Protect communications Multi-engine anti-malware and enhanced spam filtering to help protect your...
If you can't read please download the document
Protect communications Multi-engine anti-malware and enhanced spam filtering to help protect your email environment from threats Enforce policy Flexible
Protect communications Multi-engine anti-malware and enhanced
spam filtering to help protect your email environment from threats
Enforce policy Flexible tools for policy enforcement that provide
the right level of control Streamlined management Flexible
administration of anti-spam, anti-malware and policy rules
Slide 4
Slide 5
SPAM Protection Outlook Safe Sender/Recipient Content scanning
Bulk Mail filtering Content Filter Advanced Options Customer
Feedback False Positive/Negatives Customer Feedback False
Positive/Negatives Corporate Network Policy Quarantine Policy
Quarantine Edge Blocks Email is routed to EOP DCs based on MX
record resolution IP-based edge blocking URL Block lists Policy
Enforcement Custom Rules Allows/Rejects SPAM Quarantine SPAM
Quarantine Spam Analysts Virus Scanning AV Engine 1 AV Engine 2 AV
Engine 3
Slide 6
NDR Delivery Pool Bulk Delivery Pool Outbound Pool Higher Risk
Delivery Pool Higher Risk Outbound Pool Normal Score SPAM
Protection Content scanning and Heuristics Content Filter Advanced
Options Virus Scanning AV Engine 1 AV Engine 2 AV Engine 3 Policy
Enforcement Custom Rules Quarantine Corporate Network Internet
Email Encryption Spam Analysts
Slide 7
Slide 8
Slide 9
Step 1: Verify prerequisites Step 2: Configure mail flow
(connectors) Step 3: Add and validate domains Step 4: Customize
spam and policy settings Step 5: Enable mail flow Step 6: Monitor
and fine tune
Slide 10
Slide 11
Exchange Server 2013 Exchange Online EOP Stand Alone
Slide 12
Slide 13
On-Prem Mail Environment Exchange Online Protection Partner
Environment
Slide 14
On-Prem Mail APAC Exchange Online Protection On-Prem Mail AMER
On-Prem Mail EMEA
Slide 15
Slide 16
Spam and policy customization
Slide 17
Slide 18
Spam and policy customization (ESN)
Slide 19
EOP and the Junk Mail folder Two rules Two rules need to be
added to the on premise environment. Set-OrganizationConfig
SCLJunkThreshold 4 New-TransportRule "NameForRule"
-HeaderContainsMessageHeader "X-Forefront-Antispam-Report" -
HeaderContainsWords "SFV:SPM" -SetSCL 6 New-TransportRule
"NameForRule" -HeaderContainsMessageHeader
"X-Forefront-Antispam-Report" - HeaderContainsWords "SFV:SKS"
-SetSCL 6 End users need to be educated about the use of the Junk
Mail folder in Outlook
Slide 20
Enable mail flow DNS changes MX record
(domain-suffix.mail.protection.outlook.com) SPF record (v=spf1
include:spf.protection.outlook.com all) Do not change CNAME DNS
entries for stand alone customers On-premise changes Create smart
host from on premise environment to EOP Restrict on premises
firewall to only accept port 25 traffic from EOPEOP
Slide 21
Slide 22
Monitor and fine tune Goals Is the service operating as
expected? Make adjustments to rules or settings as needed Evaluate
effectiveness of spam settings Tools Reports (Office 365 Portal or
Mail Protection Reports for Office 365) Submitting spam and false
positive messages to Microsoft Junk Mail Reporting ToolJunk Mail
Reporting Tool for Outlook
Slide 23
Slide 24
Slide 25
Do this Use a test domain, subdomain or low volume domain for
trying different service features Create O365 connectors before
adding domains Use the Remote Connectivity Analyzer to
troubleshootRemote Connectivity Analyzer Restrict inbound SMTP
access to allow ONLY from EOP IP rangesEOP IP ranges Dont do this
Daisy chain services Use EOP for sending bulk mail Enable all
Content Filter Advanced Options out of the box
Slide 26
Automated user/group management Ease of administration for CBRs
or other rules based on user address Synchronize Outlook safe/block
sender lists On-premisesExchange Online Protection Office 365
Directory Sync
Slide 27
Slide 28
Slide 29
Educate email users Avoid using links in emails to access
secure online services Do not respond to requests for sensitive
information via email Unsubscribe from legitimate bulk mail e.g.
known online retailers Use the Junk mail reporting tool to submit
spam samplesJunk mail Resources to help educate users Outlook
Phishing Detection, Crabby Office LadyOutlook Phishing
DetectionCrabby Office Lady Publish an SPF record (Sender Policy
Framework) Include EOP IPs and on-premises public IPs Use the
Microsoft Configuration WizardMicrosoft Configuration Wizard Turn
on the SPF check Content Filter Advanced Options
Slide 30
Other considerations Enable the Bulk Mail Content Filter
Advanced Options Utilize Regular Expression (Reg-Ex) capability of
ETRs to fine tune filtering of bulk mail e.g. Header field name
match List-Unsubscribe sets SCL to 6 More details posted on Terry
Zinks Cyber Security BlogTerry Zinks Cyber Security Blog Scope
Inbound Allow rules by IP where possible Avoid safe-listing own
domains - this by-passes the SPF check and negates the checks
effectiveness
Slide 31
Prevent Spam Notification Delivery to DLs Use DirSync and a
custom Content Filter Apply custom Content Filter to that OU or OUs
with Enable end-user spam notifications de-selected Block using
Transport rule on-premises: Create a contact object (e.g. EOP ESN)
with the address of
[email protected]@messaging.microsoft.com
In PowerShell: Get-DistributionGroup -ResultSize Unlimited
-IgnoreDefaultScope | where { !$_.RejectMessagesFrom - and
!$_.RejectMessagesFromDLMembers } | Set-DistributionGroup
-IgnoreDefaultScope - RejectMessagesFrom " EOP ESN"
Slide 32
Coming soon - end user access to Spam Quarantine End users
manage spam via end user spam quarantine notifications which may be
scheduled for daily delivery Administrator only access to
quarantine Viewer only supports up to 500 messages More can be
viewed via PowerShell Get-QuarantineMessage
CmdletGet-QuarantineMessage Can only release in bulk through
Release-QuarantineMessage CmdletRelease-QuarantineMessage Limits
Max message size for EOP delivering to stand-alone customers is 150
MB Max message size for EOP delivering to Office 365 hosted
mailboxes is 35 MB Max 100 Transport Rules per tenant DLP policies
consume part of this quota
Slide 33
Failover configuration Using a second MX record to accomplish
failover Contoso.com has 3 on-premises IPs: Site A - 10.0.0.5, Site
B - 10.1.1.5, Site C - 10.2.2.5 Contoso.com wants mail to route to
Site A but if it is down wants mail to go to Site B, and Site C as
last resort. contoso.com MX preference = 10
contoso-com.mail.protection.outlook.com (routes all mail for
contoso.com) onprem.contoso.com MX preference = 10
mail-a.contoso.com onprem.contoso.com MX preference = 20
mail-b.contoso.com onprem.contoso.com MX preference = 30
mail-c.contoso.com mail-a.contoso.com A 10.0.0.5 mail-b.contoso.com
A 10.1.1.5 mail-c.contoso.com A 10.2.2.5 *Specify
onprem.contoso.com in the outbound connector smart host field
Slide 34
Match Sub-domains DKIM for inbound email Support for IPV6
Slide 35
What they offer Exchange Online Protection implementation and
configuration assistance 1 5 days of engagement over a period of 90
days Administrator training on Exchange Online Protection Advise
customer on service best practices Eligibility Net new customers
who purchase 1000+ seats EOP stand alone, O365D Exception basis for
O365 Hybrid How to Engage an IPM Contact your Technical Account
Manager for more information.
Slide 36
SessionTitleTimingRoom SPR.202Encryption in ExchangeTue 10:45
AM - 12:00 PMBallroom E SPR.201 Eliminate the Regulatory Compliance
NightmareTue 9:00 AM-10:15 AMMR 19ab SPR.UN.305 Exchange Online
Protection: Notes from the fieldWed 10:15 AM 11:30 AMBallroom G
SPR.UN.304 Experts Unplugged: EOP & Encryption Wed 8:30-9:45 AM
Wed 1:00-2:15 PM MR 18d MR 17b SPR.401 Extending Data Loss
Prevention For Your BusinessWed 4:45 PM- 6:00 PMMR 18bc SPR.203
Protect your Organization with Exchange Online Protection (EOP)Mon
4:30 PM - 5:45 PMMR 18bc SPR.301 So how does Microsoft handle my
spam?Tue 4:45 PM 6:00 PMMR 19ab SPR.401Using Connectors & Mail
RoutingWed 2:45 PM - 4:00 PMMR 18bc ARC.304 Exchange Server 2013
Transport ArchitectureTues 9:00 AM - 10:15 AMBallroom F EDC.302
Advanced Data Loss Prevention in ExchangeTues 1:30 PM-2:45
PMBallroom F EDC.UN.301 Experts Unplugged: Data Loss Prevention Tue
3:00 PM-4:15 PM Wed 10:15 AM-11:30 AM MR 18d MR 13ab EDC.204 Data
Loss Prevention in Exchange, Outlook, OWAMon 2:45 Pm-4:00PMMR 18bc
MNG.304 Reporting On O365 Mail flow and Mailbox DataWed 1:00
PM-2:15 PMMR 17a