Nathan Winters<br />MVP Exchange Server<br />MMMUG – www.mmmug.co.uk<br />Exchange 2010 Protection and Compliance<br />
Exchange 2010 IPC<br />Introduction to Information Protection and Compliance (IPC)<br />The arsenal of Technical Tools!<br...
Why is IPC important?<br />Large UK Retailer Leaks Payment Information via Email<br />The Information Commissioner’s Offic...
Some of the legal factors<br />Public Sector - Freedom of Information<br />All - Data protection act<br />Finance – Financ...
What does IPC mean to you?<br />It’s a policy build around the relevant laws for your industry.<br />Based on a bunch of t...
Retain and Provide mail where required with Archiving, Retention and Discovery<br />Protection & Control: Soft to Hard<br ...
<ul><li>Personal Archive
Retention Policy
Legal Hold
Multi-Mailbox Search</li></ul>Archiving, Retention & Discovery<br />
Exchange 2010 Archiving, Retention & DiscoveryBetter mailbox management<br />
World Today: Email Repositories<br />Organization Archive<br /><ul><li>  Keeps all E-mail
  Allows Org Control
  Optimized for Search</li></ul>PSTs<br /><ul><li>  Circumvents Quota
  Highly Portable</li></ul>Mailbox<br /><ul><li>Highly Available
 Rich Client Access</li></ul>Personal Archive<br /><ul><li>  Circumvent Quota
  Allows Org Control</li></ul>End User Access<br />Personal Archive<br />(TBs)<br />Outlook PSTs<br />(GBs)<br />Exchange<...
Users do manual backups
IT does unsupported backups
Replication Only Choice
Datasets Require Replication
 Replication Common
Backups Less Common
Tape/Disk Backups Common
Item Level BackupsCommon</li></li></ul><li>PSTs present a problem<br />IT Pro<br /><ul><li>Storage of old email on expensi...
Hard to discover content for legal request
Hard to prevent changes to content for legal hold
Management for Backup and Recovery expensive</li></ul>End User<br /><ul><li>Only Stored on one machine
Corruption increases when stored on network share
No access through browser
Requires management by end user
Stability/responsiveness is an issue with large PST files</li></li></ul><li>Why Archive? A Vicious Cycle of Volume vs. Con...
Regulatory retention schedules contribute to further volume/ storage issues </li></ul>Increasing storage and back-up costs...
Breaking the CycleWith large mailbox architecture and archiving<br />Large Mailbox Architecture<br /><ul><li> maintains pe...
 provides option for DAS-SATA storage to reduce costs </li></ul>Archiving<br />simplifies discovery, retention and legal h...
Large Mailbox Lower Costs, Better Performance<br />
Upcoming SlideShare
Loading in …5
×

Nathan Winters TechDays UK Exchange 2010 IPC

1,875 views
1,798 views

Published on

This is my deck from TechDays UK 2010. My presentation covered Exchange 2010 Information Protection and Compliance.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,875
On SlideShare
0
From Embeds
0
Number of Embeds
438
Actions
Shares
0
Downloads
56
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Data losseshttp://news.bbc.co.uk/1/hi/technology/8455123.stmThe new rule is expected to come into force in the UK on 6 April 2010. It has been approved by Jack Straw MP, Secretary of State for Justice. The size of the fine will be determined after an investigation to assess the gravity of the breach. Other factors will include the size and finances of the organisation at fault. Large UK Retailer Leaks Payment Information via EmailPlain text credit card data embedded in order confirmation messageshttp://news.softpedia.com/news/Large-UK-Retailer-Leaks-Payment-Information-via-Email-136724.shtmlSurf Control Surveyhttp://news.bbc.co.uk/1/hi/technology/3809025.stmNearly 40% of workers have received confidential information that was not meant for them according to a poll conducted by e-mail filtering firm SurfControl. Another 15% admit sending confidential information by mistake and 17% of those are unable to retrieve the data. Appeal Win Lets FSA Grab Evidence for SEC http://www.complianceweek.com/blog/glimpses/2010/03/05/appeal-win-lets-fsa-grab-evidence-for-sec/Britain’s Financial Services Authority says it is committed to helping the Securities and Exchange Commission with overseas investigations, after winning an appellate court battle that aimed to block its efforts to obtain confidential evidence for its U.S. friends.
  • Data ProtectionThree stage test1. Check relevant business purpose and laws (HR, Finance) for legal retention period2. Business purposes not covered by law – how long do you need it for operations3. Secondary purposes – to defend legal rights in court – only keeping on a risk basis – must assess risk on a per issue basis – keep this type of dataHR pensionable + 10 yearsFinance - 6 years + 1 to get rid of dataHuman Rights - Lawful business protection Must have policy about monitoring, get sign off – only look at email that’s relevantHealth Insurance Portability and Acountability Act
  • Slide Objective: Instructor Notes: Today users use Outlook personal folder files (PSTs) because mailboxes aren’t large enough, they want offline access, and they want to be able to move that data with them. And then you have the mailbox repository that provides online access and a central repository for data.Data also exists potentially in user archives, business archives, and backups, and client devices (mobile devices, cached mode, etc.).So essentially your messaging data is distributed piecemeal across your entire environment.From a usability standpoint: You have the user which uses his mailbox, PSTs, and user archive You have compliance officers which access the user and business archives You have the Exchange administrator that looks at everythingThe environment is divided into these distinct systems is because of dueling requirements: Have to provide long-term access to the data, in both Exchange and third-party Also need to make the data discoverable, provide policy management, audit changes to the data, and provide legal hold
  • A secondary mailbox that is configured by the administrator Appears alongside a user’s primary mailbox in Outlook or Outlook Web Access. PSTs can be dragged and dropped to the Personal ArchiveMail in primary mailbox can be moved automatically using Retention Policies Archive quota can be set separately from primary mailboxPreserve or improve PST experience for the userPreserve or improve workflow for the user irrespective of regulatory or storage constraintsUsers will only have one Archive in E2010Archive is online onlyMail folders automatically moved to archive by defaultDelete policies are global (they travel with messages as they move to Archive)Explicitly-set policies evaluated on most-specific wins basisPreserve mailbox management experience across primary and archive for the IT ProArchive is associated with a primary mailboxArchive and primary share the same user accountIT-Pro can provision only one archive per user Outlook and OWA should work against the archive exactly the same as the primary
  • Slide Objective: Instructor Notes: We need an automated way to move data from primary to archive and make auto archive better.Let’s talk about records management first. In Exchange Server 2007, we essentially had two policies—the move policy and delete policy. Move Policy simply defines where items will live after a set amount of time. The delete policy defines how long your message will live wherever it is. Exchange Server 2010 will ship with a default set of move policies that define when data will be moved from primary to online archive: 6 months, 1 year, 2 years, or 5 years. Additionally in Exchange Server 2010, you can choose to apply this policy either at the folder level or at an individual message level.
  • Slide Objective: Instructor Notes: We need an automated way to move data from primary to archive and make auto archive better.Let’s talk about records management first. In Exchange Server 2007, we essentially had two policies—the move policy and delete policy. Move Policy simply defines where items will live after a set amount of time. The delete policy defines how long your message will live wherever it is. Exchange Server 2010 will ship with a default set of move policies that define when data will be moved from primary to online archive: 6 months, 1 year, 2 years, or 5 years. Additionally in Exchange Server 2010, you can choose to apply this policy either at the folder level or at an individual message level.So let’s say that the IT admin sets the default policy to move items to the archive after 2 years. Filers will set policies on folders and move items to those folders to tag set a policy on them.
  • Slide Objective: Instructor Notes: When reasonable expectation of litigation exists, organizations are required to preserve e-mail relevant to the case as part of discovery. This expectation can occur well before one knows the specifics of the case and preservation is often broad. Frequently, organizations will preserve all e-mail relating to a specific topic (or all e-mail, period) for certain individuals. In some cases, end users are instructed to carry out the preservation themselves by not deleting certain e-mail. This can lead to insufficient preservation. In other instances, e-mail is copied or moved to an archive. This can increase costs by requiring manual effort to copy items and/or third party products to collect and store e-mail.Exchange Server 2007 scenario: Retention Hold executed through Powershell, placing workload on IT rather than legal team. It stops automatic deletion but does not stop the user from moving or deleting items. Also, users must be informed of Hold manually, through email. This places the burden on the end user to remember what to do and can lead to insufficient preservation if the user forgets. The search capabilities are limited and the process is slow because export-mailbox copies the entire mailbox (regular mail and dumpster) to the destination and then searches it. There’s no way to search the dumpster directly.Exchange Server 2010 scenario: Retention Hold can now be carried out on a per mailbox basis though Exchange Control Panel (ECP) and delegated to non-IT staff using Role-Based Access Control (RBAC). For Exchange Server 2010, as in Exchange Server 2007, Powershell is the mechanism for handling these operations in bulk. This feature makes a copy of both deleted and edited items. It also enables setting of Outlook litigation hold comment for each mailbox to inform the user of the hold. The user continues to read e-mail and soft-delete it when it is no longer needed. Each time an item is soft-deleted or modified (certain message properties only, detail below), a copy is placed in the dumpster. Since the user hardly ever goes to the dumpster, he does not realize that items are no longer purged from it or that he can no longer manually empty it. When the two litigating organizations have agreed on what must be produced, the legal team performs a discovery search that includes the dumpster. If the mailbox is moved, items that are on hold are moved with it (today, dumpster data is lost during move mailbox). So if you have content in the primary mailbox and you have legal retention hold enabled, that content will go into the recoverable items folder. In Exchange Server 2010, we have a recoverable items folder that replaces the dumpster and is available in both locations (architecturally, before dumpster was this query that showed a view of deleted data, but it had a lot of problems in that it wasn’t index-able, it wasn’t portable (move mailbox). And so you can imagine a scenario where you don’t have archive and turn on legal hold – so content will go into your recoverable items folder. If you do have an archive and enable legal hold, then content will go into recoverable items folder of the archive. And so essentially that makes your archive the repository.
  • Most Data leaks are not maliciousMailTipsReply to AllSend to the wrong person same name (int and ext)There are both horizontal examples (executive or sensitive e-mails, board communications, financial data, proprietary operations information, sales data such as price lists, and HRand legal information in addition to corporate governance that goes across many organizations, such as Sarbanes Oxley in the U.S.) as well as examples across multiple verticals….Information ProtectionFinancial Services: In the case of Mergers &amp; Acquisitions, banks have to ensure that the internal M&amp;A deal teams have to keep their workpapers and related information separate &amp; distinct from each other. These ethical boundaries are required because the deal teams are selected with people who have no conflicts of interest in the deal that they are working on to ensure fair treatment of the deal. However, there is no easy way to enforce these walls from a technology perspective. If the information is leaked at the wrong time, there is tremendous financial impact to how the deals get priced. For e.g., typically the markets lower the price of the acquirer but run up the price of the acquire. This can cause a loss of leverage in the deal.Clinical Trials: The drug business is a very complicated process. Pharmaceutical firms spend 100s of millions and decades developing a drug. This is their lifeblood. They cannot have their drug formulae and testing information leak and result in loss of their competitive advantage as well as take a financial beating in the markets. And additional challenge in the healthcare business is privacy. Regulations like HIPAA mandate that information shared between the pharma and the doctors during clinical trials be protected to ensure privacy of the patients in the trials. Penalty for violation include both financial and legal penalties. Thus, these firms need to manage risk but also collaborate freely. There is a need for secure collaboration in this industryManufacturing/High Tech: Collaborative product designGovernment: RFP Process – governments put a lot of their work out to bid via RFPs. The process is sensitive and requires that bids received be protected carefully and not shared with other participants either overtly or by accident. They require solutions to support these ethical boundaries.Regulatory ComplianceGLB: The Gramm-Leach-Bliley Act Safeguards Rule requires companies to prevent unauthorized access of personal information. The California Security Breach Information Act (SB 1386) states that companies must alert customers whenever “unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” NASD 2711: Best practices and regulations such as NASD 2711 stipulate that investment banking be run separately from research and trading to ensure trust in the public markets. New technologies that improve communications, such as email, can serve as a conduit of improper communication. This is often referred to as the “Chinese or Ethical Wall” scenarioHIPAA: requires companies to prevent unauthorized access of personal health information (PHI). For example, it is important that information shared between pharmaceutical companies and contract research organizations remain secure. Employers need to ensure that all PHI data exchanged between plan members and plan providers remains secure and confidential.Sarbanes Oxley: The Sarbanes-Oxley Act makes corporate executives explicitly responsible for establishing, evaluating and monitoring the effectiveness of internal controls over financial reporting. Spreadsheets are the most broadly used financial application, however password protection and file-level access controls do not satisfy these requirements. The act requires user authorization, protection of sensitive information from unauthorized access or modification during transmission or storage, and monitoring of user actions.
  • Slide Objective: You need tools to enforce Confidentiality where it is required.Instructor Notes:Many of you may receive e-mails similar to this one in which the author is essentially begging and pleading with the recipient to “do the right thing” with the information—and prior to RMS we saw a lot of these inside Microsoft as well. In this case, while the organization may have a “policy” for what should and should not be done with the information, there are no mechanisms in place to digitally enforce that policy. You cannot rely on the fact that all end-user will apply confidentiality measures where required, even with training.
  • Today an employee may accidentally include sensitive information that belongs to a consumer in an e-mail which is sent in cleartext over the internet. If that data is accidentally emailed the organization may face considerable reputation damage, legal exposure and reduction in company’s market value. To address this the Exchange Server can be configured to encrypt messages that contain personal information or critical business information.Sensitive e-mail can be detected using Transport Rules, by filtering the content of a message (including content of supported attachments). Regular expressions are supported.Internet Confidential and Do Not Forward policies are available out of the box. An RMS infrastructure is required.For example:Ed is a nurse at Northwind Traders, a large hospital. Ed is sending Chris the results of his recent blood test.When Ed’s email reaches the Exchange Server, the server is able to examine the message and determine that personal information is included in the mail.Because personal information is included in the message, the Exchange Server encrypts the message before it leaves the organization.The message that gets to Chris is an encrypted copy of the message.Protect message in transit via Transport Rules actionProtect messages by default at Outlook ClientPrivate Voice message automatically protected by Unified Messaging (UM)
  • Exchange Server 2010 Supported on Windows Server® 2008 Planned support for Windows Server 2008 R2RMS integration features require:RMS on Windows Server 2008 SP2or Windows Server 2008 R2Information rights Management addresses the following essential elements:• Trusted entities: individuals, groups of users, computers, and applications that are trusted participants in an Active Directory RMS system. Helps protect information by enabling access only to properly trusted participants. • Usage rights and conditions: Assign usage rights and conditions define how specific trusted entity can use content. Examples of usage rights are permission to read, copy, print, save, forward, and edit. Usage rights can be accompanied by conditions, such as when those rights expire.• Encryption: Active Directory RMS encrypts information. Only trusted entities that were granted usage rights can unlock or decrypt the information in an Active Directory RMS-enabled application or browser. Some Benefits of RMS:No need to manage a Public Key Infrastructure (PKI):RMS is easier to manage and deployNo requirements for X.509 CertificatesProtection travels with content, even outside of the mailbox Offers persistent protection even outside of the mailbox Users cannot change policy by mistake.Policies are defined centrally by an administrator.
  • Slide Objective: Introduce Transport Rule protection.Instructor Notes: Through Transport Rules we can scan messages in transit and classify as confidential. RMS protection is just another action within Transport rules. It can be combined with any other Transport Rules predicates and actions. It lets you choose which RMS template to use. RMS template can be either an official Rights Policy template created using the Active Directory Rights Management Administrative Console. Or, it can be the built-in policy available out of the box, Do Not Forward. Do Not Forward provides recipients with REPLY, REPLYALL, VIEWRIGHTSDATA, DOCEDIT, VIEW and EDIT rights. RMS protection is applied to supported attachments along with the message (a single Publishing License is created for all). We adopted SharePoint’s RMS protector implementation for Office 2003, Office 2007, Office 14 and XPS documents. There is currently no support for 3rd party protectors (for other file formats such as PDF or EML) If the message cannot be protected due to errors, we non-delivery report (NDR) the message back to the sender.
  • Slide Objective: Introduce Outlook Protection rules.Instructor Notes:We’ve seen how a message can automatically be protected at the Transport Rule level. Alternatively, it is possible to have RMS encryption be automatically applied from the Outlook client. The Administrator can define a client-side rule that will be imported by the Outlook client via Autodiscover (i.e., every 24 hours).Filtering can be done on Sender’s department, Recipient’s identity or scope. Rules are defined using PowerShell.Using this method, you can ensure that RMS protection is already applied when the message is reaching the Exchange infrastructure. This supports scenarios where an organization does not necessarily “trust” the Exchange organization, for example when the Exchange infrastructure is hosted/managed by a 3rd party.Outlook 14 is required for this feature.The predicates listed in the slide are the only ones available.
  • Slide Objective: Introduce Transport Pipeline Decryption. This is a key feature.Instructor Notes:Transport Decryption enables existing Transport Agents such as Forefront Security for Exchange, Transport rules and 3rd party agents scan/modify RMS protected messages. Transport Decryption will decrypt both the message and supported attachments. Please note that Transport rules support regular expressions on attachments in Exchange 2010. Transport decryption decrypts RMS protected messages as they enter the Transport pipeline on EndOfData or OnSubmit. The message is re-encrypted before leaving the pipeline, at the end of OnRouted. Any agent in between the Pipeline Decryption and Encryption agents can access the clear-text message content. There are three settings for Transport Decryption, “Always”, “Never”, “Best Effort”. Never means feature is OFF. Always means we NDR any message that cannot be decrypted (Encryption firewall implementation) Best Effort means we try to perform Transport Decryption but pass the message through upon errors. This setting would be chosen by organizations that value mail flow over Transport Decryption Transport Decryption re-encrypts the message with the same Publishing License, same set of rights as the original message. For this purpose we store the PL and UL as mailitem properties. Since we don’t do republishing, if any Transport Agent adds new recipients to a message, the new recipients will not be able to view the message unless they have originally been granted rights in the Publishing License We always conduct decryption on messages submitted to a Hub by the client with RMS protection. We do not conduct decryption on messages in a hub if they are protected by the Encryption Agent within that Hub. We conduct Transport Decryption on a message only once and at the 1st E14 Hub within a forest. This improves performance. When we decrypt a message, we stamp a P2 forest header on the message called X-MS-Exchange-Forest-ControlPointDecryption-Action. The presence of this header signifies that message has been decrypted within this forest and does not need to be decrypted again for ControlPoint Decryption. This header will be stripped as the message travels from one forest to another. We have a message property, called ControlPointDecrypted, that specifies whether the clear-text message has been decrypted by ControlPoint Decryption. It’s set upon decryption and reset when message is re-encrypted. The existence of this property can be used by E14 Transport Agents to determine how they should handle a message. We ensure that forked messages and NDRs will get re-encrypted by default, i.e. without any changes to the message. If an agent removes the message headers, we have no way of telling that the message was decrypted by Pipeline decryption and hence we will not re-encrypt the message. We are not trying to mitigate this scenario.
  • Slide Objective: Introduce the Streamlined End User Experience topic.Instructor Notes: RMS protection should not hinder the user. This is being address at several levels, including: The pre-licensing feature, which was introduced with Exchange Server 2007, allows the Exchange server to fetch RMS licenses on the behalf of the users. The availability of the license enables offline scenarios and mobile access to RMS protected messages: the client does not need to establish a connection to the RMS infrastructure anymore. Feature parity between Outlook and Outlook Web Access is a key element, for grant OWA users with the same features than Outlook users. Outlook Web Access users can perform full-text search queries, as RMS protected content is indexed on the server.
  • Slide Objective: Example of RMS protection in Outlook.Instructor Notes:We see how an RMS protected message looks like to the end-user using Outlook 2007, as already supported using Exchange Server 2007.In this example, the user has received an confidential e-mail that cannot be forward to other recipients. The user may nevertheless reply to the sender.Notice the “Do Not Forward” banner in the message, that informs the user about the rights he has been granted on the content.The message, as well as RMS compatible attachments, will be protected.
  • Protection a message with RMS is done through a Transport Rule action, working just like any other Transport Rule action. Multiple actions can be selected.Transport Rules Agent stamps an X-Org (X-MS-Exchange-Organization-RightsProtectMessage) header to the message. The header value is set to the RMS template globally unique identifier (GUID). Message does not get encrypted until it’s processed by the Encryption Agent later on onRouted.New Transport rule action to “RMS protect”Transport Rules support regular expression scanning of attachments in Exchange Server 2010 (Beta)“Internet Confidential” and “Do Not Forward” policies are available out of the box Office 2003, Office 2007, Office 14, and XPS documents are supported for attachment protection
  • Slide Objective: Introduce Outlook Protection rulesInstructor Notes:We’ve seen how a message can automatically be protected at the Transport Rule level. Alternatively, it is possible to have RMS encryption be automatically applied from the Outlook client. The Administrator can define a client-side rule that will be imported by the Outlook client via Autodiscover (i.e. every 24 hours).Filtering can be done on Sender’s department, Recipient’s identity or scope. Rules are defined using PowerShell.Using this method, you can ensure that RMS protection is already applied when the message is reaching the Exchange infrastructure. This supports scenarios where an organization does not necessarily “trust” the Exchange organization, for example when the Exchange infrastructure is hosted/managed by a 3rd party.Outlook 14 is required for this feature.
  • Slide Objective: Example of Outlook Protection RulesInstructor Notes:Here is an example, where a user sends an e-mail that will trigger a Outlook Protection rule.Step 1: theStep 2: the user adds a distribution list to the To line.- Nothing happens at this stage user creates a new messStep 3: the user clicks outside of the “To:” line, and Outlook will then evaluate the client-side rules.As it turns out in this example, there is an Outlook Protection Rule that has been configured to apply a “Microsoft Confidential” RMS template to this message. A banner is therefore displayed in the Outlook client, warning the user that RMS protection is going to be automatically applied.age in Outlook 14.
  • In this example, we see an example of a user applying RMS protection when composing a new e-mail.Notice the “Permissions” button (the envelope with a red sign) in the Outlook Web Access interface.Create/Consume RMS protected messages natively, just like OutlookNo client download or installation requiredSupports:Firefox, Safari, Macintosh and WindowsConversation View, Preview paneFull-text search on RMS protected messages
  • Situation:People send embarrassing e-mails (or worse) to the wrong recipients (think MS email of reporters dossier to that reporter, RNC lobbying efforts though White House accounts, or pharmaceutical email sent out with all recipients names visible); MailTips is designed to make sure your communications are right the first time and to avoid such embarrassing mistakes.Talking Points:Know someone is OOF before you send a message (look at the oof and send to the right person from the start)Be alerted to important issues like external recipients or large lists of people this will be sent toKnow things like booking a room too small for the number of people you’re invitingKnow internal rules that will block your message from being sent before you send it (too many attachments, too big of an attachment, recipient can’t receive the message, and other custom rules defined by the system administrator)Slide Objective:The audience should walk away from this slide seeing that Exchange helps users send more effective messages the first time. It helps them schedule the right size rooms, not send messages to which they will get an OOF response and avoid sending mail to external recipients or large lists of people that might create an embarrassing mistake.
  • Slide Objective: Example of a journaled RMS message.Instructor Notes:In this example, we see a journaled RMS message.Notice that the message body contains Sender, Subject, Message-Id and To header information, and that two attachments are available: The original message, including the RMS protection, is available in its full integrity The unencrypted message, without RMS protectionThe first message attachment (32K) is RMS encrypted message. The second message attachment is RMS decrypted message.
  • Slide Objective: Introduce RMS protection with the Exchange Server 2010 Unified Messaging role.Instructor Notes:Using Exchange Server 2010 Unified Messaging, users can mark Voice Mail as “Private” when leaving a message. This option is available through a prompt over the phone.Unified Messaging policies can be created to automatically RMS protection to: All Voice mail, Private Voice Mail only, None.The RMS template that will be applied is “Do Not Forward”. This is not configurable.Using this feature, you can give the assurance to people leaving Voice Mail that the audio content cannot be forwarded to third parties, and will only be accessible to the intended recipient.
  • In this example, you can see a Voice Mail that has been received by an individual, which has been automatically protected by the Unified Messaging server.The message cannot be forwarded by the recipient.Unified Messaging administrators can allow incoming voice mail messages to be marked as “private”Private voice mail can be protected using “Do Not Forward”, preventing forwarding or copying contentPrivate voice mail is supported in Outlook 14 and Outlook Web Access (OWA)
  • Slide Objective: Introduce Business-to-Business RMS.Instructor Notes:Today, setting up RMS between two organizations is an involved process. To enable secure messaging using RMS between two separate organizations, both must deploy Active Directory Federation Services (ADFS) and create special trusts between the two organizations. This is an individual process for each partnership and it isn’t supported by Exchange for any of the features discussed today.In Exchange Server 2010, customers can create a single federation using the Microsoft Federation Gateway. This gateway is used by other services, such as the Microsoft Services Connector, as a trust broker between organizations. Exchange includes a built-in wizard to enable federation with the Federation Gateway. Once this wizard is run, Exchange can begin requesting delegation tokens for users within their organization. These tokens, which are SAML based, allow Exchange to give them to partners to authenticate on-behalf-of the users within the enterprise. The next slides show how Exchange uses these to license content on-behalf-of users for OWA.Slide Objective: Provide additional information of supported features for Business to Business scenarios.Instructor Notes:Now that we’ve seen how federation can allow Exchange to access content on-behalf-of a user, it is important to understand what controls we provide to ensure that remote organizations aren’t misusing your sensitive content. For example, as the content owner, Northwind Traders may not want Fabrikam archiving the protected mail in the clear using journal decryption. To mitigate this concern, Northwind Traders can specify on a per-template basis whether 3rd parties can archive that mail content in the clear. This means you can specify that all “Northwind Traders Confidential” data must always be stored in a protected format and cannot be decrypted and stored in a separate archive.Additionally, the web services in RMS that support SAML authentication can be disabled and/or block specific partners from using them. This limits the exposure an organization can have to 3rd parties that want to use federation for authentication purposes.Lastly, all of the RMS features we’ve talked about today work with SAML authentication, meaning they will work if the messages are protected against your internal RMS server or a 3rd party RMS server.
  • Key takeawaysThe integrated e-mail archiving, retention, and discovery capabilities being delivered in Exchange 2010 offer a seamless user experience, leverage existing Exchange infrastructure investments and administrative skills, and helps reduced the need to implement potentially complex and expensive third-party archiving products The personal archive can help centralize PSTs for more efficient discovery while offering a fully integrated user experience directly from a user’s primary mailboxNew retention policies enable users to apply pre-defined policies to both items and folders and work across both the primary mailbox and personal archive Multi-mailbox search and legal hold functions can be delegated to non-IT staff such as compliance officers New actions such as moderation, dynamic signatures and MailTips and automated IRM protection provide a wider range of data control, enabling administrators to better match the right level of control to a scenarioUsing the enhanced transport rule functionality in Exchange 2010, administrators can now effectively identify sensitive content both within an e-mail and any Office file attachments Exchange 2010 features deeper support for Information Rights Management, including the ability to: apply IRM with transport rules, decrypt IRM-protected messages for journaling, filtering, search and transport rule application, read and reply to IRM-protected mail in OWA
  • Key takeawaysThe integrated e-mail archiving, retention, and discovery capabilities being delivered in Exchange 2010 offer a seamless user experience, leverage existing Exchange infrastructure investments and administrative skills, and helps reduced the need to implement potentially complex and expensive third-party archiving products The personal archive can help centralize PSTs for more efficient discovery while offering a fully integrated user experience directly from a user’s primary mailboxNew retention policies enable users to apply pre-defined policies to both items and folders and work across both the primary mailbox and personal archive Multi-mailbox search and legal hold functions can be delegated to non-IT staff such as compliance officers New actions such as moderation, dynamic signatures and MailTips and automated IRM protection provide a wider range of data control, enabling administrators to better match the right level of control to a scenarioUsing the enhanced transport rule functionality in Exchange 2010, administrators can now effectively identify sensitive content both within an e-mail and any Office file attachments Exchange 2010 features deeper support for Information Rights Management, including the ability to: apply IRM with transport rules, decrypt IRM-protected messages for journaling, filtering, search and transport rule application, read and reply to IRM-protected mail in OWA
  • Nathan Winters TechDays UK Exchange 2010 IPC

    1. 1.
    2. 2. Nathan Winters<br />MVP Exchange Server<br />MMMUG – www.mmmug.co.uk<br />Exchange 2010 Protection and Compliance<br />
    3. 3. Exchange 2010 IPC<br />Introduction to Information Protection and Compliance (IPC)<br />The arsenal of Technical Tools!<br />Archiving<br />Multi-Mailbox Search<br />Legal Hold<br />IRM<br />Moderation<br />Enhanced Transport Rule Capabilities<br />MailTips<br />Demonstration Scenarios<br />
    4. 4. Why is IPC important?<br />Large UK Retailer Leaks Payment Information via Email<br />The Information Commissioner’s Office will be able to issue fines of up to £500,000 for serious data security breaches.<br />Nearly 40% of workers have received confidential information that was not meant for them!<br />Appeal Win Lets FSA Grab Evidence for SEC <br />
    5. 5. Some of the legal factors<br />Public Sector - Freedom of Information<br />All - Data protection act<br />Finance – Financial Services Authority, SEC, BASEL2<br />RIPA - Regulation of Investigatory Powers Act 2000<br />Human Rights - Lawful business protection <br />Electronic Communications Act – Adding Disclaimers<br />US – SOX, HIPAA etc<br />
    6. 6. What does IPC mean to you?<br />It’s a policy build around the relevant laws for your industry.<br />Based on a bunch of technical tools which we try to automate<br />Monitor email – content, recipients where is it going<br />Know what is happening based on email attributes<br />Retain and Provide<br />Archiving, Retention and Discovery<br />Control and Protection – allow or prevent<br />Granular policies<br />Soft to Hard control<br />
    7. 7. Retain and Provide mail where required with Archiving, Retention and Discovery<br />Protection & Control: Soft to Hard<br />Ensure that you target the correct data with the correct policy to maximise usability<br />
    8. 8. <ul><li>Personal Archive
    9. 9. Retention Policy
    10. 10. Legal Hold
    11. 11. Multi-Mailbox Search</li></ul>Archiving, Retention & Discovery<br />
    12. 12. Exchange 2010 Archiving, Retention & DiscoveryBetter mailbox management<br />
    13. 13. World Today: Email Repositories<br />Organization Archive<br /><ul><li> Keeps all E-mail
    14. 14. Allows Org Control
    15. 15. Optimized for Search</li></ul>PSTs<br /><ul><li> Circumvents Quota
    16. 16. Highly Portable</li></ul>Mailbox<br /><ul><li>Highly Available
    17. 17. Rich Client Access</li></ul>Personal Archive<br /><ul><li> Circumvent Quota
    18. 18. Allows Org Control</li></ul>End User Access<br />Personal Archive<br />(TBs)<br />Outlook PSTs<br />(GBs)<br />Exchange<br />(MBs)<br />Org Archive<br />(PBs)<br />Backup<br />Backup<br />Replicated Backups<br />Replicated Backups<br /><ul><li>Backups uncommon and difficult
    19. 19. Users do manual backups
    20. 20. IT does unsupported backups
    21. 21. Replication Only Choice
    22. 22. Datasets Require Replication
    23. 23. Replication Common
    24. 24. Backups Less Common
    25. 25. Tape/Disk Backups Common
    26. 26. Item Level BackupsCommon</li></li></ul><li>PSTs present a problem<br />IT Pro<br /><ul><li>Storage of old email on expensive SAN inefficient
    27. 27. Hard to discover content for legal request
    28. 28. Hard to prevent changes to content for legal hold
    29. 29. Management for Backup and Recovery expensive</li></ul>End User<br /><ul><li>Only Stored on one machine
    30. 30. Corruption increases when stored on network share
    31. 31. No access through browser
    32. 32. Requires management by end user
    33. 33. Stability/responsiveness is an issue with large PST files</li></li></ul><li>Why Archive? A Vicious Cycle of Volume vs. Control<br /><ul><li>PSTs difficult to discovery centrally
    34. 34. Regulatory retention schedules contribute to further volume/ storage issues </li></ul>Increasing storage and back-up costs <br />Users forcedto manage quota<br />Quota management often results in growing PSTs (Outlook auto-archive) <br />
    35. 35. Breaking the CycleWith large mailbox architecture and archiving<br />Large Mailbox Architecture<br /><ul><li> maintains performance
    36. 36. provides option for DAS-SATA storage to reduce costs </li></ul>Archiving<br />simplifies discovery, retention and legal hold <br />Archiving<br />enables simple migration of PSTS back to server <br />
    37. 37. Large Mailbox Lower Costs, Better Performance<br />
    38. 38. Personal Archive<br />Oveview – What is it and where does it live?<br />User goals and assumptions<br />Simple to use – OWA & Outlook<br />IT Pro goals and assumptions<br />Get rid of PSTs!<br />Easy to enable.<br />
    39. 39. Message RetentionOverview<br />Move Policy: automatically moves messages to the archive<br />Options: 6 months, 1 year, 2 years (default), <br /> 5 years, Never<br />User Impact: Helps keep mailbox under quota<br />Works like Outlook Auto-Archive – without PSTs!<br />Delete Policy: automatically deletes messages<br />User Impact: removes unwanted items<br />Helps keep mailbox under quota<br />Delete policies are Global (they travel to the Archive)<br />Per-item policies take priority over per-item policies <br />
    40. 40. Legal HoldOverview<br />Hold Policy captures all edits/deletes irrespective of user or admin access.<br />User workflow is unchanged, items captured in hidden folders in Dumpster 2.0. <br />Multi-mailbox search can retrieve items indexed in Dumpster 2.0. <br />ISSUE – Consider that the whole mailbox is put on hold, not just the granular info that you need on hold!<br />
    41. 41. <ul><li>Personal Archive
    42. 42. Retention Policy
    43. 43. Legal Hold
    44. 44. Multi-Mailbox Search</li></ul>Demo<br />
    45. 45. Archive Management Add-Remove-View Archive<br />Adding the archive requires a simple checkbox in the new-mailbox wizard<br />Archive can be disabled together or separate from the mailbox<br />Archive auto-discover requires no Outlook restart to activate archive <br />19<br />
    46. 46. Archive Management Set Quota<br />Select archive quota to change default settings <br />The default quota warning for the Archive is 10 GB<br />
    47. 47. Personal ArchiveUser experience<br />User can view, read, navigate, flag and reply to archived mail same as live mail <br />Folder hierarchy from primary mailbox maintained <br />Reply to message in archive puts message in live mail sent items (same as PSTs) <br />User gets conversation view scoped to Archive (same as PSTs)<br />
    48. 48. Personal Archive Search<br />Option to search archive only or both live and archived mail <br />Advanced search options work across live and archived mail<br />22<br />
    49. 49. Retention PolicesAt the folder or item level<br />Policies can be applied directly within an email <br />Policies can be applied to all email within a folder<br />Delete <br />policies <br />Archive policies <br />Expiration date stamped directly <br />on e-mail <br />
    50. 50. Preserve: Message RetentionArchive and Delete policies<br />Policies can be applied directly within an email <br />Policies can be applied to an entire folder<br />Delete policies <br />Archive policies <br />Expiration date stamped directly <br />on e-mail <br />
    51. 51. Set Explicit Move Policy on a Folder<br />Outlook OWA<br />User selects 5 Years from set of Policies<br />User selects 5 Years from set of Policies<br />
    52. 52. Set Move Policy on an ItemNo delete policy<br />Outlook OWA<br />User selects 5 Years from set of Policies<br />User selects 5 Years from set of Policies<br />
    53. 53. Set Move Policy on a FolderWith delete policy<br />User selects 10 Years from set of Delete Policies<br />User selects 5 Years from set of Policies<br />Outlook OWA<br />User selects 5 Years from set of Policies<br />User selects 5 Years from set of Move Policies<br />
    54. 54. Set Move Policy on an ItemWith delete policy<br />Outlook OWA<br />User selects 5 Years from set of Policies<br />User selects 5 Years from set of Move Policies<br />User selects 5 Years from set of Move Policies<br />User selects 10 Years from set of Move Policies<br />
    55. 55. Multi-Mailbox Search Simple, role based GUI<br />Delegate access to search to HR, compliance, legal manager <br />Search all mail items (email, IM, contacts, calendar) across primary mailbox, archives<br />Filtering includes: sender, receiver, expiry policy, message size, sent/receive date, cc/bcc, regular expressions, IRM protected items <br />
    56. 56. Multi-MailboxSearch<br />Additional e-discovery features<br />Search specific mailboxes or DLS<br />Export search results to a mailbox or SMTP address<br />Search results organized per original hierarchy <br />Request email alert when search is complete <br />API enables 3rd tool integration with query results for processing <br />
    57. 57. Legal Hold<br /><ul><li>Show the user
    58. 58. Issue that the hold mailbox is placed on hold not just the relevant info</li></li></ul><li>Preserve: Hold PolicyIW Experience<br />IW is told how to comply (no action needed for e-mail)<br />URL links to additional info<br />
    59. 59. Preserve: Hold PolicyIT Pro Experience<br />Comment and URL tell the IW how to comply<br />Comment and URL tell the IW how to comply<br />Specify how long items are kept<br />
    60. 60. <ul><li>Information Rights Management
    61. 61. MailTips
    62. 62. Moderation
    63. 63. Enhanced Transport Rules</li></ul>Protection and Control<br />
    64. 64. Exchange 2010 Protection and Control<br />
    65. 65. Information LeakageCan be costly on multiple fronts<br />Legal, Regulatory and Financial impacts<br />Non-compliance with regulations or loss of data can lead to significant legal fees, fines, and more<br />Damage to public image and credibility with customers<br />Financial impact on company<br />Loss of Competitive Advantage<br />Disclosure of strategic plans<br />Loss of research, analytical data, and other intellectual capital<br />
    66. 66. Message Confidentiality?<br />Enforcement tools are required—content protection should be automated.<br />
    67. 67. Automatic Content-Based Privacy<br />Exchange Server 2010 provides a single point in the organization to control the protection of e-mail messages.<br />Automatic Content-based Privacy:<br /><ul><li>Transport Rule action to apply RMS template to e-mail message
    68. 68. Transport Rules support Regex scanning of attachments in Exchange 2010 (including content)
    69. 69. Internet Confidential and Do Not Forward Policies available out of box</li></ul>38<br />
    70. 70. What is Rights Management Services?<br />Windows Platform Information Protection Technology<br />Better safeguard sensitive information <br />Protect against unauthorized viewing, editing, copying, printing, or forwarding of information<br />Limit file access to only authorized users<br />Audit trail tracks usage of protected files <br />Persistent protection <br />Protects your sensitive information no matter where it goes<br />Uses technology to enforce organizational policies <br />Authors define how recipients can use their information<br />
    71. 71. Protection via Transport Rules<br />New Transport rule action to “RMS protect”<br />Transport Rules support regular expression scanning of attachments in Exchange Server 2010<br />“Do Not Forward” policy available out of the box <br />Office 2003, Office 2007, Office 2010, and XPS documents are supported for attachment protection<br />
    72. 72. Outlook Protection Rules<br />Allows an Exchange administrator to define client-side rules that will protect sensitive content in Outlook automatically<br />Rules can be mandatory or optional depending on requirements<br />Rules look at the following predicates:<br />Sender’s department (HR, R&D, etc.)<br />Recipient’s identity (specific user or distribution list)<br />Recipient’s scope (all within the organization, outside, etc.)<br />Rules are automatically retrieved from Exchange using Autodiscover and Exchange Web Services<br />
    73. 73. Transport Pipeline Decryption<br />Enables Hub Transport agents to scan/modify RMS protected messages<br />Required for Antivirus scanning, Transport Rules or 3rd party agents<br />Decryption Agent <br />Decrypts message and attachments, using RMS super-user privileges<br />Only decrypts once per forest, on the first Hub, to improve performance<br />Option to non-deliver (NDR) messages that can’t be decrypted<br />Encryption Agent<br />Re-encrypts messages, message forks and NDRs with original Publishing License<br />
    74. 74. How does it work?Transport Decryption<br />AD RMS<br />Active Directory<br />2. On first use, Exchange does an SCP lookup for the RMS server.<br />3. Exchange requests a RAC and CLC for the “shared identity” account. These are saved and re-used. The RAC is a super-user RAC.<br />1. Mail marked for protection or an already protected mail item.<br />Hub Transport<br />6. Process message is sent to next hop or delivered to the recipient.<br />4. Incoming IRM mail is decrypted so all agents have access to the decrypted content.<br />5. At the end of the agent pipeline the message is re-encrypted, including any changes made by agents.<br />Decryption<br />Encryption<br />Transport Rules<br />Journaling<br />Forefront Security for Exchange<br />3rd Party Agents<br />
    75. 75. How does it work?<br />Outlook Protection Rules<br />AD RMS<br />1. Administrator defines a set of Outlook Protection Rules. These are exposed via a web service to clients.<br />3. The first time a rule triggers the user is asked to get a RAC and CLC from RMS.<br />Client Access (OWA)<br />2. When the user connects to Exchange via CAS, the rules are automatically downloaded. They are then frequently updated on the client based on administrator changes.<br />4. The message is protected before the user sends. <br />User can override (if rule allows). <br />
    76. 76. Streamlined End-User ExperiencePrevent RMS Protection from getting in user’s way<br />Pre-licensing enables offline and mobile access to RMS protected messages<br />IRM Feature Parity between Outlook and Outlook Web App<br />Conduct full-text search on RMS protected messages in Outlook Web Access<br />Built-in ability to create/consume RMS protected messages with Windows Mobile 6.x<br />
    77. 77. <ul><li>Information Rights Management
    78. 78. MailTips
    79. 79. Moderation
    80. 80. Enhanced Transport Rules</li></ul>Demo<br />
    81. 81. Protected Content in Outlook<br />RMS Protection is applied both to the message itself and to the attachments.<br />Saved attachments retain the relevant protection (e.g. rights to view, print or copy content).<br />
    82. 82. Protection via Transport Rules<br />
    83. 83. Outlook Protection Rules<br />Allows an Exchange administrator to define client-side rules that will protect sensitive content in Outlook automatically<br />Rules can be mandatory or optional depending on requirements<br />Rules look at the following predicates:<br />Sender’s department (HR, R&D, etc.)<br />Recipient’s identity (specific user or distribution list)<br />Recipient’s scope (all within the organization, outside, etc.)<br />Rules are automatically retrieved from Exchange using Autodiscover and Exchange Web Services<br />
    84. 84. Outlook Protection Rules<br />Step 1: User creates a new message in Outlook 2010.<br />Step 2: User adds a distribution list to the To line.<br />Step 3: Outlook detects a sensitive distribution list (DL) and automatically protects as MS Confidential.<br />Company Confidential - This content is confidential and proprietary information intended for company employees only and provides the following user rights: View, Reply, Reply All, Save, Edit, Print and Forward. Permission granted by: nwinters@gaots.co.uk<br />
    85. 85. Rights Management Services Integration in Outlook Web Access<br />
    86. 86. Manage Inbox Overload<br />Help Reduce Unnecessary and Undeliverable E-Mail Through New Sender MailTips<br />Remove Extra Steps and E-Mail<br />Limit Accidental E-Mail<br />Reduce Non-Delivery Reports<br />52<br />
    87. 87. Journal<br />
    88. 88. Journal Report Decryption<br />
    89. 89. Rights Management Services Integration in Unified Messaging<br />Unified Messaging administrators can allow incoming voice mail messages to be marked as “private”<br />Private voice mail can be protected using “Do Not Forward”, preventing forwarding or copying content<br />Private voice mail is supported in Outlook 2010 and Outlook Web Application (OWA)<br />
    90. 90. Rights Management Services Integration in Unified Messaging<br />
    91. 91. Business to Business RMSSecurely Communicate with Partners<br />Today customers can communicate using RMS between organizations by deploying ADFS and setting up trusts<br />ADFS requires a separate trust between each partner<br />ADFS isn’t supported by Exchange<br />In Exchange Server 2010, customers can federate with the Microsoft Federation Gateway instead of each partner<br />A single federation point replaces individual trusts<br />Allows Exchange to act on-behalf-of users for decryption<br />Senders can control how their data is accessed by 3rd parties<br />By using federation, RMS can allow organizations and applications to access data on-behalf-of individuals<br />Specifically they can specify whether recipient organizations can archive e-mails in the clear<br />RMS administrator can control which 3rd parties can access data using federated authentication (allow/block list)<br />
    92. 92. <ul><li>AD RMS Setup
    93. 93. MailTips
    94. 94. Enhanced Transport Rules</li></ul>Demo<br />
    95. 95. Features SummaryExchange 2010 Protection and Compliance<br />
    96. 96. Key takeaways<br />Personal Archive gives seamless user experience and removes need for PSTs<br />Deep support for IRM<br />Automation enables ease of use and administration<br />Wide range of granular controls from Soft to Hard<br />
    97. 97. Text Microsoftto 60300<br />Or<br />Tweet #uktechdays<br />Questions?<br />
    98. 98. For resources, decks and video:<br />www.microsoft.com/uk/techdays<br />or my blog http://nathanwinters.co.uk<br />
    99. 99. Related Content<br />Web link - http://www.microsoft.com/exchange/2010/en/us/information-protection-and-control.aspx<br />Web link - http://www.microsoft.com/exchange/2010/en/us/Archiving-and-retention.aspx<br />Breakout sessions<br />
    100. 100. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />

    ×