Levon EsibovPrincipal Group Program ManagerMicrosoft

Protect Your Organization with Exchange Online Protection (EOP)

SPR203

How may I protectmy employees from spam and malwaremy company from data loss

using Exchange Online Protection

even if I’m not moving my mailboxes to the Cloud?

Security challenges

Rapidly evolving external threats

Potential loss of sensitive data

Keeping email safe without impacting users

Stop viruses and malware• Multi-engine malware protection• Continuously evolving anti-spam protection

Protect sensitive data• Data Loss Prevention features• Encryption of sensitive email

Common administration console• Office 365 integration• Detailed reporting

Enterprise class reliability• Geographically load-balanced datacenters• Queuing capabilities to help ensure no mail is lost• 24x7x365 Microsoft Support• $$$ backed SLA

Exchange Online Protection (EOP)

Exchange Online Protection in numbersUsed by many

100,000s of customers

Used by many 10,000,000s of users

Processing Billions of emails a day

Using Thousands of servers

Across dozens of Datacenters worldwide

Supported by SMEs who wrote the code 24x7x365

EOP Conceptual Diagram

On-premises server - Inbound and Outbound email filtered through EOP

Corporate Network

EOP

EOP Inbound Filtering

Email is routed to EOP DC based on MX record resolution

(Contoso-com.mail.protection.outlook.com)

IP-based edge blocks

Envelope blocks

Virus Scanning

AV Engine 1

AV Engine 2

AV Engine 3

SPAM ProtectionSafe

Sender/Recipient

Policy Enforcement

Custom RulesContent scanning

and Heuristics

Bulk Mail filtering

SPF & Sender ID Filter

Quarantine

International Spam

Advanced SPAM management

Customer Feedback

False +ve / -ve

Spam Analysts

Corporate Network

EOP Outbound Filtering

High Risk Delivery PoolHigh Score

Outbound Pool

Low Score

SPAM Protection

Content scanning and Heuristics

Advanced SPAM management

Virus Scanning

AV Engine 1

AV Engine 2

AV Engine 3

Policy Enforcement

Custom Rules

QuarantineSpam Analysts

Corporate Network

• 1. Connection filtering • Blocks up to 80% of all spam

based on IP block/allow lists.

• 2. Sender-Recipient Filtering

• Blocks up to 15% of all spam based on internal lists and sender reputation.

• 3. Content Filtering• Blocks up to 5% of all spam

based on internal lists and heuristics.

Multi-layered anti-spam protection

10

• Connection filtering • Static IP allow/block list• Opt-in to Microsoft-maintained

reputable sender list

• Content spam categories• Blatant spam• High confidence spam

• Content Filtering Actions• Delete• Quarantine• Add X-Header• Modify Subject• Redirect

Control anti-spam filtering

11

Effective spam blockingBlock external threats quicklyAdvanced fingerprinting technologies that identify and stop new spam and phishing vectors in real time.

Enable more control Mark all bulk messages as spam

Block unwanted email based on language or geographic origin

Block email based on language

Block email based on geography

• Suspect junk mail by default goes to the Outlook junk mail folder.

• Uses Outlook safe senders and block lists.

• SPAM Quarantine is currently available to administrators only, but end-users will get access shortly.

• Email Spam Notification for the end-users

Junk mail management

Anti-malware

14

Simple configuration

Delete messagesDelete attachments

Robust, customizable notifications

Sender notifications

Admin notifications

Managing policy

16

• Same rule set as Exchange Transport Rules• Includes some new conditions:• The sender…IP matches any of these addresses• Attachment scanning• Any attachment…has executable content• The message…contains sensitive information• The message…size exceeds

EOP Rules

17

• Same rule set as Exchange Transport Rules• Includes some new actions:• Generate incident report• Require TLS Encryption• Put message in quarantine mailbox• Use the following outbound connector…

EOP Rules

18

• Same rule set as Exchange Transport Rules• Includes some new options:

• Rules can be configured to run for a specific time period• Rules can be run in Test Mode• Information Rights Management and Office 365 Message

Encryption can be applied to messages using a transport rule.

EOP Rules

19

Helps to • identify• monitor• protect sensitive data through deep content analysis.

Data Loss Prevention

Easy to use

Monitor

Protect

Identify

Common management consoleAnti-spam, anti-malware and DLP controls integrated into the Exchange Admin Center and Office 365.

Admin Demo

Granular reporting optionsProvides a clear view on spam filtering, malware attacks and DLP enforcement

Reporting Demo

Continuous investments: Since Jan 2014 added

Extended Message trace and improved reporting

Directory Based Edge Blocking Match Sub-domains Remote PowerShell for customers without

hosted mailboxes End user access to Quarantine DKIM for inbound email Support for IPV6

No Am

APAC

EMEA

Mail is ALWAYS processed ONLY in your region!

PRC

Exchange Online Protection Setup

1. Add and verify domain ownership, and setup MX record

2. Fine tune anti-malware and anti-spam settings3. Create rules to meet business needs4. Run Hybrid Wizard to configure connectors

Stop viruses and malware• Multi-engine malware protection• Continuously evolving anti-spam protection

Protect sensitive data• Data Loss Prevention features• Encryption of sensitive email

Common administration console• Office 365 integration• Detailed reporting

Enterprise class reliability• Geographically load-balanced datacenters• Queuing capabilities to help ensure no mail is lost• 24x7x365 Microsoft Support• $$$ backed SLA

Easily transition from EOP to Office 365• EOP provisioned through the Office 365 commerce platform

Exchange Online Protection (EOP)

Questions

Related Sessions to Attend Session Title Timing Room

SPR.202 Encryption in Exchange Tue 10:45 AM - 12:00 PM Ballroom E

SPR.201Eliminate the Regulatory Compliance Nightmare Tue 9:00 AM-10:15 AM MR 19ab

SPR.UN.305Exchange Online Protection: Notes from the field Wed 10:15 AM – 11:30 AM Ballroom G

SPR.UN.304Experts Unplugged: EOP & Encryption

Wed 8:30-9:45 AMWed 1:00-2:15 PM

MR 18dMR 17b

SPR.401Extending Data Loss Prevention For Your Business Wed 4:45 PM- 6:00 PM MR 18bc

SPR.203

Protect your Organization with Exchange Online Protection (EOP) Mon 4:30 PM - 5:45 PM MR 18bc

SPR.301So how does Microsoft handle my spam? Tue 4:45 PM – 6:00 PM MR 19ab

SPR.401Using Connectors & Mail Routing Wed 2:45 PM - 4:00 PM MR 18bc

ARC.304Exchange Server 2013 Transport Architecture Tues 9:00 AM - 10:15 AM Ballroom F

EDC.302Advanced Data Loss Prevention in Exchange Tues 1:30 PM-2:45 PM Ballroom F

EDC.UN.301Experts Unplugged: Data Loss Prevention

Tue 3:00 PM-4:15 PMWed 10:15 AM-11:30 AM

MR 18dMR 13ab

EDC.204Data Loss Prevention in Exchange, Outlook, OWA Mon 2:45 Pm-4:00PM MR 18bc

MNG.304Reporting On O365 Mail flow and Mailbox Data Wed 1:00 PM-2:15 PM MR 17a

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.