Module 9 Configuring Messaging Policy and Compliance
Module Overview <ul><li>Introducing Messaging Policy and Compliance </li></ul><ul><li>Configuring Transport Rules </li></u...
Lesson 1: Introducing Messaging Policy and Compliance <ul><li>What Is Messaging Policy and Compliance? </li></ul><ul><li>D...
What Is Messaging Policy and Compliance? Exchange Server 2010 has features that help you manage information distribution a...
Discussion: Compliance Requirements <ul><li>What type of business is your organization? </li></ul><ul><li>What are some le...
Options for Enforcing Messaging Policy and Compliance <ul><li>Transport rules </li></ul><ul><li>Message journaling  </li><...
Lesson 2: Configuring Transport Rules <ul><li>What Are Transport Rules?  </li></ul><ul><li>Transport Rule Components  </li...
What Are Transport Rules? Transport rules on an Edge Transport server are: <ul><li>Stored in AD LDS </li></ul><ul><li>Uniq...
Transport Rule Components <ul><li>Conditions: Specify which e-mail message components are used to identify the e-mail mess...
Demonstration: How to Configure Transport Rules <ul><li>In this demonstration, you will see how to   configure transport r...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
What Are Message Classifications? Administrators can:   <ul><li>View existing message classifications </li></ul><ul><li>Mo...
What Is AD RMS? You can use AD RMS to:  <ul><li>Restrict access to an organization’s intellectual property </li></ul>AD RM...
How AD RMS Works RMS Server Information Author Recipient 1 2 3 4 5
How AD RMS Integration Works  By integrating AD RMS with Exchange Server 2010, you can: <ul><li>Enable users to protect co...
Demonstration: How to Configure AD RMS Integration <ul><li>In this demonstration, you will see how to:  </li></ul><ul><li>...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Options for Configuring Moderated Transport  In Exchange Server 2010, you can configure:   <ul><li>Transport rules that re...
Demonstration: How to Configure Moderated Transport <ul><li>In this demonstration, you will see how to:  </li></ul><ul><li...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Lesson 3: Configuring Journaling and Multi-Mailbox Search <ul><li>Message Journaling Options  </li></ul><ul><li>Demonstrat...
Message Journaling Options  You can configure message journaling by configuring:  <ul><li>Per-recipient journaling </li></...
Demonstration: How to Configure Message Journaling  In this demonstration, you will see how to configure a journal rule
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Considerations for Managing the Message Journal Mailbox  <ul><li>Consider using a SharePoint document library configured w...
What Is Multi-Mailbox Search? Multi-Mailbox Search: <ul><li>Enables cross-mailbox searches </li></ul><ul><li>Uses the Exch...
Demonstration: How to Configure Multi-Mailbox Search  <ul><li>In this demonstration, you will see how to:  </li></ul><ul><...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Lab A: Configuring Transport Rules, Journal Rules, and Multi-Mailbox Search <ul><li>Exercise 1: Configuring Transport Rule...
Lab Scenario <ul><li>You are a messaging administrator in A. Datum Corporation. Your organization has deployed Exchange Se...
Lab Review <ul><li>In this lab, you implemented a transport rule that added a disclaimer to all messages sent to users out...
Lesson 4: Configuring Messaging Records Management <ul><li>What Are Retention Tags and Retention Policies? </li></ul><ul><...
What Are Retention Tags and Retention Policies?  <ul><li>Retention Tag options include: </li></ul><ul><ul><li>Retention Po...
What Is AutoTagging? <ul><li>AutoTagging:   </li></ul><ul><ul><li>Tracks user tagging </li></ul></ul><ul><ul><li>Requires ...
Demonstration: How to Configure Retention Tags and Policies  <ul><li>In this demonstration, you will see how to:  </li></u...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
What Are Managed Folders? <ul><li>Managed folders can include default folders and custom   managed folders </li></ul><ul><...
Process for Deploying Managed Folders  To deploy Managed Folders: <ul><li>Specify the folders where you will apply managed...
Demonstration: How to Implement Managed Custom Folders and Content Settings  <ul><li>In this demonstration, you will see h...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Considerations for Implementing Messaging  Records Management  <ul><li>Use managed custom folders for project based folder...
Lesson 5: Configuring Personal Archives <ul><li>Discussion: Options for Implementing Mailbox Archiving  </li></ul><ul><li>...
Discussion: Options for Implementing Mailbox Archiving  <ul><li>Do you have any archiving requirements in your organizatio...
How Personal Archives Work in Exchange  Server 2010  The Personal Archive: <ul><li>Must be in the same mailbox database as...
Demonstration: How to Configure Personal Archives  <ul><li>In this demonstration, you will see how to:  </li></ul><ul><li>...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Considerations for Implementing Personal Archives <ul><li>Consider implementing Personal Archives for  critical mailboxes ...
Lab B: Configuring Messaging Records Management and Personal Archives <ul><li>Exercise 1: Configuring Messaging Records Ma...
Lab Scenario <ul><li>You are the messaging administrator for A. Datum Corporation. Your organization has deployed Exchange...
Lab Review <ul><li>Which of the following two approaches is better for ensuring that you retain a copy of specific e-mail ...
Module Review and Takeaways <ul><li>Review Questions </li></ul><ul><li>Common Issues and Troubleshooting Tips </li></ul><u...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Upcoming SlideShare
Loading in …5
×

10135 a 09

1,050 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,050
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
80
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Module 9: Configuring Messaging Policy and Compliance Course 10135A Presentation: 90 minutes Lab: 90 minutes After completing this module, students will be able to: Explain the messaging compliance requirements and options. Configure transport rules. Configure journaling rules. Configure Messaging Records Management (MRM). Configure Personal Archives. Required materials To teach this module, you need the Microsoft® Office PowerPoint® file 10135A_09.ppt. Important: We recommend that you use PowerPoint 2002 or a later version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides might not display correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations and the lab exercises. Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance. Note about the demonstrations : To prepare for the demonstrations, start the 10135A-VAN-DC1 virtual machine and log on to the server before starting the other virtual machines. To save time during the demonstrations, log on to the Exchange servers and open the Exchange Server management tools before starting the demonstrations. Additionally, connect to the Microsoft Outlook® Web App site on the Exchange servers, and then log on as Administrator. It can take more than a minute to open the management tools and Microsoft Outlook Web App for the first time. Make sure that students are aware that the Course Companion CD has additional information and resources for the module.
  • As you introduce this module and lesson, stress that a primary design goal with Exchange Server 2010 is to provide more tools for message policy compliance. Most organizations are now under some type of regulatory compliance legislation, and most organizations realize that e-mail is a primary means of business communication. Messaging policy and compliance features in Exchange Server 2010 provide organizations with the tools to enforce compliance requirements for e-mail.
  • As students answer the second and third questions, consider putting their answers on the white board. You can use this list for the next topic to show how Exchange Server 2010 can provide solutions to these regulatory requirements. Question : What type of business does your organization conduct? What are some legislated compliance requirements for your organization? Answer : Answers will vary depending on the business that the organization conducts. Some examples of how legislation restricts how U.S. organizations manage information include: Sarbanes-Oxley Act of 2002 (SOX) Gramm-Leach-Bliley Act (Financial Modernization Act) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act) Here are other countries’ examples of this type of restriction: The Personal Information Protection and Electronic Documents Act (Canada) Federal Privacy Act (Australia) European Union Data Protection Directive (EUDPD) Japan’s Personal Information Protection Act Question : What additional compliance requirements does your organization have? Answer : Organizations might have additional requirements for managing e-mail. For example, an organization might want to add legal disclaimers to outgoing communications or require that certain messages require an intellectual property disclosure disclaimer. Organizations also might have message-retention requirements that mandate that certain messages be retained and others deleted after a specified time. Question : How are you currently meeting these compliance requirements? Answer : Answers will vary. Quite a few organizations implement some type of archiving solution. If organizations deployed Exchange Server 2007, they might have taken advantage of its messaging compliance features. Many organizations have written policies regarding messaging compliance, but have not been able to enforce the rules except through conducting audits.
  • This topic provides an overview of the Exchange Server 2010 options for enforcing messaging policy and compliance requirements. Briefly describe the features here. You will provide more detail on each feature later in this module. As you describe the Exchange Server 2010 features, point out which of the requirements could be fully or partially met by each of the enforcement options.
  • Stress that Exchange Server applies transport rules to messages either before users send or receive them. Exchange Server applies the rules on transport servers, which means that the user has no control over whether Exchange Server actually applies the rule and that Exchange Server can apply the rules at any point during a message’s transmission. Mention that the transport rule configuration is one of the reasons why the transport server roles have been separated from the Mailbox server role, and why all messages must flow through a transport server. By forcing all messages to pass through a transport server, Exchange Server 2010 enables easy application of rules that apply to all messages. Highlight that you can configure transport rules on Edge Transport and Hub Transport servers, but that there are some differences in the types of rules and the configuration options between the two Exchange Server 2010 server roles.
  • As you describe the components that make up a transport rule, provide examples of some of the configuration options for each component. Some examples are: Conditions: Search for message sender or recipient, keywords in the message’s subject or body, regular patterns such as customer numbers and social insurance numbers, and other specific items. Actions: Block the message, send the message to an alternative address, add a disclaimer to the message, and other actions. Exceptions: This list is similar to the conditions list, and enables you to narrow down the conditions under which Exchange Server applies the actions. Predicates: The condition or exception can examine the To: or Subject fields, or an attachment size.
  • As you present the demonstration, spend time discussing some of the conditions, actions, and exceptions. Even though you are configuring only one transport rule, you should provide students with an overview of options they have when configuring transport rules. Preparation Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and 10135A-VAN-CL1 virtual machines are running. Log on to 10135A-VAN-DC1 and 10135A-VAN-EX1 as Administrator with a password of Pa$$w0rd . Log on to 10135A-VAN-CL1 as Luca using a password of Pa$$w0rd . Demonstration Steps 1. On VAN-EX1 , open the Exchange Management Console. 2. Under Organization Configuration , click Hub Transport . 3. In the Actions pane, click New Transport Rule . 4. On the Introduction page, in the Name field, type Company Disclaimer HTML . 5. Verify that Enable Rule is selected, and then click Next . 6. On the Conditions page, under Step 1 , select send to users that are inside or outside the organization, or partners , and then click Next . 7. On the Actions page, under Step 1 , select append disclaimer text and fallback to action if unable to apply . 8. Under Step 2 , click the disclaimer text link. 9. In the Specify disclaimer text box, type the following text, ensuring that you press ENTER at the end of each line: &lt;html&gt; &lt;body&gt; &lt;br&gt;&amp;nbsp&lt;/br&gt; &lt;br&gt;&amp;nbsp&lt;/br&gt; &lt;b&gt;&lt;font color=red&gt;This e-mail and attachments are intended for the individual or group addressed.&lt;/font&gt;&lt;/b&gt; &lt;/body&gt; &lt;/html&gt; 10.Click OK , and then click Next . 11.Click Next , and then click New to create the new HTML disclaimer. 12.On the Completion page, click Finish .
  • 13.On VAN-EX1, open the Exchange Management Shell . 14.At the PS prompt, type the following cmdlet, and then press ENTER: New-TransportRule -Name &amp;quot;Social Insurance Number Block Rule&amp;quot; -SubjectOrBodyMatchesPatterns &amp;quot;\\d\\d\\d-\\d\\d\\d-\\d\\d\\d&amp;quot; -RejectMessageEnhancedStatusCode &amp;quot;5.7.1&amp;quot; -RejectMessageReasonText &amp;quot;This message has been rejected because of content restrictions&amp;quot; 15.To test the transport rules, switch to VAN-CL1, and then open Office Outlook 2007. 16.Click New , and then create a message with the following properties: To: Administrator Subject: Disclaimer Test Content: Testing the HTML disclaimer 17.Send the message. 18.On VAN-EX1, open Windows® Internet Explorer®, and connect to https://VAN-EX1.adatum.com/owa . 19.Log on to Microsoft Outlook Web App as Adatum\\Administrator with a password of Pa$$w0rd . Click OK . 20.Verify that the message from Luca Dellamore includes the HTML disclaimer. 21.On VAN-CL1, create a new message with the following properties: To: Administrator Subject: Transport Rule Test Content: Testing the Social insurance number block rule. 111-111-111 23.Send the message. 24.Verify that the user receives a NDR with the rejected message text that you configured. Question : What transport policies will you need to implement in your organization? Answer : Answers will vary. Transport rules provide many different options to restrict message flow and modify messages as they pass through the Hub Transport servers. Course 10135A
  • As you start this topic, discuss how important it is to add metadata to messages, as it provides the recipient with important information. For example, if you create a message classification for confidential messages, users can apply this classification to messages to alert the recipient regarding the message’s nature. Briefly discuss the tasks that you can perform with message classifications. The most important item to discuss is how to enable Outlook 2007 clients to use message classifications. Stress that this functionality is not enabled by default, and that the administrator must create the XML file, deploy it to users, and make the registry changes on all clients before this functionality is enabled. In the next demonstration and in the lab, students will learn how message classifications are used with transport rules and Active Directory® Rights Management Service, and Active Directory Domain Services (AD DS) or Active Directory directory services.
  • Use the definition on the slide to describe AD RMS. Then talk about intellectual property and how important it is in the business world. You can use the example from Module 1: Tailspin Toys has developed a first-to-market product that gives them an edge over their competitors. To keep the product’s details within the confines of the company’s network, it makes sense to utilize rights management to minimize the numbers of users with permission to access the documentation, and to keep those users from printing or sending this critical documentation. The increased threat of computer-related crimes also is a reason to be more protective of information. Additionally, new legislative standards are resulting in many companies needing to protect sensitive data even more.
  • This topic provides an overview of how AD RMS works. This is a generic description of how AD RMS works, and does not include an Exchange server. Mention that AD RMS does not require an Exchange infrastructure. Because Microsoft Office 2007 and later versions are AD RMS-aware applications, users can protect content using Office 2007 and then must be authenticated before they can access the files on a file share. Author receives a client licensor certificate the first time they rights-protect information. Author defines a set of usage rights and rules for their file, and the application creates a “publishing license” and encrypts the file. Author distributes the file. Recipient clicks the file to open it, and the application calls to the RMS server, which validates the user and issues a “use license.” Application renders the file, and enforces its rights. AD RMS is a Windows Server® 2008 server role and requires a Windows Server 2008 server deployment. Windows Vista® or later include the RMS client, but you also can install the RMS client on Windows XP.
  • Consider redrawing the diagram from the previous topic and inserting Exchange Server 2010 into the diagram. Exchange Server 2010 integrates with the components displayed in the previous diagram as follows: User-protected e-mail messages can be sent through the Exchange server. A Hub Transport server can operate like the AD RMS client. For example, when a message triggers a Transport Protection Rule, the Hub Transport server can apply the protection to the message. The Exchange server can operate on behalf of the AD RMS client. For example, when an Outlook client is offline, the AD RMS Prelicensing Agent on the Exchange server can preauthorize access to messages. When features like Journal Report Decryption or IRM for Outlook Web App are enabled, the Hub Transport server or Client Access server must communicate with the AD RMS server.
  • Before starting this demonstration, describe the demonstration environment to the users. The AD RMS server is already deployed in the organization and is configured with the required templates. Preparation Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and 10135A-VAN-CL1 virtual machines are running. Log on to 10135A-VAN-DC1 and 10135A-VAN-EX1 as Administrator with a password of Pa$$w0rd . Log on to 10135A-VAN-CL1 as Luca using a password of Pa$$w0rd . Demonstration Steps On VAN-CL1, open Outlook 2007. Create a new message with the following properties: To: Administrator. Subject: Testing AD RMS integration Content: This is a protected e-mail. In the Message ribbon, click the Permission icon. In the Windows Security dialog box, log on as Luca using the password Pa$$w0rd . Wait while Luca&apos;s credentials are prepared. When the message appears, verify that the message now contains the Do Not Forward header. Click Send , close Outlook, and then log off. Log on to VAN-CL1 as Adatum\\Administrator using the password Pa$$w0rd . Open Outlook 2007, and then open the message from Luca Dellamore . In the Windows Security dialog box, log on as Administrator using a password of Pa$$w0rd . Click OK . When the message opens, verify that you do not have permission to forward the message. Close the message. On VAN-DC1, open Windows Explorer, browse to C:\\inetpub\\wwwroot\\_wmcs\\certification , right-click servercertification.asmx , and then click Properties . In the Server Certification.asmx Properties dialog box, click the Security tab, and then click Edit . In the Permissions for Server Certification.asmx dialog box, click Add . In the Select Users, Computers, Service Accounts, or Groups dialog box, click Object Types , select the Computers check box, and then click OK . In the Enter the object names to select field, type Exchange Servers , and then click OK .
  • Click Add . In the Enter the object names to select field, type IIS_IUSRS , and then click OK twice. On VAN-DC1, open a command prompt, type IISReset , and then press ENTER. Wait for the service to restart, and then close the command prompt. On VAN-EX1, in the Exchange Management Shell, type get-irmconfiguration , and then press ENTER. This cmdlet displays the default AD RMS integration configuration for the Exchange Server organization. At the PS prompt, type set-irmconfiguration –InternalLicensingEnabled:$true , and then press ENTER. This cmdlet enables AD RMS encryption on the Hub Transport server. At the PS prompt, type test-irmconfiguration –sender LucaDellamore@adatum.com , and then press ENTER. This cmdlet tests the AD RMS configuration. On VAN-EX1, in the Exchange Management Console, under Organization Configuration , click Hub Transport . In the Actions pane, click New Transport Rule . On the Introduction page, in the Name field, type AD RMS Test Rule . Verify that Enable Rule is selected, and then click Next . On the Conditions page, under Step 1 , select from people . Under Step 2 , click the people link. In the Specify senders dialog box, click Add , click Administrator , and then click OK twice. On the Conditions page, under Step 1 , select sent to people . Under Step 2 , click the people link. In the Specify recipients dialog box, click Add , click Luca Dellamore , and then click OK twice. Click Next . On the Actions page, under Step 1 , select rights protect message with RMS template . Under Step 2 , click the RMS Template link. In the Select RMS template dialog box, click Do Not Forward , and then click OK . Click Next twice, and then click New . Click Finish . On VAN-CL1, ensure that you are logged on as Administrator . Create a new message with a subject of Transport Rule ADRMS test , and send it to Luca . Log off VAN-CL1, and then log on as Luca. Open Outlook and verify that Luca received the message entitled “Transport Rule ADRMS test” and that the Do Not Forward template is protecting the message. You will need to authenticate again to open the message. Course 10135A
  • Question . Does your organization have AD RMS deployed? Are you planning to deploy AD RMS? Answer . Answers will vary. Not many organizations have deployed AD RMS. The organizations that have deployed it tend to have stringent requirements for managing content access. Question . How will Exchange Server 2010 make it easier to deploy AD RMS? Answer . The Exchange Server 2010 features overcome two important limitations of previous AD RMS deployments. First, by using transport rules you can apply AD RMS even if users have chosen not to do so. In previous versions, the user had to apply the protection. Secondly, the AD RMS Prelicensing Agent will make the AD RMS integration easier for mobile clients. Course 10135A
  • After describing the two options for configuring moderated transport, ask students for scenarios where they would use each option. Scenarios may include: Requiring moderation for messages sent to very large distribution groups. Requiring moderation for messages sent to confidential distribution groups or recipients. Students may respond that both options essentially provide the same functionality, and that essentially, they offer different ways to accomplish the same task.
  • Preparation Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and 10135A-VAN-CL1 virtual machines are running. Log on to 10135A-VAN-DC1 and 10135A-VAN-EX1 as Administrator with a password of Pa$$w0rd . Log on to 10135A-VAN-CL1 as Luca using a password of Pa$$w0rd . Demonstration Steps 1. On VAN-EX1, open the Exchange Management Console . 2. Under Recipient Configuration , click Distribution Group . 3. In the middle pane, right-click Marketing , and then click Properties . 4. On the Mail Flow Settings tab, double-click Message Moderation . 5. In the Message Moderation dialog box, select the Messages sent to this group have to be approved by a moderator check box. 6. Under Specify group moderators , click Add . 7. In the Select Recipient – Entire Forest dialog box, click Luca Dellamore , and then click OK . 8. Under Specify senders who don’t require message approval , click Add . 9. In the Select Recipient dialog box, click Marketing , and then click OK three times. 10. Under Organization Configuration , click Hub Transport . 11. In the Actions pane, click New Transport Rule . 12. On the Introduction page, in the Name field, type ITAdmins Group Moderation . Verify that Enable Rule is selected, and then click Next . 13. Under Conditions in Step 1 , select sent to a member of distribution list . 14. Under Step 2 , click the distribution list link. 15. In the Specify recipient distribution group dialog box, click Add . 16. In the Select Mail Enabled Group window, select ITAdmins , click OK , and then click OK again. 17. Click Next . 18. Under Actions in Step 1 , select forward the message to addresses for moderation. 19. Under Step 2 , click the addresses link. 20. In the Specify recipients window, click Add .
  • 21. In the Select Recipient User or Contact window, click Luca Dellamore , click OK , and then click OK again. 22. Click Next . 23. On the Exceptions page, under Step 1 , select except when the message is from a member of distribution list . 24. Under Step 2 , click the distribution list link. 25. In the Specify sender distribution list window, click Add . 26. In the Select Mail Enabled Group window, select ITAdmins , click OK , and then click OK . 27. Click Next , and then click New . 28. On the Completion page, click Finish . 29. Open Internet Explorer, and then connect to https://VAN-EX1.Adatum.com/owa . 30. Log on to Outlook Web App as Adatum\\Administrator with a password of Pa$$w0rd . 31. In the Inbox, click New . 32. In the To field, type ITAdmins . 33. Type a subject and a short message, and then click Send . 34. In the Inbox , click New . 35. In the To field, type Marketing . 36. Type a subject and a short message, and then click Send . 37. On VAN-CL1, verify that you are logged in as Luca , open Outlook, and then verify that there are two messages waiting for Luca&apos;s approval. 38. Double-click the first e-mail message, and then on the Vote menu, click Approve . Close the message. Double-click the second e-mail message, and then on the Vote menu, click Approve . Close the message. Question . Will you deploy moderated transport in your organization? If so, where would you use it? Answer . Answers will vary. Because this is a new feature in Exchange Server 2010, many students may not consider this option. Ask them to describe scenarios where they need to restrict who can send data to a recipient, and then ask them to consider if moderated transport would be the best option for enabling restrictions. Course 10135A
  • After describing message journaling, ask students if they will require this functionality. Many organizations require retention of certain messages for specific time periods. Message journaling is the best option for enabling this functionality. As you discuss the options for journaling messages, mention that the licensing levels depend on the type of client access license that the company deploys. With standard client access licenses (CALs), you only can enable message journaling on the mailbox databases. With enterprise CALs, you can enable other types of journaling. Mention that the next lesson provides more information on Messaging Records Management.
  • Preparation Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and 10135A-VAN-CL1 virtual machines are running. Log on to 10135A-VAN-DC1 and 10135A-VAN-EX1 as Administrator with a password of Pa$$w0rd . Log on to 10135A-VAN-CL1 as Luca using a password of Pa$$w0rd . Demonstration Steps 1. On VAN-EX1, in the Exchange Management Console , under Organization Configuration , click Hub Transport . 2. In the Actions pane, click New Journal Rule to start the New Journal Rule wizard. 3. On the New Journal Rule page, in the Rule name field, type Executives Message Journaling . 4. Beside Send Journal reports to e-mail address , click Browse . 5. In the Select Recipient dialog box, click Luca Dellamore , and then click OK . Important: In this demonstration, you are choosing another user’s mailbox as the destination for the journaled messages. In a production environment, choose a mailbox that you can dedicate as a journal mailbox. 6. Under Scope , click Internal – internal messages only . 7. Select the Journal messages for recipient check box, and then click Browse . 8. In the Select Recipient dialog box, click Executives , and then click OK . 9. On the New Journaling Rule page, click New , and then click Finish . 10. On VAN-EX1, open Internet Explorer, and then connect to https://VAN-EX1.adatum.com/owa . Log on as Adatum\\Administrator with a password of Pa$$w0rd . 11. Create a new message, and then send it to Scott MacDonald . Scott is a member of the Executives group. Close Internet Explorer. 12. Open a new instance of Internet Explorer, and then connect to https://VAN-EX1.adatum.com/owa . Log on as Adatum\\Scott with the password Pa$$w0rd . 13. Confirm that the message from the Administrator arrived. Reply to the message, and then close Internet Explorer. 14. On VAN-CL1, verify that you are logged in as Luca , open Outlook, and then confirm that the journal mailbox contains both a journal report for the message sent to Scott and the reply message.
  • Question : What are the advantages and disadvantages of using the Exchange Server 2010 message journaling feature? Answer : Answers will vary depending on what tool the organization has deployed. Exchange Server 2010 journaling has one advantage--it enables you to specify any archival location for messages, and you can filter journaling based on recipients rather than at a database level. However, Exchange Server 2010 does not provide any automated tools for managing the journal mailbox, so you will need to implement a manual management process. Course 10135A
  • Highlight the importance of developing policies for managing the message journal mailbox. There are several key requirements that must be met: How do you manage the mailbox size? The mailbox may grow rapidly if you are applying several journaling rules. How do you manage security for the journaling mailbox. The mailbox may contain highly confidential information so you should restrict who has access to the mailbox. Ensure legal compliance. Because you are probably setting up the journal mailbox to meet a legal or corporate requirement, make sure that your implementation has approval from your legal representatives.
  • Start this topic’s presentation by asking students whether they have a requirement to search multiple mailboxes. Student response will vary. Most organizations probably never require a multiple mailbox searches, but organizations with high security requirements might use this feature frequently. Describe how the Multi-Mailbox Search feature works, then emphasize that only users who have appropriate permissions can perform these searches. By default, even organization administrators cannot search all mailboxes. If a user needs to be able to search all organizational mailboxes, the easiest way to provide the required permissions is to add the users to the Discovery Management role.
  • In Exchange Server 2007, Exchange administrators could search mailboxes by using the Export-mailbox command. Ask students if they have ever used this tool. If they have, ask them to compare the tool to performing cross-mailbox searches using Exchange Control Panel (ECP). Preparation Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and 10135A-VAN-CL1 virtual machines are running. Log on to 10135A-VAN-DC1 and 10135A-VAN-EX1 as Administrator with a password of Pa$$w0rd . Log on to 10135A-VAN-CL1 as Luca using a password of Pa$$w0rd. Demonstration Steps 1. On VAN-DC1, open Active Directory Users and Computers , and then in the Microsoft Exchange Security Groups organizational unit (OU), double-click the Discovery Management group. 2. In the Discovery Management Properties dialog box, on the Members tab, click Add , type Luca , and then click OK twice. 3. On VAN-EX1, in Exchange Management Console, under Recipient Configuration , click Mailbox . 4. In the recipient list, click Discovery Search Mailbox , and then click Manage Full Access Permission . 5. On the Manage Full Access Permission page, click Add , click Luca Dellamore , click OK , click Manage , and then click Finish . 6. On VAN-CL1, if required, open Outlook. 7. In the Inbox , click New . 8. In the To field, type Manoj;Wei , and then press CTRL+K to resolve the names. 9. In the Subject field, type New Inventory . 10.In the message box, type We’ve received the new ProjectX items in inventory. , and then click Send . 11.Open Internet Explorer, and then connect to https://VAN-EX1.Adatum.com/ecp . 12.Log on to the ECP as Adatum\\Luca with a password of Pa$$w0rd . 13.In the Select what to manage drop-down list, ensure that My Organization is listed. 14.In the left pane, click Reporting . Under Multi-Mailbox Search , click New . 15.In the Keywords box, type ProjectX . 16.Expand Mailboxes to Search . 17.Under Select the mailboxes to search , click Add . In the Select Mailbox window, click Manoj Syamala , and then click Add . Click Luca Dellamore , and then click Add. Click Wei Yu , click Add , and then click OK .
  • 18.Expand Search Name and Storage Location . 19. In the Search name field, type ProjectX Discovery . 20. Next to Select a mailbox in which to store the search results , click Browse . 21. In the Select Mailbox window, click Discovery Search Mailbox , and then click OK . 22. Click Save . Wait until the search status changes to Succeeded. 23. In the Internet Explorer window, in the top right corner, click My Mail . 24. In the top right corner, click Luca Dellamore , and then in the Select mailbox field, type Discovery . Click Open twice. In the Outlook Web App window, click OK . 25. In the Navigation pane, notice the new discovery folder named ProjectX Discovery . Expand the ProjectX Discovery folder. 28. Note the three folders created that correspond to the mailboxes added to the search criteria. 29. Expand Luca Dellamore , expand Primary Mailbox , and then expand Sent Items . Verify that the e-mail was discovered using the search criteria. 30. Expand Manoj Syamala , expand Primary Mailbox , and then expand Inbox . 31. Close Outlook Web App and Outlook. Course 10135A
  • In this lab, students will: Configure transport rules. Configure journal rules and Multi-Mailbox Search. Exercise 1: Configuring Transport Rules Inputs: The students will be provided with set of instructions regarding the transport rules that they must configure to meet a set of business and legal requirements. This lab will require a domain controller, one Exchange server, and a client computer with Outlook installed. Students also need to configure the domain controller as an AD RMS server. Outputs: Students will implement and verify transport rules by using the following options: AD RMS integration Message classifications Moderated transport Exercise 2: Configuring Journal Rules and Multi-Mailbox Search Inputs: The students will be provided with set of instructions regarding the journal rules that they need to configure to meet a set of business and legal requirements. This lab will require a domain controller, one Exchange server, and a client computer with Outlook installed. Outputs: Students will implement journaling rules and verify that the journaling rules work.
  • Use the questions on the slide to guide the debriefing after students complete the lab exercises. Question : In this lab, you implemented a transport rule that added a disclaimer to all messages sent to users outside the organization. What other option do you have for implementing this type of disclaimer? Answer : You could configure the transport rule on an Edge Transport server, and configure it to apply the disclaimer to all messages sent from the organization. Question : How can you verify that the Executives journal rule that you enabled in this lab is working properly? Answer : One option for verifying that the rule is working is to send a message to a group member, and verify that the message appears in the journal mailbox. Another option would be to use an account with Discovery Management permissions to search an Executive mailbox for all messages sent and received during a specific time. You then could validate that a copy of each message is in the journal mailbox.
  • As you start this lesson, highlight the e-mail retention or deletion policies that students mentioned during the previous lesson’s discussion.
  • Stress that these are the new features in Exchange Server 2010 MRM. The main goals for these new features is to reduce the time that users spend managing their e-mail, by automatically applying default policies to default e-mail folders and by enabling users to assign their own policies to nondefault folders. AutoTagging further reduces user workload, as it learns the preferences and then applying the learned tags automatically.
  • Stress that AutoTagging only works if you have implemented personal Retention Tags, and users have tagged at least 500 messages using the personal tags. The personal Retention Tags override the tags assigned to mailbox folders, and they also override the default policy tags. This means that users need to get used to using personal tags before they can take advantage of AutoTagging. If users are not aware that AutoTagging is enabled, they may be surprised that messages are tagged without any effort on their part. You may need to provide training for users to explain how to tag messages, and what happens when they have reached the 500-message limit. Also remind students that tags are only visible in Outlook Web App 2010 or Outlook 2010.
  • Preparation Ensure that the 10135A-VAN-DC1 and 10135A-VAN-EX1 virtual machines are running. Log on to 10135A-VAN-DC1 and 10135A-VAN-EX1 as Administrator with a password of Pa$$w0rd . Demonstration Steps 1. On VAN-EX1, if required, open the Exchange Management Shell. 2. At the PS prompt, type the following, and press ENTER: New-RetentionPolicyTag DefaultTag -Type:All -MessageClass AllMailboxContent -RetentionEnabled $true -AgeLimitForRetention 365 -RetentionAction PermanentlyDelete –isprimary:$true 3 At the PS prompt, type the following, and then press ENTER: New-RetentionPolicyTag InboxTag -Type:Inbox -MessageClass:* -AgeLimitForRetention:30 -RetentionEnable:$True -RetentionAction:MovetoDeletedItems 4. At the PS prompt, type the following, and then press ENTER: New-RetentionPolicyTag &amp;quot;Business Critical&amp;quot; -Type:Personal -MessageClass:* -AgeLimitForRetention:1100 -RetentionEnable:$True -RetentionAction:MoveToArchive 5. At the PS prompt, type the following, and then press ENTER: New-RetentionPolicy AllTagsPolicy -RetentionPolicyTagLinks:DefaultTag,InboxTag,&amp;quot;Business Critical&amp;quot; 6. At the PS prompt, type the following, and then press ENTER: Set-Mailbox Andreas -RetentionPolicy AllTagsPolicy 7. Read the confirmation statement, and then press ENTER. 8. At the PS prompt, type the following, and then press ENTER: Start-ManagedFolderAssistant -Mailbox Andreas 9. Open Internet Explorer, and connect to https://van-ex1.adatum.com/owa . 10.Log on as Adatum\\Andreas using a password of Pa$$w0rd . 11.Click a message in the Inbox, and then in the reading pane, point out the expiration time for the message. 12.Right-click the message and review the options under the Retention Policy and Archive Policy menu items.
  • Question : Do you think you will implement retention policies? Answer : Answers will vary. Many organizations do not have specific e-mail retention requirements, so they are unlikely to implement retention policies. Other organizations may choose to use retention policies as a way to help users manage their mailbox contents. Question : Which MRM option are you more likely to implement: managed custom or default folders, or retention policies? Answer : Answers will vary. Organizations that are using MRM to manage project-related messages may be more likely to use managed custom folders. Organizations are more likely to use retention policies if the goal is to automate the tagging of e-mail. Course 10135A
  • Managed folders were first introduced in Exchange Server 2007. Mention that Exchange Server 2010 still supports the same managed folder features as Exchange Server 2007 supported. Describe the components that make up Managed Folders. Ensure that you use the terminology consistently, because some of the terminology has changed since Exchange Server 2007. For example, in Exchange 2007, the term “managed folders” was used almost synonymously with Messaging Records Management. In Exchange Server 2010, managed folders are only one part of Messaging Records Management. One of the limitations of managing the content using custom folders is that this requires cooperation from e-mail users, because they must store messages in the correct Inbox folder. Ask students to compare the experience of using custom folders with using retention tags.
  • This topic provides an overview of implementing MRM. Mention that the following demonstration provides more detail on these steps.
  • Many students might be seeing this option for the first time, and they may require some time to think about how they would use it. Ask students if they have project teams that want to store all project messages in a single folder, and if they have message-retention requirements. Preparation Ensure that the 10135A-VAN-DC1 and 10135A-VAN-EX1 virtual machines are running. Log on to 10135A-VAN-DC1 and 10135A-VAN-EX1 as Administrator with a password of Pa$$w0rd . Demonstration Steps 1. On the VAN-EX1 computer, in the Exchange Management Console , in the Organization Configuration work area, click Mailbox . 2. In the Actions pane, click New Managed Custom Folder to start the New Managed Custom Folder wizard. 3. On the New Managed Custom Folder page, in the Name field, type Contoso Project . 4. In the Display the following comment when the folder is viewed in Outlook text box, type All items related to Contoso Project should be posted here and will be retained for 2 years . 5. Select the Do not allow users to minimize this comment in Outlook check box, and then click New . 6. On the Completion page, review the completion report, and then click Finish . Note: After creating the managed custom folder, you can assign content settings to it. You also can assign content settings to any default folders. 7. Right-click the Contoso Project folder, and then click New Managed Content Settings . 8. On the Introduction page, in the Name of the managed content settings to be displayed in the Exchange Management Console box, type Contoso Project Content Settings . 9. In the Message type list, ensure that All Mailbox Content is selected. 10. Select the Length of retention period (days) check box, and then type 731 in the text box. In the Retention period starts list, click When item is moved to the folder . You also can configure the retention period to start when the message is delivered to the user mailbox. 12. In the Action to take at the end of the retention period list, click Permanently delete . You also can configure the message to move to another managed custom folder or to be deleted with the option to recover the message. 13. On the Introduction page, click Next .
  • 14. On the Journaling page, select the Forward copies to check box, and then click Browse . Notice that you can send a copy of the message to any valid recipient, including a custom recipient with an SMTP address referring to a SharePoint document library, or a third-party archiving application. 15. Click Cancel . 16. Clear the Forward copies to check box, and then click Next . 17. On the New Managed Content Settings page, review the summary, click New , and then click Finish . 18. On the Managed Custom Folders tab, expand Contoso Project . The managed content setting is linked to the managed custom folder. 19. On the Managed Default Folders tab, right-click Inbox , and then click the New Managed Content Settings option. You can apply the same content settings to any default folders. Click Cancel , and then click Yes . 20. Point out the Entire Mailbox item on the Managed Default Folders tab. If you apply content settings to this item, the settings are applied to all default folders in the user mailboxes. 21. In the Actions pane, click New Managed Folder Mailbox Policy to start the New Managed Folder Mailbox Policy wizard. 22. On the New Mailbox Policy page, in the Managed folder mailbox policy name box, type Accounting Department Policy . 23. In the Specify the managed folders that you want to link to this policy section, click Add . 24. In the Select Managed Folder dialog box, click Contoso Project , and then click OK . Notice that you can add additional managed folders to the policy. 25. On the New Mailbox Policy page, click New , and then click Finish . 26. In the Exchange Management Console, click the Recipient Configuration node, and then click Mailbox . In the Results pane, click the Organization Unit heading to sort the mailbox list by OU. 27. Select all of the mailboxes in the Accounting OU, right-click, and then click Properties . 28. On the Mailbox Settings tab, click Messaging Records Management , and then click Properties . Select the Managed folder mailbox policy check box, and then click Browse . Click Accounting Department Policy , and then click OK . 29. In the Messaging Records Management dialog box, enable a retention hold for the user mailbox. Click OK three times, and then click Yes at the Microsoft Exchange confirmations. When you apply the retention hold, Exchange Server does not apply the retention settings for the user mailbox folders during the time you specify. This is useful if a user is on vacation or on extended leave, and you do not want to delete unread e-mail messages. Course 10135A
  • 30. In the Server Configuration work area, click Mailbox . 31. In the Results pane, right-click VAN-EX1 , and then click Properties . 32. On the Messaging Records Management tab, in the Schedule the Managed Folder Assistant list, click Use Custom Schedule , and then click Customize . 33. In the Schedule dialog box, select the times from Monday 6:00 A.M. to Friday 6:00 P.M. , and then click OK twice. 34. Open the Services console from the Administrative Tools menu, and then restart the Microsoft Exchange Mailbox Assistants service. Close the Services console. 35. On VAN-EX1, open Internet Explorer, and then connect to https://VAN-EX1.adatum.com/owa . Log on as Adatum\\Parna with a password of Pa$$w0rd . Parna is a member of the Accounting department. 36. On the Microsoft Office Outlook Web App page, click OK . 37. Expand Managed Folders , and confirm that the Contoso Project folder has been created in the user mailbox. Click the folder, and point out the comment describing the folder that is displayed in the top-right pane. Close Internet Explorer. Course 10135A
  • Start this topic by asking students when they would use custom folders for MRM versus retention policies. Retention policies are easier to use, because you can apply them automatically to all folders, and they do not require any user interaction. You still might consider using custom folders for specific project-based folders Emphasize the importance of obtaining business and legal signoff for any policies that delete messages from user mailboxes.
  • Question : Do you have any archiving or journaling requirements in your organization? Answer : Answers will vary. Many organizations have requirements for archiving certain messages. For example, an organization may require that messages with business-transaction information be archived for several years. Question : How are you currently meeting these requirements? Answer : Most organizations that implement an archiving solution do so using third-party applications. Previous Exchange Server versions only enabled journaling at the mailbox store level, where all messages sent and received from that store were archived. If students implement a third-party archiving tool, ask them to describe how the archiving tool works and what types of functionality the tool provides. If none of the students currently use an archiving product, you should be prepared to describe how most archiving products work. There are three primary architectures for archiving products: A product archives messages immediately as they are sent to or from an Exchange server Some archive messages by using an agent to scan mailbox contents, and then archive messages based on predefined criteria. Some archive solutions integrate with Exchange Server 2007 or Exchange Server 2010 journaling. With this model, the archive product monitors the journal mailbox and archives messages from the journal mailbox. Almost all archive solutions have two other features: They enable using cheaper storage for archived messages. They retain a stub of the archived message in the user mailbox so that the user can access archived messages.
  • Stress that the Exchange Server 2010 implementation of Personal Archives uses a different architecture than most other archiving solutions. The Exchange Server 2010 solution takes advantage of the improvements to disk input/output (I/O) to enable very large mailboxes that are easily accessible to users. Mention that one of the goals of Personal Archive is to move PST files into an Exchange Server database, where Exchange backs up data and indexes it for easy searching. Mention that Personal Archive mailboxes will be visible only in Outlook 2010 or when users access their mailboxes through Outlook Web App.
  • Preparation Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and 10135A-VAN-CL1 virtual machines are running. Log on to 10135A-VAN-DC1 and 10135A-VAN-EX1 as Administrator with a password of Pa$$w0rd . Log on to 10135A-VAN-CL1 as Luca using a password of Pa$$w0rd . Demonstration Steps 1. On VAN-EX1, in the Exchange Management Console , click Recipient Management , and then click Mailbox . 2. Right-click Luca Dellamore , click Enable Archive , and then click Yes . 3. Right-click Luca Dellamore , and then click Properties . 4. On the Mailbox Settings tab, click Archive Quota , and then click Properties . Notice that you can configure a mailbox quota for the archive mailbox. Click Cancel . 5. In the Exchange Management Shell , type get-mailbox Luca | FL , and then press ENTER. Review the ArchiveName and ArchiveQuota settings. 6. On VAN-CL1, verify that you are logged on as Luca , open Outlook, and then verify that you do not see the archive mailbox. 7. Open Internet Explorer, and then connect to https://VAN-EX1.adatum.com/owa . Log on as Adatum\\Luca with a password of Pa$$w0rd . Verify that the archive mailbox is visible through Outlook Web App. Question . Will you implement Personal Archives in Exchange Server 2010? Answer . Answers will vary. In some organizations, PST files store a great deal of critical information. These organizations may have an urgent requirement to manage those PST files more effectively. Organizations with limited storage space for the Exchange Servers are not likely to implement Personal Archives because of the significant increase in database size that this requires. Question . What are the benefits and disadvantages of the Personal Archives feature? Answer . Benefits include: You can enable it per mailbox Provides users with easy access and searching of archived content Requires very little user training because the interface is familiar to the users Disadvantages include: Significantly increases the storage requirements for the organization Does not provide the option of moving the archive mailbox to cheaper, slower storage
  • Course 10135A
  • Ask students who have deployed an alternate messaging-archiving solution whether they would consider switching to Personal Archives. Discuss benefits and disadvantages of each option, and then provide some considerations for deploying Personal Archives in Exchange Server 2010.
  • In this lab, students will: Configure Messaging Records Management. Configure Personal Archives. Exercise 1: Configuring Messaging Records Management Inputs: The students will be provided with a set of instructions regarding the Messaging Records Management configuration that they need to implement to meet business and legal requirements. This lab will require a domain controller, one Exchange server, and a client computer with Outlook installed. Outputs: Students will implement MRM policies using the following options: Managing a default folder Managing a custom folder Retention tags and autotagging Exercise 2: Configuring Personal Archives Inputs: The students will be provided with a set of instructions for configuring Personal Archives for specific of users. Outputs: Students will configure the Personal Archives, and will verify the Personal Archive mailbox integration with the user’s regular mailbox.
  • Use the questions on the slide to guide the debriefing after students have complete the lab exercises. Question : Which of the following two approaches is better for ensuring that you retain a copy of specific e-mail messages: journalling rules or retention policies? Answer : Use journaling rules to ensure that you retain a copy of specific e-mail messages. Users can bypass retention policies easily by deleting the messages. Question : How can you ensure that users move their PST files to their archive mailbox ? Answer : It is difficult to ensure that users are moving their PST files into the archive mailboxes, but you can use Group Policy to prevent users from using PST files with Outlook. If you tell users that you are applying this policy, they are more likely to move the PST file into the archive mailbox.
  • Review Questions Question: You need to ensure that a copy of all messages sent to a particular distribution group is saved. You only want copies of messages sent to the distribution group, not copies of all messages sent to individual group members. What should you configure? Answer: Configure a transport rule that sends a copy of all messages to a mailbox. If you set up a journaling rule, all messages sent to members of the distribution group also will be saved. Question: You need to ensure that a user can search all Exchange Server organization mailboxes for specific content. What should you do? What user training will you need to provide? Answer: Add the user to the Discovery Manager security group in AD DS or Active Directory. This will give the user the required permissions. Then you need to show the user how to use the ECP to perform mailbox searches. Question: You need to ensure that all messages related to a particular project are retained for three years. Users in your organization use both Outlook 2007 and Outlook 2010. What should you do? Answer: Configure a custom managed folder, configure the folder’s content settings, and then create a managed folder mailbox policy for the project’s users. Because users are using Outlook 2007 and Outlook 2010, you cannot use Retention Tags, as these are not accessible in Outlook 2007. Common Issues and Troubleshooting Tips Point the students to possible troubleshooting tips for the issues that this section presents. Real-World Issues and Scenarios Question: The Exchange Server administrators at Contoso, Ltd., have implemented a custom message classification on the Exchange servers, but they notice that the custom classification is not available on the Outlook 2007 clients in the organization. What do they need to do? Answer: To make the custom message classification available on the client, export the classification file on the server, and then provide it to all clients. You also need to configure a registry setting on each client that points them to the classification file. Question: A. Datum Corporation has deployed an AD RMS server, and users are using it to protect e-mail. However, users report that when they protect e-mail messages, users outside the organization cannot read the messages. What should A. Datum messaging administrators do? Answer: To read AD RMS-protected e-mails, users must have an account in the Active Directory forest. In most cases, users outside the organization will not have an account in the organization’s forest. This means that users are unable to send AD RMS-protected e-mail to external users. If this is a requirement and the other organization also runs AD RMS, you can integrate the AD RMS environments. Course 10135A
  • Question: Woodgrove Bank has implemented message journaling for all messages sent to and from the legal and compliance teams. These messages need to be available to auditors for seven years. The mailboxes used for journaling are growing rapidly. What should the messaging administrators at Woodgrove Bank do? Answer: If the organization does not have the capacity to retain the messages in the journaling mailboxes, they will need to investigate options to store the messages elsewhere. One of the easiest ways to manage this is to ensure that the journal mailboxes are backed up regularly, and then to delete messages from the mailboxes after they have been backed up. The organization could also consider using a SharePoint site as the message journal location. Best Practices Help the students understand the best practices presented in this section. Ask students to consider these best practices in the context of their own business situations. Course 10135A
  • 10135 a 09

    1. 1. Module 9 Configuring Messaging Policy and Compliance
    2. 2. Module Overview <ul><li>Introducing Messaging Policy and Compliance </li></ul><ul><li>Configuring Transport Rules </li></ul><ul><li>Configuring Journaling and Multi-Mailbox Search </li></ul><ul><li>Configuring Messaging Records Management </li></ul><ul><li>Configuring Personal Archives </li></ul>
    3. 3. Lesson 1: Introducing Messaging Policy and Compliance <ul><li>What Is Messaging Policy and Compliance? </li></ul><ul><li>Discussion: Compliance Requirements </li></ul><ul><li>Options for Enforcing Messaging Policy and Compliance </li></ul>
    4. 4. What Is Messaging Policy and Compliance? Exchange Server 2010 has features that help you manage information distribution and comply with regulatory and legal requirements, such as: <ul><li>Restricting message flow </li></ul><ul><li>Retaining copies of all or specific messages </li></ul><ul><li>Managing messages in user mailboxes </li></ul><ul><li>Searching for messages </li></ul>
    5. 5. Discussion: Compliance Requirements <ul><li>What type of business is your organization? </li></ul><ul><li>What are some legislated compliance requirements for your organization? </li></ul><ul><li>What additional compliance requirements does your organization have? </li></ul><ul><li>How are you currently meeting these compliance requirements? </li></ul>
    6. 6. Options for Enforcing Messaging Policy and Compliance <ul><li>Transport rules </li></ul><ul><li>Message journaling </li></ul><ul><li>Rights management integration </li></ul><ul><li>Mailbox searching </li></ul><ul><li>Message retention and deletion </li></ul><ul><li>Personal Archives </li></ul>
    7. 7. Lesson 2: Configuring Transport Rules <ul><li>What Are Transport Rules? </li></ul><ul><li>Transport Rule Components </li></ul><ul><li>Demonstration: How To Configure Transport Rules </li></ul><ul><li>What Are Message Classifications? </li></ul><ul><li>What Is AD RMS? </li></ul><ul><li>How AD RMS Works </li></ul><ul><li>How AD RMS Integration Works </li></ul><ul><li>Demonstration: How to Configure AD RMS Integration </li></ul><ul><li>Options for Configuring Moderated Transport </li></ul><ul><li>Demonstration: How to Configure Moderated Transport </li></ul>
    8. 8. What Are Transport Rules? Transport rules on an Edge Transport server are: <ul><li>Stored in AD LDS </li></ul><ul><li>Unique to each Edge Transport server </li></ul><ul><li>Used to manage inbound or outbound messages </li></ul>Transport rules restrict message flow or modify message contents for messages in transit Transport rules on a Hub Transport server are: <ul><li>Stored in the Active Directory site </li></ul><ul><li>Applied by all Hub Transport servers </li></ul><ul><li>Used to apply compliance requirements </li></ul>
    9. 9. Transport Rule Components <ul><li>Conditions: Specify which e-mail message components are used to identify the e-mail messages </li></ul><ul><li>Exceptions: Specify which e-mail messages to exclude from having an action applied </li></ul><ul><li>Actions: Specify the processes to be applied to messages </li></ul><ul><li>Predicates: Used by conditions and exceptions to define what part of an e-mail message will be examined </li></ul>
    10. 10. Demonstration: How to Configure Transport Rules <ul><li>In this demonstration, you will see how to configure transport rules that apply: </li></ul><ul><li>A disclaimer to messages sent to external recipients </li></ul><ul><li>A restriction based on a regular expression </li></ul>
    11. 11. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
    12. 12. What Are Message Classifications? Administrators can: <ul><li>View existing message classifications </li></ul><ul><li>Modify existing message classifications </li></ul><ul><li>Create new message classifications </li></ul><ul><li>Configure Outlook 2007 to support message classifications </li></ul>Message classifications mark messages with labels that provide recipients with special information about the message Message classifications can be applied by: <ul><li>Outlook 2007 or Outlook Web App users </li></ul><ul><li>Transport rules </li></ul>
    13. 13. What Is AD RMS? You can use AD RMS to: <ul><li>Restrict access to an organization’s intellectual property </li></ul>AD RMS is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use <ul><li>Limit the actions users can perform on content </li></ul><ul><li>Limit the risk of content being exposed outside the organization </li></ul>AD RMS components: <ul><li>AD RMS server </li></ul><ul><li>AD DS </li></ul><ul><li>SQL Server </li></ul><ul><li>RMS-aware application </li></ul>
    14. 14. How AD RMS Works RMS Server Information Author Recipient 1 2 3 4 5
    15. 15. How AD RMS Integration Works By integrating AD RMS with Exchange Server 2010, you can: <ul><li>Enable users to protect content </li></ul><ul><li>Use AD RMS prelicensing </li></ul><ul><li>Configure Outlook Protection rules to apply AD RMS templates automatically </li></ul><ul><li>Configure Transport Protection rules to apply AD RMS templates </li></ul><ul><li>Enable Journal Report Decryption </li></ul><ul><li>Enable Transport Decryption </li></ul><ul><li>Enable IRM in Outlook Web App </li></ul>
    16. 16. Demonstration: How to Configure AD RMS Integration <ul><li>In this demonstration, you will see how to: </li></ul><ul><li>Protect e-mail messages by using AD RMS </li></ul><ul><li>Configure a transport rule that applies AD RMS protection </li></ul>
    17. 17. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
    18. 18. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
    19. 19. Options for Configuring Moderated Transport In Exchange Server 2010, you can configure: <ul><li>Transport rules that require moderation </li></ul><ul><li>Recipients that require moderation </li></ul>Moderated transport enables the moderator to approve messages before delivery
    20. 20. Demonstration: How to Configure Moderated Transport <ul><li>In this demonstration, you will see how to: </li></ul><ul><li>Configure a distribution group for moderation </li></ul><ul><li>Configure a transport rule that enables moderation </li></ul>
    21. 21. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
    22. 22. Lesson 3: Configuring Journaling and Multi-Mailbox Search <ul><li>Message Journaling Options </li></ul><ul><li>Demonstration: How to Configure Message Journaling </li></ul><ul><li>Considerations for Managing the Message Journal Mailbox </li></ul><ul><li>What Is Multi-Mailbox Search? </li></ul><ul><li>Demonstration: How to Configure Multi-Mailbox Search </li></ul>
    23. 23. Message Journaling Options You can configure message journaling by configuring: <ul><li>Per-recipient journaling </li></ul><ul><li>Journal mailboxes per mailbox database </li></ul><ul><li>Journaling as part of Messaging Records Management </li></ul>Message journaling enables you to send copies of messages to any mailbox or valid SMTP address A journal report is a new message that includes the original message as an attachment
    24. 24. Demonstration: How to Configure Message Journaling In this demonstration, you will see how to configure a journal rule
    25. 25. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
    26. 26. Considerations for Managing the Message Journal Mailbox <ul><li>Consider using a SharePoint document library configured with an SMTP address as the messaging journal mailbox </li></ul><ul><li>Use a Messaging Records Management rule to routinely remove messages that have been backed up </li></ul><ul><li>Create policies that govern access to the journaling mailboxes in your organization </li></ul><ul><li>Ensure compliance by obtaining plan approval from legal representatives </li></ul><ul><li>Determine what will occur if a journaling mailbox exceeds the configured mailbox quota </li></ul>
    27. 27. What Is Multi-Mailbox Search? Multi-Mailbox Search: <ul><li>Enables cross-mailbox searches </li></ul><ul><li>Uses the Exchange Control Panel </li></ul><ul><li>Requires that users have discovery permissions </li></ul>
    28. 28. Demonstration: How to Configure Multi-Mailbox Search <ul><li>In this demonstration, you will see how to: </li></ul><ul><li>Add a user to the Discovery Management role group </li></ul><ul><li>Perform a Multi-Mailbox search by using ECP </li></ul>
    29. 29. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
    30. 30. Lab A: Configuring Transport Rules, Journal Rules, and Multi-Mailbox Search <ul><li>Exercise 1: Configuring Transport Rules </li></ul><ul><li>Exercise 2: Configuring Journal Rules and Multi-Mailbox Search </li></ul>Logon information Estimated time: 50 minutes Virtual machines 10135A-VAN-DC1 10135A-VAN-EX1 10135A-VAN-CL1 User name Administrator Password Pa$$w0rd
    31. 31. Lab Scenario <ul><li>You are a messaging administrator in A. Datum Corporation. Your organization has deployed Exchange Server 2010. </li></ul><ul><li>The legal and audit departments at A. Datum provided you with several requirements for implementing messaging policy and compliance. These requirements include applying rights protection to some messages sent inside and outside the organization, restricting message flow based on message classifications, and restricting which messages are sent to critical distribution lists. You also must ensure that you establish a separate and secure mailbox in which to retain all messages that the legal department sends and receives. </li></ul>
    32. 32. Lab Review <ul><li>In this lab, you implemented a transport rule that added a disclaimer to all messages sent to users outside the organization. What other option do you have for implementing this type of disclaimer? </li></ul><ul><li>How can you verify that the Executives journal rule that you enabled in this lab is working properly? </li></ul>
    33. 33. Lesson 4: Configuring Messaging Records Management <ul><li>What Are Retention Tags and Retention Policies? </li></ul><ul><li>What Is AutoTagging? </li></ul><ul><li>Demonstration: How to Configure Retention Tags and Policies </li></ul><ul><li>What Are Managed Folders? </li></ul><ul><li>Process for Deploying Managed Folders </li></ul><ul><li>Demonstration: How to Implement Managed Custom Folders and Content Settings </li></ul><ul><li>Considerations for Implementing Messaging Records Management </li></ul>
    34. 34. What Are Retention Tags and Retention Policies? <ul><li>Retention Tag options include: </li></ul><ul><ul><li>Retention Policy Tags: Applied to default mailbox folders </li></ul></ul><ul><ul><li>Default Policy Tags: Applied to all items that do not have another tag assigned </li></ul></ul><ul><ul><li>Personal Tag: Used to set custom retention settings </li></ul></ul><ul><li>You can use managed content settings to: </li></ul><ul><ul><li>Configure retention periods </li></ul></ul><ul><ul><li>Configure the retention expiration action </li></ul></ul><ul><ul><li>Configure journal settings </li></ul></ul>Retention Tags assign message retention settings to messages or mailbox folders Retention Policies group together one or more Retention Tags and apply the tags to mailboxes
    35. 35. What Is AutoTagging? <ul><li>AutoTagging: </li></ul><ul><ul><li>Tracks user tagging </li></ul></ul><ul><ul><li>Requires the user to tag at least 500 messages </li></ul></ul><ul><li>Users can: </li></ul><ul><ul><li>Enable and disable AutoTagging </li></ul></ul><ul><ul><li>Override automatically applied tags </li></ul></ul><ul><li>Administrators can manage and monitor AutoTagging for all users </li></ul>AutoTagging automatically applies Retention Tags to items based on past user behavior
    36. 36. Demonstration: How to Configure Retention Tags and Policies <ul><li>In this demonstration, you will see how to: </li></ul><ul><li>Configure Retention Policy Tags </li></ul><ul><li>Configure custom content settings for the Retention Policy Tags </li></ul><ul><li>Configure a retention policy that groups the Retention Policy Tags </li></ul><ul><li>Apply the retention policy to a user account </li></ul>
    37. 37. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
    38. 38. What Are Managed Folders? <ul><li>Managed folders can include default folders and custom managed folders </li></ul><ul><li>Managed content settings can be used to: </li></ul><ul><ul><li>Configure retention periods </li></ul></ul><ul><ul><li>Configure the retention expiration action </li></ul></ul><ul><ul><li>Configure journal settings </li></ul></ul><ul><li>Managed folder mailbox policies group managed folders and apply the settings to user mailboxes </li></ul>Managed folders manage the contents of folders in user mailboxes Users must move messages in to the custom managed folders before content settings will be applied
    39. 39. Process for Deploying Managed Folders To deploy Managed Folders: <ul><li>Specify the folders where you will apply managed content settings </li></ul><ul><li>Specify the managed content settings for the selected folders </li></ul><ul><li>Create a managed folder mailbox policy </li></ul><ul><li>Apply the managed folder mailbox policy to users’ mailboxes </li></ul><ul><li>Schedule the managed folder assistant to apply the changes to users’ mailboxes </li></ul>
    40. 40. Demonstration: How to Implement Managed Custom Folders and Content Settings <ul><li>In this demonstration, you will see how to: </li></ul><ul><li>Create a new managed e-mail folder </li></ul><ul><li>Apply content settings to the managed e-mail folder </li></ul><ul><li>Create a new managed folder mailbox policy </li></ul><ul><li>Assign the policy to a user account </li></ul>
    41. 41. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
    42. 42. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
    43. 43. Considerations for Implementing Messaging Records Management <ul><li>Use managed custom folders for project based folders </li></ul><ul><li>Use retention policies to automate messaging records management </li></ul><ul><li>Ensure business and legal acceptance before configuring policies that delete messages </li></ul><ul><li>Consider using journaling as a way to store messages for archival purposes </li></ul><ul><li>Consider using Messaging Records Management to manage mailbox sizes </li></ul><ul><li>Plan retention policies or managed folder mailbox policies based on business groups with unique requirements </li></ul>
    44. 44. Lesson 5: Configuring Personal Archives <ul><li>Discussion: Options for Implementing Mailbox Archiving </li></ul><ul><li>How Personal Archives Work in Exchange Server 2010 </li></ul><ul><li>Demonstration: How to Configure Personal Archives </li></ul><ul><li>Considerations for Implementing Personal Archives </li></ul>
    45. 45. Discussion: Options for Implementing Mailbox Archiving <ul><li>Do you have any archiving requirements in your organization? </li></ul><ul><li>How are you currently meeting these requirements? </li></ul>
    46. 46. How Personal Archives Work in Exchange Server 2010 The Personal Archive: <ul><li>Must be in the same mailbox database as the primary mailbox </li></ul><ul><li>Appears as a folder in Outlook 2010 or Outlook Web App </li></ul><ul><li>Is indexed and searchable </li></ul><ul><li>Is not cached in Outlook </li></ul><ul><li>Can be managed using messaging records management policies </li></ul>Exchange Server 2010 Personal Archives require a secondary or archive mailbox for the user Personal Archives can help organizations meet legal and corporate requirements by ensuring that all messages are stored in an Exchange server mailbox
    47. 47. Demonstration: How to Configure Personal Archives <ul><li>In this demonstration, you will see how to: </li></ul><ul><li>Configure a Personal Archives mailbox </li></ul><ul><li>Access the Personal Archives mailbox </li></ul><ul><li>Manage messages with a Personal Archives mailbox </li></ul>
    48. 48. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
    49. 49. Considerations for Implementing Personal Archives <ul><li>Consider implementing Personal Archives for critical mailboxes </li></ul><ul><li>Explore the option of using inexpensive storage with redundancy through continuous replication </li></ul><ul><li>Apply messaging policies to Personal Archives mailboxes </li></ul><ul><li>Consider removing the option of using PST files in Outlook </li></ul>Implementing Personal Archives can significantly increase the storage requirements on the Exchange servers
    50. 50. Lab B: Configuring Messaging Records Management and Personal Archives <ul><li>Exercise 1: Configuring Messaging Records Management </li></ul><ul><li>Exercise 2: Configuring Personal Archives </li></ul>Logon information Estimated time: 40 minutes Virtual machines 10135A-VAN-DC1 10135A-VAN-EX1 10135A-VAN-CL1 User name Administrator Password Pa$$w0rd
    51. 51. Lab Scenario <ul><li>You are the messaging administrator for A. Datum Corporation. Your organization has deployed Exchange Server 2010. </li></ul><ul><li>The legal and audit departments at A. Datum provided you with several requirements for implementing messaging policy and compliance. These requirements include configuring rules that will ensure that some messages are retained for an extended period, while other messages are deleted when they expire. Finally, you must enable Personal Archives for all of the users in the Executives department. </li></ul>
    52. 52. Lab Review <ul><li>Which of the following two approaches is better for ensuring that you retain a copy of specific e-mail messages: journaling rules or retention policies? </li></ul><ul><li>How can you ensure that users move their PST files into their archive mailbox? </li></ul>
    53. 53. Module Review and Takeaways <ul><li>Review Questions </li></ul><ul><li>Common Issues and Troubleshooting Tips </li></ul><ul><li>Real-World Issues and Scenarios </li></ul><ul><li>Best Practices </li></ul>
    54. 54. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

    ×