Mod 8: Exchange Security & Protection

Mod 8:Exchange Security & Protection Version 2.0 for Office 365 Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Stephen Hall | CEO & SMB Technologist | District Computers

Jump Start Schedule– Target Agenda

Module 8: Exchange Security & Protection For Midsize Businesses and Enterprises • Service Introduction & Overview • Spam control • Anti-Malware • Managing Policy • Managing Exchange Security & Policy in Office 365 • Mail flow rules, Message Tracing & Delivery Reports

Emergency Operations Plan Ethernet over Power Elevation of Privilege Exchange Online Protection What is EOP? Executive Office of the President Equal Opportunity Program Edge of Pavement English-only Policy Emergency Oxygen Pack Edge of Panic

Exchange Online Protection (EOP) Cloud-based email filtering service that: Protects against spam and malware Safeguards organizations from messaging-policy violations Simplifies Exchange messaging environment management Replaces Forefront Online Protection for Exchange (FOPE) All FOPE customers will be migrated to EOP Adds anti-malware protection to Exchange Online

Exchange Data Loss Prevention (DLP) Exchange Policies that contain sets of conditions to filter email messages made up of transport rules, actions and exceptions Must be activated in the Exchange Administration Center (EAC) to filter live messages Can inform senders they may be about to violate a policy before they even send an offending message Done through the configuration of policy tips NOTE:DLP is a premium feature that requires an Exchange Online Plan 2 License. Included with ALL Office 365 Midsize business & enterprise plans http://technet.microsoft.com/en-us/library/jj150527%28v=exchg.150%29.aspx

Exchange Security and Protection Exchange Online Protection Stop viruses and malware Exchange Online Protection works to block spam and viruses before entering network Basic level of anti-malware built into Exchange Server Protect Sensitive Data Scan Exchange transport for sensitive content with DLP feature in the cloud or on-premises Granular control on email using RMS Exchange Servers

Exchange Security and Protection (Cont’d) Unified Management Stop viruses and malware Exchange Online Protection provides multi-engine protection Protect sensitive data Scan exchange transport for sensitive content with Data Loss Prevention features Granular control on email using RMS Anti-Spam Anti-Malware Policy

Exchange Security and Protection (Cont’d) Protect communications Basic level of built-in anti-malware and enhanced spam filtering to help protect your email environmentfrom threats Enforce policy Data Loss Prevention (DLP) controls that can detect sensitive data in email before it is sent and automatically block, hold or notify the sender Simplify management Unified administration of anti-spam, anti-malware, and DLP within Exchange

Exchange Online Protection (EOP) Comprehensive protection Multi-engine antivirus Continuously evolving anti-spam protection Built on Forefront Online Protection for Exchange (FOPE) Enterprise-class reliability Geographically load-balanced datacenters Queuing capabilities to help ensure that no mail is lost • Common administration console • Microsoft Office 365 integration • Detailed reporting

Data Loss Prevention(DLP) in Exchange Identify Monitor DLP helps to identify monitor protect sensitive data through deep content analysis Protect Easy to use

Module 8: Exchange Online Protection & Security For Midsize Businesses and Enterprises • Service Introduction & Overview • Spam control • Anti-Malware • Managing Policy • Managing Exchange Security & Policy in Office 365 • Mail flow rules, Message Tracing & Delivery Reports

Multi-Layered Anti-Spam Protection 1. Connection filtering Blocks up to 80% of all spam, based on IP block/allow lists 2. Sender-recipient filtering Blocks up to 15% of all spam, based on internal lists and sender reputation 3. Content filtering Blocks up to 5% of all spam, based on internal lists and heuristics

Control Anti-Spam Filtering Connection filtering Static IP allow/block list Opt-in to Microsoft-maintained reputable sender list Content spam categories Blatant spam High-confidence spam Content filtering actions Delete Quarantine Add X-header Modify subject Redirect

Effective Spam Blocking Block external threats quickly Advanced fingerprinting technologies that identify and stop new spam and phishing vectors in real time Enable more control Mark all bulk messages as spam Block unwanted email based on language or geographic origin • Block email based on language • Block email based on geography

EOP Inbound Filtering Spam Analysts Email is routed to EOP DC based on MX record resolution (Contoso-com.mail.protection.outlook.com) Customer Feedback False +ve / -ve Corporate Network SPAM Protection Policy Enforcement Virus Scanning IP-based edge blocks Safe Sender/Recipient AV Engine 1 Content Scanning and Heuristics Envelope blocks Custom Rules AV Engine 2 SPF & Sender ID Filter AV Engine 3 Bulk Mail Filtering Quarantine International Spam Advanced SPAM Management

EOP Outbound Filtering Spam Analysts Outbound Pool SPAM Protection Virus Scanning Policy Enforcement Corporate Network Low Score AV Engine 1 Content Scanning and Heuristics Custom Rules AV Engine 2 Advanced SPAM Management AV Engine 3 High Risk Delivery Pool High Score Quarantine

Anti-Malware Protection Basic level built in to Exchange Server Simple configuration and monitoring Same antivirus engine as System Center Endpoint Protection Scans through the transport service

Delete messages Delete attachments Robust, customizable notifications Simple Configuration • Sender notifications • Admin notifications

EOP Rules Same rule set as Exchange Transport Rules Includes some new conditions: The sender IP matches any of these addresses Attachment scanning Any attachment has executable content The message contains sensitive information The message size exceeds…

EOP Rules (Cont’d) Same rule set as Exchange Transport Rules Includes some new actions: Generate incident report Require TLS encryption Put message in quarantine mailbox Use the following outbound connector…

EOP Rules (Cont’d) Same rule set as Exchange Transport Rules Includes some new options: Rules can be configured to run for a specific time period Rules can be run in Test Mode Information Rights Management (IRM) can be applied to messages using a transport rule

DLP Rules Establish policies to protect sensitive data Rules can be run in Test Mode or applied to live email Information Rights Management (IRM) can be applied to messages using a transport rule Methods to create DLP policies Out-of-the-box template supplied by Microsoft Import a pre-built policy file from outside your organization Create a custom policy without any pre-existing conditions http://technet.microsoft.com/en-us/library/jj150527%28v=exchg.150%29.aspx#dlp_establish

Common Management Console Office 365 Admin Center & Exchange Admin Center Anti-spam Anti-malware DLP controls

DLP Rules

DEMO | Exchange Online Protection Anti-Malware Policy Anti-Spam Policy [in] Content filter Policy Anti-Spam Policy [out] Quarantine

Exchange Mail Flow Rules Exchange transport rules http://technet.microsoft.com/en-US/library/ms.exch.eac.NewTransportRule(EXCHG.150).aspx?v=15.0.702.0&l=1&s=BPOS_S_E15_0

EOP Message Tracing Message trace + delivery reports = a lot of power to troubleshoot mail-flow issues Tracemessages sent from one internal Office 365 tenant mailbox to another Simple search interface (no required fields) Top 1000 of the last 48h of message results Results include date, from, to, subject and a summary status

Granular Reporting Options Provide a clear view on spam filtering, malware attacks, and DLP enforcement 33

Reporting Demo

Mod 8: Exchange Security & Protection