ankur kothari microsoft corporation. in-place archive with secondary quota access documents with...
TRANSCRIPT
Understanding Compliance, Data Loss Prevention, and eDiscovery in Exchange, SharePoint, Lync, and OfficeAnkur KothariMicrosoft Corporation
EXL324
In-Place Archive with secondary quota
Access documents with SkyDrive Pro
Site Mailboxes enable better collaboration
Native Spreadsheet Controls
Content Management
Data Governance
Capture deleted & edited messages
In-Place Hold across Ex, SP, Lync
Maintain records for set period of time
Preservation
Search primary, archive, & recoverable items
De-duplication & Search statistics
Discover
The new Office
Compliance
Native Data Loss Prevention
Automated time-based criteria content
Set mailbox policies at item or folder level – admin or user
eDiscovery Center for Ex, SP, Lync
Case Management
In-Place preview
Export search results
Seamless experience
An integrated In-Place Archive enables users to save time by managing their archive as they do their mailbox
An integrated In-Place Archive enables users to save time by managing their archive as they do their mailbox
Outlook OWA
Retain folder hierarchy
Collaborate with team, while maintaining control
Team alias keeps communications
tracked
Single folder to access Email &
documents
Documents stored in SharePoint
Data governanceManage storage and risk proactively with mailbox management and expiration policiesDelete Policy
Archive Policy (mailbox management)
Improved Workflow
Automate the deletion and archiving of email and other Exchange data to meet data retention requirements
• Automate the deletion and archiving of email and other Exchange data to meet data retention requirements
• Assign personal tags to system folders in Outlook and OWA
• View default mailbox policy
Single menu for policies
Transparent user experience
Retention policy and expiry details
Assign to an individual item, folder, or all email
Put information workers in charge of their email by keeping them informed of when items are to be moved or archived
Outlook policy distribution
Contextual policy education
DLP policy configuration
Backend policy evaluation
Audit & incident data generation
Admin
Information workers
DLP system walkthrough
DLP Policy Templates
Built-in templates based on common regulations
Import DLP policy templates from security partners
Build your own
14
Sensitive Content DetectionPredefined rules targeted at sensitive data types
Advanced content detection
Combination of regular expressions, dictionaries, and internal functions (e.g., validate checksum on credit card numbers)
Extensibility for customer and ISV-defined data types
Click to insert photo.
15
DLP Policy RulesBuilt on transport rules
Supports discovery phase of compliance
Take action to enforce policy
Hold, block, audit, and provide notification for email that contains sensitive business data
Conditions
Actions
Exceptions
16
Apply Granular Usage Restrictions Helps to protect your sensitive information no matter where it is sent
Usage rights locked within the document
Helps protect online and offline, inside and outside of the firewall
17
Exchange DLP Reporting and Auditing
Comprehensive view of DLP policy performance
Downloadable Excel workbook
Drill into specific departures from policy to gain business insights18
DLP reporting and auditingComprehensive view of DLP policy
application
Drill into specific departures from policy to gain business insights
Downloadable excel workbook & email incident reports
Content analysis process
Joseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2012
Get Content
4485 3647 3952 7352 a 16 digit number is detected
RegEx Analysis
1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match
Function Analysis
1. Keyword Visa is near the number2. A regular expression for date (2/2012)
is near the number
Additional Evidence
1. There is a regular expression that matches a check sum
2. Additional evidence increases confidenceVerdict
Examples
Hi Alex,
I expect to be in Hawaii too.
My booking code is 1234-1234-1234-1234and I’ll be there on 3/2012.
Regards, Lisa
DLP
Empower users to manage their compliance
Contextual policy education
Doesn’t disrupt user workflow
Can work even when disconnected
Admin-customizable text and actions
21
DLP extensibility pointsCustom DLP content:• Supplemental DLP policy rules• Supplemental DLP classification rules
Incident reports integration with custom workflows
Custom reporting solutions
MessageStats Business Insights from DellComplements the native DLP reporting in Exchange Online for organizations using Exchange 2013 on-premises
Gathers DLP data from the message tracking logs and reports on policy violations
Generates customized reporting to deliver granular results
• The ability to integrate Lync Archiving into the Exchange In-Place Hold feature and enabling one common experience for administrators around compliance and eDiscovery
• NOT related to Exchange Archiving feature
• The Exchange integration use LYSS and the new Lync 2013 Unified Data Collection Agent (UDC)
Archiving using Microsoft Exchange integration
• Enable archiving into Exchange in CsArchivingConfiguration• Global, Site or Service• Set-CsArchivingConfiguration -EnableExchangeArchiving $true
• Enable individual users for archving into Exchange• Set-CsUser –ExchangeArchivingPolicy ArchivingToExchange• Set-CsUser -ExchangeArchivingPolicy Uninitialized
Lync archiving configuration
• Exchange in-place hold allows you to create granular hold policies to preserve mailbox items indefinitely, time-based or query based
• Lync Archiving will respect any Exchange in-place hold settings in effect for the user.• In Exchange you can have multiple MailboxSearch and each one of them can have the
InPlaceHoldEnabled attribute set to True or False.
• If the user is being "hit" by one of the MailboxSearch'es with InPlaceHoldEnabled = True the msExchUserHoldPolicies attribute on the user object will contain one or more of InPlaceHoldIdentity values
• The Lync User Replicator will see that the attribute has one or more values and will configure the user to have archiving into Exchange enabled in the internal SQL database.
ExchangeArchivingPolicy = uninitialized
• You need to give appropriate permissions to users, who need to search the archived Lync data• Add-RoleGroupMember "Discovery Management“ –member <user>
• You need to give appropriate permissions for the users to access DiscoverySearch mailboxes• $a=get-mailbox <Discovery Search Mailbox>• Add-MailboxPermission -Identity $a.identity -User <user> -AccessRights Fullaccess -InheritanceType all
Exchange configuration
• Stored in Exchange 2013 Mailbox in the same location used for In-Place Hold• Not directly accesible by the end-user from OWA or Outlook• Available via Multi Mailbox Search tool in Exchange• Root of mailbox->Recoverable Items->Purges
Where is the data?
• For audio conferences there is a 20 minutes delay before LYSS will send the archived data to Exchange• Conference Announcement Service staying in the conference for 20
minutes after it ends• Work-around: Invoke-CsStorageServiceFlush
• Archived conferences will only have a subject, if the meeting is a non-default meeting
Things to know
• Lyss Storage Notifications use the external web services FQDN, when setting the call back in Exchange 2013
• Exchange TransportConfig controls the size of archived Lync items, i.e. attachments in meetings• MaxReceiveSize & MaxSendSize
Things to know
• From Lync Server Management Shell impossible to see, if a user has been enabled for archiving into Exchange based on in-placed hold
• Use my script GetArchivingIntoExchangeStatus.ps11
1) https://microsoft-my.sharepoint.com/personal/jenstr_microsoft_com/Documents/Shared%20with%20Everyone/scripts
Things to know
GetArchivingIntoExchangeStatus.ps1 -user [email protected] has Exchange 2013 mailbox and InPlaceHold is in effect
In Review: Exchange 2013 DLP features• Education experience in Outlook 2013• Available in Exchange Server and
Office 365• Out of the box DLP policy templates • Predefined sensitive content types • Support for 3rd party defined DLP policy
templates• DLP administration in Exchange Admin
Center • Rich reporting
Identify
Protect
Monitor
End user education
eDiscovery as easy as 1, 2, 3.
In-Place Hold: protect content in-place in real time
Query: find up to date and relevant content quickly
Export: transfer content for review and production
1
2
3
Across: SharePoint, Exchange, Lync, and file shares on-premises and Office 365
OneNote notebook
http://aka.ms/exl324 This presentation
http://aka.ms/auteched-onenote The free OneNote template for the conference
ResourcesExchange 2013 DLP introductionhttp://blogs.technet.com/b/exchange/archive/2012/09/28/introducing-data-loss-prevention-in-the-new-exchange.aspxhttp://technet.microsoft.com/en-us/library/jj150527.aspx
DLP policy templateshttp://technet.microsoft.com/en-us/library/jj657730
Managing DLP policieshttp://technet.microsoft.com/en-us/library/jj673559
OOB DLP policy templateshttp://technet.microsoft.com/en-us/library/jj150530
Policy tips in Exchange 2013http://technet.microsoft.com/en-us/library/jj150512
Supported file typeshttp://technet.microsoft.com/en-us/library/jj674307
Developer Network
Resources for Developers
http://msdn.microsoft.com/en-au/
Learning
Virtual Academy
http://www.microsoftvirtualacademy.com/
TechNet
Resources
Sessions on Demand
http://channel9.msdn.com/Events/TechEd/Australia/2013
Resources for IT Professionals
http://technet.microsoft.com/en-au/
Keep Learning1. Download both Exchange Server 2013 and Lync Server 2013 and try in
your own environment
2. Trial Exchange and Lync Online
3. Contact your Microsoft or Partner Account Manager to arrange a time test drive Exchange and Lync in one of our Customer Immersion Experience Centres
4. Contact your Microsoft or Partner Account Manager to get a Lync business value assessment or an Exchange and Lync technical briefing
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.