v. Peter Schmidt, Solution Architect, EG A/S

Office 365 Compliance & Exchange Archiving

© EG A/S 2

Peter SchmidtSolution Architect, EG A/S

Expertise:Office 365, Exchange, Skype for Business, Microsoft Azure, ADFS, PKI

Microsoft MVP: Exchange, MCM: Exchange MCSE: Messaging, MCSA: Office 365MCSE: Server Infrastructure, MCSE: Public Cloud

Contact me:E-mail: pesch@eg.dkBlog: www.msdigest.netTwitter: @petschPhone: +45 7260 2775/+45 2080 9436

Introduktion

© EG A/S 3

Agenda

Office 365 Compliance Exchange Online Archive

Office 365 Compliance

OUR INFORMATION PROTECTION PORTFOLIO… A C R O SS A P P L I C AT I O N , D E V I C E S , I N T E G R AT E D S E R V I C E S

COMPLIANCE

AAD MULTI-FACTOR AUTHENTICATION

DATA LOSS PREVENTION

ANTI SPAM, ANTI VIRUS

ADVANCED THREAT PROTECTION

MDM/MAM WITH INTUNE

ENCRYPTION—RMS, OME

SECURITY

REGULATORY COMPLIANCE STANDARDS

EDISCOVERY & ANALYTICS

ARCHIVING & RETENTION

AUDITING

Add single large picture in background to represent

security

HOW CAN I PROTECT MY DATA?

1. Email, Outlook, OWA

2. SharePoint, OneDrive for Business

3. Office 2016, Word, Excel, PowerPoint

DATA LOSS PREVENTION IN OFFICE 365Greatly enhanced security capabilities while retaining rich Office Productivity experienceIdentify, monitor, protect sensitive information as they move in the organizationEducate and empower your users while they work on sensitive content

Protect and Educate

Policy Tips to educate end users

Policy Tips in OWA, Outlook, SharePoint and OneDrive and Office Clients (Word, Powerpoint, Excel)

Malicious users are audited and good users are protected

Auditing and Reporting of all DLP activity

Identity and Monitor

Policies govern to flow sensitive data

Index sensitive content as it arrives in the service

Contextual classification based on Windows FCI system or 3rd party system

Select DLP policies from a template Create or extend custom policies to integrate with incident management or alerting systems

O365 DLP Features

POLICY TIPS IN SHAREPOINT AND ONEDRIVE

POLICY TIPS IN OFFICE CLIENTS

DATA LOSS PREVENTION IN COMPLIANCE CENTER

MANAGE DLP POLICIES ACROSS O365 WORKLOADSOne policy definition independent of workloadOne policy lifecycleOne set of sensitive type definitionsNew DLP Policy from templateImport DLP Policy

OFFICE 365 ARCHIVING

IN-PLACE RETENTIONNo need to maintain a separate duplicate storeUNIFIED POLICIESUnified policy across Exchange, SharePoint, and Skype for BusinessEXTENSIBLEArchive data from third-party stores and more formats

Integrated tools to help you import, store, preserve and expire data

One retention policy for Exchange, SharePoint, OneDrive for Business, Skype for Business, and Public Folders

Preserve for X years, delete once X years are upPRESERVATIONDL/BCC information preserved—no need for journal based archiving

Preservation Lock restricts changes to archiving policies and prevents such policies from being turned off or removed

DELETE POLICIESAt item or folder level for email and a site level for SharePoint and OneDrive

UNIFIED POLICIES

SUPERVISORY REVIEWDefine employee communications to be reviewed by internal or external auditors

EQUIVIO ANALYTICS

CLUSTERING TECHNOLOGYThemes to identify data relationships

PREDICTIVE CODINGTrains the system to identify relevant documents

NEAR DUPLICATESReduce the data which is sent to review

Applies machine learning to enable users to explore large, unstructured sets of data and quickly find what is relevant.

EMAIL THREADINGReconstruct email threads from unstructured data

AuditingNew Audit pipeline to capture all O365 activity

Correlation and search across content that is person and content centric

Search, Stream and Export using the new O365 Management Activity API.

Extend

O365 Management API

Single API

Consistent Schema

150+ events and growing including Exchange, SharePoint, OneDrive, Azure AD and O365 Datacenter Admin

100+ partners and growing

Capture and Store

Consistent logging and Compliant Storage

Compliance Center experience

Consistent and Complete logging

90 days of events by default, can be extended for as long as you need.

Immutability and freshness

O365 Auditing Features

THE COST OF NON-COMPLIANCEA financial institution was fined $9 million for failing to produce customer emails in arbitration proceedings.

The Wall Street Journal. “LPL Fined $9 Million for Email ‘Failures.’” 2013.

eDiscovery &Compliance Center

Scalable, complete, built in search

Search and Refine with Compliance Search

One search for all data types

Analyze using ZoomWelcome to the Equivio team!

Export to Review and Legal Partners

eDiscovery FeaturesAnalyze

Equivio enabled insights

Download results of a search from SharePoint, OneDrive, Exchange, and file shares whether on premises or in Office 365.

EDRM XML supported formats

Can export to legal or review partners

Export the smallest amount of data

Themes to understand what you’re looking for

Pivots and grouping to enable complex and powerful searches

Predictive coding to cull large amounts of data

O635 + Equivio in Preview

ExportQuery and Hold

Search and Preserve

Unlimited, Concurrent searchesProximity search, rich query syntax, hit highlighting, infix and suffix wildcards

Granular Search Permissions Hold mailboxes, sites and queries with no impact to end users

Indexing is immediate and full fidelity with built in search

No need to worry about what Office 365 products your users are using, audit data will be made available to you from a centralized location.

IMMUTABLE AUDITING STORAGE90 day retention for all Office 365 Enterprise SKUs

COMPLIANCE CENTER One click configuration to search all your audit data

POWERSHELL CMDLETSProvides a more powerful search option

CENTRALIZED

O365 Compliance…your peace of mind

Office 365SP/OneDrive

Skype for Business

Exchange

And more…

Compliance Center

SPO/OneDrive

EXO

Archiving eDiscovery DLP AuditingDevice Protectionand more…

Social, IM (FB, Twitter, etc.

Third Party Archives

And more…

Partner Ecosystem (APIs, Experiences)

AlertingIngestion Review Auditing and more…

YammerSkype

SERVICE TRUST PORTAL

Designed to provide deeper information on how Microsoft manages security, compliance and privacy

Resources to help you evaluate how Office 365 maintains compliance with your regulatory requirements and how you can mitigate the risks with moving to Office 365

Office 365 company administrators can delegate access via https://trustportal.office.com

DEMOCompliance Center

Compliance CenterOne experience across all

workloads (EXO, SPO, Skype for Business, etc.)

Consistent Governance(Preservation, Delete,

Device Protection, DLP)

Insights and Alerts for Security and Compliance

Exchange Archiving

Personal Archive - Email

Click icon to add picture

The personal archive is simply an overflow container.

What is archiving?• Long-term storage of records or information• Provision for retention controls • Not necessarily the same as additional storage• Specific meaning in some legal / organizational contexts

Simplify email discovery and retention mgmt.

No time spent managing mailbox quota

Eliminate lost or corrupted .PST files

Access to all email from most clients

Benefits of large mailbox with archiving

Store and Retain

Store and AccessPreserve what you need, Delete what you don’t

Inactive and Active data with immutability built into the servicePreserve for Exchange, SharePoint/One Drive and LyncDelete for Exchange and LyncEnd user Access with Outlook, OWA, OneDrive, SharePoint and Lync

O365 Archives grow with your data (1 TB SPO/OD, unlimited EXO)Public Folder PreservationDocument Deletion in SharePoint

Compliance for Modern Groups, Yammer on its way.

Ingest

Ingest into Office 365

Network Ingestion for emailDrive Shipping for your Email!

3rd Party data Ingestion in Preview • Social – Twitter, FB etc.• IM Yahoo, Bloomberg, etc.• Rehydration from archives

Drives for documents coming soon.

O365 Archiving Features

Today: Data storageExchange In-Place Archive

Outlook OWA

Retain folder hierarchy

Primary

Immutable

Deletions

Inbox

Purges

Versions

DiscoveryHolds

Deleted Items

…

Archive

Immutable

Deletions

“Inbox”

Purges

Versions

DiscoveryHolds

…

User A

… …

Cloud Connect On-premises can still have compliance features in the cloudCloud based Compliance Center, Auditing, Analyze with Equivio, DLP and more…

Pure On-Premises

…and not just for data in the cloud.

What is Exchange Online Archiving?• Additional archive mailbox hosted in Office 365 EXO• Appears to user as additional mailbox with unique folder

structure and content• Assuming a supported client, that is

• Virtually no difference in how on-premises archive works vs. cloud archive• Manage, move, and apply retention policies just like with “real” mailboxes

• Identical, seamless user experience

Speaking of hybrid…• Archives grow without requiring on-prem storage• Potential large cost savings• You are outsourcing the preservation of what may be

important information• Microsoft probably puts more resources behind it than you can• Be aware of whether EOA meets your legal / compliance requirements for archiving

(as opposed to “storage”)• Requires good connectivity• Behaves almost identically to on-prem archives• Recycle your existing retention policies and tags

ProvisioningIt’s a multi-step process

UserMailbox

Enable‘remote’Archive

DirSync

CreateExchangeArchive

DirSyncActivate

UserArchive

What you can do with Exchange Online Archiving

Archives in OutlookAdded as a ‘secondary’ mailbox through Autodiscover.

Initial Autodiscover performed against the on-premises Exchange environmentBased on Autodiscover results, second Autodiscover request to Exchange Online for connection info.No different from on-premises archive

Archives in OWASimilar process as in OutlookExchange performs the AutoD requestArchive appears as peer of “real” mailbox

Archives in other clientsMac Outlook (“Office 365” edition): supportedMac Outlook 2011: not supportedOutlook for iOS / Android: not supportedOutlook for Windows Phone: not supportedUniversal Outlook: ?IMAP: not supported

How things get into the archive

Basic archiving strategies1. Users put things in the archives themselves2. You use retention policies/tags to archive things3. You use bulk import to move PSTs, etc. into archives

User self-archiving

Low admin overheadHigh flexibilityCan complement with bulk import

Very unlikely to happenNot all users are selective about what they archiveDifficult to monitor compliance with your policies

Pro Con

Retention policies / tags

Automates much of the processHelps users do the right thingHigh flexibility

More admin workloadRequires care and caution when designing policies and tagsClient support limited

Pro Con

Retention tagsRetention tags combine a (configurable) retention age and a specific (pre-defined) action.

Can be applied to both folders and individual items

What happens when an item is tagged?

Item (folder/message/calendar entry) gets a few new MAPI properties

PR_ARCHIVE_DATEPR_ARCHIVE_PERIODPR_ARCHIVE_TAG

Retention PoliciesCombine one or more retention tags in a policy which can be applied to individual mailboxes:

Get-RetentionPolicy “name” | Select –ExpandProperty RetentionPolicyTagLinks | ft Name -Auto

Managed Folder Assistant (MFA)Mailbox Assistant which processes items in a mailbox

Throttle-based (work-cycle)Default work-cycle is 1 dayConfigurable

Stamps items with retention settings Takes policy action on items that pass retention period

© EG A/S 50

SpørgsmålPeter SchmidtMail: pesch@eg.dkTlf. 7260 2775