Module 9

Configuring Messaging Policy and Compliance

Module Overview

• Introducing Messaging Policy and Compliance

• Configuring Transport Rules

• Configuring Journaling and Multi-Mailbox Search

• Configuring Messaging Records Management

• Configuring Personal Archives

Lesson 1: Introducing Messaging Policy and Compliance

• What Is Messaging Policy and Compliance?

• Discussion: Compliance Requirements

• Options for Enforcing Messaging Policy and Compliance

What Is Messaging Policy and Compliance?

Exchange Server 2010 has features that help you manage information distribution and comply with regulatory and legal requirements, such as:

• Restricting message flow

• Retaining copies of all or specific messages

• Managing messages in user mailboxes

• Searching for messages

Discussion: Compliance Requirements

• What type of business is your organization?

• What are some legislated compliance requirements for your organization?

• What additional compliance requirements does your organization have?

• How are you currently meeting these compliance requirements?

Options for Enforcing Messaging Policy and Compliance

• Transport rules

• Message journaling

• Rights management integration

• Mailbox searching

• Message retention and deletion

• Personal Archives

Lesson 2: Configuring Transport Rules

• What Are Transport Rules?

• Transport Rule Components

• Demonstration: How To Configure Transport Rules

• What Are Message Classifications?

• What Is AD RMS?

• How AD RMS Works

• How AD RMS Integration Works

• Demonstration: How to Configure AD RMS Integration

• Options for Configuring Moderated Transport

• Demonstration: How to Configure Moderated Transport

What Are Transport Rules?

Transport rules on an Edge Transport server are:

• Stored in AD LDS

• Unique to each Edge Transport server

• Used to manage inbound or outbound messages

Transport rules restrict message flow or modify message contents for messages in transitTransport rules restrict message flow or modify message contents for messages in transit

Transport rules on a Hub Transport server are:

• Stored in the Active Directory site

• Applied by all Hub Transport servers

• Used to apply compliance requirements

Transport Rule Components

• Conditions: Specify which e-mail message components are used to identify the e-mail messages

• Exceptions: Specify which e-mail messages to exclude from having an action applied

• Actions: Specify the processes to be applied to messages

• Predicates: Used by conditions and exceptions to define what part of an e-mail message will be examined

Demonstration: How to Configure Transport Rules

In this demonstration, you will see how to configure transport rules that apply:

• A disclaimer to messages sent to external recipients

• A restriction based on a regular expression

What Are Message Classifications?

Administrators can:

• View existing message classifications

• Modify existing message classifications

• Create new message classifications

• Configure Outlook 2007 to support message classifications

Message classifications mark messages with labels that provide recipients with special information about the message

Message classifications mark messages with labels that provide recipients with special information about the message

Message classifications can be applied by:

• Outlook 2007 or Outlook Web App users

• Transport rules

What Is AD RMS?

You can use AD RMS to:

• Restrict access to an organization’s intellectual property

AD RMS is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use

AD RMS is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use

• Limit the actions users can perform on content

• Limit the risk of content being exposed outside the organization

AD RMS components:

• AD RMS server • AD DS

• SQL Server• RMS-aware application

How AD RMS Works

RMS Server

Information Author Recipient

11

22 33

44

55

How AD RMS Integration Works

By integrating AD RMS with Exchange Server 2010, you can:

• Enable users to protect content

• Use AD RMS prelicensing

• Configure Outlook Protection rules to apply AD RMS templates automatically

• Configure Transport Protection rules to apply AD RMS templates

• Enable Journal Report Decryption

• Enable Transport Decryption

• Enable IRM in Outlook Web App

Demonstration: How to Configure AD RMS Integration

In this demonstration, you will see how to:

• Protect e-mail messages by using AD RMS

• Configure a transport rule that applies AD RMS protection

Options for Configuring Moderated Transport

In Exchange Server 2010, you can configure:

• Transport rules that require moderation

• Recipients that require moderation

Moderated transport enables the moderator to approve messages before deliveryModerated transport enables the moderator to approve messages before delivery

Demonstration: How to Configure Moderated Transport

In this demonstration, you will see how to:

• Configure a distribution group for moderation

• Configure a transport rule that enables moderation

Lesson 3: Configuring Journaling and Multi-Mailbox Search

• Message Journaling Options

• Demonstration: How to Configure Message Journaling

• Considerations for Managing the Message Journal Mailbox

• What Is Multi-Mailbox Search?

• Demonstration: How to Configure Multi-Mailbox Search

Message Journaling Options

You can configure message journaling by configuring:

• Per-recipient journaling

• Journal mailboxes per mailbox database

• Journaling as part of Messaging Records Management

Message journaling enables you to send copies of messages to any mailbox or valid SMTP addressMessage journaling enables you to send copies of messages to any mailbox or valid SMTP address

A journal report is a new message that includes the original message as an attachment A journal report is a new message that includes the original message as an attachment

Demonstration: How to Configure Message Journaling

In this demonstration, you will see how to configure a journal rule

Considerations for Managing the Message Journal Mailbox

• Consider using a SharePoint document library configuredwith an SMTP address as the messaging journal mailbox

• Use a Messaging Records Management rule to routinelyremove messages that have been backed up

• Create policies that govern access to the journaling mailboxes in your organization

• Ensure compliance by obtaining plan approval from legal representatives

• Determine what will occur if a journaling mailbox exceeds the configured mailbox quota

What Is Multi-Mailbox Search?

Multi-Mailbox Search:

• Enables cross-mailbox searches

• Uses the Exchange Control Panel

• Requires that users have discovery permissions

Demonstration: How to Configure Multi-Mailbox Search

In this demonstration, you will see how to:

• Add a user to the Discovery Management role group

• Perform a Multi-Mailbox search by using ECP

Lab A: Configuring Transport Rules, Journal Rules, and Multi-Mailbox Search

• Exercise 1: Configuring Transport Rules

• Exercise 2: Configuring Journal Rules and Multi-Mailbox Search

Logon information

Estimated time: 50 minutes

Virtual machines10135A-VAN-DC110135A-VAN-EX1 10135A-VAN-CL1

User name Administrator

Password Pa$$w0rd

Lab Scenario

You are a messaging administrator in A. Datum Corporation. Your organization has deployed Exchange Server 2010.

The legal and audit departments at A. Datum provided you with several requirements for implementing messaging policy and compliance. These requirements include applying rights protection to some messages sent inside and outside the organization, restricting message flow based on message classifications, and restricting which messages are sent to critical distribution lists. You also must ensure that you establish a separate and secure mailbox in which to retain all messages that the legal department sends and receives.

Lab Review

• In this lab, you implemented a transport rule that added a disclaimer to all messages sent to users outside the organization. What other option do you have for implementing this type of disclaimer?

• How can you verify that the Executives journal rule that you enabled in this lab is working properly?

Lesson 4: Configuring Messaging Records Management

• What Are Retention Tags and Retention Policies?

• What Is AutoTagging?

• Demonstration: How to Configure Retention Tags and Policies

• What Are Managed Folders?

• Process for Deploying Managed Folders

• Demonstration: How to Implement Managed Custom Folders and Content Settings

• Considerations for Implementing Messaging Records Management

What Are Retention Tags and Retention Policies?

• Retention Tag options include:

• Retention Policy Tags: Applied to default mailbox folders

• Default Policy Tags: Applied to all items that do not have another tag assigned

• Personal Tag: Used to set custom retention settings

• You can use managed content settings to:

• Configure retention periods

• Configure the retention expiration action

• Configure journal settings

Retention Tags assign message retention settings to messages or mailbox foldersRetention Tags assign message retention settings to messages or mailbox folders

Retention Policies group together one or more Retention Tags and apply the tags to mailboxes Retention Policies group together one or more Retention Tags and apply the tags to mailboxes

What Is AutoTagging?

• AutoTagging:

• Tracks user tagging

• Requires the user to tag at least 500 messages

• Users can:

• Enable and disable AutoTagging

• Override automatically applied tags

• Administrators can manage and monitor AutoTagging forall users

AutoTagging automatically applies Retention Tags to items based on past user behaviorAutoTagging automatically applies Retention Tags to items based on past user behavior

Demonstration: How to Configure Retention Tags and Policies

In this demonstration, you will see how to:

• Configure Retention Policy Tags

• Configure custom content settings for the Retention Policy Tags

• Configure a retention policy that groups the Retention Policy Tags

• Apply the retention policy to a user account

What Are Managed Folders?

Managed folders can include default folders and custom managed folders

Managed content settings can be used to:

Configure retention periods

Configure the retention expiration action

Configure journal settings

Managed folder mailbox policies group managed foldersand apply the settings to user mailboxes

Managed folders manage the contents of folders in user mailboxesManaged folders manage the contents of folders in user mailboxes

Users must move messages in to the custom managed folders before content settings will be appliedUsers must move messages in to the custom managed folders before content settings will be applied

Process for Deploying Managed Folders

To deploy Managed Folders:

• Specify the folders where you will apply managedcontent settings

• Specify the managed content settings for the selected folders

• Create a managed folder mailbox policy

• Apply the managed folder mailbox policy to users’ mailboxes

• Schedule the managed folder assistant to apply the changes to users’ mailboxes

Demonstration: How to Implement Managed Custom Folders and Content Settings

In this demonstration, you will see how to:

• Create a new managed e-mail folder

• Apply content settings to the managed e-mail folder

• Create a new managed folder mailbox policy

• Assign the policy to a user account

Considerations for Implementing Messaging Records Management

• Use managed custom folders for project based folders

• Use retention policies to automate messaging records management

• Ensure business and legal acceptance before configuring policies that delete messages

• Consider using journaling as a way to store messages for archival purposes

• Consider using Messaging Records Management tomanage mailbox sizes

• Plan retention policies or managed folder mailbox policiesbased on business groups with unique requirements

Lesson 5: Configuring Personal Archives

• Discussion: Options for Implementing Mailbox Archiving

• How Personal Archives Work in Exchange Server 2010

• Demonstration: How to Configure Personal Archives

• Considerations for Implementing Personal Archives

Discussion: Options for Implementing Mailbox Archiving

• Do you have any archiving requirements in your organization?

• How are you currently meeting these requirements?

How Personal Archives Work in Exchange Server 2010

The Personal Archive:

• Must be in the same mailbox database as the primary mailbox

• Appears as a folder in Outlook 2010 or Outlook Web App

• Is indexed and searchable

• Is not cached in Outlook

• Can be managed using messaging records managementpolicies

Exchange Server 2010 Personal Archives require a secondary or archive mailbox for the userExchange Server 2010 Personal Archives require a secondary or archive mailbox for the user

Personal Archives can help organizations meet legal and corporate requirements by ensuring that all messages are stored in an Exchange server mailbox

Personal Archives can help organizations meet legal and corporate requirements by ensuring that all messages are stored in an Exchange server mailbox

Demonstration: How to Configure Personal Archives

In this demonstration, you will see how to:

• Configure a Personal Archives mailbox

• Access the Personal Archives mailbox

• Manage messages with a Personal Archives mailbox

Considerations for Implementing Personal Archives

• Consider implementing Personal Archives for critical mailboxes

• Explore the option of using inexpensive storage with redundancy through continuous replication

• Apply messaging policies to Personal Archives mailboxes

• Consider removing the option of using PST files in Outlook

Implementing Personal Archives can significantly increase the storage requirements on the Exchange serversImplementing Personal Archives can significantly increase the storage requirements on the Exchange servers

Lab B: Configuring Messaging Records Management and Personal Archives

• Exercise 1: Configuring Messaging Records Management

• Exercise 2: Configuring Personal Archives

Logon information

Estimated time: 40 minutes

Virtual machines10135A-VAN-DC110135A-VAN-EX1 10135A-VAN-CL1

User name Administrator

Password Pa$$w0rd

Lab Scenario

You are the messaging administrator for A. Datum Corporation. Your organization has deployed Exchange Server 2010.

The legal and audit departments at A. Datum provided you with several requirements for implementing messaging policy and compliance. These requirements include configuring rules that will ensure that some messages are retained for an extended period, while other messages are deleted when they expire. Finally, you must enable Personal Archives for all of the users in the Executives department.

Lab Review

• Which of the following two approaches is better for ensuring that you retain a copy of specific e-mail messages: journaling rules or retention policies?

• How can you ensure that users move their PST files into their archive mailbox?

Module Review and Takeaways

• Review Questions

• Common Issues and Troubleshooting Tips

• Real-World Issues and Scenarios

• Best Practices