Slide 1

Slide 2 Slide 3 Slide 4 Slide 5 Comprehensive protection Multi-engine antivirus Continuously evolving anti-spam protection Policy enforcement Enterprise class reliability Geographically load-balanced datacenters Queuing capabilities to help ensure no mail is lost Live phone support Streamlined administration console Office 365 integration Detailed reporting Slide 6 Slide 7 Spam Protection Outlook Safe/Blocked Senders Content Scanning Bulk Mail Filtering Content Filter Advanced Options Customer Feedback False Positive/Negatives Customer Feedback False Positive/Negatives Policy Quarantine Policy Quarantine Edge Blocks Email is routed to EOP data centres based on MX record resolution Policy Enforcement Custom Rules Allows/Rejects SPAM Quarantine SPAM Quarantine Spam Analysts - The Big Picture Virus Scanning AV Engine 1 AV Engine 2 AV Engine 3 Envelope blocks IP-based edge blocking Slide 8 NDR Delivery Pool Bulk Delivery Pool Internet Outbound Pool High Risk Delivery Pool Higher Risk Outbound Pool Normal Score Spam Protection Content Scanning and Heuristics Content Filter Advanced Options Virus Scanning AV Engine 1 AV Engine 2 AV Engine 3 Policy Enforcement Custom Rules Quarantine Email Encryption Spam Analysts The Big Picture Slide 9 Slide 10 Slide 11 Step 1: Verify prerequisites Step 2: Configure mail flow (connectors) Step 3: Add and validate domains Step 4: Customize spam and policy settings Step 5: Enable mail flow Step 6: Monitor and fine tune Slide 12 Slide 13 Slide 14 On-Prem Mail Environment Exchange Online Protection Outbound Connector Inbound Connector Outbound TLS Connector Inbound TLS Connector EOP connectors between on-premises and EOP need to be created *Additional connectors can be created between EOP and partners to force TLS Configure mail flow (connectors) Partner Environment Slide 15 Prior to EOP (Fabrikam uses EOP) With EOP (Fabrikam uses EOP) Contoso Fabrikam Cert CN = mail.contoso.com Cert CN = mail.fabrikam.com Contoso EOP Fabrikam Cert CN = mail.contoso.com Cert CN = mail.protection.outlook.com Cert CN = mail.fabrikam.com Slide 16 On-Prem Mail APAC Exchange Online Protection On-Prem Mail AMER On-Prem Mail EMEA Outbound Connector 1 Outbound Connector 3 Outbound Connector 2 Inbound Connector 1 Slide 17 Slide 18 Slide 19 Spam and policy customization Slide 20 EOP and the Junk Mail folder Two rules Two rules need to be added to the on premise environment if you would like spam moved to the junk mail folder. Set-OrganizationConfig SCLJunkThreshold 4 New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam- Report" -HeaderContainsWords "SFV:SPM" -SetSCL 6 New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam- Report" -HeaderContainsWords "SFV:SKS" -SetSCL 6 End users need to be educated about the use of the Junk Mail folder in Outlook Slide 21 Slide 22 Spam and policy customization (ESN) Slide 23 End user access to quarantine Slide 24 Enable mail flow DNS changes MX record (domain-suffix.mail.protection.outlook.com) SPF record (v=spf1 include:spf.protection.outlook.com all) Do not change CNAME DNS entries for stand alone customers On-premise changes Create smart host from on premise environment to EOP Restrict on premises firewall to only accept port 25 traffic from EOPEOP Slide 25 Slide 26 Monitor and fine tune Goals Is the service operating as expected? Make adjustments to rules or settings as needed Evaluate effectiveness of spam settings Tools Reports (Office 365 Portal or Mail Protection Reports for Office 365) Submitting spam and false positive messages to Microsoft Junk Mail Reporting ToolJunk Mail Reporting Tool for Outlook Slide 27 Slide 28 Exchange Server 2013 Exchange Online EOP Stand Alone Slide 29 Slide 30 Do this Use a test domain, subdomain or low volume domain for trying different service features Create O365 connectors before adding domains Disable EOP inbound connector (type is on-prem) until you are ready to use it Use the Remote Connectivity Analyzer to troubleshootRemote Connectivity Analyzer Restrict inbound SMTP access to allow ONLY from EOP IP rangesEOP IP ranges Enable Microsofts IP Safe List in the Connection Filter When creating safe / black lists, use IP first, and if not possible, then use the domain Dont do this Daisy chain services Use EOP for sending bulk mail Enable all Content Filter Advanced Options out of the box Safe list your own domain Slide 31 Slide 32 Existing email environment Office 365 directory sync Secure mail flow Exchange Online ProtectionOn-premises Slide 33 Slide 34 Telnet is your friend Telnet can be used to test mail flow from EOP to your on-prem environment. This allows verifying mail flow will work before doing the MX cutover. You do/type thisServer responds with this telnet tenantDomainMXRecordHere 25220 helo your_sending_server_fqdn250 mail from: you@domain.invalid250 Sender OK rcpt to: recipient@contoso.com250 Recipient OK data followed by the enter keyServer provides directions on how to enter data. subject: Enter the subject and hit enter twice Enter the body text. To finish the message, type a period on a line by itself and hit enter. 250 Message queued for delivery. Quit221 Service closing transmission channel Slide 35 Slide 36 Quarantine Online viewer only supports up to 500 messages More can be viewed via PowerShell Get-QuarantineMessage CmdletGet-QuarantineMessage Can only release in bulk through Release-QuarantineMessage CmdletRelease-QuarantineMessage Limits Max message size for EOP delivering to stand-alone customers is 150 MB Max message size for EOP delivering to Office 365 hosted mailboxes is 35 MB Max 100 Transport Rules per tenant DLP policies consume part of this quota Max of 900 domains per tenant EOP outbound connectors use round robin for delivery Slide 37 Since January 2014 Extended Message trace (90 days) Directory Based Edge Blocking & Match sub-domains Remote PowerShell for customers without hosted mailboxes (EOP stand alone) End user access to the quarantine Office 365 Message Encryption Coming Soon DKIM for inbound email Support for IPv6 Future Outbound DKIM and DMARC Improvements to Bulk mail Advanced Spam Filter option Slide 38 What they offer Exchange Online Protection implementation and configuration assistance up to 90 days Administrator training on Exchange Online Protection Advise customer on service best practices Single point of contact for duration of engagement Eligibility Net new customers who purchase 1000+ seats EOP stand alone, O365D Exception basis for O365 Hybrid How to Engage an IPM Contact your Technical Account Manager for more information. Slide 39 Slide 40 Slide 41 www.microsoft.com/learning http://microsoft.com/msdn http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd Slide 42 Slide 43 Slide 44