Mod 8:

Exchange Security & Protection

Version 2.0 for Office 365

Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology

Stephen Hall | CEO & SMB Technologist | District Computers
Jump Start Schedule – Target Agenda
Day 1 Day 2
Administering Office 365 Administering Exchange Online
Office 365 Overview & Infrastructure Lync Online Administration

Office 365 User Management Administering SharePoint Online

Office 365 DirSync, Single Sign-On & ADFS Exchange Online Basic Management

MEAL BREAK

Exchange Online Deployment & Migration

Exchange Security & Protection

Exchange Online Archiving & Compliance

Module 8:
Exchange Security & Protection
For Midsize Businesses and Enterprises

• Service Introduction & Overview

• Spam control
• Anti-Malware
• Managing Policy
• Managing Exchange Security & Policy in Office 365
• Mail flow rules, Message Tracing & Delivery Reports
 Emergency Operations Plan
Ethernet over Power
Elevation of Privilege

What is EOP?
Exchange Online Protection
Executive Office of the President English-only Policy
Equal Opportunity Program Emergency Oxygen Pack
Edge of Pavement Edge of Panic
Exchange Online Protection (EOP)
• Cloud-based email filtering service that:
• Protects against spam and malware
• Safeguards organizations from messaging-policy violations
• Simplifies Exchange messaging environment management

• Replaces Forefront Online Protection for Exchange

(FOPE)
• All FOPE customers will be migrated to EOP

• Adds anti-malware protection to Exchange Online

Exchange Data Loss Prevention (DLP)
• Exchange Policies that contain sets of conditions to
filter email messages
• made up of transport rules, actions and exceptions
• Must be activated in the Exchange Administration Center (EAC) to filter live messages

• Can inform senders they may be about to violate a

policy before they even send an offending message
• Done through the configuration of policy tips

NOTE: DLP is a premium feature that requires an Exchange Online Plan 2 License. Included with ALL Office
365 Midsize business & enterprise plans

http://technet.microsoft.com/en-us/library/jj150527%28v=exchg.150%29.aspx
Exchange Security and Protection
Stop viruses and malware
Exchange Online Protection works to block spam
and viruses before entering network
Basic level of anti-malware built into
Exchange Online Protection Exchange Server
Protect Sensitive Data
Scan Exchange transport for sensitive content with
DLP feature in the cloud or on-premises
Granular control on email using RMS

Exchange Servers
Exchange Security and Protection (Cont’d)
Stop viruses and malware
Anti-Spam
Exchange Online Protection provides
multi-engine protection

Protect sensitive data

Anti-Malware
Scan exchange transport for sensitive content with
Data Loss Prevention features
Unified
Granular control on email using RMS
Management Policy
Exchange Security and Protection
(Cont’d) Protect communications
Basic level of built-in anti-malware and enhanced spam filtering to
help protect your email environment from threats

Enforce policy
Data Loss Prevention (DLP) controls that can detect sensitive data
in email before it is sent and automatically block, hold or notify the
sender

Simplify management
Unified administration of anti-spam, anti-malware, and DLP
within Exchange
Exchange Online Protection (EOP)
Comprehensive protection
Multi-engine antivirus
Continuously evolving anti-spam protection
Built on Forefront Online Protection for Exchange (FOPE)

Enterprise-class reliability
Geographically load-balanced datacenters
Queuing capabilities to help ensure that no mail is lost

Common administration console

Microsoft Office 365 integration
Detailed reporting
Data Loss Prevention (DLP) in Exchange
DLP helps to
identify
monitor Identify Monitor

protect
sensitive data through
deep content analysis
Protect Easy to use
Module 8:
Exchange Online Protection & Security
For Midsize Businesses and Enterprises

• Service Introduction & Overview

• Spam control
• Anti-Malware
• Managing Policy
• Managing Exchange Security & Policy in Office 365
• Mail flow rules, Message Tracing & Delivery Reports
Multi-Layered Anti-Spam Protection
1. Connection filtering
Blocks up to 80% of all spam, based on
IP block/allow lists

2. Sender-recipient filtering
Blocks up to 15% of all spam, based on internal
lists and sender reputation

3. Content filtering
Blocks up to 5% of all spam, based on internal
lists and heuristics
Control Anti-Spam Filtering
Connection filtering
Static IP allow/block list
Opt-in to Microsoft-maintained reputable sender list

Content spam categories

Blatant spam
High-confidence spam

Content filtering actions

Delete
Quarantine
Add X-header
Modify subject
Redirect
 Effective Spam Blocking

Block external threats quickly

Block email based on language Advanced fingerprinting technologies that identify and
stop new spam and phishing vectors in real time

Enable more control

Mark all bulk messages as spam
Block unwanted email based on language or geographic
Block email based on geography
origin
EOP Inbound Filtering
Spam Analysts

Email is routed to EOP DC based on

MX record resolution
(Contoso-com.mail.protection.outlook.com) Customer
Feedback
False +ve / -ve
Virus Policy Enforcement SPAM Protection
IP-based
Scanning
edge blocks Safe Sender/Recipient

AV Engine 1 Content Scanning and

Envelope blocks Custom Rules Heuristics
AV Engine 2
SPF & Sender ID Filter
AV Engine 3
Bulk Mail Filtering

International Spam Corporate Network

Advanced SPAM
Management
Quarantine
EOP Outbound Filtering

Corporate Network

Outbound Pool
Virus Policy Enforcement SPAM Protection
Scanning
Content Scanning Low Score
AV Engine 1
Custom Rules and Heuristics
AV Engine 2 Advanced SPAM
Management
AV Engine 3 High Risk Delivery
High Score Pool

Spam Analysts
Quarantine
Module 8:
Exchange Online Protection & Security
For Midsize Businesses and Enterprises

• Service Introduction & Overview

• Spam control
• Anti-Malware
• Managing Policy
• Managing Exchange Security & Policy in Office 365
• Mail flow rules, Message Tracing & Delivery Reports
Anti-Malware Protection
Basic level built in to
Exchange Server
Simple configuration and monitoring
Same antivirus engine as
System Center Endpoint Protection
Scans through the transport service
Simple
Configuration
Delete messages
Delete attachments
Robust, customizable Sender notifications

notifications
Admin notifications
Module 8:
Exchange Online Protection & Security
For Midsize Businesses and Enterprises

• Service Introduction & Overview

• Spam control
• Anti-Malware
• Managing Policy
• Managing Exchange Security & Policy in Office 365
• Mail flow rules, Message Tracing & Delivery Reports
EOP Rules
Same rule set as Exchange Transport Rules
Includes some new conditions:
The sender IP matches any of these addresses
Attachment scanning
Any attachment has executable content
The message contains sensitive information
The message size exceeds…
EOP Rules (Cont’d)
Same rule set as Exchange Transport Rules
Includes some new actions:
Generate incident report
Require TLS encryption
Put message in quarantine mailbox
Use the following outbound connector…
EOP Rules (Cont’d)
Same rule set as Exchange Transport Rules
Includes some new options:
Rules can be configured to run for a specific time period
Rules can be run in Test Mode
Information Rights Management (IRM) can be applied to
messages using a transport rule
DLP Rules
Establish policies to protect sensitive data
Rules can be run in Test Mode or applied to live email
Information Rights Management (IRM) can be applied to messages using a
transport rule
Methods to create DLP policies
• Out-of-the-box template supplied by Microsoft
• Import a pre-built policy file from outside your organization
• Create a custom policy without any pre-existing conditions
http://technet.microsoft.com/en-us/library/jj150527%28v=exchg.150%29.aspx#dlp_establish
Module 8:
Exchange Online Protection & Security
For Midsize Businesses and Enterprises

• Service Introduction & Overview

• Spam control
• Anti-Malware
• Managing Policy
• Managing Exchange Security & Policy in Office 365
• Mail flow rules, Message Tracing & Delivery Reports
 Common Management Console
Office 365 Admin Center & Exchange Admin Center
• Anti-spam
• Anti-malware
• DLP controls
DLP Rules
DEMO | Exchange • Anti-Malware Policy
Online • Anti-Spam Policy [in]
Protection • Content filter Policy
• Anti-Spam Policy [out]
• Quarantine
Module 8:
Exchange Online Protection & Security
For Midsize Businesses and Enterprises

• Service Introduction & Overview

• Spam control
• Anti-Malware
• Managing Policy
• Managing Exchange Security & Policy in Office 365
• Mail flow rules, Message Tracing & Delivery Reports
 Exchange Mail Flow Rules
Exchange transport rules

http://technet.microsoft.com/en-US/library/ms.exch.eac.NewTransportRule(EXCHG.150).aspx?v=1
5.0.702.0&l=1&s=BPOS_S_E15_0
EOP Message Tracing
Message trace + delivery reports = a lot of power to
troubleshoot mail-flow issues
Trace messages sent from one internal Office 365 tenant
mailbox to another
Simple search interface (no required fields)
Top 1000 of the last 48h of message results
Results include date, from, to, subject and a summary status
 Granular Reporting
Options
Provide a clear view on spam
filtering, malware attacks, and DLP
enforcement

33
Reporting Demo