08 o365 smb js v2 exchange online protection blue
TRANSCRIPT
Mod 8:Exchange Security & ProtectionChris Oakman | Managing Partner Infrastructure Team | Eastridge TechnologyStephen Hall | CEO & SMB Technologist | District Computers
Version 2.0 for Office 365
Day 1Administering Office 365
Day 2Administering Exchange Online
Office 365 Overview & Infrastructure Lync Online Administration
Office 365 User Management Administering SharePoint OnlineOffice 365 DirSync, Single Sign-On & ADFS Exchange Online Basic Management
MEAL BREAK
Exchange Online Deployment & Migration
Exchange Security & Protection
Exchange Online Archiving & Compliance
Jump Start Schedule – Target Agenda
Module 8: Exchange Security & ProtectionFor Midsize Businesses and Enterprises
• Service Introduction & Overview • Spam control• Anti-Malware• Managing Policy• Managing Exchange Security & Policy in Office 365• Mail flow rules, Message Tracing & Delivery Reports
What is EOP?
Executive Office of the PresidentEqual Opportunity ProgramEdge of Pavement
English-only Policy Emergency Oxygen PackEdge of Panic
Emergency Operations PlanEthernet over PowerElevation of Privilege
Exchange Online Protection
• Cloud-based email filtering service that:• Protects against spam and malware• Safeguards organizations from messaging-policy violations• Simplifies Exchange messaging environment management
• Replaces Forefront Online Protection for Exchange (FOPE)
• All FOPE customers will be migrated to EOP
• Adds anti-malware protection to Exchange Online
Exchange Online Protection (EOP)
• Exchange Policies that contain sets of conditions to filter email messages
• made up of transport rules, actions and exceptions• Must be activated in the Exchange Administration Center (EAC) to filter live
messages
• Can inform senders they may be about to violate a policy before they even send an offending message
• Done through the configuration of policy tips
Exchange Data Loss Prevention (DLP)
http://technet.microsoft.com/en-us/library/jj150527%28v=exchg.150%29.aspx
NOTE: DLP is a premium feature that requires an Exchange Online Plan 2 License. Included with ALL Office 365 Midsize business & enterprise plans
Exchange Security and Protection Stop viruses and malware
Exchange Online Protection works to block spam and viruses before entering networkBasic level of anti-malware built into Exchange Server Protect Sensitive Data Scan Exchange transport for sensitive content with DLP feature in the cloud or on-premisesGranular control on email using RMS
Exchange Online Protection
Exchange Servers
Exchange Security and Protection (Cont’d) Stop viruses and malware
Exchange Online Protection provides multi-engine protection
Protect sensitive data Scan exchange transport for sensitive content with Data Loss Prevention featuresGranular control on email using RMS
Anti-Spam
Anti-Malware
Unified Management Policy
Protect communicationsBasic level of built-in anti-malware and enhanced spam filtering to help protect your email environment from threats
Exchange Security and Protection (Cont’d)
Enforce policyData Loss Prevention (DLP) controls that can detect sensitive data in email before it is sent and automatically block, hold or notify the sender
Simplify managementUnified administration of anti-spam, anti-malware, and DLP within Exchange
Comprehensive protectionMulti-engine antivirus Continuously evolving anti-spam protectionBuilt on Forefront Online Protection for Exchange (FOPE)
Exchange Online Protection (EOP)
Enterprise-class reliabilityGeographically load-balanced datacentersQueuing capabilities to help ensure that no mail is lost
Common administration consoleMicrosoft Office 365 integrationDetailed reporting
DLP helps to identifymonitorprotect
sensitive data through deep content analysis
Data Loss Prevention (DLP) in Exchange
Easy to use
Monitor
Protect
Identify
Module 8: Exchange Online Protection & SecurityFor Midsize Businesses and Enterprises
• Service Introduction & Overview • Spam control• Anti-Malware• Managing Policy• Managing Exchange Security & Policy in Office 365• Mail flow rules, Message Tracing & Delivery Reports
1. Connection filtering Blocks up to 80% of all spam, based on
IP block/allow lists
2. Sender-recipient filteringBlocks up to 15% of all spam, based on internal lists and sender reputation
3. Content filteringBlocks up to 5% of all spam, based on internal lists and heuristics
Multi-Layered Anti-Spam Protection
Connection filtering Static IP allow/block listOpt-in to Microsoft-maintained reputable sender listContent spam categoriesBlatant spamHigh-confidence spamContent filtering actionsDeleteQuarantineAdd X-headerModify subjectRedirect
Control Anti-Spam Filtering
Effective Spam BlockingBlock external threats quicklyAdvanced fingerprinting technologies that identify and stop new spam and phishing vectors in real time
Enable more control Mark all bulk messages as spamBlock unwanted email based on language or geographic origin
Block email based on language
Block email based on geography
EOP Inbound Filtering Email is routed to EOP DC based on
MX record resolution(Contoso-
com.mail.protection.outlook.com)
IP-based edge blocks
Envelope blocks
Virus Scanning
AV Engine 1
AV Engine 2
AV Engine 3
SPAM ProtectionSafe
Sender/Recipient
Policy Enforcement
Custom RulesContent Scanning
and Heuristics
Bulk Mail Filtering
SPF & Sender ID Filter
Quarantine
International SpamAdvanced SPAM
Management
Customer Feedback
False +ve / -ve
Spam Analysts
Corporate Network
EOP Outbound Filtering
High Risk Delivery PoolHigh Score
Outbound Pool
Low Score
SPAM Protection
Content Scanning and Heuristics
Advanced SPAM Management
Virus Scanning
AV Engine 1
AV Engine 2
AV Engine 3
Policy Enforcement
Custom Rules
QuarantineSpam Analysts
Corporate Network
Module 8: Exchange Online Protection & SecurityFor Midsize Businesses and Enterprises
• Service Introduction & Overview • Spam control• Anti-Malware• Managing Policy• Managing Exchange Security & Policy in Office 365• Mail flow rules, Message Tracing & Delivery Reports
Basic level built in to Exchange ServerSimple configuration and monitoringSame antivirus engine as System Center Endpoint ProtectionScans through the transport service
Anti-Malware Protection
Simple ConfigurationDelete messagesDelete attachmentsRobust, customizable notifications
Sender notifications
Admin notifications
Module 8: Exchange Online Protection & SecurityFor Midsize Businesses and Enterprises
• Service Introduction & Overview • Spam control• Anti-Malware• Managing Policy• Managing Exchange Security & Policy in Office 365• Mail flow rules, Message Tracing & Delivery Reports
Same rule set as Exchange Transport RulesIncludes some new conditions:The sender IP matches any of these addressesAttachment scanningAny attachment has executable contentThe message contains sensitive informationThe message size exceeds…
EOP Rules
Same rule set as Exchange Transport RulesIncludes some new actions:Generate incident reportRequire TLS encryptionPut message in quarantine mailboxUse the following outbound connector…
EOP Rules (Cont’d)
Same rule set as Exchange Transport RulesIncludes some new options:Rules can be configured to run for a specific time periodRules can be run in Test ModeInformation Rights Management (IRM) can be applied to messages using a transport rule
EOP Rules (Cont’d)
Establish policies to protect sensitive dataRules can be run in Test Mode or applied to live emailInformation Rights Management (IRM) can be applied to messages using a transport ruleMethods to create DLP policies• Out-of-the-box template supplied by Microsoft• Import a pre-built policy file from outside your organization• Create a custom policy without any pre-existing conditions
DLP Rules
http://technet.microsoft.com/en-us/library/jj150527%28v=exchg.150%29.aspx#dlp_establish
Module 8: Exchange Online Protection & SecurityFor Midsize Businesses and Enterprises
• Service Introduction & Overview • Spam control• Anti-Malware• Managing Policy• Managing Exchange Security & Policy in Office 365• Mail flow rules, Message Tracing & Delivery Reports
Office 365 Admin Center & Exchange Admin Center • Anti-spam• Anti-malware• DLP controls
Common Management Console
DLP Rules
DEMO | Exchange Online Protection
• Anti-Malware Policy• Anti-Spam Policy [in]• Content filter Policy• Anti-Spam Policy [out]• Quarantine
Module 8: Exchange Online Protection & SecurityFor Midsize Businesses and Enterprises
• Service Introduction & Overview • Spam control• Anti-Malware• Managing Policy• Managing Exchange Security & Policy in Office 365• Mail flow rules, Message Tracing & Delivery Reports
Exchange transport rulesExchange Mail Flow Rules
http://technet.microsoft.com/en-US/library/ms.exch.eac.NewTransportRule(EXCHG.150).aspx?v=15.0.702.0&l=1&s=BPOS_S_E15_0
Message trace + delivery reports = a lot of power to troubleshoot mail-flow issuesTrace messages sent from one internal Office 365 tenant mailbox to anotherSimple search interface (no required fields)Top 1000 of the last 48h of message resultsResults include date, from, to, subject and a summary status
EOP Message Tracing
Granular Reporting OptionsProvide a clear view on spam filtering, malware attacks, and DLP enforcement
33
Reporting Demo