Understanding Compliance, Data Loss Prevention, and eDiscovery in Exchange, SharePoint, Lync, and OfficeAnkur KothariMicrosoft Corporation

EXL324

User/Admin Experience

Data Governance Immutability eDiscovery

Customer needs

In-Place Archive with secondary quota

Access documents with SkyDrive Pro

Site Mailboxes enable better collaboration

Native Spreadsheet Controls

Content Management

Data Governance

Capture deleted & edited messages

In-Place Hold across Ex, SP, Lync

Maintain records for set period of time

Preservation

Search primary, archive, & recoverable items

De-duplication & Search statistics

Discover

The new Office

Compliance

Native Data Loss Prevention

Automated time-based criteria content

Set mailbox policies at item or folder level – admin or user

eDiscovery Center for Ex, SP, Lync

Case Management

In-Place preview

Export search results

Seamless experience

An integrated In-Place Archive enables users to save time by managing their archive as they do their mailbox

An integrated In-Place Archive enables users to save time by managing their archive as they do their mailbox

Outlook OWA

Retain folder hierarchy

Collaborate with team, while maintaining control

Team alias keeps communications

tracked

Single folder to access Email &

documents

Documents stored in SharePoint

Tag content directly from Office backstage

Data governanceManage storage and risk proactively with mailbox management and expiration policiesDelete Policy

Archive Policy (mailbox management)

Improved Workflow

Automate the deletion and archiving of email and other Exchange data to meet data retention requirements

• Automate the deletion and archiving of email and other Exchange data to meet data retention requirements

• Assign personal tags to system folders in Outlook and OWA

• View default mailbox policy

Single menu for policies

Transparent user experience

Retention policy and expiry details

Assign to an individual item, folder, or all email

Put information workers in charge of their email by keeping them informed of when items are to be moved or archived

DemoData Loss Prevention

Outlook policy distribution

Contextual policy education

DLP policy configuration

Backend policy evaluation

Audit & incident data generation

Admin

Information workers

DLP system walkthrough

DLP Policy Templates

Built-in templates based on common regulations

Import DLP policy templates from security partners

Build your own

14

Sensitive Content DetectionPredefined rules targeted at sensitive data types

Advanced content detection

Combination of regular expressions, dictionaries, and internal functions (e.g., validate checksum on credit card numbers)

Extensibility for customer and ISV-defined data types

Click to insert photo.

15

DLP Policy RulesBuilt on transport rules

Supports discovery phase of compliance

Take action to enforce policy

Hold, block, audit, and provide notification for email that contains sensitive business data

Conditions

Actions

Exceptions

16

Apply Granular Usage Restrictions Helps to protect your sensitive information no matter where it is sent

Usage rights locked within the document

Helps protect online and offline, inside and outside of the firewall

17

Exchange DLP Reporting and Auditing

Comprehensive view of DLP policy performance

Downloadable Excel workbook

Drill into specific departures from policy to gain business insights18

DLP reporting and auditingComprehensive view of DLP policy

application

Drill into specific departures from policy to gain business insights

Downloadable excel workbook & email incident reports

Content analysis process

Joseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2012

Get Content

4485 3647 3952 7352 a 16 digit number is detected

RegEx Analysis

1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match

Function Analysis

1. Keyword Visa is near the number2. A regular expression for date (2/2012)

is near the number

Additional Evidence

1. There is a regular expression that matches a check sum

2. Additional evidence increases confidenceVerdict

Examples

Hi Alex,

I expect to be in Hawaii too.

My booking code is 1234-1234-1234-1234and I’ll be there on 3/2012.

Regards, Lisa

DLP

Empower users to manage their compliance

Contextual policy education

Doesn’t disrupt user workflow

Can work even when disconnected

Admin-customizable text and actions

21

Incident reports

Audit dataClassificationRule detailsMatch details

DLP extensibility pointsCustom DLP content:• Supplemental DLP policy rules• Supplemental DLP classification rules

Incident reports integration with custom workflows

Custom reporting solutions

MessageStats Business Insights from DellComplements the native DLP reporting in Exchange Online for organizations using Exchange 2013 on-premises

Gathers DLP data from the message tracking logs and reports on policy violations

Generates customized reporting to deliver granular results

• The ability to integrate Lync Archiving into the Exchange In-Place Hold feature and enabling one common experience for administrators around compliance and eDiscovery

• NOT related to Exchange Archiving feature

• The Exchange integration use LYSS and the new Lync 2013 Unified Data Collection Agent (UDC)

Archiving using Microsoft Exchange integration

• Enable archiving into Exchange in CsArchivingConfiguration• Global, Site or Service• Set-CsArchivingConfiguration -EnableExchangeArchiving $true

• Enable individual users for archving into Exchange• Set-CsUser –ExchangeArchivingPolicy ArchivingToExchange• Set-CsUser -ExchangeArchivingPolicy Uninitialized

Lync archiving configuration

• Exchange in-place hold allows you to create granular hold policies to preserve mailbox items indefinitely, time-based or query based

• Lync Archiving will respect any Exchange in-place hold settings in effect for the user.• In Exchange you can have multiple MailboxSearch and each one of them can have the

InPlaceHoldEnabled attribute set to True or False.

• If the user is being "hit" by one of the MailboxSearch'es with InPlaceHoldEnabled = True the msExchUserHoldPolicies attribute on the user object will contain one or more of InPlaceHoldIdentity values

• The Lync User Replicator will see that the attribute has one or more values and will configure the user to have archiving into Exchange enabled in the internal SQL database.

ExchangeArchivingPolicy = uninitialized

• You need to give appropriate permissions to users, who need to search the archived Lync data• Add-RoleGroupMember "Discovery Management“ –member <user>

• You need to give appropriate permissions for the users to access DiscoverySearch mailboxes• $a=get-mailbox <Discovery Search Mailbox>• Add-MailboxPermission -Identity $a.identity -User <user> -AccessRights Fullaccess -InheritanceType all

Exchange configuration

• Stored in Exchange 2013 Mailbox in the same location used for In-Place Hold• Not directly accesible by the end-user from OWA or Outlook• Available via Multi Mailbox Search tool in Exchange• Root of mailbox->Recoverable Items->Purges

Where is the data?

• For audio conferences there is a 20 minutes delay before LYSS will send the archived data to Exchange• Conference Announcement Service staying in the conference for 20

minutes after it ends• Work-around: Invoke-CsStorageServiceFlush

• Archived conferences will only have a subject, if the meeting is a non-default meeting

Things to know

• Lyss Storage Notifications use the external web services FQDN, when setting the call back in Exchange 2013

• Exchange TransportConfig controls the size of archived Lync items, i.e. attachments in meetings• MaxReceiveSize & MaxSendSize

Things to know

• From Lync Server Management Shell impossible to see, if a user has been enabled for archiving into Exchange based on in-placed hold

• Use my script GetArchivingIntoExchangeStatus.ps11

1) https://microsoft-my.sharepoint.com/personal/jenstr_microsoft_com/Documents/Shared%20with%20Everyone/scripts

Things to know

GetArchivingIntoExchangeStatus.ps1 -user tu26@contoso.dkUser has Exchange 2013 mailbox and InPlaceHold is in effect

In Review: Exchange 2013 DLP features• Education experience in Outlook 2013• Available in Exchange Server and

Office 365• Out of the box DLP policy templates • Predefined sensitive content types • Support for 3rd party defined DLP policy

templates• DLP administration in Exchange Admin

Center • Rich reporting

Identify

Protect

Monitor

End user education

Identify and

Preserve

Search and

ProcessReview Produce

eDiscovery Overview

Volume Relevance

eDiscovery Challenges

Preservation

Search and reduction

Export

eDiscovery as easy as 1, 2, 3.

In-Place Hold: protect content in-place in real time

Query: find up to date and relevant content quickly

Export: transfer content for review and production

1

2

3

Across: SharePoint, Exchange, Lync, and file shares on-premises and Office 365

OneNote notebook

http://aka.ms/exl324 This presentation

http://aka.ms/auteched-onenote The free OneNote template for the conference

ResourcesExchange 2013 DLP introductionhttp://blogs.technet.com/b/exchange/archive/2012/09/28/introducing-data-loss-prevention-in-the-new-exchange.aspxhttp://technet.microsoft.com/en-us/library/jj150527.aspx

DLP policy templateshttp://technet.microsoft.com/en-us/library/jj657730

Managing DLP policieshttp://technet.microsoft.com/en-us/library/jj673559

OOB DLP policy templateshttp://technet.microsoft.com/en-us/library/jj150530

Policy tips in Exchange 2013http://technet.microsoft.com/en-us/library/jj150512

Supported file typeshttp://technet.microsoft.com/en-us/library/jj674307

Questions?

Developer Network

Resources for Developers

http://msdn.microsoft.com/en-au/

Learning

Virtual Academy

http://www.microsoftvirtualacademy.com/

TechNet

Resources

Sessions on Demand

http://channel9.msdn.com/Events/TechEd/Australia/2013

Resources for IT Professionals

http://technet.microsoft.com/en-au/

Keep Learning1. Download both Exchange Server 2013 and Lync Server 2013 and try in

your own environment

2. Trial Exchange and Lync Online

3. Contact your Microsoft or Partner Account Manager to arrange a time test drive Exchange and Lync in one of our Customer Immersion Experience Centres

4. Contact your Microsoft or Partner Account Manager to get a Lync business value assessment or an Exchange and Lync technical briefing

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.