1. Forefront for Office On-Premises Protection Technologies Curtis Parker Product Manager Microsoft Corporation al 1
2. Agenda Introduction to Microsoft® Forefront®Protection for Microsoft® Office On-premises secure messaging: Microsoft Forefront Protection for Exchange Server 2010 Protecting your email Secure collaboration Protecting your collaboration portals Management experience Improved security management (multiple-server support)
11. Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against email and collaboration threats
12.
13. Gartner Magic Quadrant for Secure Email Gateways -- Gartner, Inc. Magic Quadrant for Secure E-Mail Gateways, Peter Firstbrook, Eric Ouellet, April 27, 2010. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft. The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
18. Diversity of antivirus engines and heuristics** 0.00 denotes proactive detection 1 Source: AV-Test.org (www.av-test.org) The Multiple Engine Advantage
19.
20. Single-engine vendors provided responses in 5 days, 4 days,and 6 days, respectively Automatic engine updates On premises or in the cloud 99 percent spam detection* * With premium antispam services
21. Scanning and Architecture Strategy For maximum protection, deploy Forefront Protection for Exchange Server on all Exchange Server roles To optimize server performance, implement a scanning strategy by using one or more of the following tips: Antimalware stamp ensures a message is scanned only once Enable antispamscanning on the edge transport servers and disable on hub transport and mailbox servers Use different scan engines on different servers Deploy both edge transport and hub transport servers Forefront Protection for Exchange Server will scan and stamp inbound mail on the edge server Forefront Protection for Exchange Server will scan and stamp outbound mail on the hub transport server Internal mail is scanned and stamped on the hub transport server
22. Forefront Protection 2010 for Exchange Server Enterprise network Edge transport Protection availability: Exchange 2010 Exchange 2007 SP1 Hub transport Routing and policy External mail Unified messaging Voice mail and voice access Mailbox Storage of mailbox items Mobile phone Client access Client connectivity Web services Phone system (PBX or VOIP) Web browser Outlook (remote user) Line of business applications Outlook (local user)
23. Scanning Capabilities Transport scan Scans email messages that are inbound or outbound from an Exchange transport stack and all internal mail Real-time scan Scans email messages and attachments that are accessed in mailboxes and public folders on your Exchange server Scheduled scan Similar to real-time scanning, scanning occurs in the Exchange information store. Scheduled scans are typically used to scan the entire information store On-demand scan Typically used to immediately scan specific mailboxes to localize a known issue
25. Keyword Filtering Searches the message body for matches to keywords in selected lists Can be imported from an existing file Can filter phrases Support operators: AND, OR, NOT Actions: SkipDetect, Delete, Suspend
26. File Filtering Filter by name, type, or size *.exe, *.doc, *>10mb Filters can be combinations of size, name, and type <photo1.jpg>10mb, *.mp3>5mb, *>10mb Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM, and BAT Actions: SkipDetect, Suspend (Realtime), Delete (Scheduled/OnDemand)
27. Container Behavior (ZIP, RAR, etc.) Forefront scans within ZIP and other compressed formats and deletes only the offending file EXE DOC TXT DOC JPG BMP JPG BMP Custom deletion text Filter rules: Delete *.exeQuarantine Container file before scan EXE Container file after scan Quarantine
29. Hybrid Messaging Protection On-premises software Online Exchange Server Internet SMTP Edge Role Hub Role Mailbox Role Antivirus and antispamprotection for Exchange Server 2010/Exchange Server 2007 server roles
30. Hybrid Messaging Protection Antispam replication Up to 19 settings Quarantine Cloud or on premises Content rescan Antispam Antivirus
37. Types of threats increaseIntranets team sites Partner portal Repository Extranet
38. The Need for SharePoint Protection Microsoft® SQL Server® back end Indexing server Management External SharePoint users Potential malware Internet Potential malware InternalSharePoint users Unified Application Gateway Web front end Firewall
39. Forefront Protection for SharePoint Feature Summary Protection for Microsoft Office SharePoint Server 2010, SharePoint 2007, and Windows SharePoint Services Multiple antimalware engines Keyword and file filtering Scan AD RMS protected repositories Restore quarantined files Container: ZIP, OpenXML, RAR, etc. Native 64-bit implementation Updated user interface Windows PowerShell™ support
40. Integration with SharePoint Upload scenario Download scenario 6 1 1 Request 2 SharePoint web front-end servers Forefront Protection for SharePoint 4 SharePoint web front-end servers Forefront Protection for SharePoint VSAPI VSAPI 5 3 4 2 3 SharePoint databases SharePoint databases
41. Scanning Types Real-time scan Scan triggered through the SharePoint VSAPI Scheduled scan Schedule can be set for off hours scanning of selected SharePoint sites On- demand scan Immediate scanning of individual sites
70. Internet Explorer 7.0 and Internet Explorer 8.0Forefront Protection Server Management Console Capabilities
71. Forefront Protection Server Management Console Architecture Overview Remote access Continuous SQL replication Communication over Windows Communication Foundation Primary Forefront Protection Server Management Console Backup Forefront Protection Server Management Console Add Forefront Protection for Exchange Server and Forefront Protection for SharePoint servers to Forefront Protection Server Management Console and deploy Agent Upload policy to Forefront Protection Server Management Console and create jobs Run jobs to deploy policy Retrieve quarantine and reporting data periodically
78. Forefront Protection Server Management Console Home Page Side navigation bar provides quick access to desired functionality At a Glance page provides 24-hour activity snapshot Statistics broken out by Exchange and SharePoint Top five viruses Most active servers Highlighted navigation and ‘breadcrumb bar’ for current location
79. Server Management Forefront Protection Server Management Console can manage domain-joined servers and non-domain-joined servers E.g., edge servers, perimeter SharePoint deployments Automatic discovery of Forefront Protection for Exchange Server and Forefront Protection for SharePoint servers within Active Directory Displayed under New Servers Must be added to Forefront Protection Server Management Console to be managed Non-domain-joined servers can be manually added Need to enter FQDN Servers can be managed as groups
80. Management Agent Agent must be deployed to each Forefront Protection for Exchange Server/Forefront Protection for SharePoint server Pushed out from Forefront Protection Server Management Console server Requires port 445 to be opened for agent deployment Local administrator credentials on target server needed Agent deployment status displayed in the console Once successful, the Forefront version of the managed server is displayed Detailed logs available under Notification Logs
81. Job Management Four types of jobs: Deployment job (policy and updates) Signature redistribution job Scheduled report job Product activation job Jobs can be scheduled or run on demand Jobs can be scoped to target a specific set of servers Configured by the administrator
82. Job Management Deployment (policy/update) Policy deployments distribute Forefront Protection for Exchange Server/Forefront Protection for SharePoint configuration files (XML format) Partial policy enabled Credentials, if applicable, must be entered Update deployment jobs will push out .exe and .msp files Forefront Protection Server Management Console cannot deploy the initial Forefront Protection for Exchange Server or Forefront Protection for SharePoint installation Signature redistribution No jobs by default Can customize jobs by engine and by target server(s) Will download and then distribute
83. Job Management Scheduled report Generates and emails reports: daily, weekly, or monthly Sends all four available reports: Incident Detection Spam Detection Engine and Definition New Servers Product activation Activate evaluation Forefront Protection for Exchange Server/Forefront Protection for SharePoint servers by deploying an activation key Renew expiring subscriptions by distributing new license key and expiration date
84. Online Integration Forefront Online Protection for Exchange Gateway can be specified in policies to be deployed to the servers Links to the Forefront Online Protection for Exchange Administration Center Administration Center, Message Tracing, Hosted Quarantine, and Reports
85. Quarantine Management Centralized management Configurable retrieval period and polling interval Defaults to retrieving 5 days of records and polling every 15 minutes Broken out by Exchange and SharePoint Enables delivery/restoration of false positives directly from console Results can be filtered for faster recovery
86. Reporting On demand Incident detection, spam detection, engine and definition version Report scope based on date range and desired servers Report includes distribution of detections, trending, and raw data Scheduled Sent via email on a daily, weekly, or monthly basis
92. Questions and Answers Submit text questions by using the Ask button Don’t forget to fill out the survey For upcoming and previously live webcasts, visit www.microsoft.com/webcast Got webcast content ideas? Contact us at http://go.microsoft.com/fwlink/?LinkId=41781