Slide 1

SIM309

Slide 2

Slide 3

Slide 4

Connection Analysis (IP-based edge blocks) Reputation Analysis Connection Filtering Protect businesses from receiving emailborne viruses and other malicious code with scan engines and heuristic detection Multiple engine support AntiVirus Anti-spam filter can detect all types of spam before they reach the corporate network NDR Backscatter Support Anti-Spam Policy rules to regulate email flow for compliance Policy-based encryption (for EHE subscribers) Enhanced RegEx support Policy

Slide 5

Every Exchange Online (BPOS)/Office 365 customer is a FOPE customer! Office 365 Protect on-premises or hosted email implementations Is server agnostic Standalone Protect on-premises Exchange servers and integrates FPE/FOPE policies (On-prem/Cloud Policies) Hybrid Protection Live EDU (This CY 2011) Others

Slide 6

Edge Blocking End User Quarantine Administrator Console Corporate Network Messaging Administrator Employees Inbound Filtered Email About 90% of Email is junk Outbound Filtered Email Also incorporates technology from External Senders/ Recipients Exchange Server Anti-spam Antivirus Policy Automatic Spooling * Encryption * Requires additional Exchange Hosted Encryption License Active Directory FOPE Directory Synchronization Tool Multilayer spam and virus protection and policy enforcement Legitimate Email Junk Email Policy rules regulate e-mail flow for compliance and message control

Slide 7

Slide 8

ProductFOPE Admin Center Access FOPE Admin Center Login Method Use FOPE Admin Center to configure domains and change IP addresses Virus Scanning, Edge Blocking, Anti-Spam, Message Hygiene Use FOPE Connectors for complex scenarios Directory Synchronization Method FOPE StandaloneYesFOPE credentialsYes Yes, for certain scenarios FOPE Directory Synchronization Tool Office 365 Beta or Professionals and Small Businesses NoN/ANoNoYesNoNone Office 365 Beta for enterprises or education YesSingle sign-on via FOPE link in Exchange Control Panel NoYes Office 365 Directory Synchronization Tool Live@eduYesSingle sign-on via FOPE link in Exchange Control Panel NoYes Outlook Live Directory Synchronization Tool Business Productivity Online Suite Standard Yes, limited access by request to Technical Support FOPE credentialsNoYesNoExchange Online Directory Synchronization Tool Business Productivity Online Suite Dedicated YesFOPE credentialsYes Exchange Online Directory Synchronization Tool Note: For Microsoft Office 365 Beta customers, antivirus scanning is performed by Forefront Protection 2010 for Exchange Server (FPE) on the Exchange Online servers rather than by FOPE

Slide 9

Antivirus and anti-spam protection for Exchange Server 2010/2007 Server Roles On-Premises Software Online Anti MalwareAnti-spamManagement Forefront Online Protection for Exchange Symantec Authentium Kaspersky Inbound Messaging Hygiene Stop Foreign Spam Outbound Spam Mitigation Anti-spam Feedback Loop Message Tracing IT Admin Improvements Forefront Protection 2010 for Exchange Server MS AV + AntiSpyware Kaspersky Authentium Virus Buster Norman Internal mail filtering Industry-leading 3 rd party content filtering Forefront Protection Server Management Console SMTP Exchange Server Edge Role Hub Role Mailbox Role Internet

Slide 10

Slide 11

Slide 12

Source IP Source Domain Reject non Source IP Opportunistic TLS Forced TLS Spam Connection Policy Opportunistic TLS Forced TLS Smart host MX Destination domain

Slide 13

Slide 14

Slide 15

Secure inbound and outbound mail with TLS Validated with CA certificates Forced TLS Redirect all or part of your outbound mail to flow through an on-premises server Apply additional processing Outbound Smart Host Add partners to a safe list Mail from those organizations bypass FOPE IP filtering Optionally, skip FOPE spam and policy filtering Inbound Safe Listing

Slide 16

Business Partner FOPE woodgrovebank.com contoso.com Opportunistic TLS is on by default for Office 365 customers (no action is required to enable it) TLS can be forced for inbound connections, outbound connections, or both FOPE attempts to set up a TLS connection If TLS cannot be established, email is not sent/received Virus scanning is performed by FPE for Exchange Online mailboxes Forced TLS can be configured using the methods shown here Value Proposition Maintain secure and trusted communication channel with partners Avoid email interception/ eavesdropping

Slide 17

FOPE From: Joe@contoso.com To: sales@fabrikam.com From: Joe@contoso.com To: sales@fabrikam.com service.contoso.com FOPE routes outbound email to smart host for custom mail process or delivery Virus scanning is performed by FPE for Exchange Online mailboxes INTERNET Value Proposition Use DLP or encryption appliances from third parties Perform custom processing or address rewrite Maintain total mail control during coexistence (inbound and outbound mail is all routed through on-prem server contoso.com

Slide 18

FOPE From: jane@fabrikam.com To: salesman@contoso.com From: jane@fabrikam.com To: salesman@contoso.com contoso.com fabrikam.com Safe-listed Partner Value Proposition Reduce the chance of false positives (legitimate email from trusted partner being flagged as spam)

Slide 19

All mailboxes hosted in the cloud with Exchange Online Fully Hosted Scenario Some mailboxes hosted in the cloud with Exchange Online Some mailboxes hosted on-premises MX record points to FOPE FOPE subscriptions are required for on-premises users Current FOPE Customer: Shared Address Space with On- Premises Relay Scenario (MX Points to FOPE) Some mailboxes hosted in the cloud with Exchange Online Some mailboxes hosted on-premises MX record points to on-premises Shared Address Space with On- Premises Relay Scenario (MX Points to On-Premises) Some mailboxes hosted in the cloud with Exchange Online Some mailboxes hosted on-premises MX record points to FOPE FOPE subscriptions are required for on-premises users Non-FOPE Customer: Shared Address Space with On- Premises Relay Scenario (MX Points to FOPE)

Slide 20

FOPE EXCHANGE ONLINE INTERNET Mail is sent outbound Virus scanning is performed by FPE on Exchange Online servers FOPE filters as outbound FOPE delivers to Internet Contoso signs up for Exchange Online Exchange Online has provisioned tenant in FOPE Mail sent to FOPE FOPE filters inbound mail Virus scanning is performed by FPE on Exchange Online servers Mail is delivered to the recipients mailbox Inbound From: sales@fabrikam.com To: Bill@contoso.com Inbound From: sales@fabrikam.com To: Bill@contoso.com Outbound From: Bill@contoso.com To: sales@fabrikam.com Outbound From: Bill@contoso.com To: sales@fabrikam.com

Slide 21

On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET MX points to FOPE for spam processing, filtering, and scanning Mail is routed to on-premises server, and if mailbox does not exist on- premises, mail is routed back to FOPE FOPE forwards mail to hosted mailbox Virus scanning is performed by FPE for Exchange Online mailboxes Inbound From: sales@fabrikam.com To: Joe@contoso.com Inbound From: sales@fabrikam.com To: Joe@contoso.com

Slide 22

On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET Scanning by Forefront Protection for Exchange on Microsoft Exchange Online mail hubs Delivery to FOPE for scanning Delivered to on-premises Exchange server Custom processing on premises Outbound delivery to FOPE Delivery to Internet Outbound From: Joe@contoso.com To: sales@fabrikam.com Outbound From: Joe@contoso.com To: sales@fabrikam.com

Slide 23

On-Premises Exchange EXCHANGE ONLINE FOPE Hosted mailbox sends mail outbound Delivery to FOPE (virus scanning disabled by default; policy rules dependent on customer configuration) Delivery to on-premises mailbox Outbound From: Joe@contoso.com To: Bob@contoso.com Outbound From: Joe@contoso.com To: Bob@contoso.com

Slide 24

Slide 25

On-Premises EXCHANGE ONLINE FOPE INTERNET MX points to on premises for initial filtering Custom filtering, archival etc. done on- premises Cloud mail is re-directed to FOPE where it is filtered Delivered to Exchange Online Virus scanning is performed by FPE for Exchange Online mailboxes Inbound From: sales@fabrikam.com To: Joe@contoso.com Inbound From: sales@fabrikam.com To: Joe@contoso.com

Slide 26

On-Premises EXCHANGE ONLINE FOPE INTERNET Hosted mailbox sends mail outbound Virus scanning is performed by FPE for Exchange Online mailboxes Filtered by FOPE Delivered to on-premises Custom processing on-premises Delivery by on-premises Outbound From: joe@contoso.com To: sales@fabrikam.com Outbound From: joe@contoso.com To: sales@fabrikam.com

Slide 27

EXCHANGE ONLINE FOPE On-Premises MX points to on-premises for initial filtering Custom processing on-premises Delivery to FOPE Filtering skipped Delivery to Exchange Online by FOPE Intra Org From: salesman@contoso.com To: Joe@contoso.com Intra Org From: salesman@contoso.com To: Joe@contoso.com

Slide 28

On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET MX points to FOPE for spam processing, filtering, and scanning Mail is routed to Exchange Online, and if mailbox does not exist in the Exchange Online, mail is routed back to FOPE FOPE forwards mail to On-Premise Exchange Virus scanning is performed by FPE for Exchange Online and mailboxes Inbound From: sales@fabrikam.com To: Joe@contoso.com Inbound From: sales@fabrikam.com To: Joe@contoso.com

Slide 29

On-Premises Exchange EXCHANGE ONLINE FOPE INTERNET Scanning by Forefront Protection for Exchange on Microsoft Exchange Online mail hubs Delivery to FOPE for scanning Delivered to Internet Directly (Could also direct outbound back to on-premises Exchange server) Outbound From: Joe@contoso.com To: sales@fabrikam.com Outbound From: Joe@contoso.com To: sales@fabrikam.com

Slide 30

On-Premises Exchange EXCHANGE ONLINE FOPE Hosted mailbox sends mail outbound Delivery to FOPE (virus scanning disabled by default; policy rules dependent on customer configuration) Delivery to on-premises mailbox Outbound From: Joe@contoso.com To: Bob@contoso.com Outbound From: Joe@contoso.com To: Bob@contoso.com

Slide 31

31

Slide 32

demo

Slide 33

Slide 34

Slide 35

www.microsoft.com/teched Sessions On-Demand & CommunityMicrosoft Certification & Training Resources Resources for IT ProfessionalsResources for Developers www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn http://northamerica.msteched.com Connect. Share. Discuss.

Slide 36

Slide 37

Scan the Tag to evaluate this session now on myTechEd Mobile

Slide 38

Slide 39