Comment contrôler l’information, archiver légalement, être compliant avec les réglementation et lutter contre la fuite des données dans Exchange 2013
•Télécharger en tant que PPTX, PDF•
1 j'aime•954 vues
Cette session abordera les problématiques d'archivage légal (à valeur probante), les aspects de respects des normes et des diverses reglementations. Nous entrerons dans le détail des outils de DLP (Data Loss Prevention), d'eDiscovery, de retention légale, les boites aux lettres de site.
Recommandé
Recommandé
Contenu connexe
Plus de Microsoft
Plus de Microsoft (20)
Comment contrôler l’information, archiver légalement, être compliant avec les réglementation et lutter contre la fuite des données dans Exchange 2013
- 1. Archivage, Conformité , DLP, rechercher et prouver avec Exchange server 2013 Matthieu Parfus Principal Consultant Guy Groeneveld Principal PFE Christophe Horny Avant-Vente Exchange Office / B2B / LOB / Entreprise
- 2. Fonctions / limitations Archivage Régulation Prévention contre la fuite de données Audit et recherche
- 3. Préserver et rechercher des e-mail, sans changer l’expérience utilisateur ou administrateur Préserver Rechercher Archivage intégré Gouvernance Audit Rechercher / Prouver Boîte d’archive avec Automatiser le déplacement Conserver, historiser et Interface Web, multi boites quota spécifique et a durée de vie sur des prouver Recherche dans : la boite Utiliser et administrer critère de temps Conservation basée sur le principale, la boite d’archive, nativement par Outlook Définir des politiques sur des critère de temps éléments supprimés /OWA/ECP éléments / des dossiers Granularité des données Relégable via un rôle Disponible on-premises, Date d’expiration visible dans audit d’auditeur légal online, ou Hybride les messages Notification optionnel Déduplication après recherche Audit pour prouver l’application des règles
- 4. Préserver et rechercher les données Office, sans changer l’expérience utilisateur ou administrateur Préserver Rechercher Archive intégré Gouvernance Audit Rechercher / Prouver Archives Lync dans Interface utilisateur identique Fenêtre de temps sur la Fédération de la recherche Exchange entre OWA et Outlook pour mise en audit multi produits : Exchange, la gestion des SharePoint, Lync Recherche dans la boite Recherche des mises en principale et d’archive via enregistrements audit multi produits : Outlook & OWA Exchange, SharePoint, Lync Prévisualisation des données avant export
- 5. Chapitre 1 ARCHIVAGE Office / B2B / LOB / Entreprise
- 8. Cloud Archive (EOA)* Fully Hosted Primary Archive Primary On-Premise Archive On-Premise Cloud Cloud Hybrid* Primary Primary Archive Archive Cloud On-Premise *Requires 2010 SP1 or higher On-Premises
- 9. Activer ou modifier rapidement
- 10. Recherche intégrée Rechercher sur la boîte et son archive
- 11. Chapitre 2 RÉGULATION Office / B2B / LOB / Entreprise
- 12. Politique de suppression Politique de ‘archivage (gestion de la boite aux lettres)
- 13. Menu unique pour les politiques d’archivage et durée de vie
- 14. Politique de durée de vie et délais d’expiration Attribuer à un élément individuel, un dossier ou tous les e-mails
- 15. Conditions Actions Conditions Exceptions Actions Exceptions
- 16. Chapitre 3 PRÉVENTION DES PERTES DE DONNÉES Office / B2B / LOB / Entreprise
- 17. Les données sensibles, grâce à une analyse approfondie du contenu sont : • Identifiées • Supervisées • Protégées
- 18. Permet aux utilisateurs de gérer leur conformité Donne une information contextuelle Fonctionne même en mode déconnecté Peut être personnalisé par les administrateurs sur le contenu 18
- 19. Les Stratégies DLP Un outil flexible qui permet d’avoir le bon niveau de contrôle REVALIDE ALERTE CHIFFRE autorise REDIRIGE Autorise le Délivre de contourner Bloque et mail avec avec accès redirige un warning restreint MOINS RESTRICTIF TRES RESTRICTIF CLASSIFIE SUSPEND RENSEIGNE autorise le Bloque en INTERDIT Autorise le mail avec attendant N’émet pas mail avec un une une Disclaimer. information validation
- 20. 20
- 21. Règles prédéfinies pour détecter des données sensibles Combinaison d'expressions régulières, de dictionnaire et de fonctions internes (exemple : valider le checksum d’une carte de crédit) Extensible 21
- 22. Fonctionnement de l’analyse de contenu Exemples Lecture Joseph F. Foster Ce contenu déclenche la règle du Visa: 4485 3647 3952 7352 contenu Expire: 2/2012 ACME Travel, I have received updated credit card information for Joseph 4485 3647 3952 7352 Un nombre à 16 Détection didgit est détecté Joseph F. Foster Visa: 4485 3647 3952 7352 Expires: 2/2012 1. 4485 3647 3952 7352 Checksum Valide Please update his travel profile. Analyse 2. 1234 1234 1234 1234 Non valide Indices Ce contenu ne déclenche pas la règle 1. ”Visa” proche du nombre à 16 digit suppléme Hi Alex, 2. Idem pour la date ”2/2012” ntaires I expect to be in Hawai too. My booking code is 1234 1234 1234 1234 and I’ll be there on 3/2012 1. Une expression régulière valide Verdict 2. Des indices renforcent la conviction Regards, lisa
- 23. Conditions Actions Exceptions 23
- 24. Evaluation de la strategie Audit & mise à jour du Configuration DLP suivi de messages Admin Distribution des policy tips Information des utilisateurs Outlook Information Workers
- 25. Audit data Classification Details de la règle 25
- 26. Exchange DLP Reporting and Auditing Vue d'ensemble des résultats DLP Disponible seulement avec Office 365 http://www.microsoft.com/en- us/download/details.aspx?id=3071 6
- 27. Chapitre 4 AUDIT ET RECHERCHE Office / B2B / LOB / Entreprise
- 31. KQL-based searches – including proximity search Instant statistics 31
- 32. 32
- 33. Donnez votre avis ! Depuis votre smartphone, sur : http://notes.mstechdays.fr De nombreux lots à gagner toutes les heures !!! Claviers, souris et jeux Microsoft… Merci de nous aider à améliorer les TechDays http://notes.mstechdays.fr
- 34. Développeurs Pros de l’IT http://aka.ms/generation-app Formez-vous en ligne www.microsoftvirtualacademy.com http://aka.ms/evenements- developpeurs Retrouvez nos évènements http://aka.ms/itcamps-france Les accélérateurs Faites-vous accompagner Windows Azure, Windows Phone, gratuitement Windows 8 Essayer gratuitement nos http://aka.ms/telechargements solutions IT La Dev’Team sur MSDN Retrouver nos experts L’IT Team sur TechNet http://aka.ms/devteam Microsoft http://aka.ms/itteam
Notes de l'éditeur
- Intro Office / B2B / LOB / entreprise
- SituationTo keep up with growing and changing regulatory environments, organizations need custom, easy-to-implement email archiving capabilities that do not interfere with user workflows.Slide objectiveThe audience should understand how they can get robust email archiving and discovery tools without burdening the IT department or users.Talking pointsExchange Previewoffers you new,integrated email archiving toolsthat can help you preserveand discover email data,without having to change the way your usersor IT adminswork.This latest releaseincludes such features as:An In-Place Archive that seamlessly surfaces in both Outlook and Outlook Web App.This secondary mailboxappears as a set of foldersin your users’ email clients,allowing them to use familiar tools and actions to manage both live and archived email data. For administrators,the very same admin tools used to manage other aspects of Exchange,such as the Exchange Administration Center or PowerShell,can be used to configureand enable this In-Place Archive.Retention policiesthat allow IT staff to define,deploy,and automate the expiryand archiving of email data. These new policiesare both granularand flexible,and can be set at either the folderor item level. Exchange Previewhas an in-placehold policythat,when enabled on a user’s items,retains any editsor deletions made by the user under hold. This feature also enables rolling holdcapabilityto allow holds for a period of time.The new, easy-to-use eDiscovery Center can be delegated to specialist users such as a compliance officeror human resources personnel, to conduct e-discovery taskswithout having to generate additional overhead for the IT department. This also allows compliance officers to set time-based In-Place Holds to ensure that data is held for specific periods of time for eDiscovery purposes. Query-based In-Place Hold allows a compliance officer the ability to specify filters such as date, document type, sender, and free text keyword query language (KQL) (there are others). If these filters are met, the data will be kept on hold.
- SituationTo keep up with growing and changing regulatory environments, organizations need custom, easy-to-implement email archiving capabilities that do not interfere with user workflows.Slide objectiveThe audience should understand how they can get robust email archiving and discovery tools without burdening the IT department or users.Talking pointsExchange Previewoffers you new,integrated email archiving toolsthat can help you preserveand discover email data,without having to change the way your usersor IT adminswork.This latest releaseincludes such features as:An In-Place Archive that seamlessly surfaces in both Outlook and Outlook Web App.This secondary mailboxappears as a set of foldersin your users’ email clients,allowing them to use familiar tools and actions to manage both live and archived email data. For administrators,the very same admin tools used to manage other aspects of Exchange,such as the Exchange Administration Center or PowerShell,can be used to configureand enable this In-Place Archive.Retention policiesthat allow IT staff to define,deploy,and automate the expiryand archiving of email data. These new policiesare both granularand flexible,and can be set at either the folderor item level. Exchange Previewhas an in-placehold policythat,when enabled on a user’s items,retains any editsor deletions made by the user under hold. This feature also enables rolling holdcapabilityto allow holds for a period of time.The new, easy-to-use eDiscovery Center can be delegated to specialist users such as a compliance officeror human resources personnel, to conduct e-discovery taskswithout having to generate additional overhead for the IT department. This also allows compliance officers to set time-based In-Place Holds to ensure that data is held for specific periods of time for eDiscovery purposes. Query-based In-Place Hold allows a compliance officer the ability to specify filters such as date, document type, sender, and free text keyword query language (KQL) (there are others). If these filters are met, the data will be kept on hold.
- Les blocs de couleurs sont éditables et peuvent reprendre la couleur du type de session qui est donnée.Idem pour les textes.
- SituationEmail volume continues to grow, driven by the nearly ubiquitous use of email as the core communications tool for businesses. At many organizations, mailboxes are too small to accommodate this growth, forcing employees to spend time deleting email messages or moving them to .PST files to stay under quota. Your employees may wonder why their personal email accounts have multi-gigabyte storage limits while their work email accounts are a fraction of the size. Small mailbox quotas are not just an inconvenience for your users. Undersized mailboxes can lead to the proliferation of .PST files. Because .PST files exist outside the Exchange server, they are difficult for you to manage, difficult to search for legal discovery purposes, insecure, and rarely backed up. Slide objectiveCommunicate the benefits of large mailboxes and In-Place Archives.Talking pointsWe think of large mailboxes as allowing you to store at least a year’s worth of messages in the one mailbox.TimeItemsMailbox size (MB)1 Day 200 15 1 Month 4000 ~300 1 Year 52,000 ~3800 4 Years 208,000 ~15000 User profile: 160 receive + 40 send /day profile, 75 KB, no deletions, five-day work week
- SituationThe In-Place Archive features of Exchange deliver a familiar user experience in Outlook 2007, Outlook 2010, and Outlook Web App.Slide objectiveDescribe the features and functionality of In-Place Archiving in Exchange.NotesA specialized Exchange mailbox configured and associated with the user’s primary mailbox.Unlimited storage quota for subscriptions, which include Exchange Online Archiving and Exchange Online (Plan 2).Provides users with a familiar experience by seamlessly surfacing in both Outlook and Outlook Web App.Users can employthe same skills and methods they already use today to interact with archived email; e.g., drag and drop email to folders.Create folders and categorize.Conduct searches and filter results.Reply to messages and set flags.COMPETITIVE: This is a big differentiator versus Google and other third-party archiving products. Other archiving products require a separate user interface for management and for end user access. Having this integrated seamlessly is a strength. (Refers to above 6.)Talking PointsFirst there is the In-Place Archive. This is a secondary mailbox that is enabled and associated with a user’s primary Exchange account. To help deliver a familiar experience for your users the In-Place Archive appears like any other folder or opened PST file in both Outlook and Outlook Web App.This means your users can easily interact with their archived email utilizing the same methods they already use today like dragging and dropping email from the Inbox to other folders. Searching for messages across either live or archived email is the same experience including having rich options for filtering the search results such as only showing messages that include attachments or that have been tagged with a specific category.Administrators using existing Exchange management tools can set a separate quota for the archived mailbox independent from the primary mailbox. And utilizing the enhanced retention policies framework in Exchange 15, you can define policies that automatically move email into a user’s In-Place Archive based on specific time-based criteria.These two mailboxes (the primaryand the In-Place Archive can live in the same Exchange database or in an separate store) allows you to benefit from a range of Exchange 15 mailbox resiliency and storage innovations.
- SituationExchange allows you to quickly provision an In-Place Archive and the associated policies and quotas. Slide objectiveDescribe the features and functionality.Talking Points:Easily add on-premises orcloud-based archiving capabilities for on-premises mailboxesdirectly in theExchange Administration Center (EAC). Deployment can be done either on-premises, natively withinExchange Online, or via Exchange Online Archiving – a stand-alone offering attached to ExchangeServer or Exchange Online.EAC can be used to provision the In-Place Archive. If theprimary mailboxislater moved to the cloud, the In-Place Archive moves with it.
- SituationThe search features of Exchange deliver a familiar user experience in both Outlook 2010, the new Outlook, and Outlook Web App. Slide objectiveDescribe the features and functionality of end user search, specific to the In-Place Archive.Talking PointsIt is painful and inefficient for users to deal with one experience when working with live email, and yet another when needing to do the same action in their In-Place Archive. In Exchange Preview, we are working toward making your users’ lives easier. For example, you can perform a search in the same manner in both live email and In-Place Archive, or you can easily search both at the same time. Search results are returned quickly in the same window, and you can see them in a unified conversation view, for easier traversal.This integrates new search technology based on SharePoint Search and FAST technology.COMPETITIVE: This is a differentiator against Postini (yet to be determined against Google Vault). Differentiator against third-party archiving products.
- Les blocs de couleurs sont éditables et peuvent reprendre la couleur du type de session qui est donnée.Idem pour les textes.
- SituationExchange includes a range of policies that allow customers to automate the deletion and mailbox management of email and other Exchange data to meet data-retention requirements.Slide objectiveDescribe the features and functionality.Talking PointsExchange includes a retention policy approach aimed at providing IT administrators and users with a flexible and granular way to set policies on email retention and location without impacting user productivity.For example, your IT staff can set default retention policies across your organization that determine how long messages should be retained. They can also create a series of Retention Policies that your users can select and apply to individual messages or folders to ensure that proper message expiry is set on important email. Additionally, move policies (archive policy) can be defined and set to determine if and when an email message should be automatically moved to the In-Place Archive. And it’s worth noting that when these messages are moved to the In-Place Archive, the folder hierarchy from the user’s primary mailbox is preserved; this is a great benefit for those who rely on filing as a means to manage their communications.It’s also worth noting that you do not need to enable the In-Place Archive to implement these retention policies or the hold policy described in the deck (NOTE: the exception is the “Archive Policy”).DetailsArchive Policy (Mailbox Management)Automatically move content to In-Place Archive.Time-based criteria (such as email older than two years).Preserves primary mailbox folder hierarchy.Retention Policy (Expiration)Automatically delete content.Time-based criteria (such as email older than two years).Retention policies travel with archived messages.Can combine:Automatically move message to the In-Place Archive after x months, then delete from the In-Place Archive after y months.More specific policies override generic defaults.
- SituationExchange includes a range of policies that allow customers to automate the deletion and archiving of email and other Exchange data to meet data retention requirements.Slide objectiveDescribe the features and functionality of policies in Outlook and Outlook Web App.Talking PointsYou have the ability to allow your users to select retention and archive policies at the folder, conversation, or individual message level. This helps reduce interrupting a user’s normal workflow (whether they are a “filer” or a “piler”) when retention policies need to be affected across important email data. Outlook and Outlook Web App display retention policy details andperhaps more importantly the date the message will expire right in the message preview pane. This means your users no longer need to monitor a specific folder to learn which messages may be expiring soon.
- SituationExchange includes a range of policies that allow customers to automate the deletion and archiving of email and other Exchange data to meet data-retention requirements.Slide objectiveDescribe the features and functionality of policies in Outlook and Outlook Web App.Talking PointsYou have the ability to allow your users to select retention and archive policies at the folder, conversation, or individual message level. This helps reduce interrupting a user’s normal workflow (whether they are a “filer” or a “piler”) when retention policies need to be affected across important email data. Outlook displays retention policy details and, perhaps more importantly, the date the message will expire right in the message preview pane. This means your users no longer need to monitor a specific folder to learn which messages may be expiring soon.COMPETITIVE: This is a differentiator versus Google and other third-party archiving products – especially without add-ins. Other products will purge a message without the user being aware of what is coming. Allowing visibility into the behind-the-scenes retention is important for users.
- Les blocs de couleurs sont éditables et peuvent reprendre la couleur du type de session qui est donnée.Idem pour les textes.
- Les blocs de couleurs sont éditables et peuvent reprendre la couleur du type de session qui est donnée.Idem pour les textes.
- Our goal is to keep a hold of that data and provide unified In-Place discovery across the Microsoft IW stack, including In-Placediscovery across Exchange SharePoint and Lync:Find it all in one place: one single experience for searching and preserving email, documents, site mailboxes, etc.Find what you need and only what you need: Be specific about what you want to search for and preserve to reduce discovery costs.Find it without user impact: Place no burden on the IW for preserving and searching for data; do it all in the background.2007: In Exchange/SharePoint 2007, there was no story for preservation, and search was very basic – it was command-line only in Exchange, and if you wanted the export, you had to use a commandlet or Outlook. SharePoint had GUI search but no way to export the results or review them In-Place. As a result, if you needed compliance, you would basically turn to third-party archive and third-party search and discovery tools.2010: In 2010, we added basic preservation per mailbox or per site so that you could begin keeping that data In-Place, and in Exchange we added the Exchange Control Panel discovery console so that you had a GUI experience for searching the data you keep. As a result, we reduced the need for third-party archives and search tools and started seeing a trend to keep data In-Place and search In-Place using the archive, preservation, and discovery.Exchange Preview: In Exchange Preview, we’re taking that core set of features and getting rid of the seams between the different products by giving you a one-stop shop for searches, preservation, and export. We’re also making improvements in preservation so that you can keep only the data you need to keep without keeping entire mailboxes or sites, which can end up being much more than you want. The goal at the end of this release is for customers to have the ability to keep all of their data In-Place and search it, taking out only small scoped sets of search results to put in high-powered review tools.
- SituationExchange, SharePoint, and Lync include a range of granular hold options that allow customers to maintain content to help meet data-preservation requirements.Slide objectiveDescribe the features and functionality of identifying relevant content and placing it on hold.Talking PointsExchange, SharePoint, and Lync have In-Place hold that retains any edits made to email messages or deletions of email for those email items that are placed on hold. Altered items are captured in a recoverable items store within Exchange (similar for SharePoint) that is neither accessible to, nor changeable by, the user. InOutlook, you also have the option of displaying a customized notification banner to alert users that they are under hold.
- SituationExchange includes very powerful analytics and statistics.Slide objectiveDescribe the features and functionality.Talking Points:Search and view content by project, legal matter, or business context – even site mailboxes.Save money when there is a litigation need by producing results quickly and efficiently.Do keyword searches using KQL – a language that has been further expanded to allow for things like proximity search.Adjust search results using modifiers and refiners.Instantly see results In-Place.This is an evolution of our compliance (v3) and search infrastructure (FAST).Data stays where it lives – In-Place – where it has the most relevance.
- SituationExchange allows you to audit changes in mailboxes and configurations with built-in reports. Slide objectiveDescribe the features and functionality.Talking Points:Use these reports to find changes made to mailboxes and configuration settings. You can search for specific types of changes and export the results to a file that is sent to you or other users. You can also further create customized reports using Exchange Management Shell to output to .csv, .html, .txt, .xml, etc. Default reports:Run a non-owner mailbox access report:Search mailbox audit logs for mailboxes that have been accessed or changed by someone other than the owner. Export mailbox audit logs:Search for and export information about non-owner access to a mailbox. Run a litigation hold report:Search the administrator audit log for users who've had litigation hold enabled or disabled for their mailbox. Export the administrator audit log:Search for and export information about configuration changes made in your organization. Run an administrator role group report:Search the administrator audit log for changes made to role groups, which are used to assign administrative permissions to users.
- Notation