1. Understanding Microsoft Forefront Online Protection for Exchange Robert Gillies Solution Architect Microsoft Corporation EXL201

3. FOPE Overview

4. Edge Blocking End User Quarantine Administrator Console Corporate Network Messaging Administrator Employees Inbound Filtered Email About 90% of Email is junk Outbound Filtered Email External Senders/ Recipients Exchange Server Anti-spam Antivirus Policy Automatic Spooling * Encryption * Requires additional Exchange Hosted Encryption License Active Directory FOPE Directory Synchronization Tool Legitimate Email Junk Email Forefront Online Protection for Exchange Multi-layer spam and malware protection with flexible policy enforcement

5. Every Office 365 customer is a FOPE customer Office 365 Protects any on-premises & hosted email implementation Standalone Integrates FPE/FOPE policies across on- premises & cloud environments Hybrid Scenarios

6. Rapid Email Delivery Average delivery commitment of less than 1 minute Network Uptime > 99.999% 100% Known Virus Protection > 98% Spam Detection < 1:250,000 False Positive Ratio Network Performance Spam & Malware Filtering These are part of the Exchange Online SLA & FOPE SLA FOPE SLA only

7. User Inbox User Junk Email Folder Administrator Quarantine Connection Filtering 1 Content Filtering 3 Sender-Recipient Filtering 2 Blocks up to 80% of all spam based on IP block/allow lists. Blocks up to 5% of all spam based on internal lists and heuristics. Blocks up to 15% of all spam based on internal lists and sender reputation. Connection Filtering Sender-Recipient Filtering Content Filtering Filtering based on connection, sender, recipient and content for best results

8. SPAM Protection Safe senders Spam Prevention If server down, E-mail queued for up to 5 days E-mail enters the global data center network – MX (mail.messaging.microsoft.com) Directory Services SPAM prevention IP Reputation based Filtering Reputation database Mail addressed to non existent users if rejected Mail form IP Spammers are blocked Look up e-mail filtering settings for domain Virus Scanning Engine 1 Engine 2 Engine 3 Policy Enforcement Custom Policy Rules Attachment and message attribute management Custom Spam Filter management Rules Based Scoring Fingerprint Engines Content and Policy Quarantine SPAM Quarantine SPAM E-mail server available? Delivered in a flow-controlled fashion when server is available Queue Mailbox Store SPAM SMTP Reject: 5xx Spam Analysts Customer Feedback False +ve / -ve Customer Feedback False +ve / -ve Sync SEWRSEWR

9. Look up e-mail filtering settings for domain Virus Scanning Engine 1 Engine 2 Engine 3 Policy Enforcement Custom Policy Rules Attachment and message attribute management SPAM Protection Custom Spam Filter management Rules Based Scoring Fingerprint Engine Content and Policy Quarantine Mail Server High Risk Delivery Pool High Risk Delivery Pool High Spam Score Outbound Pool Low Spam Score Safe senders

10. FOPE http://www.microsoft.com/exchange/en-us/forefront-online- protection-for-exchange.aspx Setup and Configuration

13. demo Name Title Group Administration

21. FOPE Managing Junk Mail

23. Direct access to Junk Mail folder Block/allow senders directly within message Manage safe/block sender lists directly in Outlook or Outlook Web App Default approach: users manage junk mail in Outlook/OWA Junk Mail Management in Exchange Online

24. Junk Mail Management (cont.) Flexibility to use FOPE Spam Quarantine FOPE quarantine can be used instead of the integrated Outlook experience Admins will have SSO access to Quarantine

26. FOPE Connectors and Policies

27. Outbound Connector (controls email sent from your domain) Inbound Connector (controls email sent to your domain) Source IP Source Domain Reject non Source IP Opportunistic TLS Forced TLS Spam Connection Policy Opportunistic TLS Forced TLS Smart host MX Destination domain

28. Scope Apply the policy to one or all domains Apply to Inbound or Outbound messages Match Words and phrases in the subject and body Message sizeAttachment typesNumber of recipients Sender and recipient addresses and domains IP address or domain nameRegular Expression Take Action Reject messageAllow messageQuarantine message for review Redirect message to an alternate recipient Deliver message with BCCForce TLSEncrypt message (requires EHE) Test … Indicate when a rule is to expire, if at all Create text or HTML e-mail disclaimers or footers Add a description Notify sender, recipient, or administrator

31. Encryption via policy rules & enforced in the FOPE cloud; based on Voltage SecureMail technology Identity-Based Encryption (IBE) uses email address as ID for public key No cost for recipient non-licensed user All replies and forwards remain encrypted for any mail recipient Encrypted emails are not saved by EHE Send encrypted mail to anyone; no prior setup by / for external recipients

32. Use FOPE Admin Center for these tasks Track messages outside your organization Perform transport-related tasks not available in transport rules: Specific header attributes Custom dictionaries, character sets Actions such as quarantine or encrypt Configure org-wide safe/blocked senders Configure granular antispam settings (e.g. backscatter, SPF) View reports on spam/virus filtering Configure forced TLS Track messages within your organization Set up transport rules to: Add disclaimers to e-mails Look for keywords and regular expressions in attachments Block e-mail sent to the outside world (by sender, domain, etc) Moderate e-mail delivery Configure journaling of e-mails to external archive Use Exchange Admin Tools for these tasks

33. FOPE Mail Routing Basics

34. Mailboxes BUSINESS PARTNER FOPE Edge Policy Spam woodgrovebank.com contoso.com Mailboxes Outbound Connector Inbound Connector Maintain secure and trusted communication channel with partners Avoid email interception/ eavesdropping Virus* Opportunistic TLS is on by default for Office 365 customers (no action is required to enable it) Inbound Forced TLS option can be used to secure end-to-end communication ON-PREM / HOSTED *Virus scanning is performed by FPE for O365 tenants

36. FOPE Edge Policy Spam From: Joe@contoso.com To: sales@fabrikam.com From: Joe@contoso.com To: sales@fabrikam.com Contoso.mail.onmicrosoft.com DLP appliance or service INTERNET Mailboxes Outbound Connector Value Proposition Use data leakage protection (DLP) or encryption appliances from third parties Perform custom processing or address rewrite Maintain “total mail control” during coexistence (inbound and outbound mail is all routed through on-prem server contoso.com Virus* EXCHANGE ONLINE / ON PREM *Virus scanning is performed by FPE for O365 tenants ON PREMISES / HOSTED JOURNAL

38. FOPE Edge Policy From: jane@fabrikam.com To: salesman@contoso.com From: jane@fabrikam.com To: salesman@contoso.com contoso.com fabrikam.com Mailboxes SAFE-LISTED PARTNER Inbound Connector Value Proposition Reduce the chance of false positives (legitimate email from trusted partner being flagged as spam) Virus* Spam *Virus scanning is performed by FPE for O365 tenants EXCHANGE ONLINE / ON PREM

40. FOPE Mail Routing in Action

41. MX record pointed to the cloud MX record pointed on-premises

42. Mailboxes ON-PREMISES Customer Mail Processing/Filtering EXCHANGE ONLINE Mailboxes FOPE Edge Policy Spam INTERNET Inbound From: sales@fabrikam.com To: Joe@contoso.com Inbound From: sales@fabrikam.com To: Joe@contoso.com contoso.com Outbound Exchange Send Connector Inbound FOPE Connector Virus* *Virus scanning is performed by FPE for O365 tenants Contoso.mail.onmicrosoft.com

43. Mailboxes ON-PREMISES Customer Mail Processing/Filtering EXCHANGE ONLINE Mailboxes FOPE Edge Policy Spam INTERNET Outbound From: joe@contoso.com To: sales@fabrikam.com Outbound From: joe@contoso.com To: sales@fabrikam.com contoso.com Outbound FOPE Connector Inbound Exchange Receive Connector Virus* Contoso.mail.onmicrosoft.com

44. EXCHANGE ONLINE Mailboxes FOPE Edge Virus Policy Spam Mailboxes ON-PREMISES Customer Mail Processing/Filtering Intra Org From: salesman@contoso.com To: Joe@contoso.com Intra Org From: salesman@contoso.com To: Joe@contoso.com contoso.com Outbound Exchange Send Connector Inbound FOPE Connector Contoso.mail.onmicrosoft.com

45. Mailboxes ON-PREMISES Customer Mail Processing/Filtering EXCHANGE ONLINE Mailboxes FOPE Edge Policy Spam INTERNET Inbound From: sales@fabrikam.com To: Joe@contoso.com Inbound From: sales@fabrikam.com To: Joe@contoso.com contoso.com Outbound FOPE Connector Inbound Exchange Receive Connector Virus* Shared Address Space with FOPE Relay (MX Points to FOPE O365) – Inbound *Migration to FOPE / Office 365 Contoso.mail.onmicrosoft.com

46. Mailboxes ON-PREMISES Customer Mail Processing/Filtering EXCHANGE ONLINE Mailboxes FOPE Edge Policy Spam INTERNET Outbound From: Joe@contoso.com To: sales@fabrikam.com Outbound From: Joe@contoso.com To: sales@fabrikam.com contoso.com `Exchange Send Connector Virus* Inbound FOPE Connector Contoso.mail.onmicrosoft.com

49. EXL301 – Archiving in the Cloud with Exchange Online Archiving (EOA) EXL303 – Configuring Hybrid Exchange the Easy Way

50. Geek Out with Perry Blog: http://blogs.technet.com/b/perryclarke/http://blogs.technet.com/b/perryclarke/ Exchange Team Blog: http://blogs.technet.com/b/exchange/http://blogs.technet.com/b/exchange/ Exchange TechNet Tech Center: http://technet.microsoft.com/exchangehttp://technet.microsoft.com/exchange MEC Website and Registration: http://www.mecisback.com/http://www.mecisback.com/

52. Connect. Share. Discuss. http://northamerica.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

53. Required Slide Complete an evaluation on CommNet and enter to win!

54. Scan the Tag to evaluate this session now on myTechEd Mobile