exchange 2013 compliance
TRANSCRIPT
Exchange 2013: BIG DATAMaintaining Compliance using Exchange 2013 features
Mick Tomlinson– Technical Instructor New Horizons
Agenda• Exchange 2013 Compliance Overview
• Retention Features
• Message Inspection
• Encryption & Usage Control Features
• Auditing
• Q&A
4
What is Compliance?• Protecting information from accidental or malicious destruction
• Preventing inappropriate disclosure of information
• Ensuring timely response to legal discovery or FOIA requests
5
Why do we do it?• Meeting regulatory requirements (SOX, GLBA, HIPAA)
• Meeting internal business requirements
6
How can Exchange help?Exchange 2013 has several features that can help your organization establish and maintain compliance with both regulatory and internal requirements.
We can categorize these features in to four major areas: Retention, Message Inspection, Encryption & Usage Control, and Auditing
7
Retention Features
• Messaging Records Management
• Journaling
• In-Place Archiving
• In-Place Hold
• In-Place E-Discovery
8
Messaging Records Management• Exchange 2013 uses Retention Tags and Retention Policies to help
manage a user’s mailbox.
• Allows an organization keep messages needed to comply with company policy, government regulations, or legal needs
• Allows an organization to remove content that has no legal or business value.
9
MRM Retention Tags
Three types of tags
• Default Policy Tag
• Retention Policy Tag
• Personal Tag (requires Enterprise CAL)
MRM is processed by the Managed Folder Assistant
12
JournalingShould be differentiated from Archiving.
• Journaling is the process of copying some or all of the email to a separate repository for later review, or to prevent spoliation of evidence.
• Archiving is the moving of email to an alternate location for long term storage
13
Types of Journaling• Standard Journaling
• Configured on a database. Journals all messages to and from all mailboxes in the database.
• Premium Journaling• Performs granular journaling using Journal Rules, based on an individual
recipient or membership in a distribution group.
14
In-Place Archiving• Provides users with an alternate storage location in which to store
historical messaging data.
• Storage may be in a different database, which can be located on less expensive storage.
• Eliminates the need for pst files
• Does not cache in Outlook
15
In-Place ArchiveOutlook and OWA allow for seamless access to the archive when connected (no off-line access)
16
In-Place Hold• Allows for the preservation of messaging data against accidental or
intentional deletion.
• Deleted (or modified) items are moved to a hidden folder in the user’s mailbox.
• Data will be inaccessible to the user, but may be retrieved by authorized personnel.
• Can be configured to retain all data, or data identified by query.
• Data may be retained indefinitely, or for a specific duration.
17
In-Place E-Discovery• Used to perform discovery searches for relevant content within
mailboxes.
• Uses the content indexes created by Exchange Search.
• May be integrated with Lync and SharePoint to allow full search capabilities across multiple platforms.
18
In-Place E-Discovery• Query results can be accessed in four ways
• Estimate search results• Preview search results• Copy search results• Export search results
21
Transport Rules• Allows Exchange to look for specific conditions in messages that pass
through your organization and take action on them.
• Inspection takes place while messages are in transit
• Rules are centrally stored in AD, insuring consistent application of all rules against all messages.
23
Data Loss Prevention• Data loss prevention (DLP) is a new feature in Exchange 2013
• Helps to identify, monitor, and protect sensitive data through deep content analysis.
• Helps to keep your organization safe from users mistakenly sending sensitive information to unauthorized people
25
DLP Policy Templates• Use built in templates
• Import templates from security partners
• Create your own!
29
Encryption and Usage Control
• S/MIME
• Information Rights Management (AD RMS)
• Office 365 Message Encryption
30
S/MIME• Supported in Outlook, ActiveSync, and OWA (only using IE)
• Requires PKI and user education
• Does not work well with transport rules or DLP
31
Information Rights Management• Provided via integration with Active Directory Rights Management
Services (AD RMS)
• No PKI required
• Applies persistent security to protected content
• Can protect content from being read, copied, forwarded, modified, printed, faxed, or saved.
32
IRM and Compliance• Protected content can be inspected by transport rules and DLP.
• Protected content can be indexed by Exchange search
• Content can be protected automatically via Outlook Protection Rules or Transport Rules
34
Mailbox Audit Logging• Allows you to track who logs on to the mailboxes in your organization
and what actions are taken
• Can log access by owner, delegates, and administrators
• Logs are fully searchable
• Not enabled by default
35
Administrator Audit Logging• Logs when an administrator or user with delegated permissions makes
a change in your organization
• Audits use of all EMS cmdlets (except Get- and Search- cmdlets)
• Logs are fully searchable and retained for 90 days
• Logging is enabled by default