Embed Size (px)
Citation preview
Module 7
Planning and Deploying Messaging Compliance
Module Overview
• Designing Transport Compliance
• Designing AD RMS Integration with Exchange Server 2010
• Designing Message Journaling and Archiving
• Designing Messaging Records Management
Lesson 1: Designing Transport Compliance
• Identifying Transport Compliance Requirements and Options
• Planning Transport Rules
• Planning Message Classifications
• Planning Message Moderation
Identifying Transport Compliance Requirements and Options
Requirement Exchange Server 2010 option
Disclaimers must be attached to all external messages
• Transport rule
Specified users must not be able to send e-mail to other users
• Transport rule
• Moderated recipients
Messages with specific content must be blocked or retained
• Transport rule
• Message classifications Recipients must be restricted in what they can do with specified e-mails
• AD RMS integration
Messages sent to specific e-mail domains must be blocked
• Transport rule
Planning Transport Rules
• Test the application of transport rules to avoid rule conflicts or duplication
• Plan for transport rule limitations with encrypted and digitally signed messages
• Use transport rules on Edge Transport servers to applyoutbound message policies
• Document the transport rule configurations
• Use regular expressions to check message contents
• Plan conditions and exceptions carefully
Planning Message Classifications
• Plan for the distribution of the client files for Office Outlook 2007 and Office Outlook 2010 clients
• Configure transport rules to apply message classifications and to apply restrictions
• Plan for localized versions message classifications in multilingual organizations
• Develop custom message classifications to address other classification requirements
Planning Message Moderation
• Consider using message moderation for large or confidential distribution groups
• Select an appropriate moderator
• Consider the role of group owners
• Plan for message moderation during the upgrade from previous Exchange Server versions
• Consider using either moderated groups or transport rules to enforce moderation
• Configure appropriate moderation exceptions for groups
Lesson 2: Designing AD RMS Integration with Exchange Server 2010
• Options for Integrating AD RMS and Exchange Server 2010
• Planning AD RMS Integration
• Planning AD RMS Integration with External Organizations
• Considerations for Implementing and Managing AD RMS Integration
Options for Integrating AD RMS and Exchange Server 2010
Option Description
Transport protection rules
Apply an AD RMS template by using a transport rule
Outlook protection rules
Apply an AD RMS template to messages as they are sent from an Outlook 2010 client
Transport decryption
Enables the Hub Transport server to decrypt message content to apply messaging policies
Journal report decryption
Enables the Journaling agent to save an unencrypted copy of the message in the journal report
Planning AD RMS Integration
• Consider adding additional templates
• Define the boundaries for AD RMS-protected messages
• Configure transport protection rules to apply AD RMS templates for all clients
• Train users to use the built-in AD RMS functionality
• Ensure that AD RMS server deployment is available for Exchange Server 2010 integration
Planning AD RMS Integration with External Organizations
Considerations for choosing an integration option:
Options for integrating AD RMS with external organizations:
• Deploy an AD RMS server that is accessible to the Internet
• Configure trusted user or publishing domains
• Configure AD RMS integration with Windows Live ID
• Configure a federated trust using AD FS
• Can you create external user accounts in your Active Directory forest?
• Have the external organizations deployed AD RMS?
• Do you need to enable AD RMS integration for all users in the external organizations?
• Have the external organizations deployed AD FS?
Considerations for Implementing and Managing AD RMS Integration
• Provide Outlook Web App for external users
• Develop a plan for distributing custom AD RMS templates
• Ensure that only trusted users have access to the journal mailbox
• Develop a communication plan for informing users
• Monitor the performance impact of encryption on Hub Transport servers
• Extra configuration is required to support Windows Mobile devices
Lesson 3: Designing Message Journaling and Archiving
• Identifying Message Journaling and Archiving Requirements and Options
• Options for Implementing Message Journaling
• Planning Message Journaling
• Considerations for Managing the Journal Mailbox
• Planning Personal Archiving
• Planning Legal Hold
• Planning Multi-Mailbox Search
Identifying Message Journaling and Archiving Requirements and Options
Requirement Exchange Server 2010 option
Messages sent to or by members of a distribution group must be retained
Message journaling
Messages sent or received by specific users must be retained
Legal hold
Messages must be searchable for specific types of content
Multi-Mailbox Search
Users must store all e-mail in an Exchange Server database
Personal Archives, disable PSTs
Messages sent by users in a specific mailbox database must be retained
Message journaling
Options for Implementing Message Journaling
You can configure message journaling:
On a specific mailbox database
On a specific recipient
As part of MRM
Message journaling enables you to send copies of messages to any mailbox or valid SMTP addressMessage journaling enables you to send copies of messages to any mailbox or valid SMTP address
Planning Message Journaling
• Identify the journal mailbox
• Plan for multiple sites in large organizations
• Consider legal hold as an alternative to journaling
• Identify the type of message journaling to implement
• Identify which messages you should journal
Considerations for Managing the Journal Mailbox
• Use MRM to routinely automate message removal
• Control who can access journal mailboxes
• Ensure legal compliance
• Define a process for addressing over-quota journalmailboxes
• Plan for the maximum size of the journal mailbox
Planning Personal Archiving
• Consider disabling access to PST files
• Train users to automate message archiving
• Develop policies for managing archive mailbox contents and quotas
• Selectively enable Personal Archives
• Consider the impact of Personal Archives on mailboxdatabases
Planning Legal Hold
Legal hold:
Considerations:
• Ensures that deleted and modified items are retained
• Is an option for single-item recovery
• Is enabled for individual mailboxes
• Enable legal hold only when required
• Messages in recoverable items are not part of a mailbox quota
• Configure quotas for recoverable items
• Use the Legal Hold role to delegate management of legal hold
Planning Multi-Mailbox Search
• Multi-Mailbox Search is based on Exchange Search
• Configure separate Discovery Search mailboxes for each group with different search permissions
• Consider assigning auditors to the Discovery Search and Legal Hold management role groups
• Provide guidance for optimizing mailbox search queries
Lesson 4: Designing Messaging Records Management
• Identifying Messaging Records Management Requirements and Options
• Planning a Retention Policy Deployment
• Planning a Managed Folder Deployment
• Planning the Integration of Managed Folders and Retention Policies
• Discussion: Designing a User Communication Plan for Messaging Compliance
Identifying Messaging Records Management Requirements and Options
Requirement Exchange Server 2010 option
Retain messages related to specific projects • Personal tags
• Managed custom folders
Delete messages in specified mailbox folders after a specified time
• Default policy tags
• Managed default folders
Allow users to mark specific messages for retention
Personal tags
Journal messages when they are deleted from user mailboxes
Manage folders
Automatically move mailboxes to the archive mailbox at specified times
Retention policies
Planning a Retention Policy Deployment
• Minimize the number of personal tags
• Base retention policies on compliance requirements
• Provide training on how to use retentionpolicies and AutoTagging
• Plan default policy tag for untagged items in folders
• Plan retention policy tags for default folders
Planning a Managed Folder Deployment
• Implement a default managed folder policy for all users, and also custom managed folder policies as needed
• Provide user training for default folders and custom folders
• Use managed custom folders and journaling to assist with message retention
• Plan managed folder policies based on departments or project groups
Planning the Integration of Managed Folders and Retention Policies
• Retention policies do not require users to move messages to specific folders
• Retention policies override managed folder policies
• You can only manage retention policies from Office Outlook 2010
• Migrate managed folder settings to retention policies as you deploy Office Outlook 2010
Discussion: Designing a User Communication Plan for Messaging Compliance
• How do you communicate IT environment changes to users?
• What information would you include in a communication plan?
• How do you pilot and implement significant changes to your environment?
• How will you ensure that users follow messaging policies?
Lab: Planning and Deploying Messaging Compliance
• Exercise 1: Planning a Message Transport Implementation
• Exercise 2: Planning a Message Journaling and Archiving Solution
• Exercise 3: Planning a Messaging Records Management Implementation
• Exercise 4: Implementing a Message Compliance Plan
Logon information
Estimated time: 75 minutes
Lab Scenario
• You are a messaging engineer for A. Datum Corporation, an enterprise-level organization with multiple locations. A. Datum is an international corporation involved in technology research and investment, and it is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
• You are aware of the new messaging compliance features in Exchange Server 2010, and need to determine how you will implement them to meet the needs of your organization.
Lab Review
• What is the relationship between a retention policy and a retention policy tag?
• How can you use a message classification to prevent specific messages from being sent to the Internet?
Module Review and Takeaways
• Review Questions
• Best Practices
