Comment contrôler l’information, archiver légalement, être compliant avec les réglementation et lutter contre la fuite des données dans Exchange 2013
Cette session abordera les problématiques d'archivage légal (à valeur probante), les aspects de respects des normes et des diverses reglementations. Nous entrerons dans le détail des outils de DLP (Data Loss Prevention), d'eDiscovery, de retention légale, les boites aux lettres de site.
Comment contrôler l’information, archiver légalement, être compliant avec les réglementation et lutter contre la fuite des données dans Exchange 2013
1. Archivage, Conformité ,
DLP, rechercher et prouver
avec Exchange server 2013
Matthieu Parfus Principal Consultant
Guy Groeneveld Principal PFE
Christophe Horny Avant-Vente
Exchange
Office / B2B / LOB / Entreprise
2. Fonctions / limitations
Archivage
Régulation
Prévention contre la fuite de données
Audit et recherche
3. Préserver et rechercher des e-mail, sans changer l’expérience utilisateur ou
administrateur
Préserver Rechercher
Archivage intégré Gouvernance Audit Rechercher / Prouver
Boîte d’archive avec Automatiser le déplacement Conserver, historiser et Interface Web, multi boites
quota spécifique et a durée de vie sur des prouver Recherche dans : la boite
Utiliser et administrer critère de temps Conservation basée sur le principale, la boite d’archive,
nativement par Outlook Définir des politiques sur des critère de temps éléments supprimés
/OWA/ECP éléments / des dossiers Granularité des données Relégable via un rôle
Disponible on-premises, Date d’expiration visible dans audit d’auditeur légal
online, ou Hybride les messages Notification optionnel Déduplication après recherche
Audit pour prouver
l’application des règles
4. Préserver et rechercher les données Office, sans changer l’expérience
utilisateur ou administrateur
Préserver Rechercher
Archive intégré Gouvernance Audit Rechercher / Prouver
Archives Lync dans Interface utilisateur identique Fenêtre de temps sur la Fédération de la recherche
Exchange entre OWA et Outlook pour mise en audit multi produits : Exchange,
la gestion des SharePoint, Lync
Recherche dans la boite Recherche des mises en
principale et d’archive via enregistrements audit multi produits :
Outlook & OWA Exchange, SharePoint, Lync Prévisualisation des données
avant export
16. Chapitre 3
PRÉVENTION DES PERTES DE
DONNÉES
Office / B2B / LOB / Entreprise
17. Les données sensibles,
grâce à une analyse
approfondie du contenu
sont :
• Identifiées
• Supervisées
• Protégées
18. Permet aux utilisateurs de gérer leur
conformité
Donne une information contextuelle
Fonctionne même en mode déconnecté
Peut être personnalisé par les
administrateurs sur le contenu
18
19. Les Stratégies DLP
Un outil flexible qui permet d’avoir le bon niveau de
contrôle
REVALIDE
ALERTE CHIFFRE autorise REDIRIGE
Autorise le Délivre de
contourner Bloque et
mail avec avec accès redirige
un warning restreint
MOINS RESTRICTIF TRES RESTRICTIF
CLASSIFIE SUSPEND
RENSEIGNE
autorise le Bloque en INTERDIT
Autorise le
mail avec attendant N’émet pas
mail avec un
une une
Disclaimer.
information validation
21. Règles prédéfinies pour détecter des
données sensibles
Combinaison d'expressions
régulières, de dictionnaire et de
fonctions internes (exemple : valider
le checksum d’une carte de crédit)
Extensible
21
22. Fonctionnement de l’analyse de contenu Exemples
Lecture Joseph F. Foster Ce contenu déclenche la règle
du Visa: 4485 3647 3952 7352
contenu Expire: 2/2012 ACME Travel,
I have received updated credit card information for
Joseph
4485 3647 3952 7352 Un nombre à 16
Détection didgit est détecté
Joseph F. Foster
Visa: 4485 3647 3952 7352
Expires: 2/2012
1. 4485 3647 3952 7352 Checksum Valide Please update his travel profile.
Analyse 2. 1234 1234 1234 1234 Non valide
Indices
Ce contenu ne déclenche pas la règle
1. ”Visa” proche du nombre à 16 digit
suppléme Hi Alex,
2. Idem pour la date ”2/2012”
ntaires
I expect to be in Hawai too. My booking code is 1234
1234 1234 1234 and I’ll be there on 3/2012
1. Une expression régulière valide
Verdict 2. Des indices renforcent la conviction
Regards,
lisa
24. Evaluation de la
strategie
Audit & mise à jour du
Configuration DLP
suivi de messages
Admin
Distribution des policy tips
Information des utilisateurs
Outlook
Information Workers
25. Audit data
Classification
Details de la règle
25
26. Exchange DLP
Reporting and
Auditing
Vue d'ensemble des résultats DLP
Disponible seulement avec Office
365
http://www.microsoft.com/en-
us/download/details.aspx?id=3071
6
33. Donnez votre avis !
Depuis votre smartphone, sur :
http://notes.mstechdays.fr
De nombreux lots à gagner toutes les heures !!!
Claviers, souris et jeux Microsoft…
Merci de nous aider à améliorer les TechDays
http://notes.mstechdays.fr
34. Développeurs Pros de l’IT
http://aka.ms/generation-app Formez-vous en ligne www.microsoftvirtualacademy.com
http://aka.ms/evenements-
developpeurs Retrouvez nos évènements http://aka.ms/itcamps-france
Les accélérateurs
Faites-vous accompagner
Windows Azure, Windows Phone,
gratuitement
Windows 8
Essayer gratuitement nos http://aka.ms/telechargements
solutions IT
La Dev’Team sur MSDN Retrouver nos experts L’IT Team sur TechNet
http://aka.ms/devteam Microsoft http://aka.ms/itteam
Notes de l'éditeur
Intro Office / B2B / LOB / entreprise
SituationTo keep up with growing and changing regulatory environments, organizations need custom, easy-to-implement email archiving capabilities that do not interfere with user workflows.Slide objectiveThe audience should understand how they can get robust email archiving and discovery tools without burdening the IT department or users.Talking pointsExchange Previewoffers you new,integrated email archiving toolsthat can help you preserveand discover email data,without having to change the way your usersor IT adminswork.This latest releaseincludes such features as:An In-Place Archive that seamlessly surfaces in both Outlook and Outlook Web App.This secondary mailboxappears as a set of foldersin your users’ email clients,allowing them to use familiar tools and actions to manage both live and archived email data. For administrators,the very same admin tools used to manage other aspects of Exchange,such as the Exchange Administration Center or PowerShell,can be used to configureand enable this In-Place Archive.Retention policiesthat allow IT staff to define,deploy,and automate the expiryand archiving of email data. These new policiesare both granularand flexible,and can be set at either the folderor item level. Exchange Previewhas an in-placehold policythat,when enabled on a user’s items,retains any editsor deletions made by the user under hold. This feature also enables rolling holdcapabilityto allow holds for a period of time.The new, easy-to-use eDiscovery Center can be delegated to specialist users such as a compliance officeror human resources personnel, to conduct e-discovery taskswithout having to generate additional overhead for the IT department. This also allows compliance officers to set time-based In-Place Holds to ensure that data is held for specific periods of time for eDiscovery purposes. Query-based In-Place Hold allows a compliance officer the ability to specify filters such as date, document type, sender, and free text keyword query language (KQL) (there are others). If these filters are met, the data will be kept on hold.
SituationTo keep up with growing and changing regulatory environments, organizations need custom, easy-to-implement email archiving capabilities that do not interfere with user workflows.Slide objectiveThe audience should understand how they can get robust email archiving and discovery tools without burdening the IT department or users.Talking pointsExchange Previewoffers you new,integrated email archiving toolsthat can help you preserveand discover email data,without having to change the way your usersor IT adminswork.This latest releaseincludes such features as:An In-Place Archive that seamlessly surfaces in both Outlook and Outlook Web App.This secondary mailboxappears as a set of foldersin your users’ email clients,allowing them to use familiar tools and actions to manage both live and archived email data. For administrators,the very same admin tools used to manage other aspects of Exchange,such as the Exchange Administration Center or PowerShell,can be used to configureand enable this In-Place Archive.Retention policiesthat allow IT staff to define,deploy,and automate the expiryand archiving of email data. These new policiesare both granularand flexible,and can be set at either the folderor item level. Exchange Previewhas an in-placehold policythat,when enabled on a user’s items,retains any editsor deletions made by the user under hold. This feature also enables rolling holdcapabilityto allow holds for a period of time.The new, easy-to-use eDiscovery Center can be delegated to specialist users such as a compliance officeror human resources personnel, to conduct e-discovery taskswithout having to generate additional overhead for the IT department. This also allows compliance officers to set time-based In-Place Holds to ensure that data is held for specific periods of time for eDiscovery purposes. Query-based In-Place Hold allows a compliance officer the ability to specify filters such as date, document type, sender, and free text keyword query language (KQL) (there are others). If these filters are met, the data will be kept on hold.
Les blocs de couleurs sont éditables et peuvent reprendre la couleur du type de session qui est donnée.Idem pour les textes.
SituationEmail volume continues to grow, driven by the nearly ubiquitous use of email as the core communications tool for businesses. At many organizations, mailboxes are too small to accommodate this growth, forcing employees to spend time deleting email messages or moving them to .PST files to stay under quota. Your employees may wonder why their personal email accounts have multi-gigabyte storage limits while their work email accounts are a fraction of the size. Small mailbox quotas are not just an inconvenience for your users. Undersized mailboxes can lead to the proliferation of .PST files. Because .PST files exist outside the Exchange server, they are difficult for you to manage, difficult to search for legal discovery purposes, insecure, and rarely backed up. Slide objectiveCommunicate the benefits of large mailboxes and In-Place Archives.Talking pointsWe think of large mailboxes as allowing you to store at least a year’s worth of messages in the one mailbox.TimeItemsMailbox size (MB)1 Day 200 15 1 Month 4000 ~300 1 Year 52,000 ~3800 4 Years 208,000 ~15000 User profile: 160 receive + 40 send /day profile, 75 KB, no deletions, five-day work week
SituationThe In-Place Archive features of Exchange deliver a familiar user experience in Outlook 2007, Outlook 2010, and Outlook Web App.Slide objectiveDescribe the features and functionality of In-Place Archiving in Exchange.NotesA specialized Exchange mailbox configured and associated with the user’s primary mailbox.Unlimited storage quota for subscriptions, which include Exchange Online Archiving and Exchange Online (Plan 2).Provides users with a familiar experience by seamlessly surfacing in both Outlook and Outlook Web App.Users can employthe same skills and methods they already use today to interact with archived email; e.g., drag and drop email to folders.Create folders and categorize.Conduct searches and filter results.Reply to messages and set flags.COMPETITIVE: This is a big differentiator versus Google and other third-party archiving products. Other archiving products require a separate user interface for management and for end user access. Having this integrated seamlessly is a strength. (Refers to above 6.)Talking PointsFirst there is the In-Place Archive. This is a secondary mailbox that is enabled and associated with a user’s primary Exchange account. To help deliver a familiar experience for your users the In-Place Archive appears like any other folder or opened PST file in both Outlook and Outlook Web App.This means your users can easily interact with their archived email utilizing the same methods they already use today like dragging and dropping email from the Inbox to other folders. Searching for messages across either live or archived email is the same experience including having rich options for filtering the search results such as only showing messages that include attachments or that have been tagged with a specific category.Administrators using existing Exchange management tools can set a separate quota for the archived mailbox independent from the primary mailbox. And utilizing the enhanced retention policies framework in Exchange 15, you can define policies that automatically move email into a user’s In-Place Archive based on specific time-based criteria.These two mailboxes (the primaryand the In-Place Archive can live in the same Exchange database or in an separate store) allows you to benefit from a range of Exchange 15 mailbox resiliency and storage innovations.
SituationExchange allows you to quickly provision an In-Place Archive and the associated policies and quotas. Slide objectiveDescribe the features and functionality.Talking Points:Easily add on-premises orcloud-based archiving capabilities for on-premises mailboxesdirectly in theExchange Administration Center (EAC). Deployment can be done either on-premises, natively withinExchange Online, or via Exchange Online Archiving – a stand-alone offering attached to ExchangeServer or Exchange Online.EAC can be used to provision the In-Place Archive. If theprimary mailboxislater moved to the cloud, the In-Place Archive moves with it.
SituationThe search features of Exchange deliver a familiar user experience in both Outlook 2010, the new Outlook, and Outlook Web App. Slide objectiveDescribe the features and functionality of end user search, specific to the In-Place Archive.Talking PointsIt is painful and inefficient for users to deal with one experience when working with live email, and yet another when needing to do the same action in their In-Place Archive. In Exchange Preview, we are working toward making your users’ lives easier. For example, you can perform a search in the same manner in both live email and In-Place Archive, or you can easily search both at the same time. Search results are returned quickly in the same window, and you can see them in a unified conversation view, for easier traversal.This integrates new search technology based on SharePoint Search and FAST technology.COMPETITIVE: This is a differentiator against Postini (yet to be determined against Google Vault). Differentiator against third-party archiving products.
Les blocs de couleurs sont éditables et peuvent reprendre la couleur du type de session qui est donnée.Idem pour les textes.
SituationExchange includes a range of policies that allow customers to automate the deletion and mailbox management of email and other Exchange data to meet data-retention requirements.Slide objectiveDescribe the features and functionality.Talking PointsExchange includes a retention policy approach aimed at providing IT administrators and users with a flexible and granular way to set policies on email retention and location without impacting user productivity.For example, your IT staff can set default retention policies across your organization that determine how long messages should be retained. They can also create a series of Retention Policies that your users can select and apply to individual messages or folders to ensure that proper message expiry is set on important email. Additionally, move policies (archive policy) can be defined and set to determine if and when an email message should be automatically moved to the In-Place Archive. And it’s worth noting that when these messages are moved to the In-Place Archive, the folder hierarchy from the user’s primary mailbox is preserved; this is a great benefit for those who rely on filing as a means to manage their communications.It’s also worth noting that you do not need to enable the In-Place Archive to implement these retention policies or the hold policy described in the deck (NOTE: the exception is the “Archive Policy”).DetailsArchive Policy (Mailbox Management)Automatically move content to In-Place Archive.Time-based criteria (such as email older than two years).Preserves primary mailbox folder hierarchy.Retention Policy (Expiration)Automatically delete content.Time-based criteria (such as email older than two years).Retention policies travel with archived messages.Can combine:Automatically move message to the In-Place Archive after x months, then delete from the In-Place Archive after y months.More specific policies override generic defaults.
SituationExchange includes a range of policies that allow customers to automate the deletion and archiving of email and other Exchange data to meet data retention requirements.Slide objectiveDescribe the features and functionality of policies in Outlook and Outlook Web App.Talking PointsYou have the ability to allow your users to select retention and archive policies at the folder, conversation, or individual message level. This helps reduce interrupting a user’s normal workflow (whether they are a “filer” or a “piler”) when retention policies need to be affected across important email data. Outlook and Outlook Web App display retention policy details andperhaps more importantly the date the message will expire right in the message preview pane. This means your users no longer need to monitor a specific folder to learn which messages may be expiring soon.
SituationExchange includes a range of policies that allow customers to automate the deletion and archiving of email and other Exchange data to meet data-retention requirements.Slide objectiveDescribe the features and functionality of policies in Outlook and Outlook Web App.Talking PointsYou have the ability to allow your users to select retention and archive policies at the folder, conversation, or individual message level. This helps reduce interrupting a user’s normal workflow (whether they are a “filer” or a “piler”) when retention policies need to be affected across important email data. Outlook displays retention policy details and, perhaps more importantly, the date the message will expire right in the message preview pane. This means your users no longer need to monitor a specific folder to learn which messages may be expiring soon.COMPETITIVE: This is a differentiator versus Google and other third-party archiving products – especially without add-ins. Other products will purge a message without the user being aware of what is coming. Allowing visibility into the behind-the-scenes retention is important for users.
Les blocs de couleurs sont éditables et peuvent reprendre la couleur du type de session qui est donnée.Idem pour les textes.
Les blocs de couleurs sont éditables et peuvent reprendre la couleur du type de session qui est donnée.Idem pour les textes.
Our goal is to keep a hold of that data and provide unified In-Place discovery across the Microsoft IW stack, including In-Placediscovery across Exchange SharePoint and Lync:Find it all in one place: one single experience for searching and preserving email, documents, site mailboxes, etc.Find what you need and only what you need: Be specific about what you want to search for and preserve to reduce discovery costs.Find it without user impact: Place no burden on the IW for preserving and searching for data; do it all in the background.2007: In Exchange/SharePoint 2007, there was no story for preservation, and search was very basic – it was command-line only in Exchange, and if you wanted the export, you had to use a commandlet or Outlook. SharePoint had GUI search but no way to export the results or review them In-Place. As a result, if you needed compliance, you would basically turn to third-party archive and third-party search and discovery tools.2010: In 2010, we added basic preservation per mailbox or per site so that you could begin keeping that data In-Place, and in Exchange we added the Exchange Control Panel discovery console so that you had a GUI experience for searching the data you keep. As a result, we reduced the need for third-party archives and search tools and started seeing a trend to keep data In-Place and search In-Place using the archive, preservation, and discovery.Exchange Preview: In Exchange Preview, we’re taking that core set of features and getting rid of the seams between the different products by giving you a one-stop shop for searches, preservation, and export. We’re also making improvements in preservation so that you can keep only the data you need to keep without keeping entire mailboxes or sites, which can end up being much more than you want. The goal at the end of this release is for customers to have the ability to keep all of their data In-Place and search it, taking out only small scoped sets of search results to put in high-powered review tools.
SituationExchange, SharePoint, and Lync include a range of granular hold options that allow customers to maintain content to help meet data-preservation requirements.Slide objectiveDescribe the features and functionality of identifying relevant content and placing it on hold.Talking PointsExchange, SharePoint, and Lync have In-Place hold that retains any edits made to email messages or deletions of email for those email items that are placed on hold. Altered items are captured in a recoverable items store within Exchange (similar for SharePoint) that is neither accessible to, nor changeable by, the user. InOutlook, you also have the option of displaying a customized notification banner to alert users that they are under hold.
SituationExchange includes very powerful analytics and statistics.Slide objectiveDescribe the features and functionality.Talking Points:Search and view content by project, legal matter, or business context – even site mailboxes.Save money when there is a litigation need by producing results quickly and efficiently.Do keyword searches using KQL – a language that has been further expanded to allow for things like proximity search.Adjust search results using modifiers and refiners.Instantly see results In-Place.This is an evolution of our compliance (v3) and search infrastructure (FAST).Data stays where it lives – In-Place – where it has the most relevance.
SituationExchange allows you to audit changes in mailboxes and configurations with built-in reports. Slide objectiveDescribe the features and functionality.Talking Points:Use these reports to find changes made to mailboxes and configuration settings. You can search for specific types of changes and export the results to a file that is sent to you or other users. You can also further create customized reports using Exchange Management Shell to output to .csv, .html, .txt, .xml, etc. Default reports:Run a non-owner mailbox access report:Search mailbox audit logs for mailboxes that have been accessed or changed by someone other than the owner. Export mailbox audit logs:Search for and export information about non-owner access to a mailbox. Run a litigation hold report:Search the administrator audit log for users who've had litigation hold enabled or disabled for their mailbox. Export the administrator audit log:Search for and export information about configuration changes made in your organization. Run an administrator role group report:Search the administrator audit log for changes made to role groups, which are used to assign administrative permissions to users.