This webcast provides a technical overview of the Microsoft Forefront Online Protection for Exchange Encryption Service. We review its core components and functionality, including its prerequisites, product architecture, and capabilities.

1. Forefront Online Protection for Exchange Encryption Overview Curtis Parker Product Manager Microsoft Corporation al 1

2. Agenda Microsoft® Forefront®Online Protection for Exchange overview Forefront Online Protection for Exchange encryption overview Identity-based email encryption Forefront Online Protection for Exchange encryption demo Administrator experience Sender experience First time recipient experience After first time recipient experience Mail flow drill down Forefront Online Protection for Exchange encryption licensing

3. Forefront Online Protection for Exchange Overview

4. Forefront Online Protection for Exchange Multilayer spam and virus protection and policy enforcement Corporate network External senders/ recipients Microsoft® Exchange Server Legitimate email Antivirus Inbound filteredemail Policy Edge Blocking Active Directory * Encryption Forefront Online Protection for Exchange Directory Synchronization Tool Anti-spam Outbound filtered email Junk email Automatic spooling Messaging administrator Administrator console Employees About 90 percent of email is junk End user quarantine Also incorporates technology from… *Requires additional Exchange Hosted Encryption License

5. Forefront Online Protection for Exchange Encryption Overview

6. Forefront Online Protection for Exchange Encryption TLS network encryption Forced inbound transport layer security (TLS) is used to secure all routing channels with business regulated partners Email encryption Policy-based encryption from sender to recipient with no end-user training or software installation provided through Microsoft Exchange hosted encryption

7. Forced TLS Connection Scenario Forefront Online Protection for Exchange Inbound Connector Edge Virus Outbound Connector Policy Spam woodgrovebank.com Business Partner Mailboxes Mailboxes contoso.com

8. TLS Network Layer Encryption Opportunistic TLS is on by default for Microsoft Office 365 customers Forced TLS can be enabled for inbound connections, outbound connections, or both Forefront Online Protection for Exchange attempts to set up a TLS connection If TLS cannot be established, email is not sent or received

9. Exchange Hosted Services Encryption GLOBAL DATA CENTER NETWORK SECURE REPLY VIA ZDM TLS ENCRYPTED EMAIL Send encrypted email to any recipient without prior setup Encryption is performed by policy rules and enforced in the Forefront Online Protection for Exchange cloud Identity-based encryption (IBE) uses email address as ID for public key Exchange hosted encryption saves public keys so users should use strong passwords as their credentials No cost for recipient non licensed user All replies and forwards remain encrypted for any mail recipient Encrypted emails are not saved by Exchange hosted encryption

10. Forefront Online Protection for Exchange Encryption Prerequisites Requires Forefront Online Protection for Exchange Exchange hosted encryption is purchased separately from Forefront Online Protection for Exchange Administrator of domain sets policy rules for encryption Policy rules can trigger based on: Specific header values Keywords in subject Keywords in body Sender address Recipient address Attachment type Email encryption can be triggered by information workers: Specify keyword in subject line

11. Zero Download Manager Recipients use a secure, web-based decryption provided by the Zero Download Manager (ZDM) ZDM is an HTML attachment that contains encrypted messages in encoded form When a user clicks to access the message, the encrypted message is sent back to Exchange hosted encryption via POST method No software installed on sender/recipient machines

12. Identity-Based Email Encryption

13. What Is Identity-Based Encryption (IBE)? IBE is a form of asymmetric encryption All entities have a public and private key pair In IBE: A key server has a master public and private key pair Anyone can derive a user’s public key from the email address (eliminates need for prior key establishment) and encrypt messages A key server decrypts messages with the user’s private key

14. How IBE Works Send message back to Exchange hosted encryption for decryption Get’s the public key based on Alice’s Email address Exchange hosted encryption server 1. Request Alice’s public key 4. Send the message for decryption 2. Alice’s public key is returned 3. Send Alice the encrypted mail bob@contosocorp.com alice@fabrikam.com Encrypt message using public key

15. Forefront Online Protection for Exchange Encryption Administrator Experience

16. Administrator Setup Prerequisites Requires Forefront Online Protection for Exchange Exchange hosted encryption is purchased separately from Forefront Online Protection for Exchange Administrator setup steps Log in to the Administration Center On the Administration tab, confirm that Exchange hosted encryption is purchased Create a new policy rule for outbound mail Under Action, select Encrypt

20. Forefront Online Protection for Exchange Encryption Sender Experience

21. Sender Setup All encryption is transparent to the sender The sender drafts and sends a message with sensitive information Exchange hosted encryption identifies the sensitive information and encrypts the message in the cloud

23. Forefront Online Protection for Exchange Encryption First Time Recipient Experience

24. First Time Recipient Experience Recipient receives an encrypted message as an attachment Recipient opens the attachment and clicks Read Message Recipient enters and confirms a password of his or her choice Exchange hosted encryption emails a confirmation message to the recipient Recipient opens the confirmation message and clicks the link Recipient views the encrypted message All replies and forwards remain encrypted

36. Forefront Online Protection for Exchange Encryption After First Time Recipient Experience

43. Forefront Online Protection for Exchange Encryption Summary

44. Forefront Online Protection for Exchange Encryption Licensing

45. Forefront Online Protection for Exchange Encryption [Exchange Hosted Encryption] Licensing Add-on to Forefront Online Protection for Exchange or add-on to suites that contain Forefront Online Protection for Exchange (Office 365, ECAL, EECAL with services, FPS) Available through the following licensing programs: Enterprise Agreement Enterprise Agreement Subscription Select Academic and Government Select Open Value Open Value Subscription Service Provider License Agreement (SPLA) Campus and School Agreement UCES (Telco) Pricing starts at $1.88/user/month

46. Additional Resources/Announcements

47. Introducing Business Ready Security Demo 4.0i Business Ready Security 4.0i New! Forefront Protection Server Management Console RTW included New! Forefront Protection Server Management Console hands-on labs New! Forefront Protection for Exchange/Forefront Protection for SharePoint rollup updates End-to-end demo environment All identity and security solutions/technologies 7 GB zipped/installer package Demo scripts/architecture overview documentation provided Available as download: http://go.microsoft.com/fwlink/?LinkId=190269 Distribution list: msvmtalk@microsoft.com

48. Business Ready Security Demo 4.0i

49. Business Ready Security Demo 4.0i

50. Links and Resources

51. Questions and Answers Submit text questions by using the Ask button Don’t forget to fill out the survey For upcoming and previously live webcasts, visit www.microsoft.com/webcast Got webcast content ideas? Contact us at http://go.microsoft.com/fwlink/?LinkId=41781

52. 52