Exchange 2013 Tips & Tricks - PowerPoint PPT Presentation

exchange 2013 tips tricks n.
Skip this Video
Loading SlideShow in 5 Seconds..
Exchange 2013 Tips & Tricks PowerPoint Presentation
Download Presentation
Exchange 2013 Tips & Tricks

play fullscreen
1 / 41
Exchange 2013 Tips & Tricks
Download Presentation
Download Presentation

Exchange 2013 Tips & Tricks

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Exchange 2013 Tips & Tricks Reto Krebs, Mario Fasciano

  2. Agenda • New and good to know about Exchange & its Management • Changes to end-user-interfaces (OWA/Outlook) • Built-in Malware-Protection – good enough? • Site-Mailbox Overview • Access Exchange 2013 with and…. without TMG • New in CU2 and what you need to know about this update • Key Takeaways

  3. New and good to know about Exchange & its Management

  4. Exchange 2013 Management I • What you find today “unified” in EAC • Public Folder-, RBAC-, UM-Management is integrated • Mobile Device-, Anti Maleware Management is integrated • Management of Hybrid-Organization is integrated (Office 365 Management has the same look and feel) • Delegation of admin-tasks is simplified

  5. How EAC is organized

  6. Exchange 2013 Management II • What is good to know…. • Default message-size on the send- & receive-connectors have been increased from 10 to 25 MB • Administrators can now use the EAC to create a group naming policy, which lets you standardize and manage the names of distribution groups created by users • Shared Mailboxes have now their ownconfiguration-walkthrough

  7. Demo EAC

  8. Changes to end-user-interfaces (OWA/Outlook)

  9. Changes to OWA - I • Apps in Outlook Web App • Downloadable ( applications which bring new functionalities to the user (in OWA 2013 and Outlook 2013) • Build your own app-store based on Sharepoint 2013 • Application usage may be managed centrally • Any third-party developers may create additional apps (same as e.g. in the Windows Store) • Things toknowaboutpublishingthese Apps in Outlook 2013 via TMG

  10. Changes to OWA - II • People • Contacts form different sources may now belinked(likewe know ist from some Mobile Phone Plattform) • Happens automatically but may also be executed manually • Calendar • Merged View of multiple calendars • Further adapted Calendar-Views • Offline-usage • OWA might be used without a permanent connection to the Internet

  11. What we miss in OWA so far (incl. CU2) • Access to shared email folders - Access to shared mail folders isn’t currently available in Exchange 2013 • Distribution list moderation - The ability to moderate distribution lists from Microsoft Outlook Web App isn’t currently available in Exchange 2013 • S/MIME - S/MIME isn’t currently supported in Exchange 2013. • Reading pane at the bottom of the window- The option to display the reading pane at the bottom of the Outlook Web App window isn’t currently available in Exchange 2013 • Reply to embedded email messages - The ability for users to reply to email messages sent as attachments isn’t currently available in Exchange 2013. • The story about log off from OWA…

  12. Changes to Outlook - I • Access to Exchange 2013 only through RPC over HTTPS • Classic MAPI-Access not supported anymore • Outlook Anywhere as a «configuration-must» • Exchange-Identification no more via a Server- or Array-Name (independent from thesupported Outlook-Version) • Manual conifguration is almost gone….

  13. Changes to Outlook - II • Impact of Exchange 2013 to Outlook • Outlook Version (at least Olk2007 – upto date Office-CU’s) • Reduced requirments to IP-Ports • Manual configuration -> take the «Manual configuration alias value» e.g. out of EAC on the user-properties • Make sure Outlook-connections never use the TCP/IP-option • If you are using MFCMAPI or MAPI/CDO • •

  14. Demo Outlook Web App (Apps, People, Calendar, offline-usage)

  15. Built-in Malware (& Antispam-Protection) – good enough?

  16. Exchange 2013 – Protection I • Built-in Maleware Protections • Activated by default- Anti-malware protection can be turned off, replaced, or paired with a cloud-based service • Disablefeature: ExchangeInstallPath\Scripts\Disable-Antimalwarescanning.ps1 • Enable feature: ExchangeInstallPath\Scripts\Enable-Antimalwarescanning.ps1 • Maleware-Policies managable through EAC (based on domains or recipients, new in CU2) • You can configure Microsoft Exchange Server 2013 to rescan email messages already scanned for malware by the hosted email filtering service

  17. Exchange 2013 – Protection II • Anti-Spam Functionality on Mailboxserver • Not activated by default, similar to Exchange 2010 • Activation through «ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1» • Content Filter-, Sender ID-, Recipient Filter-, Protocol Analysis agent for sender reputation build in to the Transport Service • Conclusion: It’s good enough – especiallyifyouwantto save thelicense-costfor a 3rd-party solution

  18. Site-Mailbox Overview

  19. Site-Mailbox Feature-Overview • Designed for project teams • Bring documents and emails together in Outlook & SharePoint • Can be provisioned and managed by end users • Not the idea of a «long term storage» • Policies help admins control where and how users provision site mailboxes

  20. Document access design principles • Design principles: • Exchange and Outlook store only links and metadata to SharePoint docs, not docs themselves. When a user double-clicks a document in Outlook, the URL is passed to the appropriate Office client app. • Regardless of whether doc was opened from the site mailbox or directly from the site, the Office Document Cache provides seamless sync, access, and coauthoring functionality.

  21. Choosing the right feature for your scenario Site Mailboxes Public Folders Distribution Lists Shared Mailboxes

  22. How it all fits together IW Views Site Mailbox Outlook SharePoint Membership Management Shared Storage Owners Members Provisioning Lifecycle SharePoint Site Exchange Site Mailbox

  23. Site Mailbox – To know for the IT Pro - I • Sharepoint 2013 requirements • Sharepoint 2013 must be in the same AD forest with Exchange 2013 • Multiple Sharepoint 2013 farms can pint to the same Exchange forest • Sharepoint 2013 farm must point to a server which is on Exchange 2013 • User profile synchronization for the farm must be configured • SSL Site Collections must be configured (HTTPS Web application) • EWS Managed API installed (15.0.516.25 or above) to be able the App • Run Set-SitemailboxConfig.ps1 & Check-SitemailboxConfig.ps1 • Enable Site Mailbox on Sharepoint

  24. Site Mailbox – To know for the IT Pro - II • Exchange 2013 requirements • Working autodiscovery (…) • Proper RBAC roles to access and manage Site Mailboxes • Run «Configure-EnterprisePartnerApplication.ps1» • Client- / User-requirements • Outlook 2013 must be deployed • Access via Outlook Web App or the Sharepoint Site itself

  25. Site mailboxes in Outlook • Outlook 2013 Professional Plus can show up to 10 'pinned' site mailboxes at any time • User needs to be in the site’s default owner or member group as a individual user (not a security group) • User’s personal mailbox needs to be on an Exchange 2013 server • Each site mailbox shows an Inbox and one or more Document Libraries • SharePoint document libraries are synced if they appear in the site’s Quick launch menu

  26. Syncing to Exchange and Outlook • Only specific document metadata is synced into Exchange/Outlook (e.g. document title, author, change date,…) • Because the document content itself is not synced, if offline document access is desired, the SharePoint document library must be synced into Office Document Cache • The membership and document sync timing is primarily usage-driven

  27. Access Exchange 2013 with and…. without TMG

  28. Exchange 2013 & TMG2010 • TMG will continue to be supported until 2015 for mainstream support and 2020 for extended support • Basic- & NTLM-Authentication supported but no Kerberos constrained delegation with Exchange 2013 (what wehaveseen so far) • More orlessthe Exchange 2010-TMG-Rules maybere-usedexcept: • Destination is the TMG-Array or the Loadbalancer-VIP • A seperate rule for the OWA-Apps have tobe implemented • Logoff «behaviour» from OWA whenusing FB-Authentication – also with CU2….

  29. Exchange 2013 – TMG-Alternatives I • UAG2010 • SP3 with official E2013-Support, SP4 will come this year • Currently the only «MS-Solution» for publishing Exchange 2013 • Support for UAG until 2015 • If Licenses are availalbe then go for it

  30. Exchange 2013 – TMG-Alternatives II • KEMP Loadmaster– ESP (Edge Security Pack, actual version 7.0.6) • Loadbalancer and reverse proxy in one box • End Point for Pre-Authentication • Persistent Logging and Reporting for User Logging • Single Sign On (SSO) Across Virtual Services • LDAP Authentication from the LoadMaster to the Active Directory • NTLM and Basic Authentication Communication from a Client to the LoadMaster (currently no all “authentication-scenario’s are supported”)

  31. Exchange 2013 – TMG-Alternatives III • IIS ARR (Application Request Routing) • Windows Server 2008+ IIS-component • Simple reverse proxy • No firewall functionality, no authentication-mechanism • See nice description: • Other 3rd-Party Options • Firepass (F5 Appliance) • Citrix Access Gateway (contains reverse proxy functionality) • United Security Provider (Swiss security provider, which offers appliances which do contain needed functionalities)

  32. Exchange 2013 – TMG-Alternatives IV • Windows Server 2012 Web Application Proxy (WAP) • WAP is a reverse proxy • Similar Features as UAG, but it is not the same: • The Web Application Proxy (WAP) is a Role Service under the Remote Access role of Windows 2012 which also includes DirectAccess • Provides access to internal resources and enforces multifactor authentication • Usually deployed in permieter network • WAP needs ADFS of W2012R2 • Publishing OWA2013 works fine • Publishing OA & EAS is supposed to workwith W2012R2 RTM

  33. Demo TMG Alternatives

  34. New in CU2 and what youneedtoknowaboutthis update

  35. Exchange 2013 Cumulative Update 2 - I • As we are almost used to it: • Version 1: Exchange 2013 RTM CU2 (712.22) • Version 2: Exchange 2013 RTM CU2 (712.24) -> Get-ExchangeServer | fl name,edition,admindisplayversion • Main-issue in V1(issue only occurs within native Exchange 2013 environments) • PF-Permissions are lost and replaced by the default ACL when the pf-mailbox has been moved • Even losing root-folder-permissions when a “normal” mailbox has been moved (reported in the Exchange Blog)

  36. Exchange 2013 Cumulative Update 2 - I • CU-Basics: • CU’s are full builds • Servicing Model Update – means not fixes for the CU itself, will usually shift to the next CU • Disable all Execution-Policies (it has to be set as “undefined”) and AV-Engines before install a CU • CU2 also extends the AD-Schema (Schema Version 15281 -> for V1 & V2….) • Update order regarding Exchange Roles does not matter

  37. Exchange 2013 Cumulative Update 2 - II Key Enhancements: • Per-server database support (increased 50 to 100 databases in the Enterprise Edition) • OWA Redirection (single sign-on experience with FBA defined on source- & target- vDir) • High Availability (new service “DAG Management Service”) • Managed Availability (improvements in various probes and monitors) • Cmdlet Help (run “Update-ExchangeHelp” to get CU-independent updates to help-topcis)

  38. Exchange 2013 Cumulative Update 2 - III Key Enhancements: • OWA Search Improvements (in case of a hit, auto-expand conversation, etc.) • Malware Filter Rules - You can use the Malware Filter Rule-cmdlets (or via EAC) to apply custom malware filter policies to specific users, groups, or domains in your organization • Support Windows Azure for Witness Server placement -> will not be available in the near future as first tests failed (

  39. Key Takeaways

  40. Takeaways • Exchange 2013 with CU2 is robust and stable enough to kick-off your Exchange-Migration • New Features have more evolutionary than revolutionary character • We do see good alternatives to publish Exchange 2013 (even if they are not yet at the same level as TMG)