Data Loss Prevention Policies (DLP)
Exchange 2013 provides comprehensive capabilities to help organisations identify, monitor, and protect sensitive information from leaking to third parties.Microsoft provides standardised regional libraries of policies to cope with management of credit card and financial information, personal information, and a variety of other metrics to help organisations comply with data protection laws according to the countries in which users are situated.
Office 365 is the only “off the shelf” product acceptable to US Federal Government and EU Covernment purchasing departments, and Microsoft’s DLP provisioning i relied on overwhelmingly by instititions large and small to establish data protection policies with the minimum of additional cost.
In Exchange 2013 Micorosoft introduced Document Fingerprinting and Policy Tips in Outlook Web App (OWA) to enhance document control and user education. Document Fingerprinting enables you to match documents that are derived from the same template.
This can be useful for organizations that frequently use standard forms or templates, for instance a law firm that uses a standard template to draft patent applications that it files on behalf of its clients.
Policy tips are designed to notify users in your organization when they are sending sensitive information over email. Policy Tips are similar to MailTips, and you can use them in Outlook in several different ways to help users avoid sending sensitive information in email. For example, you can use Policy Tips to:
- Inform users of the presence of sensitive information and optionally block the email from being sent.
- Educate your users through a Notify Policy Tip when sensitive content is present in their emails.
- Empower your users to make case by case decisions by allowing them to override the sensitive information policy—with the option of including a business justification for the override.
Office 365 delegated network administration
Delegated network administrators are certified Microsoft Cloud Partners who meet Microsoft standards for planning, deployment, and ongoing support of Microsoft Exchange, Office 365, and other Microsoft Cloud product lines. Delegated administrators are experienced engineers and consultants who are capable of managing large and small installations according to Microsoft’s benchmarks. ComStat is a Microsoft Cloud Partner and certified delegated administrator.
Delegated administrators perform tasks like liasing with Microsoft Support, setting up mailboxes, adding or removing users and groups, data migration, managing domain names and zone records, managing security policies, managing Exchange-connected mobile devices, managing transport, DLP, and other Exchange services, etc. Whereas small businesses are often faced with steep learning curves and under-utilized software, delegated administrators provide a reliable point of contact to advise business owners and implement application features that are beyond the scope of limited in-house resources.
Delegated administrators allow users to get the maximum resources from Microsoft applications.
A delegated administrator assumes the same rights as a global administrator, who is typically the owner of subscribed services. However, the owner/global administrator have the right to withdraw or reassign delegated administrator rights. Office 365 administrator rights extend to include the following privileges:
- global administration
- delegated administration
- billing administration
- password administration
- services administration
- user management administration
EOP/TLS Encryption
Office 365 Message Encryption is an easy-to-use service that lets email users send encrypted messages to people inside or outside their organization. Designated recipients can easily view their encrypted messages and return encrypted replies. Regardless of the destination email service—whether it’s Outlook.com, Yahoo, Gmail, or another service—email users can send confidential business communications with an added level of protection against unauthorized access.
There are many scenarios in which email message encryption might be required, including:
- A bank employee sending credit card statements to customers
- An insurance company representative providing policy details to customers
- A mortgage broker requesting financial information from a customer for a loan application
- A health care provider sending health care information to patients
- An attorney sending confidential information to a customer or another attorney
- A consultant sending a contract to a customer
Exchange Online and Exchange Online Protection (EOP) administrators set up Office 365 Message Encryption by defining encryption rules. ComStat engineers can help customers with subscribed support service customize encrypted messages with organizational text and logo, presenting a company brand that’s familiar to message recipients.
Additionally, Exchange provides advanced services for high level encryption services like certificated TLS etc. The diagram below showing the workflow through which Office 365 Message Encryption protects encrypted emails from being read by unauthorized users, while allowing straightforward access by authorized recipients.
In-Place email archiving
In-Place Archiving eliminates the need for Outlook personal store (.pst) files and allows users to store historical messages in an archive mailbox accessible in Microsoft Outlook 2010 and later and Microsoft Office Outlook Web App.
In Microsoft Exchange Server 2013, In-Place Archiving provides users with an alternate storage location in which to store historical messaging data. An In-Place Archive is an additional mailbox (called an archive mailbox) enabled for a mailbox user. Outlook 2007 and later and Outlook Web App users have seamless access to their archive mailbox. Using either of these client applications, users can view an archive mailbox and move or copy messages between their primary mailbox and the archive. In-Place Archiving presents a consistent view of messaging data to users and eliminates the user overhead required to manage .pst files.
You can provision a user’s archive on the same mailbox database as the user’s primary mailbox, another mailbox database on the same Mailbox server, or a mailbox database on another Mailbox server in the same Active Directory site. This provides flexibility to use tiered storage architecture and to store archive mailboxes on a different storage subsystem, such as near-line storage. In cross-premises Exchange 2010 and later deployments, you can also provision a cloud-based archive for mailboxes located on your on-premises Mailbox servers.
Apps for Outlook
There is a growing inventory of Microsoft and third party apps for integration into Outlook Web App and Outlook for desktop, ranging from in-line adress detection and mapping/directions to email routing analysis and routing.
Organisations face increasing risks to data leakage. Data leakage happens when organisations allow data about their customers or even their own organisation to “leak” into the public domain, quite often unwittingly. For instance, employees who have mobile phones to connect to Exchange services can sometimes download third party apps which assume access rights to information an organisation holds which isneverthless prohibited under data protection laws.
Among tools available to ComStat’s engineers to help educate users and organisations alike, our network administrators are able to define policies for organisations which manage availability and distribution of apps to users who have access to organisational services.
Outlook for desktop
Microsoft Exchange and Office 365 are cloud based services which can be accessed from Microsoft’s braowser based OWA application. Outlook for desktop continues plays an important for users who want to manage email, calendars, and even OneDrive and Sharepoint services. This capability is really the domain of the power user, however Hosted Exchange connects to Outlook 2007, 2010, and 2013, and Office 365 users can download Microsoft’s most current version of Outlook 2013 for desktop as part of their subscription service.
Office 365 mobile/tablet support
As users distribute more content to multiple mobile devices, issues of data leakage, data privacy, and data protection become increasingly important. Microsoft Exchange can cope with connectivity to a maximum of 5 devices per user, so the number of devices exposing an organisation to liability under data protection laws extend far beyond the number of an organisation’s “on-premise” workstations.
In the event of a lost mobile phone, laptop, or tablet which contains your customers’ personal data by way of contact information, emails, and/or documents, it is not enough to ask a mbile phone supplier to stop a SIM card – many smartphones can continue to connect to cloud services wirelessly to access organizational information and contact information even after disconnection from telco services.
ComStat is an authorised Microsoft Clour Partner, and is additionally authorised as a qualified network administrator. This means our engineers have a thorough working knowledge of advanced Microsoft Exchange and Office 365 technologies to help organisations subscribing to our supported services to deal rapidly with “won’t happen to me” events like lost mobile phones so that policies can be established to configure devices by brand, model, or individual, invoke keypad security, and restrict or wipe organisational data in the event of loss, including overseas travel.
Outlook Web Access (OWA)
Microsoft Outlook Web App (or Outlook Web Access) is a browser-based email client. Outlook Web App (OWA) lets users access their Microsoft Exchange Server mailbox from almost any web browser. The tools has proven immensely popular, and in some cases organisations forego the deployment of desktop versions of Outlook in favour of OWA’s clean and intuitive presentation.
Additionally, OWA connects you to your contacts, calendars, tasks, and Office 365 tools like Sharepoint, Word online, Excel online etc., and other management facilities for handling your Office 365 accounts. Depending on user rights, some users have access to advanced services which permit network administration of in-house and third party installations.
Shared Contacts
When you use Microsoft Office Outlook 2007 or higher with a Microsoft Exchange account, contacts can be shared. You can create additional contacts folders and choose which of those folders to share. For example, you can create a contacts folder for a specific project and share it with your coworkers. Optionally, you can grant them permission to modify the contacts.
Note: Any message, contact, or task in Outlook can be marked private so that others don’t see the item in shared folder.
Contact sharing works through sharing invitation and sharing request e-mail messages. Sharing invitations offer the recipient access to your contacts folder. When you send a sharing invitation for your default Contacts folder, you can request access to the recipient’s default Contacts folder.
Miscrosoft ActiveSync
Microsoft Exchange ActiveSync enables users of desktop and mobile devices to access email, calendar, contacts, and tasks from their organization’s Microsoft Exchange server.
Microsoft Exchange is the de facto standard in public sector and corporate IT and is the email backbone of Microsoft’s Office 365 Office suite. Given Exchange’s dominance in premium email services, Exchange ActiveSync is licensed to all major mobile devices manufacturers, although there may be minor variations in subsets of the application used by Windows Phone, Apple, and Android.
The major advantage this brings to users is that it decentralises reliance on a “primary” workstation from which emails etc. have to be co-ordinated. ActiveSync cordinates all devices to a centralised server so that each device has access to all information equally.
Network administrators can limit availability of data to user devices, which is useful in industries where data sensitivity, or in cases where devices are lost or stolen. This usually depends on in-house organisational competency, or in the case of small businesses, access to “delegated” administrators – Microsoft approved third party engineers. ComStat is an authorised delegated network administrator.
ActiveSync is a protocol. In the past, POP3 and IMAP protocols have been widely adopted by manufacturers and users. As modern technology becomes more widely adopted however, POP3’s limitations particularly make it an awkward protocol for users who want to mirror email, contact, and calendaring information between multiple devices. As small business adopts Microsoft’s Office 365 applications, technologies like POP3 which cannot synchronise data between devices “organically” are losing their popularity.
Microsoft Exchange supports POP3, IMAP, MAPI, all of which are widely recognized email distribution protocols. In its native environment, however, MS Exchange performs optimally with ActiveSync. Office 365 users can connect up to 5 devices to their account services.