Exchange Online Protection overview Eliminate threats with multilayered
- Slides: 30
Exchange Online Protection overview
• Eliminate threats with multi-layered, real-time anti-spam and multi-engine antimalware protection. • Protect your company's IP reputation - separate outbound delivery pools for high-risk email. • Five financially backed SLAs including protection from 100% of known viruses and 99% of spam. • Globally load-balanced network of datacenters helps to ensure a 99. 999% network uptime.
• Manage and administer from the Exchange Administration Center—a single web-based interface. • Near real-time reporting and message traces • Active content, connection, and policy-based filtering enables compliance with corporate policies and government regulations. • IT-level phone support 24 hours a day, 7 days a week, 365 days a year at no additional cost.
• No hardware or software required to install, manage, and maintain. • Predictable payment schedule - subscription-based service. Multiple EOP plans. • Automatic queuing - no email is lost or bounced if the destination email server is unavailable. • Get up and running quickly with a simple MX record change.
Standalone All mailboxes are located on-premises Purchasable on its own or Part of Exchange Enterprise CAL with Services Fully hosted All mailboxes are hosted in the cloud with Microsoft Exchange Online license Hybrid Some mailboxes are hosted in Exchange Online, and some mailboxes on-premises Exchange Online license
Exchange Online Protection Architecture Overview
Protection Overview
1. 2. 3. 4. 5. 6. Viruses are NOT quarantined Spam is quarantined for 15 days (default) Messages quarantined by transport rule are kept for 7 days. Users cannot access the transport-rule quarantine Options are to release to all/specific recipients, plus report as false-positive Messages stay after release until they expire, but cannot be released to same user twice § § § Online viewer only supports up to 500 messages More can be viewed via Power. Shell Get-Quarantine. Message Cmdlet Can only release in bulk through Release-Quarantine. Message Cmdlet
Mailflow Overview
Message Traces
Basic Message Trace vs. Extended (Detailed) Message Trace “Basic” Message Trace “Extended” Message Trace (Historical Search) Data Set Between approx. 15 minutes & 7 days Between approx. 8 hours & 90 days View Results In EAC + Powershell Download CSV file Results In seconds In minutes/hours (can configure notification email address) Routing Details Basic detail only Full detail optional Maximum Size 500 in EAC 5, 000 (3, 000 for detail) Max Queries / Day Reasonable limits 15 per tenant
Accepted Domains, Remote Domains & Connectors
Powershell
<# SET CREDS Write-Host -Foreground. Color Yellow "Updating your full Office 365 tenant credentials. . . " read-host "Please enter your full Office 365 user name. " | out-file O 365_Webcast_1. txt read-host "Please enter your full Office 365 password. " -assecurestring | convertfromsecurestring | out-file O 365_Webcast_2. txt #> # LOGON Write-Host -Foreground. Color Yellow "Commencing Full Office 365 Tenant logon" $O 365_UN = get-content O 365_Webcast_1. txt $O 365_PW = get-content O 365_Webcast_2. txt | convertto-securestring $User. Credential = new-object -typename System. Management. Automation. PSCredential argumentlist "$O 365_UN", $O 365_PW $Session = New-PSSession -Configuration. Name Microsoft. Exchange -Connection. Uri https: //ps. outlook. com/powershell/ -Credential $User. Credential -Authentication Basic Allow. Redirection Import-PSSession $Session
• Get-Message. Trace | Get-Message. Trace. Detail • Start-Historical. Search • Get-Historical. Search • Sample commands: • • Return all transport rules in a table: Get-Transport. Rule |ft Priority, Name, Description -Wrap Return quarantined messages in a table: Get-Quarantine. Message |ft Received. Time, Sender. Address, Subject, Type –Wrap • Export a basic message trace to a. csv file: Get-Message. Trace -Start. Date 2016 -06 -16 -End. Date 2016 -06 -24 |Get-Message. Trace. Detail |Export-Csv -No. Clobber -No. Type. Information -Path "C: DataMT-Webcast 1. csv" -Append • Run an extended message trace (full details): Start-Historical. Search -Report. Type Message. Trace. Detail -Recipient. Address ad@eswebcast. onmicrosoft. com -Start. Date 2016 -04 -01 -End. Date 2016 -06 -24 -Notify. Address ad@eswebcast. onmicrosoft. com -Report. Title "160621 Message. Trace"
Advanced Threat Protection
What is Advanced Threat Protection? • 2 features: • Safe Attachments – scans files after normal malware scan to inspect behaviour • Safe Links – links are redirected in mails to ATP in realtime. ATP inspects the URL and can block it, if found to be malicious. • New reporting: URL Trace • Policies to include desired users/groups. • Service is provided at additional cost • $2/user/month; “most competitive rate in the industry”
Sender Detonation chamber (sandbox) Executable? Registry call? Elevation? ……? Unsafe Multiple filters + 3 antivirus engines with Exchange Online protection Attachment • Supported file type • Clean by AV/AS filters • Not in Reputation list Links Safe Recipient Safe links rewrite
- Exchange online protection overview
- Forefront online protection for exchange
- Microsoft forefront protection 2010 for exchange server
- Determination of exchange rate
- Pearl exchange activity
- Gas exchange key events in gas exchange
- Eliminate left recursion calculator
- Four actions framework
- Blue ocean floor
- Eliminate reduce raise create grid
- Emiko's cat often meows for food
- How did these three absolute rulers eliminate competition?
- How did these three absolute rulers eliminate competition?
- Eliminate consecutive duplicates of list elements prolog
- What does electron configuration notation eliminate?
- Immediate left recursion
- Eliminating epsilon productions from cfg
- Essa eliminate simplify standardize automate
- Many freshwater invertebrates eliminate ammonia by
- Hlonline training
- Chiosco exchange online
- Major threats to biodiversity
- Desert biome threats
- Threats to biodiversity a case study of hawaiian birds
- Strengths weaknesses opportunities and threats template
- Strengths opportunities threats weaknesses
- Threats of new entrants
- Account takeover owasp
- Threating face
- Wireless security threats and vulnerabilities
- Swot wo