Exchange 2013 tips tricks
This presentation is the property of its rightful owner.
Sponsored Links
1 / 41

Exchange 2013 Tips & Tricks PowerPoint PPT Presentation


  • 198 Views
  • Uploaded on
  • Presentation posted in: General

Exchange 2013 Tips & Tricks. Reto Krebs, Mario Fasciano. Agenda. New and good to know about Exchange & its Management Changes to end-user-interfaces (OWA/Outlook) Built-in Malware-Protection – good enough? Site-Mailbox Overview Access Exchange 2013 with and…. w ithout TMG

Download Presentation

Exchange 2013 Tips & Tricks

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Exchange 2013 tips tricks

Exchange 2013 Tips & Tricks

Reto Krebs, Mario Fasciano


Agenda

Agenda

  • New and good to know about Exchange & its Management

  • Changes to end-user-interfaces (OWA/Outlook)

  • Built-in Malware-Protection – good enough?

  • Site-Mailbox Overview

  • Access Exchange 2013 with and…. without TMG

  • New in CU2 and what you need to know about this update

  • Key Takeaways


New and good to know about exchange its management

New and good to know about Exchange & its Management


Exchange 2013 management i

Exchange 2013 Management I

  • What you find today “unified” in EAC

  • Public Folder-, RBAC-, UM-Management is integrated

  • Mobile Device-, Anti Maleware Management is integrated

  • Management of Hybrid-Organization is integrated (Office 365 Management has the same look and feel)

  • Delegation of admin-tasks is simplified


How eac is organized

How EAC is organized


Exchange 2013 management ii

Exchange 2013 Management II

  • What is good to know….

  • Default message-size on the send- & receive-connectors have been increased from 10 to 25 MB

  • Administrators can now use the EAC to create a group naming policy, which lets you standardize and manage the names of distribution groups created by users

  • Shared Mailboxes have now their ownconfiguration-walkthrough


Exchange 2013 tips tricks

Demo

EAC


Changes to end user interfaces owa outlook

Changes to end-user-interfaces (OWA/Outlook)


Changes to owa i

Changes to OWA - I

  • Apps in Outlook Web App

    • Downloadable (office.com) applications which bring new functionalities to the user (in OWA 2013 and Outlook 2013)

    • Build your own app-store based on Sharepoint 2013

    • Application usage may be managed centrally

    • Any third-party developers may create additional apps (same as e.g. in the Windows Store)

    • Things toknowaboutpublishingthese Apps in Outlook 2013 via TMG


Changes to owa ii

Changes to OWA - II

  • People

    • Contacts form different sources may now belinked(likewe know ist from some Mobile Phone Plattform)

    • Happens automatically but may also be executed manually

  • Calendar

    • Merged View of multiple calendars

    • Further adapted Calendar-Views

  • Offline-usage

    • OWA might be used without a permanent connection to the Internet


What we miss in owa so far incl cu2

What we miss in OWA so far (incl. CU2)

  • Access to shared email folders - Access to shared mail folders isn’t currently available in Exchange 2013

  • Distribution list moderation - The ability to moderate distribution lists from Microsoft Outlook Web App isn’t currently available in Exchange 2013

  • S/MIME - S/MIME isn’t currently supported in Exchange 2013.

  • Reading pane at the bottom of the window- The option to display the reading pane at the bottom of the Outlook Web App window isn’t currently available in Exchange 2013

  • Reply to embedded email messages - The ability for users to reply to email messages sent as attachments isn’t currently available in Exchange 2013.

  • The story about log off from OWA…


Changes to outlook i

Changes to Outlook - I

  • Access to Exchange 2013 only through RPC over HTTPS

    • Classic MAPI-Access not supported anymore

    • Outlook Anywhere as a «configuration-must»

    • Exchange-Identification no more via a Server- or Array-Name

      (independent from thesupported Outlook-Version)

    • Manual conifguration is almost gone….


Changes to outlook ii

Changes to Outlook - II

  • Impact of Exchange 2013 to Outlook

    • Outlook Version (at least Olk2007 – upto date Office-CU’s)

    • Reduced requirments to IP-Ports

    • Manual configuration -> take the «Manual configuration alias value» e.g. out of EAC on the user-properties

    • Make sure Outlook-connections never use the TCP/IP-option

    • If you are using MFCMAPI or MAPI/CDO

    • http://blogs.msdn.com/b/dvespa/archive/2013/05/21/how-to-mfcmapi-create-mapi-profile-exchange-2013.aspx

    • http://www.microsoft.com/en-us/download/details.aspx?id=39045


Exchange 2013 tips tricks

Demo

Outlook Web App (Apps, People, Calendar, offline-usage)


Built in malware antispam protection good enough

Built-in Malware (& Antispam-Protection) – good enough?


Exchange 2013 protection i

Exchange 2013 – Protection I

  • Built-in Maleware Protections

  • Activated by default- Anti-malware protection can be turned off, replaced, or paired with a cloud-based service

  • Disablefeature: ExchangeInstallPath\Scripts\Disable-Antimalwarescanning.ps1

  • Enable feature: ExchangeInstallPath\Scripts\Enable-Antimalwarescanning.ps1

  • Maleware-Policies managable through EAC (based on domains or recipients, new in CU2)

  • You can configure Microsoft Exchange Server 2013 to rescan email messages already scanned for malware by the hosted email filtering service


Exchange 2013 protection ii

Exchange 2013 – Protection II

  • Anti-Spam Functionality on Mailboxserver

  • Not activated by default, similar to Exchange 2010

  • Activation through «ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1»

  • Content Filter-, Sender ID-, Recipient Filter-, Protocol Analysis agent for sender reputation build in to the Transport Service

  • Conclusion: It’s good enough – especiallyifyouwantto save thelicense-costfor a 3rd-party solution


Site mailbox overview

Site-Mailbox Overview


Site mailbox feature overview

Site-Mailbox Feature-Overview

  • Designed for project teams

  • Bring documents and emails together in Outlook & SharePoint

  • Can be provisioned and managed by end users

  • Not the idea of a «long term storage»

  • Policies help admins control where and how users provision site mailboxes


Document access design principles

Document access design principles

  • Design principles:

  • Exchange and Outlook store only links and metadata to SharePoint docs, not docs themselves. When a user double-clicks a document in Outlook, the URL is passed to the appropriate Office client app.

  • Regardless of whether doc was opened from the site mailbox or directly from the site, the Office Document Cache provides seamless sync, access, and coauthoring functionality.


Choosing the right feature for your scenario

Choosing the right feature for your scenario

Site Mailboxes

Public Folders

Distribution Lists

Shared Mailboxes


How it all fits together

How it all fits together

IW Views

Site Mailbox

Outlook

SharePoint

Membership

Management

Shared Storage

Owners

Members

Provisioning

Lifecycle

SharePoint Site

Exchange Site Mailbox


Site mailbox to know for the it pro i

Site Mailbox – To know for the IT Pro - I

  • Sharepoint 2013 requirements

  • Sharepoint 2013 must be in the same AD forest with Exchange 2013

  • Multiple Sharepoint 2013 farms can pint to the same Exchange forest

  • Sharepoint 2013 farm must point to a server which is on Exchange 2013

  • User profile synchronization for the farm must be configured

  • SSL Site Collections must be configured (HTTPS Web application)

  • EWS Managed API installed (15.0.516.25 or above) to be able the App

  • Run Set-SitemailboxConfig.ps1 & Check-SitemailboxConfig.ps1

  • Enable Site Mailbox on Sharepoint


Site mailbox to know for the it pro ii

Site Mailbox – To know for the IT Pro - II

  • Exchange 2013 requirements

  • Working autodiscovery (…)

  • Proper RBAC roles to access and manage Site Mailboxes

  • Run «Configure-EnterprisePartnerApplication.ps1»

  • Client- / User-requirements

  • Outlook 2013 must be deployed

  • Access via Outlook Web App or the Sharepoint Site itself


Site mailboxes in outlook

Site mailboxes in Outlook

  • Outlook 2013 Professional Plus can show up to 10 'pinned' site mailboxes at any time

    • User needs to be in the site’s default owner or member group as a individual user (not a security group)

    • User’s personal mailbox needs to be on an Exchange 2013 server

  • Each site mailbox shows an Inbox and one or more Document Libraries

    • SharePoint document libraries are synced if they appear in the site’s Quick launch menu


Syncing to exchange and outlook

Syncing to Exchange and Outlook

  • Only specific document metadata is synced into Exchange/Outlook (e.g. document title, author, change date,…)

    • Because the document content itself is not synced, if offline document access is desired, the SharePoint document library must be synced into Office Document Cache

  • The membership and document sync timing is primarily usage-driven


Access exchange 2013 with and without tmg

Access Exchange 2013 with and…. without TMG


Exchange 2013 tmg2010

Exchange 2013 & TMG2010

  • TMG will continue to be supported until 2015 for mainstream support and 2020 for extended support

  • Basic- & NTLM-Authentication supported but no Kerberos constrained delegation with Exchange 2013 (what wehaveseen so far)

  • More orlessthe Exchange 2010-TMG-Rules maybere-usedexcept:

    • Destination is the TMG-Array or the Loadbalancer-VIP

    • A seperate rule for the OWA-Apps have tobe implemented

    • Logoff «behaviour» from OWA whenusing FB-Authentication – also with CU2….


Exchange 2013 tmg alternatives i

Exchange 2013 – TMG-Alternatives I

  • UAG2010

    • SP3 with official E2013-Support, SP4 will come this year

    • Currently the only «MS-Solution» for publishing Exchange 2013

    • Support for UAG until 2015

    • If Licenses are availalbe then go for it


Exchange 2013 tmg alternatives ii

Exchange 2013 – TMG-Alternatives II

  • KEMP Loadmaster– ESP (Edge Security Pack, actual version 7.0.6)

    • Loadbalancer and reverse proxy in one box

    • End Point for Pre-Authentication

    • Persistent Logging and Reporting for User Logging

    • Single Sign On (SSO) Across Virtual Services

    • LDAP Authentication from the LoadMaster to the Active Directory

    • NTLM and Basic Authentication Communication from a Client to the LoadMaster (currently no all “authentication-scenario’s are supported”)


Exchange 2013 tmg alternatives iii

Exchange 2013 – TMG-Alternatives III

  • IIS ARR (Application Request Routing)

    • Windows Server 2008+ IIS-component

    • Simple reverse proxy

    • No firewall functionality, no authentication-mechanism

    • See nice description: http://www.msxfaq.de/internet/iisarr.htm#h2.1

  • Other 3rd-Party Options

    • Firepass (F5 Appliance)

    • Citrix Access Gateway (contains reverse proxy functionality)

    • United Security Provider (Swiss security provider, which offers appliances which do contain needed functionalities)


Exchange 2013 tmg alternatives iv

Exchange 2013 – TMG-Alternatives IV

  • Windows Server 2012 Web Application Proxy (WAP)

    • WAP is a reverse proxy

    • Similar Features as UAG, but it is not the same: http://blog.peterdahl.net/post/How-does-the-Mirosoft-Windows-2012-R2-Web-Application-Proxy-compare-to-the-Microsoft-Forefront-UAG-2010

    • The Web Application Proxy (WAP) is a Role Service under the Remote Access role of Windows 2012 which also includes DirectAccess

    • Provides access to internal resources and enforces multifactor authentication

    • Usually deployed in permieter network

    • WAP needs ADFS of W2012R2

    • Publishing OWA2013 works fine

    • Publishing OA & EAS is supposed to workwith W2012R2 RTM


Exchange 2013 tips tricks

Demo

TMG Alternatives


New in cu2 and what you need to know about this update

New in CU2 and what youneedtoknowaboutthis update


Exchange 2013 cumulative update 2 i

Exchange 2013 Cumulative Update 2 - I

  • As we are almost used to it:

  • Version 1: Exchange 2013 RTM CU2 (712.22)

  • Version 2: Exchange 2013 RTM CU2 (712.24)

    -> Get-ExchangeServer | fl name,edition,admindisplayversion

  • Main-issue in V1(issue only occurs within native Exchange 2013 environments)

    • PF-Permissions are lost and replaced by the default ACL when the pf-mailbox has been moved

    • Even losing root-folder-permissions when a “normal” mailbox has been moved (reported in the Exchange Blog)


Exchange 2013 cumulative update 2 i1

Exchange 2013 Cumulative Update 2 - I

  • CU-Basics:

    • CU’s are full builds

    • Servicing Model Update – means not fixes for the CU itself, will usually shift to the next CU

    • Disable all Execution-Policies (it has to be set as “undefined”) and AV-Engines before install a CU

    • CU2 also extends the AD-Schema (Schema Version 15281 -> for V1 & V2….)

    • Update order regarding Exchange Roles does not matter


Exchange 2013 cumulative update 2 ii

Exchange 2013 Cumulative Update 2 - II

Key Enhancements:

  • Per-server database support (increased 50 to 100 databases in the Enterprise Edition)

  • OWA Redirection (single sign-on experience with FBA defined on source- & target- vDir)

  • High Availability (new service “DAG Management Service”)

  • Managed Availability (improvements in various probes and monitors)

  • Cmdlet Help (run “Update-ExchangeHelp” to get CU-independent updates to help-topcis)


Exchange 2013 cumulative update 2 iii

Exchange 2013 Cumulative Update 2 - III

Key Enhancements:

  • OWA Search Improvements (in case of a hit, auto-expand conversation, etc.)

  • Malware Filter Rules - You can use the Malware Filter Rule-cmdlets (or via EAC) to apply custom malware filter policies to specific users, groups, or domains in your organization

  • Support Windows Azure for Witness Server placement -> will not be available in the near future as first tests failed (http://blogs.technet.com/b/exchange/archive/2013/08/07/database-availability-groups-and-windows-azure.aspx)


Key takeaways

Key Takeaways


Takeaways

Takeaways

  • Exchange 2013 with CU2 is robust and stable enough to kick-off your Exchange-Migration

  • New Features have more evolutionary than revolutionary character

  • We do see good alternatives to publish Exchange 2013 (even if they are not yet at the same level as TMG)


  • Login