Exchange 2013: BIG DATAMaintaining Compliance using Exchange 2013 features

Mick Tomlinson– Technical Instructor New Horizons

Agenda• Exchange 2013 Compliance Overview

• Retention Features

• Message Inspection

• Encryption & Usage Control Features

• Auditing

• Q&A

3

Exchange 2013 Compliance Overview

•What is Compliance?•Why do we do it?•How can Exchange help?

4

What is Compliance?• Protecting information from accidental or malicious destruction

• Preventing inappropriate disclosure of information

• Ensuring timely response to legal discovery or FOIA requests

5

Why do we do it?• Meeting regulatory requirements (SOX, GLBA, HIPAA)

• Meeting internal business requirements

6

How can Exchange help?Exchange 2013 has several features that can help your organization establish and maintain compliance with both regulatory and internal requirements.

We can categorize these features in to four major areas: Retention, Message Inspection, Encryption & Usage Control, and Auditing

7

Retention Features

• Messaging Records Management

• Journaling

• In-Place Archiving

• In-Place Hold

• In-Place E-Discovery

8

Messaging Records Management• Exchange 2013 uses Retention Tags and Retention Policies to help

manage a user’s mailbox.

• Allows an organization keep messages needed to comply with company policy, government regulations, or legal needs

• Allows an organization to remove content that has no legal or business value.

9

MRM Retention Tags

Three types of tags

• Default Policy Tag

• Retention Policy Tag

• Personal Tag (requires Enterprise CAL)

MRM is processed by the Managed Folder Assistant

10

Retention Tags

11

Retention Policies

12

JournalingShould be differentiated from Archiving.

• Journaling is the process of copying some or all of the email to a separate repository for later review, or to prevent spoliation of evidence.

• Archiving is the moving of email to an alternate location for long term storage

13

Types of Journaling• Standard Journaling

• Configured on a database. Journals all messages to and from all mailboxes in the database.

• Premium Journaling• Performs granular journaling using Journal Rules, based on an individual

recipient or membership in a distribution group.

14

In-Place Archiving• Provides users with an alternate storage location in which to store

historical messaging data.

• Storage may be in a different database, which can be located on less expensive storage.

• Eliminates the need for pst files

• Does not cache in Outlook

15

In-Place ArchiveOutlook and OWA allow for seamless access to the archive when connected (no off-line access)

16

In-Place Hold• Allows for the preservation of messaging data against accidental or

intentional deletion.

• Deleted (or modified) items are moved to a hidden folder in the user’s mailbox.

• Data will be inaccessible to the user, but may be retrieved by authorized personnel.

• Can be configured to retain all data, or data identified by query.

• Data may be retained indefinitely, or for a specific duration.

17

In-Place E-Discovery• Used to perform discovery searches for relevant content within

mailboxes.

• Uses the content indexes created by Exchange Search.

• May be integrated with Lync and SharePoint to allow full search capabilities across multiple platforms.

18

In-Place E-Discovery• Query results can be accessed in four ways

• Estimate search results• Preview search results• Copy search results• Export search results

19

In-Place E-Discovery

20

Message Inspection

• Transport Rules

• Data Loss Prevention (DLP)

21

Transport Rules• Allows Exchange to look for specific conditions in messages that pass

through your organization and take action on them.

• Inspection takes place while messages are in transit

• Rules are centrally stored in AD, insuring consistent application of all rules against all messages.

22

Transport Rule Components

• Conditions

• Actions

• Exceptions

• Properties

23

Data Loss Prevention• Data loss prevention (DLP) is a new feature in Exchange 2013

• Helps to identify, monitor, and protect sensitive data through deep content analysis.

• Helps to keep your organization safe from users mistakenly sending sensitive information to unauthorized people

24

Data Loss PreventionPolicy enforcement is flexible

25

DLP Policy Templates• Use built in templates

• Import templates from security partners

• Create your own!

26

DLP Policy Rules• Built on Transport Rules

27

DLP Policy Rules• But it also adds new possibilities

28

DLP Policy RulesAnd more options

29

Encryption and Usage Control

• S/MIME

• Information Rights Management (AD RMS)

• Office 365 Message Encryption

30

S/MIME• Supported in Outlook, ActiveSync, and OWA (only using IE)

• Requires PKI and user education

• Does not work well with transport rules or DLP

31

Information Rights Management• Provided via integration with Active Directory Rights Management

Services (AD RMS)

• No PKI required

• Applies persistent security to protected content

• Can protect content from being read, copied, forwarded, modified, printed, faxed, or saved.

32

IRM and Compliance• Protected content can be inspected by transport rules and DLP.

• Protected content can be indexed by Exchange search

• Content can be protected automatically via Outlook Protection Rules or Transport Rules

33

Auditing

• Mailbox Audit Logging

• Admin Audit Logging

34

Mailbox Audit Logging• Allows you to track who logs on to the mailboxes in your organization

and what actions are taken

• Can log access by owner, delegates, and administrators

• Logs are fully searchable

• Not enabled by default

35

Administrator Audit Logging• Logs when an administrator or user with delegated permissions makes

a change in your organization

• Audits use of all EMS cmdlets (except Get- and Search- cmdlets)

• Logs are fully searchable and retained for 90 days

• Logging is enabled by default

36

Q & A

Ask me something!

Thanks for Coming