server performs a lookup for each recipient. Through the lookup, it determines that Chris's mailbox is located in the on-premises organization while David's mailbox is located in the Exchange Online organization. 5. The Exchange 2013 Client Access server splits the message into two copies. One copy of the message is delivered to Chris’s mailbox in the on-premises Exchange 2013 Mailbox server. 6. The second copy is sent from the Exchange 2013 Client Access server back to EOP. 7. EOP sends the message to Exchange Online. 8. Exchange delivers the message to David's mailbox. In this example, the Client Access and Mailbox server roles are installed on the same Exchange 2013 server. For additional talking points please refer us/library/jj659050(v=exchg.150).aspx

Hybrid Deployment – Outbound Routing for on-premises mailboxes
Messages sent from on-premises recipients are always sent directly to Internet recipients using DNS. Messages sent from on-premises recipients are always sent to directly to Internet recipients using DNS regardless of which of the above choices you select in the Hybrid Configuration wizard. There is no EOP coverage in this case. The following steps and the above diagram illustrate the outbound message path for messages sent from on- premises recipients. 1. Chris, who has a mailbox on the on-premises Exchange 2013 Mailbox server, sends a message to an external Internet recipient, 2. The Exchange 2013 server, which has both the Client Access and Mailbox server roles installed, looks up the MX record for cpandl.com and sends the message to the cpandl.com mail servers located on the Internet. For talking points please refer

Hybrid Deployment – Outbound Routing for Online Mailboxes, Option 1
Mail from Exchange Online senders routed directly to the Internet with centralized mail transport disabled (default configuration). The following steps and the above diagram illustrate the outbound message path for messages sent from Exchange Online recipients to an Internet recipient that occur when Enable centralized mail transport is not selected in the Hybrid Configuration wizard, which is the default configuration. 1. David, who has a mailbox in the Exchange Online organization, sends a message to an external Internet recipient, 2. Exchange Online scans the message for viruses and sends the message to the Exchange Online EOP company. 3. EOP looks up the MX record for cpandl.com and sends the message to the cpandl.com mail servers located on the Internet. For talking points please refer

Hybrid Deployment – Outbound Routing for Online Mailboxes, Option 1
Mail from Exchange Online senders routed through on-premises organization with centralized mail transport enabled. The following steps and diagram illustrate the outbound message path for messages sent from Exchange Online recipients to an Internet recipient that occur when you select Enable centralized mail transport in the Hybrid Configuration wizard. 1. David, who has a mailbox in the Exchange Online organization, sends a message to an external Internet recipient, 2. Exchange Online scans the message for viruses and sends the message to EOP. 3. EOP is configured to send all Internet-bound messages to an on-premises server, so the message is routed to an Exchange 2013 Client Access server. The message is sent using TLS. 4. An Exchange 2013 Client Access server performs compliance, anti-virus, and any other processes configured by the administrator on David's message. 5. The Exchange 2013 Client Access server looks up the MX record for cpandl.com and sends the message to the cpandl.com mail servers located on the Internet. For talking points please refer

EOP with Outbound Smart Hosting
Works with standalone and hybrid scenarios. The smart host is typically an on- premises protection or compliance solution. Some customers may want to utilize their on-premises protection or compliance solution together with EOP. This scenario is suitable for such customers. The smart host in this case is a protection or compliance appliance on-premises. For more details please refer

Regulated Partner with Forced TLS
Secure communication with partners. Works for on-premises and online mailboxes. Encrypted communication may be a requirement between the customer and some of their business partners. In such case, a forced TLS(Transport Layer Security) connection (using a dedicated connector) would be required between the two organizations. The diagram represents such an architecture for Exchange Online mailboxes. The same architecture is applicable to on-premises mailboxes as well More details available here

Planning considerations for Migrating from Other Platforms
4/13/2018 Planning considerations for Migrating from Other Platforms Set Expectations There is no on-premises version available for EOP. Customers may see a change in patterns such as less false positives but more grey mail. Every product needs to be tuned to customers environment. Features may function differently. Porting Configuration Irrespective of the source platform, the process for switching to EOP is similar. EOP with default settings meets most of the requirements. Good opportunity to trim old safe/block lists. Content filtering rules may not be needed. It is important to set right expectations with the customer before migrating from existing platform. Features and user experience may vary significantly between current platform and EOP. Feature to feature mapping and migration may not be possible or required. For talking points please refer © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Planning considerations for Migrating from Other Platforms
Allow and Block IP Lists List of IP addresses allowed/blocked to send s may need to be copied over to EOP. Accepted Domains List of all domains that you own need to be reconfigured in EOP. Do you send bulk mails? By default all bulk s are disabled. Connector Settings Smart host IP address. Any conditional routing requirements. Partner domains requiring TLS Users and Groups Directory Synchronization. Manual creation. Safe/Blocked Senders List DirSync can preserve this list. PowerShell based scripting can automate this task (requires Exchange Online). Outbound smart hosting Conditional mail routing Regulated partner with TLS Remote PowerShell is not available under EOP Standalone us/library/exchange-online-protection-service-description.aspx

Implementation Project Manager - EOP
Available for free if the number of seats are > 1000 Project planning Up to 90 days of deployment assistance What do we do and when? Architecture How to integrate EOP into my environment? What are the service best practices? How do I port my configuration from my previous solution? Free 90-day deployment assistance from Implementation Project Manager for customers with 1,000 seats or more

Software Assurance Planning Services Partner MUST customize prior to delivery Speaker: Engagement Manager / Delivery Consultant Title of presentation: Exchange DLP Deployment Planning and Pilot Kickoff Presentation Length of presentation: 15 minutes Audience: IT Professionals, IT Managers, Project stakeholders Sales Cycle Alignment: Engagement Desired Outcomes: Kickoff Planning Services engagement Team introduction Set Agenda for the engagement Modular Outline: Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER 192192

Notes to Presenter: Use of this template is recommended, but not a mandatory requirement for the planning services engagement Use the time during this presentation to set the context, know the team members participating in the engagement and set expectations about the output. Please add/remove information as appropriate. Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Exchange DLP Deployment Planning and Pilot Engagement Kickoff
Software Assurance Planning Services

Team {Partner} 4/13/2018 {Partner} Sponsor Engagement Manager
Name Role {Partner} Account Team <Insert name here> Account Executive Microsoft Technical Specialist/Architect Services Executive {Partner} Services Team Engagement Manager Exchange DLP Technical Consultant {Partner} Sponsor Engagement Manager Consultant © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Team {Customer} Name Role / Focus area {CUSTOMER} CoreTeam
<Insert name here> Executive Sponsor Project Manager {CUSTOMER} Technical subject matter experts (SMEs) IT Manager IT Pro

What we expect What you get Keep to the schedule Be present Interact Ask when things don’t add up Recommended practices End to end view Limited production pilot Get your questions answered

Deployment Planning and Limited Production Pilot
Agenda

Engagement Agenda Time Topic Description 9:00 AM Intro/Kick-off
4/13/2018 Engagement Agenda Time Topic Description 9:00 AM Intro/Kick-off A overview of the workshop and pilot. Setting goals and expectations. 9:15 AM Understanding the environment Understand the solution environment and review the responses to the pre-engagement questionnaire. 9:45 AM Requirements gathering Understand the business, technical, operational, compliance, security and other requirements. 10:45 AM Exchange DLP Technical Overview Understand the core technical features of Exchange DLP. 12:45 PM Lunch 1:45 PM Solution alignment Ensure that customer requirements are correctly mapped to various DLP features and capabilities. 2:45 PM Deployment planning Discuss the various deployment strategies. Discussion on how to formulate various DLP policies, rules,policy tips, document fingerprints, reports etc. 3:45 PM Limited production pilot Deploying one DLP policy in production environment. 5:00 PM Debrief and conclusion Preparing Findings and Recommendations document and presenting the same to the customer team. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Exchange DLP Deployment Planning and Pilot
Partner MUST customize prior to delivery Speaker: Engagement delivery consultant. Title of presentation: Understanding the Environment Length of presentation: 30 minutes Audience: Customer BDM/TDM/IT Pro Sales Cycle Alignment: Post-sales Deployment Desired Outcomes: Delivery consultant will have a firm understanding of customer’s messaging environment and factors driving the deployment of Exchange DLP. Modular Outline: Discussion on the current messaging environment, assessment of the environmental readiness to deploy Exchange DLP, review of pre-engagement questionnaire. Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER

Notes to Presenter Customize this presentation as appropriate. This is only a template. This slide deck should be used as an aid to understand the solution environment and customer challenges. The presenter should take notes from the discussion. These notes should help the presenter in preparing the Findings and Recommendations document. Responses to the pre-engagement questionnaire should be discussed during this session. A whiteboard may be used as appropriate for the discussion. Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Understanding the Environment
Exchange DLP Deployment Planning and Pilot Understanding the Environment Speaker Name Title Organization

Agenda Introductions and context.
Review of Pre-Engagement Questionnaire. Understanding the Messaging Environment. Current DLP Solution. Current Challenges.

This is an interactive session to understand the solution environment. During this session environmental factors affecting Exchange DLP deployment will be discussed. Customer can provide the required details either during the discussions or at the end of the session.

Review of Pre-Engagement Questionnaire
Utilize this time to validate your understanding of the responses provided by the customer.

Business environment Number of distinct organizations/business units served by the messaging solution. Types of sensitive data transmitted over . Relevant regulations and policies. Server environment Exchange Server version. Architecture (On-premises, hybrid or online). Client environment Outlook versions. Distribution of desktop, browser and mobile clients. Understand the business environment that necessitated the deployment of Exchange DLP. You may want to ask questions such as how many business units or distinct organizations are served by the messaging solution? What kind of sensitive data is transmitted over ? Are there any standard document templates used for exchanging sensitive data? What are the various regulations and policies governing the messaging environment. Understand the Exchange server version and architecture. Understand the clients used by the end users.

Existing DLP Solution (if any)
What are the business rules? What are the policies? What are the exceptions? Do you need a 1 to 1 mapping with the new solution? How integration is done with Exchange? What are the administration tools? What are the reports in use? Are there any notifications configured? If customer is using any other DLP solution, understand the details of it. Find out if they want to achieve same functionality in the Exchange DLP solution or not.

Current Challenges Open Discussion
Time for open discussion. Utilize this time to capture the challenges faced by the customer with respect to their current situation. Also, try to gain high level understanding of what the customer is expecting from the Exchange DLP solution. Close this session by explaining the next steps in the workshop.

Exchange DLP Deployment Planning and Pilot
Partner MUST customize prior to delivery Speaker: Engagement delivery consultant Title of presentation: Requirements gathering Length of presentation: 60 minutes Audience: {Customer BDM/TDM/IT Pro} Sales Cycle Alignment: Post-sales Deployment Desired Outcomes: All customer requirements are gathered and documented. Modular Outline: Business, operational, technical Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER

Notes to Presenter Use this slide deck to document the customer requirements. Contents of this slide deck will go as an input to the slide deck 05_Requirements Vs Feature Mapping. If required, add additional slides to gather requirements.

Requirements Gathering
Exchange DLP Deployment Planning and Pilot Requirements Gathering Speaker Name Title Organization The engagement delivery consultant should be delivering this session. Utilize this session to understand the immediate requirements (as far as this engagement is concerned) as well as the requirements of the full project deployment.

Agenda Introduction and context. Requirements Discussion.
Documenting the Requirements. Next Steps. Purpose of this session is to discuss the detailed business, operational and technical requirements. They will be captured in this slide deck. Later in the workshop, after learning the capabilities of Exchange DLP, these requirements will be mapped against Exchange DLP features and settings. Contents of this deck would be a key input to the Findings and Recommendations document. Please use the remaining slides of this deck to gather requirements. Additional slides and categories can be added based on customer scenario.

Business, technical and operational requirements will be gathered in this session. Later in the workshop, these requirements will be mapped against Exchange DLP features and settings. Final recommendations document will contain a summary of all the requirements discussed in this session.

# Requirement BR01 BR02 BR03 BR04 Duplicate this slide if content does not fit into one slide. Business requirements should include details of the kind of data to be protected, regulatory and other policy compliance requirements, factors affecting the profitability and image of the customer organization etc.

Operational Requirements
# Requirement OR01 OR02 OR03 OR04 Include requirements such as percentage of false positives/negatives, administration model, user education etc. Duplicate this slide if content does not fit into one slide.

Technical Requirements
# Requirement TR01 TR02 TR03 TR04 Include requirements related to reporting, document templates, sensitive information types, clients used by users. Duplicate this slide if content does not fit into one slide.

Exchange Data Loss Prevention – Technical Overview
Speaker Name Title Organization DLP – Data Loss Prevention Objective of this presentation is to introduce technical features of DLP. Audience: The intended audience for this presentation are IT Professionals, IT Managers and system administrators. Live demonstrations are key to the successful delivery of this presentation. Ensure that a demo environment is ready prior to the session.

Agenda Introduction Establishing DLP Policies Document Fingerprinting
Policy Tips Reporting This section (Introduction) starts with an introduction to Microsoft’s approach towards information protection technologies within Exchange. In subsequent slides information specific to DLP is discussed

What causes a breach? 24% 97% avoidable! 37% 39% System glitches
Malicious intent Oops! 37% 39% There are three common categories for breaches. <ACTION> The first category is malicious intent, or the bad guys doing bad things. <ACTION>System glitches is the category for when automation goes wrong. <ACTION>The final is Negligence, or the “Oops!” moment. This is simply the condition of human error, and we are all prone to it. In 2007, the United States Transportation Security Administration reported that there were 12,255 laptops lost in US airports PER WEEK. That is the epitome of an oops moment. GIVEAWAY #4 (Which has the highest %?) <ACTION>The percentages you see on the screen are categorical industry averages for breach by type. <ACTION> However, 97% of these issues are avoidable. Please note that DLP solution is not meant to protect information from users with malicious intent. Online Trust Alliance: 2013 Data Protection and Breach Readiness Guide

Exchange security and protection
Protect communications Enforce policy Simplify management In Exchange 2013, we’ve made a number of investments to help you respond to these challenges: Protect Communications Basic level of built-in anti-malware, Anti-malware and enhanced spam filtering in the cloud to protect your environment from threats Enforce Policy Data loss prevention (DLP) controls that detect sensitive data in before it is sent and automatically block, hold or protect Simplify Management Unified administration of anti-spam, anti-malware, and data loss prevention within Exchange

Microsoft Exchange 4/13/2018 Policy enforcement Flexible tools for policy enforcement that provide the right level of control Transport rules Rights management Data Loss Prevention Leakage or loss of data through is a growing risk and concern for many organizations today – because of regulations, breaches of trust or loss of business critical information. Exchange approach to the problem is to provide a range of soft and hard controls. Flexible solution: Customers have differing needs – solution needs to be flexible Within a given organization, different types of data, different parts of the company require different levels of enforcement Protect against loss without getting in users’ way Attempts to implement policy can’t get in the way of business processes, or these will fail Exchange has been making investments in this area for the last few releases Transport rules in Exchange 2007 Transport rules + Rights protection in Exchange 2010 MailTips in Exchange 2010 / Outlook 2010 (alert user before the is sent) – “Bob Jones is outside of your organization” Actions are built in today already (as part of transport rules) – block, monitor, RMS protect, etc In Exchange 2013 we build on this foundation and bring full DLP to the product © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Data Loss Prevention in Exchange
Identify Monitor DLP policies are simple packages that contain sets of conditions, which are made up of transport rules, actions, and exceptions. Helps to identify, monitor, protect sensitive data through deep content analysis and document fingerprinting. Policy tips to proactively inform users about violations. Easy management using Exchange admin center and Exchange management shell. Protect Easy to use Context Data loss prevention (DLP) is an important issue for enterprise message systems because of the extensive use of for business critical communication that includes sensitive data. The DLP feature and it’s management tools are very closely tied to EOP. Configuration of DLP is briefly covered in the next few slides. What is DLP? DLP policies are simple packages that contain sets of conditions, which are made up of transport rules, actions, and exceptions that you create in the Exchange Administration Center (EAC) and then activate to filter messages. You can create a DLP policy, but choose to not activate it. This allows you to test your policies without affecting mail flow. DLP policies can use the full power of existing transport rules. In fact, a number of new types of transport rules have been created in Microsoft Exchange Server 2013 and Exchange Online in order to accomplish new DLP capability. One important new feature of transport rules is a new approach to classifying sensitive information that can be incorporated into mail flow processing. This DLP feature performs deep content analysis through keyword matches, dictionary matches, regular expression evaluation, and other content examination to detect content that violates organizational DLP policies. The latest release of Exchange Online and Exchange 2013 SP1 add Document Fingerprinting, which helps you detect sensitive information in standard forms. Policy Tips In addition to the customizable DLP policies themselves, you can also inform senders that they may be about to violate one of your policies—even before they send an offending message. You can accomplish this by configuring Policy Tips. Policy Tips are similar to MailTips, and can be configured to present a brief note in the Microsoft Outlook 2013 client that provides information about possible policy violations to a person creating a message. In the latest release of Exchange Online and in Exchange 2013 SP1, Policy Tips are also displayed in Outlook Web App and OWA for Devices. For more information, see Policy tips. Easy to use Exchange DLP offers reduced management overhead due to close integration with EOP management tools. Comment from a customer: "I am looking forward to turning off our Barracuda device and switching to EOP. I like the simple interface design being shown“ Unified Management for EOP and DLP : Mail, anti-spam, anti-malware, and data loss prevention controls in one console Single Set Of Filtering Rules - Integration of EOP policies & transport rules Programmability through PowerShell Role Based Access Control Domain Management Message Tracing Quarantine Management Additional information is available here

Buying DLP Exchange Online: DLP is a premium feature that requires an Exchange Online Plan 2 subscription. Purchase options include E3, E4, A3,A4, G3 and G4. Exchange 2013: DLP is a premium feature that requires an Exchange Enterprise Client Access License (CAL). Exchange Enterprise CAL with Services: Includes EOP as well DLP policies are applied in Exchange Online. Suitable for hybrid deployments. How to buy DLP? DLP is available with both on-premises and online versions of Exchange. There are three different ways in which you can license the DLP feature. Exchange Online: DLP is a premium feature that requires an Exchange Online Plan 2 subscription. For more information, see Exchange Online Licensing. Exchange 2013: DLP is a premium feature that requires an Exchange Enterprise Client Access License (CAL). For more information about CALs and server licensing, see Exchange Server Licensing. Exchange Enterprise CAL with Services: There is a behavior distinction to take note of if you are an Exchange Enterprise CAL with Services customer with a hybrid deployment, where you have some mailboxes located on premises and some in Exchange Online. DLP policies are applied in Exchange Online. Therefore, messages sent from one on-premises user to another on-premises user do not have DLP policies applied, because the message doesn’t leave the on-premises infrastructure.

Policy Tips Reporting

Exchange DLP Pre-requisites
Obtain the appropriate license for Exchange. Have at least one sender mailbox. Getting started with Exchange DLP is very easy. There are only two pre-requisites if you already have a Microsoft Exchange environment You need to have an appropriate license for Exchange or Exchange Online. Licensing options are covered earlier in this presentation. Create at least one user mailbox in the Exchange environment

Use of DLP policies does not ensure compliance with any regulation.
Caution! You should enable your DLP policies in test mode before running them in production environment. During such tests, it is recommended that you configure sample user mailboxes and send test messages that invoke your test policies in order to confirm the results. Use of DLP policies does not ensure compliance with any regulation. After testing is complete, make the necessary configuration changes in Exchange so the transmission of information complies with your organization's policies. Objective: Set right expectations with the customer about what and how compliance requirements can be met by implementing Exchange DLP. The DLP policies should be thoroughly tested before applying them on to production mailboxes. Just having the DLP policies applied does not ensure compliance with organizational policies or regulations. Make sure that necessary changes are made to the DLP policies to achieve compliance with organization's policies.

How DLP Rules Get Applied
When you activate a transport rule or DLP policy, the Exchange transport rules agent compares all messages that your users send with the rule sets that you create. Example: Checking credit card information in messages Get content Spencer Badillo Visa: Expires: 2/2012 Regular Expression Analysis > a 16-digit number is detected Functional Analysis > matches checksum > doesn’t match Corroborative Evidence Keyword Visa is near the number. A regular expression for a date (2/2012) is near the number. Verdict There is a regular expression that matches a checksum. Additional evidence increases confidence Objective of this slide is to help audience understand the overall process flow of DLP rules in action. The Exchange transport rules agent compares all messages that your users send with the rule sets that you create and take appropriate actions. As an example let us consider checking credit card information in s sent by users. The process of analysis and conclusion has the following steps. Get content: Content of the is obtained Regular expression analysis: Regular expressions are detected, a 16 digit number in this case. Functional analysis: It evaluates the Lhun’s checksum algorithm against the 16-digit number in order to ensure the likelihood of this being a credit card number is high. Corroborative evidence: This is important as the results of functional analysis alone cannot be used to come to any conclusion. Additional information such as key words ( “visa” in this case) and regular expressions (“date(2/2012” in this case) are gathered to increase the confidence level. Verdict: Based on the evidences collected and the analysis performed a conclusion will be made whether a particular message has violated DLP policies or not. The action to be taken on the message can be configured in the transport rule. You can find more detailed information about this process in this link us/library/dn329050(v=exchg.150).aspx

Methods of Establishing DLP Policies
Apply an out of the box template. Create a custom policy from scratch. Import a policy file created outside of Exchange. Before you can start protecting sensitive information you need to create and apply DLP policies. There are three different ways to create DLP policies. Apply an out of the box template: The quickest way to start using DLP policies is to create and implement a new policy using a template. The policy templates are models from which you can select or build your own specific rules to create a policy that meets your needs for data loss prevention. For more information about the policy templates that are included, see DLP policy templates supplied in Exchange. Create a custom policy from scratch: You can create a custom policy entirely on your own in order to start checking and acting upon your own unique message data. You will need to know the requirements and constraints of the environment in which the DLP policy will be enforced in order to create such a custom policy Import a policy file created outside of Exchange: You can develop DLP policy templates as XML files independent of Microsoft Exchange and then import them using the Exchange Administration Center or the Exchange management shell. Advanced customization is possible by following this method. Details of concepts and the XML schema definition that you must understand in order to begin creating your own XML files for both DLP policy templates and sensitive information rule packages are available here

Sensitive Information Types in DLP
Sensitive information types are used in DLP policy rules to detect violations and take appropriate actions. Microsoft provides an inventory of sensitive information types within Exchange in 3 categories PII (E.g. driver license and passport numbers) Finance (E.g. bank and credit card numbers) Health information (E.g. Social security and health numbers) The list can be extended by authoring XML files and then importing into Exchange. Exchange has several sensitive information types built into it. These sensitive information types are used in rules included in DLP policies. These rules check for sensitive information in applicable s. More information on sensitive information types is available here You can read more on sensitive information type inventory here us/library/jj150541(v=exchg.150).aspx Customers may want to define their own sensitive information type. You can write your own sensitive information definitions in a classification rule package, which is an XML file, and import it as part of your DLP solution. More information on this topic will be discussed later in the presentation.

Sensitive Information Types
They are used as conditions in rules inside DLP policies. There are over 50 different sensitive information types

DLP Policy Templates The policy templates are models from which you can select or build your own specific rules to create a policy that meets your needs for data loss prevention. A policy template includes a range of conditions, rules, and actions that you can choose from in order to create and save an actual DLP policy that will help you inspect messages. You can use DLP policy templates as a starting point for building DLP policies that help you meet your specific regulatory and business policy needs. You can modify the templates to meet the specific needs of your organization. Objective: Help audience understand what DLP policy templates are and benefits of using them. DLP policy templates are preconfigured DLP policies. It is the quickest way to get started with Exchange DLP. However, they are customizable to meet specific organizational requirements. You can find the complete list of DLP Policy Templates supplied in Exchange in this link Additional information

DLP Templates Exchange has built-in templates covering domains such as financial, PII and health care data. Here the screenshot from EAC of DLP templates. When creating DLP policies pick the one that closely resembles your requirement.

DLP Rules DLP templates (policies as well) may contain multiple rules.
A DLP template consists of multiple transport rules. Each rule checks for specific sensitive information types and takes appropriate action based on findings.

Custom DLP Templates Although Microsoft has provided policy templates and sensitive information types within Exchange for you to get started, your unique business needs can require a customization. For this reason, Microsoft provides a way for you to create and import your own DLP policy templates or your own sensitive information definitions within classification rule packages.. You can develop DLP policy templates as XML files independent of Microsoft Exchange and then import them using the EAC or the EMS. Whenever possible customers should use the built-in templates to create DLP policies. If built-in templates are not helpful custom DLP policies maybe created from EAC (Exchange admin center) or EMS (Exchange management shell). If either of the above options are not helpful we recommend creating custom DLP templates. You can write your own DLP policy template XML files and import them into Exchange. Details of authoring the DLP template XML files are beyond the scope of this presentation. More information on it can be found here

Managing DLP Policies You can add, view, change or remove DLP policies in Microsoft Exchange using EAC or EMS. You need to be a member of Compliance Management management role group to carry out DLP related tasks. A policy can be in one of the three modes Enforce Test DLP policy with Policy Tips Test DLP policy without Policy Tips More information on Messaging Policy and Compliance Permissions are available here Reference Note: An individual rule within a DLP policy can have its own mode settings. When the mode of a policy is different than the mode of a rule within that policy, the rule setting has priority and will be evaluated according to its mode.

DLP in Exchange admin center
Manage existing and new policies from EAC View reports Manage policy tips and document fingerprinting EAC is the primary tool to manage DLP. The web based UI allows you to add, view, edit and delete DLP policies. Other management tasks such policy tips, document fingerprinting and reporting can also be performed from the same console.

Microsoft Exchange 4/13/2018 Transport rule conditions DLP policy rules DLP specific condition Built on transport rules Supports discovery phase of compliance Take action to enforce policy Hold, block, audit & provide notification for that contains sensitive business data DLP specific action – Policy Tip Transport rule actions Explain the various options within a rule with the help of this slide. You may explain these concepts with the help of a live demo as well. Actions Built on Exchange Transport Rules; Supports discovery phase of compliance – 2 clicks to start monitoring sensitive information Predicate to use is “The message contains sensitive information ….” DLP specific actions: Notify the sender with a Policy Tip Other Transport Rule actions are available too Exceptions © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Managing DLP using PowerShell
Connect to Exchange Remote PowerShell to run these cmdlets Exchange DLP can be managed using PowerShell cmdlets by connecting to Exchange Remote PowerShell. Both online and on-premises versions of Exchange support Remote PowerShell. Reference of DLP cmdlets available here

Demo Create DLP policy from a template
Create a custom DLP policy without any existing rule. Demonstrate creation of a DLP policy from a template. For demo steps please refer to this link Demonstrate creation of a custom DLP policy from the scratch. For demo steps you can refer to this link.

Document Fingerprinting
Useful when organizations have a practice of using certain forms to transmit sensitive information. This is achieved by converting a standard form into a sensitive information type (fingerprint), which can be used to define transport rules and DLP policies. This process works with any text-based forms used in your organization. After you upload an empty form to be converted to a document fingerprint and set up a corresponding policy, the DLP agent will detect any documents in outbound mail that match that fingerprint. Many organizations make use of standard forms to share documents. When sensitive information is shared in pre-defined document formats(templates) they can be tracked as they pass through Exchange transport engine. The fingerprint of document templates become sensitive information type in DLP. Once the document fingerprint is available as a sensitive information type in Exchange, DLP policies and rules can be created as usual. More information on document fingerprinting is available here us/library/dn635176(v=exchg.150).aspx

Fingerprint creation and matching
The DLP agent identifies the unique word pattern in the document, creates a document fingerprint (Unicode XML file containing a unique hash value representing the original text) The fingerprint is saved as a data classification in Active Directory. The fingerprint then becomes a sensitive information type that you can associate with a DLP policy. This slide provides more detailed information on how document fingerprinting is done Additional information on document fingerprinting is available here

Limitations of document fingerprinting
Optional Slide File types not supported by Exchange transport rules cannot be used for fingerprinting. If ETR cannot crack open the password protected files, they cannot be inspected by document fingerprinting agent. Files that contain only images cannot be checked for document fingerprinting. Documents that don’t contain all the text from the original form used to create the document fingerprint flows undetected. Objective: To set right expectations and the inform customer about the limitations of document fingerprinting The document fingerprinting feature has certain limitations as mentioned in this slide. ETR can crack open password protected Office files. To know about the file types that are supported in transport rules please check this link More information on document fingerprinting is available here ETR – Exchange Transport Rules.

Create a document fingerprint
EAC allows you to create document fingerprint in 3 simple steps. Objective of this slide to explain the ease of creating a document fingerprint from EAC.

Creating a DLP policy rule using document fingerprint
The document fingerprints that you create appear as sensitive information types while creating rules in a DLP policy. Objective of this slide is to demonstrate how the document fingerprint can be used as a sensitive information type in DLP policy rule.

Demo Creating document fingerprint.
Creating a DLP policy with document fingerprint. Demo steps are available at this link Use the EAC for demo as it is visually more appealing. You may want to consider the PowerShell method if majority of audience prefer it.

Policy Tips Real time and proactive awareness about organizational policies on sensitive information Scans attachments, subject line and body text. Works with Outlook 2013, OWA and OWA for devices. Works even when disconnected. Admin can customize the notifications. Real time and proactive notification will improve end user awareness and reduces the chances of accidental leakage of sensitive information. Policy tips are similar to mail tips in Exchange. Notification messages are displayed to users in Outlook while they are composing an message. Policy Tip notification messages only show up if something about the sender’s message seems to violate a DLP policy that you have in place and that policy includes a rule to notify the sender when the conditions that you establish are met. On the server side Exchange Online or Exchange Server 2013 SP1 is required. Outlook downloads the policies every 24 hours so this even works when the client is not connected. More details on Policy Tips can be found here us/library/jj150512(v=exchg.150).aspx

Policy Tips in OWA for devices
Now, Policy Tips are available in OWA and OWA for devices as well. You need Exchange server 2013 SP1 or Exchange Online at the backed to avail this feature.

Policy Tip in a DLP Rule Policy Tip is implemented as an action item in a DLP policy rule. Options include Notify only. Block message. Block unless false positive override. Block unless silent override. Block unless explicit override. Policy Tip is available as an action item when you create a rules in a DLP policy. There are five different types of notifications available for you to configure. Explain all of them Notify only: Similar to MailTips, this causes an informative Policy Tip notification message about a policy violation. A sender can prevent this type of tip from showing up by using a Policy Tip options dialog box that can be accessed in Outlook. Block message: The message will not be delivered until the condition is no longer present. The sender is provided with an option to indicate that their message does not contain sensitive content. This is also known as a false-positive override. If the sender indicates this, then Outlook will allow the message to leave the outbox so that the user’s report may be audited, but Exchange will block the message from being sent. Block unless false positive override: The result with this notification rule is similar to the Block message notification rule. However, if you select this then Exchange will allow the message to be sent to the intended recipient, instead of blocking the message. Block unless silent override: The message will not be delivered until the condition is no longer present or the sender indicates an override. The sender is provided with an option to indicate that they wish to override the policy. Block unless explicit override: The result with this notification rule is similar to the Block unless silent override notification rule, except that in this case when the sender attempts to override the policy, they are required to provide a justification for overriding the policy. More details available at this link

Customizing Policy Tip Message
Possible customizations Notify the sender Allow the sender to override Block the message Link to compliance URL Customers may want Policy Tip messages to be specific to their organization's policies. They may also want provide policy URL as part of Policy Tip notifications. You can customize the text of a Policy Tip notification that senders see in their program. If you do this, keep in mind that your custom Policy Tip notification text will not appear unless you also configure a DLP policy with a rule that will cause the customized text to appear. Possible customizations are Notify the sender: The customized text appears only when a Notify the sender, but allow them to send action is initiated. Allow the sender to override: The customized text appears only when the following actions are initiated: Block the message unless it’s a false positive, Block the message, but allow the sender to override and send. Block the message: The customized text appears only when a Block the message action is initiated. Link to compliance URL: This URL appears only when a Block the message, but allow the sender to override with a business justification and send action is initiated For more information please check

Demo Create a notify-only Policy Tip.
Create a block-message Policy Tip. Create a block-unless-override Policy Tip. Create a custom Policy Tip notification. For demo steps please check this link

DLP Reporting Reports help you identify, investigate, and resolve DLP policy violations. Reports are generated using the data stored in message tracking logs (aka delivery reports). Three types of reports are available Incident reports: Detailed report available in format about specific incidents violating DLP policy rules. Summary reports: Available as reports, charts and tables in the admin portal and helps you understand the overall statistics of DLP detections. Excel based report: An Excel plugin downloadable from the admin portal helps you slice and analyze DLP policy detections data. The Exchange DLP comes with rich reporting capabilities. They help you identify, investigate and resolve policy violations. Data required for DLP reports come from the message tracking logs.

Configuring incident reports.
Configured through the transport rule action Generate Incident Report An incident management mailbox can be configured to receive all such reports. Pick the message properties to be included in the report. Incident management reports provide you detailed information about violation of specific DLP policy rules. A single incident report will be generated for each message only if the Generate Incident Report action is applied within a policy. Explanations of various line items in a DLP rule can be found here us/library/jj150534(v=exchg.150).aspx

Reading the incident report details
< > Audit data Katie, Classification Rule details Here is an example of an incident report. Original mail sent by the user is attached to the incident report. You can see that information such as audit data, classification and rule details are available in the report.

DLP Summary Reports Available at O365 admin center
Available from the DLP Policy editor Available from the DLP Policy rules editor DLP summary reports are available from different places within admin portal. They are available from 1) O365 admin center 2) DLP policy editor 3) DLP rules editor. These reports will help you understand the effectiveness of the DLP policies you have implemented in your organization. The reports, charts and tables insights into the messages detected by DLP policies as violations.

DLP Summary Reports The built-in filters allow custom view of the data. The reports provide a variety of data points about your rules and policies in an easy-to-read format. You can also use the built-in filtering available with the reports to create different views and learn even more about your compliance efforts. More information available here

Office 365 Excel Plugin for Exchange Online Reporting
Detailed analysis is possible through various filtering options in Excel. The Excel plugin is available for download in Office 365 admin center. You can find a lot of detailed information about DLP policy detections on individual messages by using the Microsoft Office 365 Excel Plugin for Exchange Online Reporting. This reporting workbook is a tool that you can download and use along with Excel for more detailed analysis. You can find a lot of detailed information about DLP policy detections on individual messages by using the Microsoft Office 365 Excel Plugin for Exchange Online Reporting. This reporting workbook is a tool that you can download and use along with Excel for more detailed analysis. In order to make use of the workbook, your system has to meet the software requirements listed on the tool’s download site, and you’ll need to download and run an installer program. The data for the charts in the workbook is obtained by a web service call from within Excel. After loading the summary data into the workbook, you can use Excel data slicers to perform analysis by changing the views, or use the other features of Excel to manage the data and identify trends or unusual activity. When such a condition is found, you can click through from the summary to the detail data

Demo DLP reports in Office 365 admin center.
Using EAC to view DLP reports. Excel based reports For demo steps please check this link

Resources Exchange 2013 DLP introduction DLP policy templates
TechReady 17 4/13/2018 Resources Exchange 2013 DLP introduction DLP policy templates Managing DLP policies OOB DLP policy templates Policy tips in Exchange 2013 Supported file types MessageStats Quick Guide © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/13/2018 1:13 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Exchange DLP Deployment Planning and Pilot.
Partner MUST customize prior to delivery Speaker: Engagement delivery consultant Title of presentation: Exchange Data Loss Prevention Deployment Planning and Pilot Length of presentation: 60 minutes Audience: {Customer BDM/TDM/IT Pro} Sales Cycle Alignment: Post-sales Deployment Desired Outcomes: Customer requirements are mapped against Exchange DLP features and capabilities. Any requirement that cannot be met is clearly called out. Modular Outline: Add more info here Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER Ensure that this session is delivered after all requirements are gathered and customer was educated on the Exchange DLP capabilities.

Notes to Presenter Use this slide deck to document the solution alignment. Ensure that customer requirements are clearly mapped to Exchange DLP features/settings/configurations. Clearly call out the requirements which cannot be met. Copy the requirements gathered in 02 Requirements Gathering.pptx to this deck prior to the presentation.

Requirements Mapping Speaker Name Title Organization
Exchange DLP Deployment Planning and Pilot. Requirements Mapping Speaker Name Title Organization The engagement delivery consultant should be delivering this presentation.

Agenda Introduction. Requirements Vs. Feature Mapping. Next Steps.

Introduction Business, operational and technical requirements discussed earlier will be reviewed in this session. Discussion on how requirements can be met using Exchange DLP. Summary of this discussion will be included in the Findings and Recommendation document This session is a continuation of the requirements gathering session. The audience should now be clear about their requirements and the capabilities of Exchange DLP. Contents of this deck will be a key input to the Findings and Recommendations document.

# Requirement Yes/No/Partial Exchange DLP Feature/Setting BR01 BR02 BR03 BR04 Fill in the requirements column prior to the session. Duplicate this slide if content does not fit into one slide.

Operational Requirements
# Requirement Yes/No/Partial Exchange DLP Feature/Setting OR01 OR02 OR03 OR04 Fill in the requirements column prior to the session. Duplicate this slide if content does not fit into one slide.

Technical Requirements
# Requirement Yes/No/Partial Exchange DLP Feature/Setting TR01 TR02 TR03 TR04 Fill in the requirements column prior to the session. Duplicate this slide if content does not fit into one slide.

Exchange DLP – Deployment Scenarios.
Speaker Name Title Organization This slide deck is part of the deployment planning services workshop for Exchange Data Loss Prevention. This slide deck should be presented by the engagement delivery consultant.

Deployment Scenarios Requires Plan 2 subscription.
Exchange and DLP Online Requires Plan 2 subscription. No installation required. Exchange and DLP On-Premises Requires Exchange Enterprise CAL. Requires Exchange Server 2013 or later* Exchange On-Premises and DLP Online Required Exchange Enterprise CAL with services. Suitable for prior version of Exchange server. Exchange Hybrid and DLP Online Exchange Enterprise CAL with services required. DLP works in the cloud. In a typical scenario, Exchange DLP does not require any additional installation. DLP is built into Exchange server and Exchange Online. If the customer has Exchange server 2010 they can use the DLP service available in the cloud. Help the customer understand the specific deployment scenario they are in. Additional info is available here %28v=exchg.150%29.aspx *The following features require Exchange Server 2013 SP1 DLP Policy Tips in Outlook Web App – DLP Policy Tips are now enabled for Outlook Web App (OWA) and OWA for Devices. These are the same Policy Tips available in Outlook DLP Policy Tips appear when a user attempts to send a message containing sensitive data that matches a DLP policy. Learn more about DLP Policy Tips. DLP Document Fingerprinting – DLP policies already allow you to detect sensitive information such as financial or personal data. DLP Document Fingerprinting expands this capability to detect forms used in your organization. For example, you can create a document fingerprint based on your organization’s patent request form to identify when users are sending that form, and then use DLP actions to properly control dissemination of the content. Learn more about DLP Document Fingerprinting. DLP sensitive information types for new regions – SP1 provides an expanded set of standard DLP sensitive information types covering an increased set of regions. SP1 adds region support for Poland, Finland and Taiwan. Learn more about the DLP sensitive information types available.

Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Similar presentations

Presentation on theme: "Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER

Similar presentations

Presentation on theme: "Internal Only – REMOVE BEFORE PRESENTING TO CUSTOMER"— Presentation transcript:

Similar presentations

About project

Feedback