Module 9

Configuring Messaging Policy and Compliance

Module Overview

• Introducing Messaging Policy and Compliance

• Configuring Transport Rules

• Configuring Journaling and Multi-Mailbox Search

• Configuring Personal Archives

• Configuring Messaging Records Management

Lesson 1: Introducing Messaging Policy and Compliance

• What Is Messaging Policy and Compliance?

• Discussion: Compliance Requirements

• Options for Enforcing Messaging Policy and Compliance

What Is Messaging Policy and Compliance?

Exchange Server 2010 has features that help you manage information distribution and comply with regulatory and legal requirements, such as:

• Restricting message flow

• Retaining copies of all or specific messages

• Managing messages in user mailboxes

• Searching for messages

Messaging policy and compliance features in Exchange Server 2010 provide organizations with the tools to enforce compliance requirements for email

Messaging policy and compliance features in Exchange Server 2010 provide organizations with the tools to enforce compliance requirements for email

Discussion: Compliance Requirements

• What type of business does your organization conduct?

• What are some legislated compliance requirements for your organization?

• What additional compliance requirements does your organization have?

• How are you currently meeting these compliance requirements?

Options for Enforcing Messaging Policy and Compliance

• Transport rules

• Message journaling

• Rights management integration

• Mailbox searching

• Message retention and deletion

• Personal Archives

Lesson 2: Configuring Transport Rules

• What Are Transport Rules?

• Transport Rule Components

• Demonstration: How To Configure Transport Rules

• What Is AD RMS?

• AD RMS Components

• How AD RMS Works

• How AD RMS Integration Works

• Demonstration: How to Configure AD RMS Integration

• Options for Configuring Moderated Transport

• Demonstration: How to Configure Moderated Transport

What Are Transport Rules?

Transport rules on an Edge Transport server are:

• Stored in AD LDS

• Unique to each Edge Transport server

• Used to manage inbound or outbound messages

Transport rules restrict message flow or modify message contents for messages in transitTransport rules restrict message flow or modify message contents for messages in transit

Transport rules on a Hub Transport server are:

• Stored in the Active Directory site

• Applied by all Hub Transport servers

• Used to apply compliance requirements

Transport Rule Components

• Conditions: Specify which email message components are used to identify the email messages

• Exceptions: Specify which email messages to exclude from having an action applied

• Actions: Specify the processes to be applied to messages

• Predicates: Used by conditions and exceptions to define what part of an email message will be examined

Demonstration: How to Configure Transport Rules

In this demonstration, you will see how to configure transport rules that apply:

• A disclaimer to messages sent to external recipients

• A restriction based on a regular expression

What Is AD RMS?

You can use AD RMS to:

• Restrict access to an organization’s intellectual property

AD RMS is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use

AD RMS is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use

• Limit the actions users can perform on content

• Limit the risk of content being exposed outside the organization

AD RMS Components

AD RMS components include:

• AD RMS Certification Server Cluster

• Active Directory Domain Services

• SQL Server

• RMS-aware clients and applications

• Certificates and licenses

• Rights policy templates

How AD RMS Works

RMS Server

Information Author Recipient

11

22 33

44

55

How AD RMS Integration Works

By integrating AD RMS with Exchange Server 2010, you can:

• Enable users to protect content

• Use AD RMS prelicensing

• Configure Outlook Protection rules to apply AD RMS templates automatically

• Configure Transport Protection rules to apply AD RMS templates

• Enable Journal Report Decryption

• Enable Transport Decryption

• Enable IRM in Outlook Web App

• Use new IRM-related features in Exchange Server 2010 SP1

Demonstration: How to Configure AD RMS Integration

In this demonstration, you will see how to:

• Protect email messages by using AD RMS

• Configure a transport rule that applies AD RMS protection

Options for Configuring Moderated Transport

In Exchange Server 2010, you can configure:

• Transport rules that require moderation

• Recipients that require moderation

Moderated transport enables the moderator to approve messages before deliveryModerated transport enables the moderator to approve messages before delivery

Demonstration: How to Configure Moderated Transport

In this demonstration, you will see how to:

• Configure a distribution group for moderation

• Configure a transport rule that enables moderation

Lesson 3: Configuring Journaling and Multi-Mailbox Search

• Message Journaling Options

• Demonstration: How to Configure Message Journaling

• Considerations for Managing the Message Journal Mailbox

• What Is Multi-Mailbox Search?

• What Is Legal Hold?

• Demonstration: How to Configure Multi-Mailbox Search

Message Journaling Options

You can configure message journaling by configuring:

• Per-recipient journal rules

• Journal mailboxes per mailbox database

Message journaling enables you to send copies of messages to any mailbox or valid SMTP addressMessage journaling enables you to send copies of messages to any mailbox or valid SMTP address

A journal report is a new message that includes the original message as an attachment A journal report is a new message that includes the original message as an attachment

Demonstration: How to Configure Message Journaling

In this demonstration, you will see how to configure a journal rule

Considerations for Managing the Message Journal Mailbox

• Consider using a SharePoint document library configuredwith an SMTP address as the messaging journal mailbox

• Use a retention policy to routinely remove messagesthat have been backed up

• Create policies that govern access to the journaling mailboxes in your organization

• Ensure compliance by obtaining plan approval from legal representatives

• Determine what will occur if a journaling mailbox exceeds the configured mailbox quota

What Is Multi-Mailbox Search?

Multi-Mailbox Search:

• Enables cross-mailbox searches

• Uses the Exchange Control Panel

• Requires that users have discovery permissions

Enhancements in Exchange Server 2010 SP1:

• Results preview

• Annotations

• Data de-duplication

What Is Legal Hold?

•Place a hold on users' mailboxes and keep mailbox items in an unaltered state

•Preserve mailbox items automatically deleted based on messaging records management retention policies

•Keep the legal hold transparent from the user by not having to suspend messaging records management

•Enable discovery searches of items placed on hold

•Preserve mailbox items that users attempt to delete or modify after the hold is placed

Legal hold enables administrators to:

The base structure of legal hold is Dumpster 2.0The base structure of legal hold is Dumpster 2.0

Demonstration: How to Configure Multi-Mailbox Search

In this demonstration, you will see how to:

• Add a user to the Discovery Management role group

• Perform a Multi-Mailbox Search by using Exchange Control Panel

Lab A: Configuring Transport Rules, Journal Rules, and Multi-Mailbox Search

• Exercise 1: Configuring Transport Rules

• Exercise 2: Configuring Journal Rules and Multi-Mailbox Search

Logon information

Estimated time: 50 minutes

Lab Scenario

You are a messaging administrator in A. Datum Corporation. Your organization has deployed Exchange Server 2010.

The legal and audit departments at A. Datum provided you with several requirements for implementing messaging policy and compliance. These requirements include applying rights protection to some messages sent inside and outside the organization, restricting message flow based on information in message subjects, and restricting which messages are sent to critical distribution lists. You also must ensure that you establish a separate and secure mailbox in which to retain all messages that the legal department sends and receives. Additionally, an auditor must be able to retrieve all messages sent and received by users with legal hold enabled.  

Lab Review

• In this lab, you implemented a transport rule that added a disclaimer to all messages sent to users outside the organization. What other option do you have for implementing this type of disclaimer?

• How can you verify that the Executives journal rule that you enabled in this lab is working properly?

Lesson 4: Configuring Personal Archives

• Discussion: Options for Implementing Mailbox Archiving

• How Personal Archives Work in Exchange Server 2010

• Demonstration: How to Configure Personal Archives

• Considerations for Implementing Personal Archives

Discussion: Options for Implementing Mailbox Archiving

• Do you have any archiving or journaling requirements in your organization?

• How are you currently meeting these requirements?

How Personal Archives Work in Exchange Server 2010

The Personal Archive mailbox:

• Can be in the same mailbox database as the primary mailbox, in another mailbox database or server, or on Exchange Online

• Appears as a folder in Outlook 2007, Outlook 2010,or Outlook Web App

• Is indexed and searchable

• Is not cached in Outlook

• Can be managed using archive and retention policies

Exchange Server 2010 Personal Archives feature creates a secondary or archive mailbox for the userExchange Server 2010 Personal Archives feature creates a secondary or archive mailbox for the user

Personal Archives can help organizations meet legal and corporate requirements by ensuring that all messages are stored in an Exchange Server mailbox

Personal Archives can help organizations meet legal and corporate requirements by ensuring that all messages are stored in an Exchange Server mailbox

Demonstration: How to Configure Personal Archives

In this demonstration, you will see how to:

• Configure a Personal Archives mailbox

• Access the Personal Archives mailbox

• Manage messages with a Personal Archives mailbox

Considerations for Implementing Personal Archives

• Consider implementing Personal Archives for critical mailboxes

• Consider reducing the storage costs for mailbox databasesthat contain only archive mailboxes

• Use archive mailbox quotas to manage the archive mailboxsize

• Consider removing the option of using PST files in Outlook

Implementing Personal Archives can significantly increase the storage requirements on the Exchange serversImplementing Personal Archives can significantly increase the storage requirements on the Exchange servers

Lesson 5: Configuring Messaging Records Management

• Messaging Records Management Options

• What Are Retention Tags and Retention Policies?

• Demonstration: How to Configure Retention Tags and Policies

• What Are Managed Folders?

• Process for Deploying Managed Folders

• Considerations for Implementing Messaging Records Management

Messaging Records Management Options

•Managed folders

•Technology introduced with Exchange Server 2007

•Used with managed content settings

•Retention policies

•New technology in Exchange Server 2010

•Used with retention policy tags

Exchange Server 2010 supports the following messaging records management options:

Messaging records management helps organizations manage message retention for messages in user mailboxesMessaging records management helps organizations manage message retention for messages in user mailboxes

What Are Retention Tags and Retention Policies?

Retention tags define managed content settings:•Retention policy tags•Default policy tag•Personal tags

Retention policies group one or more retention tags, and apply the tags to mailboxes

• Apply retention policy to mailboxes by using Exchange Management Shell or the Exchange Control Panel

Retention policies group one or more retention tags, and apply the tags to mailboxes

• Apply retention policy to mailboxes by using Exchange Management Shell or the Exchange Control Panel

Demonstration: How to Configure Retention Tags and Policies

In this demonstration, you will see how to:

• Configure retention policy tags

• Configure custom content settings for the retention policy tags

• Configure a retention policy that groups the retention policy tags

• Apply the retention policy to a user account

What Are Managed Folders?

Managed folders can include default folders and custom managed folders

Managed content settings can be used to:

Configure retention periods

Configure the retention expiration action

Configure journal settings

Managed folder mailbox policies group managed foldersand apply the settings to user mailboxes

Managed folders manage the contents of folders in user mailboxesManaged folders manage the contents of folders in user mailboxes

Users must move messages in to the custom managed folders before content settings will be appliedUsers must move messages in to the custom managed folders before content settings will be applied

Process for Deploying Managed Folders

To deploy Managed Folders:

• Specify the folders where you will apply managedcontent settings

• Specify the managed content settings for the selected folders

• Create a managed folder mailbox policy

• Apply the managed folder mailbox policy to users’ mailboxes

• Configure the managed folder assistant to apply the changes to users’ mailboxes

Considerations for Implementing Messaging Records Management

• Use managed custom folders for project based folders

• Use retention policies to automate messaging records management

• Ensure business and legal acceptance before configuring policies that delete messages

• Consider using retention policies to manage mailbox sizes

• Consider migrating managed folder settings to retention policies

• Plan retention policies or managed folder mailbox policiesbased on business groups with unique requirements

• Consider the default retention policy configuration

Lab B: Configuring Personal Archives and Retention Policies

• Exercise 1: Configuring Personal Archives

• Exercise 2: Configuring Retention Policies

Logon information

Estimated time: 40 minutes

Lab Scenario

You are the messaging administrator for A. Datum Corporation. Your organization has deployed Exchange Server 2010.

The legal and audit departments at A. Datum provided you with several requirements for implementing messaging policy and compliance. First, you must enable Personal Archives for all of the users in the Marketing department. These Additional requirements include configuring rules that will ensure that some messages are retained for an extended period, while other messages are deleted when they expire.

Lab Review

• Which of the following two approaches is better for ensuring that you retain a copy of specific email messages: journaling rules or retention policies?

• How can you ensure that users move their PST files into their archive mailbox?

Module Review and Takeaways

• Review Questions

• Common Issues and Troubleshooting Tips

• Real-World Issues and Scenarios

• Best Practices