MICROSOFT EXCHANGE, PART 111:15-12:00

HISTORY OF MICROSOFT EXCHANGE AND KEY FEATURE INTRODUCTIONS

Exchange 20102009

• Basic e-mail functionality PLUS• “Premium” journaling; unified messaging; messaging records

management; transport rules; Exchange Active Sync (EAS)

Exchange 20072006

• Basic e-mail functionality• Offline folders & Cached Exchange Mode introduced

Exchange 20032003

• Basic e-mail functionality• “Dumpster” introduced

Exchange 20002000

• Basic e-mail functionality• Journaling introduced

Exchange 5.51997

• Basic e-mail functionalityExchange 4.0

1996

• Basic e-mail functionality PLUS• MRM features changed/expanded; legal hold; discovery search;

archive mailbox; mailbox moderation

Office 3652010-2011

• Basic e-mail PLUS member of the Office 365 Suite along with Lync and SharePoint

• E-mail; Instant Messages; call logs; meeting content; voice mails; SharePoint content

Exchange 20132013

• Basic e-mail functionality PLUS• Enhanced eDiscovery: “in-place” legal hold; “in-place

eDiscovery; data loss prevention (DLP); Outlook Web App offline

BIG MAILBOX!

Large Mailbox Size 100GB+– Aggregate Mailbox = Primary

Mailbox + Archive Mailbox + Recoverable Items

– 1-2 years of mail (minimum)– 1 million items / folder

Eliminate or reduce PST reliance Eliminate or reduce third-party

archive solutions Outlook 2013 allows you to

control OST size!– Gives more options around

mailbox deployments

Time Items Mailbox Size

1 Day 150 11 MB1 Month 3300 242 MB1 Year 39000 2.8 GB2 Years 78000 5.6 GB4 Years 156000 11.2 GB

EXCHANGE 2013 DEPLOYMENT AND ACQUISITION OPTIONS

HERE, THERE AND EVERYWHERE

ACQUIRING / DEPLOYING EXCHANGE 2013 - OPTION 1: “ON-PREMISE”

Installed in the deploying organization’s own data center

All infrastructure and data management elements under organization’s total control– All Exchange configuration settings– Backup policies (how long to keep, where to store, etc.)– Disaster recovery plan

My Data Center

ACQUIRING / DEPLOYING EXCHANGE 2013 - OPTION 2: “IN-THE-CLOUD”

Software as a Service (SaaS)– Monthly subscription fee per user– Exchange infrastructure located in

provider’s data centers Cloud options:

– Subscribe from Microsoft – Subscribe from other (non-

Microsoft) application service providers

Features, functions, and level of control vary between providers and plans– Availability of e-mail management

and eDiscovery features will vary

IN-THE-CLOUD FROM MICROSOFT - OPTIONS

“Standalone”– Exchange only: no Lync, SharePoint, or Office– 2 standalone plans available

Office 365– 14 plans: small, medium, or large (enterprise)

business; education; government– Numerous options (Yammer, Project, etc.)

Availability of eDiscovery and e-mail management features varies depending on plan. For example:

– Exchange Online Plan 1 does NOT include “in-place” hold; Plan 2 includes ALL eDiscovery features

– Office 365 Small Business Plans do NOT include eDiscovery

– NOTE! On-prem requires expanded licensing to get full complement of eDiscovery and e-mail management features

ADDITIONAL DEPLOYMENT OPTIONS

OPTION: “HYBRID” DEPLOYMENTS

Standard: “on-premise” or “in-the-cloud” Alternative: “hybrid” deployments where some

backend infrastructure is “on-premise” and some is “in-the-cloud”

My Data Center

Microsoft or other hosting provider’s data center

HYBRID FYI

Mailboxes can be split between on-premise and the cloud Common to see archive mailboxes in-the-cloud while

primary mailbox is on-premise Backup and disaster recovery policies and procedures can

differ between on-premise and in-the-cloud mailboxes

My Data Center

Microsoft or other hosting provider’s data center

OPTION: MULTI-TENANT VS. DEDICATED PLANS

Multi-tenant: application servers, data storage, other infrastructure comprised of SHARED hardware resources

– Subscribers have some control over the environment’s configuration

– BUT no control over the back-end infrastructure

– Lower cost than dedicated Dedicated: infrastructure is dedicated to

the subscriber—NOT SHARED– Subscribers have greater control over the

environment and some control over the back-end infrastructure

– Organizations with unique security requirements (e.g., government)

Microsoft’s cloud offerings are available in two categories

SERVICE DESCRIPTION SPREADSHEET

Details about all features, functions, options Find spreadsheet at http://

technet.microsoft.com/en-us/office/dn788955

CLIENTS FOR EXCHANGE SERVER

Microsoft Outlook (2003, 2007, 2010, 2013) Outlook Web App (OWA)

– Note: renamed Outlook Web App from Outlook Web Access

BlackBerry (close to extinction) Exchange ActiveSync

– Enables non-BlackBerry device synchronization with user’s Exchange mailbox, such as iPhone, iPad, SmartPhone, etc.

POP3 and IMAP protocol clients– Outlook Express– Windows Mail– Windows Live Mail– Non-Microsoft (Thunderbird, Eudora, etc.)

*

EXCHANGE SERVER

Exchange is the “server” component of an Exchange/Outlook e-mail system, providing…– The “brains” or nerve center– System administration– Houses e-mail and other items in the Exchange Information

Store (EIS) There are three server “roles:”

– Mailbox role– Transport– Unified Messaging

– Client Access role

EXCHANGE SERVERS

MAILBOX SERVER

*

user is logged into the network

“Online” mode

mailbox data resides TEMPORARILY in the

local machine’s memory—it is NOT stored on the local

hard drive

Permanent copy is on the Exchange

Server

HOW EXCHANGE AND OUTLOOK WORK

HOW EXCHANGE AND OUTLOOK WORK, CONT.

synchronizationcached Exchange

mode

Cached Exchange mode user is logged into

the network

• offline folder (OST)

• created automatically if user is configured for cached Exchange

mode

mailbox data resides BOTH on the local machine’s hard drive in what is

called an OST file AND on the

Exchange Server

HOW EXCHANGE AND OUTLOOK WORK, CONT.

PST folderExchange delivers e-

mail to user’s PST folder residing on

local computercould be

configured as POP3 or IMAP

mailbox data resides on the local

machine’s hard drive in a PST file

Outlook

WHERE MIGHT EMAIL BE FOUND?

HERE

offline folder (OST)

synchronizationcached Exchange

mode

personal

archive (PST)

• Where is e-mail potentially located?• Server: Exchange mailbox

server • User’s computer

• Offline Store (OST)• Personal Archive (PST)• “loose” files• removable media

AND HERE

Outlook

personal archive (PST)

“home” drive: H-drive, U-drive, etc.

each user gets one

users can move

their PST files to their home

directory

folder redirection

automatically puts My

Documents in home directory

DON’T FORGET HERE TOOanother copy of

disk backup (for

60 days)

disk backup (for

60 days)

Exchange mailbox server

1 per month to

tape keep 3 years

1 per year to tape keep 7 years

AND HERE

DAWNOF THE

LIVING PST’sSEE IT

At a corporation near you!

DAWN OF THE LIVING PSTS: OVERVIEW

If .PST files can be problematic from a legal and RIM standpoint, why do they exist?

– REDUCE THE SIZE OF THE EXCHANGE STORE which provides a number of IT benefits, such as:

– Reduced backup complexity and shorter backup windows– Larger e-mail databases present significant maintenance

challenges– MORE EFFECTIVE STORAGE MANAGEMENT– Encourage users to keep only those messages they deem worth

keeping To reduce the size of the Exchange Store, some organizations implement

deletion policies such as:– Mailbox quota/storage limit

• Users have 200 megabyte storage limit on the Exchange Server• User receives a warning at 190 megabytes that they are within 10

megabytes of their limit• User receives error message when attempting to send or receive e-

mail once 200 megabyte limit is reached– E-mail older than 90 days is deleted from the Exchange Server

• E-mails users want to retain must be “moved”…move them or lose them

– Where do users move the e-mails to? That’s right, PST files!

DAWN OF THE LIVING PSTS: LIMITS TAB FOR MAILBOX STORE

Exchange permits limits to be set on the size of user’s mailboxes

Issue warning at– When user’s mailbox reaches ____

size an alert is sent to user Prohibit send at

– Alert that user cannot send e-mail until mailbox size is reduced

Prohibit send and receive at– Alert that user cannot send AND

receive e-mail until mailbox size is reduced

Warning message interval– Determines when warnings are

generated

DAWN OF THE LIVING PSTS: PROPAGATION OF PSTS - CREATED BY USERS “AT RANDOM”

• Archiving moves (OR deletes) messages from the mailbox to the Archive Folders store automatically according to settings configured for each folder or all your folders

• May archive (or delete) every day, once a week, once a month, etc.

– Deletes messages if they are older than xx/xx/xxxx

• Creates a personal folder store called Archive Folders, which mirrors the folder structure of the mailbox.

– The Archive Folders store is saved in a .pst file on the user's workstation (NOT on the Exchange Server)

– Can specify on a per-folder basis whether to perform message archiving automatically

– Determines which messages to archive based on the last modified date and time information

– Archived messages no longer reside on the Exchange server– Helps to keep individual mailbox sizes within the limits of mailbox quotas

specified for each mailbox store or individual user

DAWN OF THE LIVING PSTS - PROPAGATION OF PSTS - AUTO-ARCHIVING

DAWN OF THE LIVING PSTS - PROPAGATION OF PSTS - AUTO-ARCHIVING

DAWN OF THE LIVING PSTS - PROPAGATION OF PSTS - MANUAL-ARCHIVING

DELETED E-MAIL: THE GOOD, THE BAD AND THE UGLY

“HARD” DELETION

User presses the Delete and Shift keys at the same time

The item does NOT go into the Deleted Items folder

Is item permanently gone?

AFTER A HARD DELETE IS AN ITEM PERMANENTLY GONE?

THE EXPANDED FOOTPRINT – FEATURES / FUNCTIONS

Unified Messaging Messaging records management (MRM) In-place archiving In-place hold In-place eDiscovery “Premium” journaling Information rights management S/MIME for message signing and encryption Transport rules Data loss prevention (DLP) Exchange auditing reports

UNIFIED MESSAGING FEATURES

Outlook Voice Access– “You have two new voice messages and twelve new e-mail messages. You

have a meeting in progress in Board Room Two…”– provides users with access to their Exchange mailbox from a phone. It

enables you to use any telephone to retrieve email, voice mail, calendar, personal contacts, and to access the company directory. You can also create messages to both internal and external recipients

Play on phone– lets a UM enabled user listen to a voice message using a telephone instead of

playing it over computer speakers or headphones Voicemail preview

– using ASR (automatic speech recognition) on newly created voice messages. When users receive voice mail, they receive messages that contain the voice recordings along with a text transcription that UM creates from recordings.

Protected voice mail– callers can send private mail, which Microsoft Rights Management Services

(RMS) protects

UNIFIED MESSAGING FEATURES

Call Answering (voice and fax)– “You’ve reached Steve’s mailbox. I’m sorry that I can’t

take your call: please leave a message…” Automated Attendant

– “Thank you for calling Contoso. Who do you want to contact? …”

Client Self Service– PIN reset, Record greeting, Play on Phone, OWA, Outlook

OCS Integration– Voice mail subject and importance from OC

Message waiting indicator Missed call and voice mail notifications via SMS

UNIFIED MESSAGING

Contextual contact actions

Text preview of voice mail

Audio playback

EXCHANGE FEATURES

Journaling– Enables an organization to capture a copy of every message

sent and receivedo Can be configured to capture only internal, only external, or all messageso Can limit journaling to specific users or distribution groups (requires

Exchange Enterprise CAL)

Outlook Web App (OWA) Offline– Provides offline access VIA BROWSER to e-mail; users can

also create new messages, see contacts and calendar items (and create new ones)

– Local database created to store items (up to 3 days of content or 150 items for each folder)

– Administrator can disable user’s ability to turn this feature on

EXCHANGE FEATURES, CONT.

Auditing– Administrator actions: everything an administrator can do

can be tracked, including: create, delete, move mailbox; conduct a discovery search; place a mailbox on legal hold

– Mailbox auditing: who did what and when in a mailbox, including : deletions, item creation, and delegate access

Transport rules– Configure Exchange to look for specific conditions in

messages – Take a variety of actions:

o Redirecting messages, silently dropping the messages, forwarding messages for approval, or applying Rights Management templates

EXCHANGE FEATURES, CONT.

Data Loss Prevention (DLP)– Built on top of transport rules– Helps to identify, monitor, and protect sensitive data

through content analysis– Content analysis based on complex policy templates

o Customo Out of the box: U.S. Social Security Number, U.S Bank Account

Number

– Certain actions can be taken based on analysis (delete, submit for approval, add disclaimer, etc.)

EXCHANGE FEATURES, CONT.

Exchange Active Sync (EAS)– Enables devices to synchronize data from an Exchange

Server over the air– Note a full mobile device management (MDM) solution– Devices typically include:

o Smart phones, tablets

– Provides a number of policy controls which may or may not be available depending on mobile OS or manufacturero Can allow or dis-allow compliant deviceso Remote wipe

– Policies include password length, encryption, attachments allowed, etc.

EXCHANGE MANAGEMENT SHELL (EMS)

One key to rule them all: everything that can be controlled in Exchange can be done via EMS and PowerShell

Uses DOS-like commands called cmdlets A number of features and controls are ONLY

available via EMS– Generate a list of unindexed items– Create additional discovery mailboxes

New-MailboxSearch –Name "InPlace-Hold-dsmith" ` –SourceMailboxes "dsmith@contoso.com" ` –InPlaceHoldEnabled $true

QUIZ TIME

Insert quiz question here Insert answer here

LUNCH BREAK12:00-1:00

MICROSOFT EXCHANGE, PART 21:00-1:45

MESSAGING RECORDS MANAGEMENT (MRM)

E-MAIL MANAGEMENT FEATURES IN EXCHANGE

In-place archiving Messaging records

management (MRM)Create

Store

Dispose

IN-PLACE ARCHIVING

What is it?– IMPORTANT! It’s not the same as third party

archive tools like Enterprise Vault, KVS, etc.– An additional mailbox designed to store mass

quantities of e-mail– Intended to replace .pst files

How it works– Enable archive for user– Users move items into their archive or Exchange

retention policy moves items into the archive based on retention policy

MESSAGING RECORDS MANAGEMENT (MRM)

What is it?– Framework for e-mail management– Retain, archive, preserve, and

permanently delete e-mail in accordance with Legal, RIM, and business requirements

How does it work?– “Tag” paradigm

HOW IT WORKS, STEP 1: SET UP RETENTION TAGS

HOW IT WORKS, STEP 2: ASSIGN TAGS TO POLICIES

HOW IT WORKS, STEP 3: ASSIGN POLICIES TO MAILBOXES

EXAMPLE: SAMPLE RETENTION POLICY

Folder or Tag Retention Policy

Inbox, Sent Items, Drafts, Conversation History

Deleted after 180 days

Deleted Items Deleted after 30 days

Working Docs Working Docs-2 year retention

Record Tag E-mail records-10 year retention

Contacts, To Do, Notes Indefinite

Voice Mails Deleted after 14 days

MRM IN ACTION

FYI-IN-PLACE ARCHIVING

Must be enabled (default setting is off) Works like the primary mailbox and is fully

searchable Not accessible in offline (Cached Exchange) mode Only accessible via Outlook or OWA; no mobile

client or Outlook for Mac support Is fully integrated into e-mail management and

eDiscovery features and functions Native .pst ingestion tools available to move

accumulated .pst files into archive

FYI: MESSAGING RECORDS MANAGEMENT (MRM)

Mobile clients don’t display retention policies or tags– Some exceptions (Outlook Web App Mobile on iPhone)

Voice mail messages can have a unique retention tag – Example: permanently delete after 14 days

Biggest challenges in implementing MRM:– Cultural: users may be accustomed to keeping email forever– Disruptive and time consuming: asking users to classify e-mail

may be a non-starter

NATIVE/BUILT-IN EDISCOVERY

EDISCOVERY FEATURES IN EXCHANGE

In-Place hold In-Place eDiscovery

Preserve

Discover

IN-PLACE HOLD

What is it?– Put an entire mailbox OR just selected items in a

mailbox (or group of mailboxes) on hold How it works:

– Assign Legal Hold/Discovery Management “role” to user (non-IT person)

– Create hold using the In-Place eDiscovery and Hold dialog/wizard o Scope the hold: ALL mailbox content OR content meeting

search criteria

– Behind the scenes, Exchange “Recoverable Items” folder locks down items subject to the hold (users unaware hold in place UNLESS they are told)

User A Mailbox

Recoverable Items

Deletions (FKA “The

Dumpster”)

Inbox

Purges

Versions

Audits

Deleted Items

…

DiscoveryHold

Calendar Logging

IN-PLACE EDISCOVERY

What is it?– Tool which searches across all mailboxes to identify, assess, and

collect email How it works

– Assign Discovery Management/Mailbox Search “role” to user (non-IT person)

– Exchange automatically full-text indexes content as its created– User creates search / scopes collection via In-Place eDiscovery and

Hold wizardo Keyword Query Language (KQL): Boolean operators, proximity, wildcard

– What can you do with the search results?o Get estimate of “hits” and data volumeo Assess search results o Export search results

EDISCOVERY FEATURES IN ACTION

FYI: IN-PLACE EDISCOVERY

Deduplication based on hash value calculated using:– InternetMessageId– ConversationTopic– IsSentItems– BodyTagInfo

Unsearchable items: not all attachments are searchable – Exchange Search includes certain set of default filters for indexing

(.doc, .xls, .ppt, .pdf, .odp, .html, and more (26 different filter types)– Encrypted items may not be indexed (S/MIME )– In certain circumstances IRM protected content is not indexed– Also, items not typically indexed: audio, video, non-OCR images– Elect to include unsearchable items when copying / exporting

search results

FYI: IN-PLACE EDISCOVERY, CONT.

Limits– Discovery search mailboxes can hold “only” 50

gigabytes of data– Maximum # of keywords for a single search is 500 – Maximum # of mailboxes that can be searched in a

single search for online versions of Exchange is 10,000; 25,000 for on-prem

FYI: IN-PLACE HOLD

Can take up to 1 hour for hold to be in effect New items automatically placed on hold If 5 or more “scoped” holds are applied to a

mailbox, ALL items in mailbox are placed on hold Quota! There is a 30 gigabyte default quota on

the Recoverable Items folder—hold will stop working if the quota is reached

Departed employees on hold: don’t delete their mailbox!– Mailbox should be disabled instead in on-prem

environment– Office 365 provides inactive mailbox option

CONSIDERATIONS FOR DISCOVERY

If using Lync with Exchange:– Instant Messages?– Call logs?

If using Exchange Unified Messaging:– Transcribed voice mail

messages (Outlook Voicemail Preview)

EXCHANGE 2013 RESOURCES

Technet.microsoft.com Tony Redmond book Microsoft Office 365 Administration

book Exchange Team Blog Quentin Christensen Blog

(eDiscovery product manager)

FILE FORMATS INDEXED BY EXCHANGE SEARCH

http://technet.microsoft.com/en-us/library/ee633485(d=printer,v=exchg.150).aspx

KEYWORD QUERY LANGUAGE (KQL)

http://technet.microsoft.com/library/dn774955(v=exchg.150).aspx

NEXT TOPICFILE SERVERS