archiving in the cloud with exchange online archiving bharat suneja sr technical writer | exchange...
TRANSCRIPT
Archiving in the cloud withExchange Online ArchivingBharat SunejaSr Technical Writer | ExchangeMicrosoft Corporation
EXL301
Archiving and ComplianceStorage Management
Balance mailbox size demands with available storage resourcesReduce the proliferation of PST files stored outside of IT controlImprove overall application and network performanceData RetentionMeet industry and regulatory email data retention requirementsSupport ongoing compliance, litigation or personnel mattersPreserve valuable intellectual property and corporate assetsDiscoveryRespond to strict timelines for legal discovery ordersReduce costs involved in searching for and retrieving dataReport on email communications as part of auditing procedures
Before Exchange 2010
Transport Journaling to feed journaling mailboxes or 3rd party archiving systems/serviceJournaling agent on Hub Transport applies Journal Rules, generates journal reports (message + metadata)
More at aka.ms/journaling
Exchange In-Place Archiving & Compliance
Consolidated storage - data resides in ExchangeRich end-user experiences – Native rich archive access with Office client toolsSimplified management – Single & unified IT & compliance management tools
3rd Party Archiving & ComplianceExchange In-Place Archiving & Compliance
3rd Party Archive
End User IT Admin IT AdminEnd User
Archive User ExperiencePST-like experience in OWA and Outlook
Drag and drop messages to move/copy to archive
Online-only access from OutlookMove to archive MRM policy to move items to archive
Also, Inbox rules to move messages or apply move policy
Archive Admin ExperienceSecond mailbox associated with user, not cachedShares same Active Directory user object as primary mailboxSame HA, Migration concepts as primary mailbox
demo
NameTitleGroup
Archive Experience
Cloud Deployment Scenarios
Primary Archive
Exchange Online Archiving (EOA)
On-Premises
*Cross-premises and EOA scenarios require Exchange 2010 SP1 On-Premises
Primary
Archive
Fully Hosted
Primary
Archive
Cross-premises Co-Existence
Primary
Archive
On-Premises
Exchange Online Archiving OverviewAbility to host primary on-prem and archive in the cloud
Per-user setting, tenant can have mix of users with on-prem and cloud-based archivesUnlimited Quota
Simplified on-prem storage management
Seamless user compliance spanning on-prem primary and cloud archive
MRM Move to archiveHoldeDiscovery Auditing
All management actions on-prem – very little cloud management
Requires hybrid configuration
Mechanics of Exchange Online Archiving
AD AD
AD
On-Premises Exchange Exchange Online
Office 365
AD FS
DirSync DirSyncForward Sync
WriteBack
Mechanics of Exchange Online Archiving Provisioning is asynchronous
AD AD
AD
On-Premises Exchange Exchange Online
Office 365
AD FS
DirSync DirSyncForward Sync
WriteBack
Enable-Mailbox user1 –remotearchive
Provision archive mailbox
Get-Mailbox user1 –archive
Provision new cloud-basedarchive
1
Active Directoryobject created
2
3
Mechanics of Exchange Online Archiving Provisioning is asynchronous
AD AD
AD
On-Premises Exchange Exchange Online
Office 365
AD FS
DirSync DirSync
Enable-Mailbox user1 –remotearchive
Provision archive mailbox
Get-Mailbox user1 –archive
Provision new cloud-basedarchive
1
Active Directoryobject created
2
Cloud-basedArchive created
4Forward Sync3
WriteBack5
Managing the archive
Exchange mailbox management tools to manage archive
Create a cloud-based archive (New mailbox)Enable the archive (Existing mailbox)Move an on-premises archive to the cloud (Shell only)Move a cloud-based archive to on-premises (Shell only)Disable the archiveReconnect a disabled archive
demo
EOA Management
Exchange Online Archiving: Client Access
Clients should be configured to point to on-premises CASOutlook gets AutoDiscover response and communicates directly with EOAOWA relies on on-prem CAS to proxy traffic to EOA
AP
CAS
CAS
On-PremisesExchange
Exchange Online
AutoDiscoverrequest
1AutoDiscoverresponse
2
Directarchiveaccess(OutlookAnywhere)
3OWARequest(HTTPS)
1
OWA Proxy2
Diagnosing Archive mailbox AutoDiscovery
Select XML tab to view AutoDiscover response3CTRL + right-clickOutlook iconin system tray
1
Select Test E-mailAutoConfiguration
2
Exchange Online Archiving – setupSubset of Hybrid Configuration
Exchange Server 2010
SP1 CAS/Hub
Archive Provisioning
Office 365 Directory Sync
w/ WriteBack
OWA remote archive access
AD FS Outlook Archive Single Sign On
Exchange Server 2010
SP1 CAS/Hub
Exchange Server 2010
SP1 MBX
eDiscovery, x-prem, MRM MTA
Wednesday@1:30PM - EXL303 Configuring Hybrid Exchange the Easy Way – Ben ApplebyHTTPS [TCP 443]
EOA Setup
Step Details Required/Recommended
Add your domains in the Office 365 portal
Add any primary SMTP domains (including Archive Domain)
Required
Configure Federated Identity (ADFS)
Single sign-on remote archive logon from Outlook Highly Recommended
Configure DirSync Required for remote archive provisioning Required
Enable DirSync Writeback Required for archive provisioning to complete Required
WCF 3.5 Pre-Req http://code.msdn.microsoft.com/KB982867
Required
1
2
3
4
5
EOA Setup
Step DetailsRequired/Recommended
Install Exchange Server 2010 SP1 server On-premises
On-premises Exchange Server 2010 SP1 CAS/Hub server (also MBX role for some scenarios) required for hybrid features
Required
Configure cloud Autodiscover DNS record
Allows on-premises targeted autodiscover Outlook client to redirect to cloud without prompts
Required
Publish MRS Proxy Allows Exchange Online Mailbox Replication Service (MRS) to connect On-Premises and perform a move to the cloud
Required
Configure Federation Trust / Org Relationship“Federated Sharing”
Enable infrastructure for delegated Live namespace federation.
Required for OWA remote archive access, cross-premises eDiscovery, MRM move to archive
Required
Synchronize Retention Policies
Export Retention Policy from on-prem to cloud(use export/import scripts that ship on-prem)
Required
Exchange 2010 SP2 Hybrid Wizard Replaces these steps
http://aka.ms/eoasetup
5
6
7
8
9
EOA Deployment steps in EDAExchange Deployment Assistant Steps
http://aka.ms/exdeploy
MOVE AND DELETE POLICYIW and IT Pro Experience
Message Retention: Overview
Use Retention Policies to manage email lifecycleArchive (Move) Policy: automatically moves mail to the archive
End User Impact: Keeps Mailbox under quotaLike Outlook Auto-Archive – without PSTsImplemented using Move DPT
Delete Policy: automatically deletes mailEnd User Impact: Unwanted mail is removed from viewEnd User Impact: Keeps Mailbox under quotaDelete Policies apply whether in primary or archivePer item policies take precedence over folder policiesPolicy properties are preserved so message retention is respected in third party systems.
http://aka/ms/retention
Move and Delete Concepts
Retention TagsName, Action (Move | Delete), Time periodAdmin mandated (Default Folders (RPT) | Entire Mailbox (DPT))
All items in mailbox moved to archive in 2 yearsAll items in mailbox deleted in 7 yearsAll items in Junk Mail folder deleted in 14 days
User applied (Personal Tags) – folder or messageNever delete items in Reference folder
Retention Policies Group retention tagsPolicies span to groups of users like ‘Accounting’ Deterministic: User has one retention policy
EMC MRM ConfigurationOrganization Configuration > Mailbox > Retention Policy TagsOrganization Configuration > Mailbox > Retention Policies
Retention Policies in Outlook 2010 and OWA
Expiration date stamped directly on email
Delete policies
Policies can be applied to a folder
Policies can be applied directly to an email
Archive policies
Preserve: Optional Retention Tags
Archive Policy
Delete Policy
Additional policies for special projects or roles (e.g. HR)Tags not part of Retention Policy, users select from ECP
How retention policy is applied
Retention policy applies to mailbox userSame policy applies to primary and archive mailboxes
Archive & delete policies independent of each otherItem can have both archive and delete policiesItem moved to archive in X days, deleted in X+Y daysWhat if: Retention age in delete policy < archive policy?
The delete policy stamped on item preserved when moved to archivePrecedence rule:
Policy tag that is closest scope to a mail item wins
Configuring MRM Mailbox Assistant
MRM Mailbox Assistant, aka “Managed Folder Assistant”Runs as a background process to crawl mailboxes and take action on “expired” mail items
Exchange 2010 RTM – Specify a schedulestart, end time and frequency (e.g. daily 1:00 AM – 6:00 AM)Can result in processing being forever behind
Exchange 2010 SP1 – Specify a workcycleAssistant runs throttled to not compete with critical mailbox processesWorkcycle –how often to process mailboxes (e.g. every 48 hours). On-prem default: 1 day. Use Set-MailboxServer to modifyIn Office 365 cycle is 7 days (no admin config required)
Retention Hold
Administrator override to pause all message retention policy actions (e.g. when employee on vacation)
Set-Mailbox –Identity bsuneja –RetentionHoldEnabled $true –RetentionUrl “http://intranet/holdpolicy” -StartDateForRetentionHold 6/10/2012
-EndDateForRetentionHold 7/5/2012
Migrating Retention Policies to CloudMRM policies not automatically migrated or synced to cloud
Scripts shipped to automate export and import of Retention Policies & Retention Tags between on-premises and cloud-based orgs *
Export-RetentionTags.ps1Import-RetentionTags.ps1
Do this before provisioning/moving archives to the cloud
P AP A
Export-RetentionTags.ps1 Import-RetentionTags.ps1
On-Premises Cloud
Export Import
MRM Policy
*Location: %Program Files%\Microsoft\Exchange Server\V14\Scripts
.xml
PRESERVE: HOLD POLICY
Legal Hold, Single Item Recovery & Recoverable Items store
Preserve: Legal HoldOverview
Preserve items for recovery and discovery for an finite or indefinite period of time without impacting end user experience
Captures deletes and edits (copy-on-write)User workflow is unchanged, items captured in Recoverable Items Store 2.0Multi-Mailbox Search can search items indexed in Recoverable Items Users can receive notification they’re on hold; eliminates manual processNo end-user impact
Preserve: Legal HoldConfiguration
Set legal hold to capture all changes indefinitely
Captured e-mail data found in multi-mailbox search results
Provides separate settings to enable single item restoreOptional alert message for users with Outlook 2010 and OWA
Preserve: Hold PolicyUser Experience
URL links to additional info
User is told how to comply (no action needed for e-mail)
Rolling HoldPreserve user data for a rolling window of time irrespective of user actions
Achieved using Single Item Recovery (SIR)SIR captures all edits for a specified time period
Set-Mailbox -Identity asummers -SingleItemRecoveryEnabled $true
Off by default on-premisesOn by default in Exchange Online with default window of 14 days.
Changing time window requires a support call.
Hold Management & the Cloud
Manage Legal Hold against current location of the primary mailboxSetting hold on user on-premises applies to EOA automaticallyArchives (on-premises or cloud-based) have their own Recoverable Items 2.0 store
Items deleted from archiveOriginal copies of modified items
AUDITING & REPORTINGConfiguration Audit and Mailbox Audit
Auditing
Compliance ConfigurationAll the configuration changes made by the administrators from any of the UIs Was litigation hold ever removed from this mailbox? Who has been running Discovery searches? What was the old value of retention period?
Non-Owner Mailbox AccessMailbox data access actions performed by Administrators/Delegates/Owners Who is reading my emails? Who really sent that email
Audit: Configuration AuditLogs all state changing cmdlets against Exchange
set-*, new-*, enable-*, (optional) test-*Set-AdminAuditConfig –AdminAuditLogEnabled $true
Configured per tenant organization in Office 365 (ON by default)
On-prem audit events logged in arbitration mailboxEOA audit logged to online tenant arbitration mailboxResults can be searched/exported usingNew-AdminAuditLogSearchSearch-AdminAuditLogECP UI
Audit: Mailbox AuditCaptures all non-owner access to a mailbox
Captures all operations performed on that mailbox.Includes access by Admin & Delegate users
Configured per user using set-mailboxLogged to special Audit folder in user mailboxResults can be searched/exported using Search-MailboxAuditLogNew-MailboxAuditLogSearchECP UI
Audit: Reports in ECP UI
Audit Reports:1. Non-Owner MBX Access2. Hold Admin Activity3. Roles membership
Export Audit Logs
DISCOVER: MULTI-MAILBOX SEARCHDiscovery Console in ECP and PowerShell search
Performs distributed search across end user mailboxes located on multiple servers.Searches all user data (archive included automatically)
User’s EOA data also searchedAbility to view keyword statistics & copy results to discovery search mailbox on-premisesAbility to annotate items with metadata for review.Admins by default do not have access to search mailboxes, Discovery Management RBAC role is requiredSearch is throttled and parallelized
Discover: Multi-Mailbox Search
Session Objectives and Takeaways
Session Objective(s): Overview of Exchange Online (EOA)Setup and deployment of EOACompliance features in EOA
Key TakeawaysExchange Online Archive allows customers to consolidate email and simplify on-premises storage managementExchange Online Archive enables simplified compliance management
Related Content
EXL303 Configuring Hybrid Exchange the Easy Way
EXL11-HOL Microsoft Exchange Server 2010 Compliance: Archiving & Retention
Demos and questions at Microsoft Exchange booth
Find Me Later At… Exchange booth, @bsuneja on Twitter
Follow us on Twitter! @MSFTExchange hash tags: #MSExchange
Track Resources
Understanding Exchange Online Archiving (aka.ms/eoa)
Configure Exchange Online Archiving (aka.ms/eoasetup)
Exchange Online (aka.ms/eo) – Price and plans
Exchange Server Deployment Assistant (aka.ms/exdeploy) – Hybrid Config
Resources
Connect. Share. Discuss.
http://europe.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn
Evaluations
http://europe.msteched.com/sessions
Submit your evals online
MS Tag
Scan the Tagto evaluate thissession now onmyTechEd Mobile
Required Slide *delete this box when your slide is finalized
Your MS Tag will be inserted here during the final scrub.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.