mike crowley planet technologies › 2012 › 03 › crowley_cloud... · exchange hosted encryption...
TRANSCRIPT
![Page 1: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/1.jpg)
Session: CEO307
Mike Crowley
Planet Technologies
www.Go-Planet.com 1
![Page 2: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/2.jpg)
Agenda
Introduction to Forefront
What does FOPE do and how does it work?
Usage Scenarios
Implementing FOPE
FOPE Administrative Interface Demo
2
![Page 3: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/3.jpg)
What is Forefront?
Microsoft’s brand name for products dealing with security and identity
First it was Then it was rebranded as Now it’s called
Client Protection Forefront Client Security Forefront Endpoint Protection (FPE)
Microsoft Identity Integration Server (MIIS) Identity Lifecycle Manager (ILM) Forefront Identity Manager (FIM)
Microsoft Proxy Server Internet Security and Acceleration Server (ISA) Forefront Threat Management Gateway (TMG)
Intelligent Application Gateway (IAG) Forefront Unified Access Gateway (UAG)
Antigen for Exchange Forefront Security for Exchange (FSE) Forefront Protection for Exchange Server (FPE)
Antigen for SharePoint Forefront Security for SharePoint (FSSP) Forefront Protection for SharePoint (FPSP)
Antigen for Instant Messaging Forefront Security for OCS (FSOCS) Forefront Protection for Lync (Soon)
Antigen Enterprise Manager Forefront Server Security Management Console (FSSMC)
Forefront Protection Server Management Console (FPSMC)
FrontBridge Enterprise Message Security Forefront Online Protection for Exchange (FOPE)
3
![Page 4: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/4.jpg)
FOPE vs. Postini
4
![Page 5: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/5.jpg)
FOPE vs. Postini
FOPE advertises $21 per year, per
user – though you may already own it
FOPE’s privacy statement does not
allow Microsoft to use FOPE data to
market to you or your users
FOPE uses a simple directory
synchronization tool
Built-in to Exchange Online
FOPE’s “connectors” offer much
more control over mail routing
Postini falls under Google’s new
privacy policy
Postini’s synchronization requires
SSL certificates, and knowledge of
LDAP/DSML
Built-in to Google Apps
Postini can’t whitelist trusted IPs
Postini advertises $12 per year, per
user
Postini’s administrative interface can
be difficult to navigate 5
![Page 6: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/6.jpg)
Features
Anti-virus service
Anti-spam service
Policy enforcement
Directory-based
blocking
• IP Reputation Blocking
• Connection Analysis
• Reputation Analysis
• IP-based Authentication
• Fingerprinting
• Backscatter Mitigation
• Real-time Threat Response
• Fast Antivirus Signature Deployment
• Rules-based Scoring
• Message Handling
• Phishing and Spoofing Prevention • Extension Blocking
• Custom Policy Rules Filters
• Group Filtering
• Intelligent Routing
• Inbound Address Rewrite
• Office 365 Integration
6
![Page 7: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/7.jpg)
Service Level Agreements
Network uptime: 99.999 percent
Email delivery: average delivery commitment of less than one minute
Virus detection and blocking: 100 percent protection against all known email
viruses
Spam Effectiveness: Capture of at least 98 percent of all inbound spam
messages
False positive commitment of fewer than 1 in 250,000 messages
7
![Page 8: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/8.jpg)
What can FOPE do that Software-
based Antivirus cannot?
Save network bandwidth (Microsoft estimates 90% of email is Spam)
8
![Page 9: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/9.jpg)
What can FOPE do that Software-
based Antivirus cannot?
Save network bandwidth (Microsoft estimates 90% of email is Spam)
Reduce server workload
9
![Page 10: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/10.jpg)
What can FOPE do that Software-
based Antivirus cannot?
Save network bandwidth (Microsoft estimates 90% of email is Spam)
Reduce server workload
Spool email for <5 days in the event of an outage
10
![Page 11: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/11.jpg)
What can FOPE do that Software-
based Antivirus cannot?
Save network bandwidth (Microsoft estimates 90% of email is Spam)
Reduce server workload
Spool email for <5 days in the event of an outage
Make RBL cleanup someone else’s problem
11
![Page 12: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/12.jpg)
Usage Scenarios
Fully hosted scenario
Outbound smart host scenario
Inbound safe listing scenario
Regulated partner with forced TLS
scenario
Hybrid scenarios
Shared address space with on-premises relay scenario (MX points to on-premises)
Shared address space with on-premises relay scenario (MX points to FOPE)
Shared address space with cloud relay scenario (MX points to the cloud)
TechNet article: gg430167
12 TechNet screencasts available for each scenario. TechNet article: gg186020
![Page 13: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/13.jpg)
SMTP Connectors
13
![Page 14: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/14.jpg)
FOPE Does Not:
Scan intra-organization mail
Act as an SMTP relay for your application servers
Office 365 users: see KB 2600912
Support PowerShell
You can upload users via CSV or use DST
DST supports PowerShell
Require an Exchange Server
14
![Page 15: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/15.jpg)
15
![Page 16: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/16.jpg)
End-User Interaction
16
![Page 17: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/17.jpg)
End-User Interaction
17
![Page 18: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/18.jpg)
Administrator Interaction Office 365 Admin
http://<pod>.outlook.com/ecp
Standalone or Office 365 Admin
http://admin.messaging.microsoft.com
18
![Page 19: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/19.jpg)
Message
Tracing
Not to be confused with
Office 365’s “Delivery
Reports”
Visit TechNet article
ff715127 for feature
limitations
20 “Connector ID”
Field Not shown here
![Page 20: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/20.jpg)
Reporting
Reports Include:
• Deferral
• E-mail traffic
• Top users
• Top viruses
• Connectors
21
![Page 21: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/21.jpg)
DST - Directory
Synchronization Tool • Adds, Updates, Deletes
FOPE Users
• PowerShell Support
• Requires Active Directory
• Exchange Exchange*
• Not used with Office 365
*Required for Safelist Aggregation 22
![Page 22: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/22.jpg)
Implementing FOPE
Activate FOPE Validate domains
Office 365 enables FOPE automatically
Configure User upload (DST or CSV)
Connectors, Filters, etc.
Update DNS MX record
Create firewall rules
23
![Page 23: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/23.jpg)
Exchange Hosted Encryption (EHE)
Emails sent by users can be
encrypted automatically
based upon rule-matching
by: • Subject and message
• Keywords
• Regular expressions
• Sending and receiving email
address
• Domains
24
![Page 24: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/24.jpg)
Exchange Hosted Encryption (EHE)
25
![Page 25: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/25.jpg)
Suggested Resources
• Service Description for Microsoft Forefront
Online Protection for Exchange
• FOPE User Guide
• Microsoft.com/FOPE
• TechNet Wiki
● http://bit.ly/GUZOWO
26
![Page 26: Mike Crowley Planet Technologies › 2012 › 03 › crowley_cloud... · Exchange Hosted Encryption (EHE) Emails sent by users can be encrypted automatically based upon rule-matching](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f0fdd107e708231d4464307/html5/thumbnails/26.jpg)
Planet Technologies: http://Go-Planet.com Mike Crowley: http://MikeCrowley.us
Your Feedback is Important
Please fill out a session evaluation form
drop it off at the conference registration
desk.
Thank you!
27