Connection Analysis (IP-based edge blocks) Reputation Analysis
Connection Filtering Protect businesses from receiving emailborne
viruses and other malicious code with scan engines and heuristic
detection Multiple engine support AntiVirus Anti-spam filter can
detect all types of spam before they reach the corporate network
NDR Backscatter Support Anti-Spam Policy rules to regulate email
flow for compliance Policy-based encryption (for EHE subscribers)
Enhanced RegEx support Policy
Slide 5
Every Exchange Online (BPOS)/Office 365 customer is a FOPE
customer! Office 365 Protect on-premises or hosted email
implementations Is server agnostic Standalone Protect on-premises
Exchange servers and integrates FPE/FOPE policies (On-prem/Cloud
Policies) Hybrid Protection Live EDU (This CY 2011) Others
Slide 6
Edge Blocking End User Quarantine Administrator Console
Corporate Network Messaging Administrator Employees Inbound
Filtered Email About 90% of Email is junk Outbound Filtered Email
Also incorporates technology from External Senders/ Recipients
Exchange Server Anti-spam Antivirus Policy Automatic Spooling *
Encryption * Requires additional Exchange Hosted Encryption License
Active Directory FOPE Directory Synchronization Tool Multilayer
spam and virus protection and policy enforcement Legitimate Email
Junk Email Policy rules regulate e-mail flow for compliance and
message control
Slide 7
Slide 8
ProductFOPE Admin Center Access FOPE Admin Center Login Method
Use FOPE Admin Center to configure domains and change IP addresses
Virus Scanning, Edge Blocking, Anti-Spam, Message Hygiene Use FOPE
Connectors for complex scenarios Directory Synchronization Method
FOPE StandaloneYesFOPE credentialsYes Yes, for certain scenarios
FOPE Directory Synchronization Tool Office 365 Beta or
Professionals and Small Businesses NoN/ANoNoYesNoNone Office 365
Beta for enterprises or education YesSingle sign-on via FOPE link
in Exchange Control Panel NoYes Office 365 Directory
Synchronization Tool Live@eduYesSingle sign-on via FOPE link in
Exchange Control Panel NoYes Outlook Live Directory Synchronization
Tool Business Productivity Online Suite Standard Yes, limited
access by request to Technical Support FOPE
credentialsNoYesNoExchange Online Directory Synchronization Tool
Business Productivity Online Suite Dedicated YesFOPE credentialsYes
Exchange Online Directory Synchronization Tool Note: For Microsoft
Office 365 Beta customers, antivirus scanning is performed by
Forefront Protection 2010 for Exchange Server (FPE) on the Exchange
Online servers rather than by FOPE
Slide 9
Antivirus and anti-spam protection for Exchange Server
2010/2007 Server Roles On-Premises Software Online Anti
MalwareAnti-spamManagement Forefront Online Protection for Exchange
Symantec Authentium Kaspersky Inbound Messaging Hygiene Stop
Foreign Spam Outbound Spam Mitigation Anti-spam Feedback Loop
Message Tracing IT Admin Improvements Forefront Protection 2010 for
Exchange Server MS AV + AntiSpyware Kaspersky Authentium Virus
Buster Norman Internal mail filtering Industry-leading 3 rd party
content filtering Forefront Protection Server Management Console
SMTP Exchange Server Edge Role Hub Role Mailbox Role Internet
Slide 10
Slide 11
Slide 12
Source IP Source Domain Reject non Source IP Opportunistic TLS
Forced TLS Spam Connection Policy Opportunistic TLS Forced TLS
Smart host MX Destination domain
Slide 13
Slide 14
Slide 15
Secure inbound and outbound mail with TLS Validated with CA
certificates Forced TLS Redirect all or part of your outbound mail
to flow through an on-premises server Apply additional processing
Outbound Smart Host Add partners to a safe list Mail from those
organizations bypass FOPE IP filtering Optionally, skip FOPE spam
and policy filtering Inbound Safe Listing
Slide 16
Business Partner FOPE woodgrovebank.com contoso.com
Opportunistic TLS is on by default for Office 365 customers (no
action is required to enable it) TLS can be forced for inbound
connections, outbound connections, or both FOPE attempts to set up
a TLS connection If TLS cannot be established, email is not
sent/received Virus scanning is performed by FPE for Exchange
Online mailboxes Forced TLS can be configured using the methods
shown here Value Proposition Maintain secure and trusted
communication channel with partners Avoid email interception/
eavesdropping
Slide 17
FOPE From: [email protected] To: [email protected] From:
[email protected] To: [email protected] service.contoso.com FOPE
routes outbound email to smart host for custom mail process or
delivery Virus scanning is performed by FPE for Exchange Online
mailboxes INTERNET Value Proposition Use DLP or encryption
appliances from third parties Perform custom processing or address
rewrite Maintain total mail control during coexistence (inbound and
outbound mail is all routed through on-prem server contoso.com
All mailboxes hosted in the cloud with Exchange Online Fully
Hosted Scenario Some mailboxes hosted in the cloud with Exchange
Online Some mailboxes hosted on-premises MX record points to FOPE
FOPE subscriptions are required for on-premises users Current FOPE
Customer: Shared Address Space with On- Premises Relay Scenario (MX
Points to FOPE) Some mailboxes hosted in the cloud with Exchange
Online Some mailboxes hosted on-premises MX record points to
on-premises Shared Address Space with On- Premises Relay Scenario
(MX Points to On-Premises) Some mailboxes hosted in the cloud with
Exchange Online Some mailboxes hosted on-premises MX record points
to FOPE FOPE subscriptions are required for on-premises users
Non-FOPE Customer: Shared Address Space with On- Premises Relay
Scenario (MX Points to FOPE)
Slide 20
FOPE EXCHANGE ONLINE INTERNET Mail is sent outbound Virus
scanning is performed by FPE on Exchange Online servers FOPE
filters as outbound FOPE delivers to Internet Contoso signs up for
Exchange Online Exchange Online has provisioned tenant in FOPE Mail
sent to FOPE FOPE filters inbound mail Virus scanning is performed
by FPE on Exchange Online servers Mail is delivered to the
recipients mailbox Inbound From: [email protected] To:
[email protected] Inbound From: [email protected] To:
[email protected] Outbound From: [email protected] To:
[email protected] Outbound From: [email protected] To:
[email protected]
Slide 21
On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET MX points to
FOPE for spam processing, filtering, and scanning Mail is routed to
on-premises server, and if mailbox does not exist on- premises,
mail is routed back to FOPE FOPE forwards mail to hosted mailbox
Virus scanning is performed by FPE for Exchange Online mailboxes
Inbound From: [email protected] To: [email protected] Inbound From:
[email protected] To: [email protected]
Slide 22
On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET Scanning by
Forefront Protection for Exchange on Microsoft Exchange Online mail
hubs Delivery to FOPE for scanning Delivered to on-premises
Exchange server Custom processing on premises Outbound delivery to
FOPE Delivery to Internet Outbound From: [email protected] To:
[email protected] Outbound From: [email protected] To:
[email protected]
Slide 23
On-Premises Exchange EXCHANGE ONLINE FOPE Hosted mailbox sends
mail outbound Delivery to FOPE (virus scanning disabled by default;
policy rules dependent on customer configuration) Delivery to
on-premises mailbox Outbound From: [email protected] To:
[email protected] Outbound From: [email protected] To:
[email protected]
Slide 24
Slide 25
On-Premises EXCHANGE ONLINE FOPE INTERNET MX points to on
premises for initial filtering Custom filtering, archival etc. done
on- premises Cloud mail is re-directed to FOPE where it is filtered
Delivered to Exchange Online Virus scanning is performed by FPE for
Exchange Online mailboxes Inbound From: [email protected] To:
[email protected] Inbound From: [email protected] To:
[email protected]
Slide 26
On-Premises EXCHANGE ONLINE FOPE INTERNET Hosted mailbox sends
mail outbound Virus scanning is performed by FPE for Exchange
Online mailboxes Filtered by FOPE Delivered to on-premises Custom
processing on-premises Delivery by on-premises Outbound From:
[email protected] To: [email protected] Outbound From:
[email protected] To: [email protected]
Slide 27
EXCHANGE ONLINE FOPE On-Premises MX points to on-premises for
initial filtering Custom processing on-premises Delivery to FOPE
Filtering skipped Delivery to Exchange Online by FOPE Intra Org
From: [email protected] To: [email protected] Intra Org From:
[email protected] To: [email protected]
Slide 28
On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET MX points to
FOPE for spam processing, filtering, and scanning Mail is routed to
Exchange Online, and if mailbox does not exist in the Exchange
Online, mail is routed back to FOPE FOPE forwards mail to
On-Premise Exchange Virus scanning is performed by FPE for Exchange
Online and mailboxes Inbound From: [email protected] To:
[email protected] Inbound From: [email protected] To:
[email protected]
Slide 29
On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET Scanning by
Forefront Protection for Exchange on Microsoft Exchange Online mail
hubs Delivery to FOPE for scanning Delivered to Internet Directly
(Could also direct outbound back to on-premises Exchange server)
Outbound From: [email protected] To: [email protected] Outbound
From: [email protected] To: [email protected]
Slide 30
On-Premises Exchange EXCHANGE ONLINE FOPE Hosted mailbox sends
mail outbound Delivery to FOPE (virus scanning disabled by default;
policy rules dependent on customer configuration) Delivery to
on-premises mailbox Outbound From: [email protected] To:
[email protected] Outbound From: [email protected] To:
[email protected]
Slide 31
31
Slide 32
demo
Slide 33
Slide 34
Slide 35
www.microsoft.com/teched Sessions On-Demand &
CommunityMicrosoft Certification & Training Resources Resources
for IT ProfessionalsResources for Developers
www.microsoft.com/learning http://microsoft.com/technet
http://microsoft.com/msdn http://northamerica.msteched.com Connect.
Share. Discuss.
Slide 36
Slide 37
Scan the Tag to evaluate this session now on myTechEd
Mobile