Microsoft Exchange Server 2013 brings a new rich set of technologies, features, and services to the Exchange Server product line. Its goal is to support people and organizations as their work habits evolve from a communication focus to a collaboration focus. At the same time, Exchange Server 2013 helps lower the total cost of ownership whether you deploy Exchange 2013 on-premises or provision your mailboxes in the cloud.
New features and functionality in Exchange 2013 are designed to do the following: http://blog.ctesolutions.com/technical/microsoft/exchange-at-the-core/
Whether you are an IT Professional looking for Exchange Server 2010 or Exchange Server 2013, the most comprehensive and certified training can be found at CTE Solutions.
Interested in a certification or simply learning about design, implementation, administration, and management? CTE can deliver the training in the format you need with the most experienced instructors: http://www.ctesolutions.com/course/Microsoft-administration-training-courses/Exchange-Server-Training/
1. Exchange @ The Core
Duration: 10:00am-12:30pm (1.5 hours)
Presenter: Howard Forder
. MCT, MCSE, MCDST, MODL, MCITP
hforder@howardforder.com
Are You Compliant?
2. Meet Howard Forder
“25 years of
consulting and
training”
www.howardforder.com
MCT, MCSE, MCDST,MODL,A+
3. Exchange 2013 Compliance
This informative session will dive into the areas of Exchange that will
help IT implement compliance features of email systems today.
Many companies have Exchange and thousands of mailboxes
humming along. Use these guidelines to implement and ensure
compliance.
Walk away with a better understanding of what compliance is, how it
is used more effectively and how IT can drive that functionality
forward with the built-in Exchange 2013 funtionality.
4. Agenda
Section 1: Introduction to Exchange 2013
What’s New
What is Compliance?
Section 2: Implementing Compliance Desirables
What is Compliance?
Section 3: Related Certification Courses
6. What’s New?
Simplified Server Roles reduction from 4 roles to 2
New architecture
An expanded Administrator console completely
web based.
A refined DAG that can include public folders
Data Loss Prevention (DLP)
11. What is Compliance?
“Regulations on business that
affects the flow of information,
the storage of that information and
the retrieval of that information to
verify they are abiding by policies
and laws pertaining to that
organization”
12. Why Compliance?
To comply with regulations pertaining to your
country and your specific industry.
To be able to produce, on demand, historical
data within the legal time frame for retention.
To prove in a court of law that a piece of data
exists.
To rest easier at night, knowing you are
complaint!
13. Messaging Compliance
Email can exist in a multitude of places.
Your mailbox databases
PST (Personal Storage Table) files or personal
archives
Journaling mailbox (a copy of every email
passing through)
Third party archiver (sometimes associated
with the journaling mailbox.)
You might not be able to get at
this data when you need to!
14. Messaging Compliance
“Given that Exchange 2013 can
store 100+ GB per mailbox, why
not just keep the data in Exchange
and make it safe, searchable, and
secure there?”
15. Compliance Guidelines
1) Comply with regulations for your country and
your industry
2) There are no default answers when it comes to
compliance.
3) Get guidance from your legal team.
4) Understand the basics of the regulation
yourself.
5) Exchange provides a massive toolset.
1) Remove PSTs
2) Keep data in Exchange
3) Use built-in Search and Hold
16. Exchange 2013
as a Compliance Solution
1) Retention policies
2) Archiving
3) Discovery
4) Immutability
5) Leakage Protection
17. Exchange 2013 Functionality
Journaling
Capture a copy of every item that passes
through transport.
Captures entire message envelope (BCC
and distribution expanded lists)
Calendar items and Lync not captured.
Can’t decrypt S/MIME emails only IRM
Many moving to In-Place-Hold instead
20. Exchange 2013 Functionality
Transport Rules
Control over mail flow
Conditions to select mail and actions to be
carried out, with exceptions if needed.
Can implement mail blocking by keyword.
Can route mail to a manager.
Transport rules can have a timeline, then
expire, or test mode too.
23. Exchange 2013 Functionality
Data Loss Protection (DLP)
New in Exchange 2013
40+ policy templates & 47 sensitive data types.
Scan deep into attachments.
User education through policy tips.
All of this can be audited.
A “Default DLP” already in place OOB.
26. Exchange 2013 Functionality
Information Rights Management (IRM)
For encryption or permissions means the mail
item passes through Exchange and can be
decrypted by Exchange when needed such as
Anti-spam or Anti-virus, unlike S/MIME.
Implemented as a transport rule or on the client
side (Outlook, Office365/Exchange Online.)
Prevents leakage (printing, copying, forwarding
or replying)
29. Exchange 2013 Functionality
Message Records Management (MRM)
Tags on mailboxes or folders for moving or
deleting mail items.
Mandatory or personal tags.
One policy per mailbox (a default OOB)
Tasks, calendars and mail items covered.
Typically used to move inbox items to longer
retention personal archives or delete.
32. Exchange 2013 Functionality
In-Place Archiving
Secondary mailbox usually with longer
retention and inexpensive storage
Can be the same DB or somewhere else,
including the cloud.
Higher quota than primary mailbox
PST files can be manually dragged by end user
or PowerShell by Administrator.
Only available online, not OSTs.
33. In-Place Archiving
From OWA, we can
see the normal inbox
folders and the archive
mailbox folders.
Here we select a
policy for this folder.
34. In-Place Archiving:
Importing a PST
New-ManagementRoleAssignment
To assign the admin RBAC import permission to an administrator
The end user can drag and drop, but only 20% typically do this..
New-MailboxImportRequest
To import a PST file to the users archive mailbox
Be compliant by getting those PST files imported
into the archive mailboxes so they are searchable!
35. Exchange 2013 Functionality
In-Place Hold
Since 2010, litigation hold signifies data in
mailboxes is immutable
“Immutable databases ensure that
data can never be changed once
it has been committed”
36. Exchange 2013 Functionality
In-Place Hold
No changes are possible to the original items.
Edits are captured and saved to versions.
The end user is not affected.
Discovery Officers have full access to the
entire history.
Time-based holds (expiry time)
In Exchange 2013, not just full mailboxes,
but specific data through queries.
37. In-Place Hold (litigation hold)
You can place a mailbox
on Litigation Hold by
using the Exchange
Administration Center
(EAC)
or the Shell (set the
LitigationHoldEnabled
parameter).
38. In-Place Hold (litigation hold)
You can place a mailbox
on Litigation Hold by
using the Exchange
Administration Center
(EAC)
or the Shell (set the
LitigationHoldEnabled
parameter).
39. Exchange 2013 Functionality
e-discovery
After you hold large amounts of data, you need
to search that data.
Need the RBAC role to search.
Provides access to web portal where a discover
officer can search and preview data before
exporting it.
41. Administrator
Audit Logging
Track all actions carried out by
administrators enabling control processes to
be monitored and policies to be enforced.
• Logs all cmdlets used by default.
• You can provide a list of cmdlets, and their
parameters, that you want to log. Can specify the
cmdlets you want to audit by using the
AdminAuditLogConfigCmdlets parameter.
• You can specify full cmdlet names, such as New-
Mailbox, or you can specify partial cmdlet names
such as *Transport* or mix both.
42. Administrator Audit Logging
Reports in the EAC
The auditing page in the EAC for compliance and administrative
configuration changes.
Administrator role group report
A maximum of 3,000 entries can be returned.
If your search might return more than 3,000 entries, use the
Administrator audit log report or the Search-AdminAuditLog
cmdlet.
Administrator audit log This report enables you to export the audit
log entries recorded within a specified timeframe to a XML file and
then send the file via email to a recipient you specify. Use the The
New-AdminAuditLogSearch cmdlet
44. Exchange 2013 Functionality
Mailbox Audit Logging
Monitor end user access.
Log delegate access.
Log administrator access to mail items.
Show who sent a particular item.
http://exchangeserverpro.com/author/paul/
47. Trace a Bad Mail!
Example from Paul Cunningham from exchangeserverpro.com
We need to trace this email to the exact person who sent it.
Note the time and
date. We will need
this when
searching the audit
log.
This will assume you have turned on mailbox auditing for “Help Desk” already.
48. Trace a Bad Mail!
Example from Paul Cunningham from exchangeserverpro.com
Open the EAC and Run a non-owner mailbox access report.
49. Trace a Bad Mail!
Example from Paul Cunningham from exchangeserverpro.com
Select your date range as noted in the email.
50. Trace a Bad Mail!
Example from Paul Cunningham from exchangeserverpro.com
Now investigate:
It’s the right email, but it doesn’t tell us who.
To see more we need to use the -ShowDetails parameter.
51. Trace a Bad Mail!
Example from Paul Cunningham from exchangeserverpro.com
Sarah