SlideShare une entreprise Scribd logo

Managing Encryption in Office 365

Télécharger en tant que PPTX, PDF
Joel Brda
Joel Brda

IRM, OME, S/MIME, and more: Managing Encryption in Exchange Online In this webinar we’ll cover all the different types of encryption available in Exchange Online. We’ll talk about everything from how to set each encryption technology up, to when is the best time to use each technology. If your organization is using Office 365, but is not taking advantage of the built-in encryption technology available, you won’t want to miss this session.

Internet
1  sur  48
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Managing Encryption in Exchange Online
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T @enowconsulting Find us! ENow Software ENowSoftware ENowSoftware.com Some of ENow’s Loyal Customers • Microsoft Silver ISV & Messaging Microsoft Partner • Focused on building software solutions that simplify the life of IT administrators • Software architected by MVPs with >15 years experience in high-end Microsoft consulting and management • Customers in over 60 countries ENow Software About ENow
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T About the Speaker • Office 365 MVP • Microsoft Certified Solutions Master: Messaging • Consultant @ SPS (spscom.com) • @MCSMLab • Nathan@MCSMLab.com • Linkedin.com/in/nathanobryan • http://www.mcsmlab.com
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Introduction • Why encrypt? • Transport Layer Security • Office 365 Message Encryption • Information Rights Management • Secure/Multipurpose Internet Mail Extensions
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Why encrypt email? • The vast majority of email is sent over the Internet in plain text • Reasons to encrypt: • Compliance • Protect organizational Intellectual Property • Security • Expand your job role
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T About compliance • Four main areas to focus on when thinking about compliance o Retain and Remove o Discover and Search o Protection against disclosure o Protection against misuse • In this webcast, we’ll be focusing on protecting against disclosure and misuse
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Transport Layer Security (TLS) • TLS creates a point to point encrypted tunnel between two organizations • Using specific connectors, TLS sends all traffic between two organizations over port 587 • Domain Secure is not available in Office 365
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Domain Security in Exchange On-prem • TLS + end user notification that message delivery is secured • Uses mutual TLS • Requires edge servers
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring TLS • Office 365 Admin Portal > Exchange > mail flow > connectors • + to add a new connector • From: Office 365 • To: Partner organization • Next
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring TLS • Give the new connector a name and description that will be meaningful to your organization’s IT staff • Next
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring TLS • Specify the domain or domains that you want to use this connector • Next • On the next page, specify if you want to route messages via MX record or to a specific smart host
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring TLS • Check the box to use TLS, and specify the details for the expected certificate • Confirm your settings on the final page of the wizard • After the configuration runs, you’ll be asked to provide an email address to use in validating the connector
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T When is TLS the right choice? • Many users in your organization send many sensitive messages to another organization • Message traffic between two separate organizations are considered internal • It can be set up between two separate Office 365 tenants
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Office 365 Message Encryption (OME) • Simple way for users to send secure messages over the internet • Using transport rules, OME will secure messages that meet specific conditions • OME encrypted messages can be sent to users on any platform
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME • North America: Set-IRMConfiguration - RMSOnlineKeySharingLocation https://sp- rms.na.aadrm.com/TenantManagement/ ServicePartner.svc • European Union: Set-IRMConfiguration - RMSOnlineKeySharingLocation https://sp- rms.eu.aadrm.com/TenantManagement/ ServicePartner.svc • Asia-Pacific: Set-IRMConfiguration - RMSOnlineKeySharingLocation https://sp- rms.ap.aadrm.com/TenantManagement/ ServicePartner.svc
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME • Import- RMSTrustedPublishingDo main -RMSOnline -name “RMS Online” • Set-IRMConfiguration - InternalLicensingEnabled $True
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME • Adding Disclaimer and branding • Get-OMEConfiguration • Set-OMEConfiguration
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME Customize this feature Use commands Default text Set-OMEConfiguration -Identity <OMEConfigurationIdParameter> -EmailText "up to 1024 characters" Disclaimer statement Set-OMEConfiguration -Identity <OMEConfigurationIdParameter> DisclaimerText "1024 characters" Text at the top of the encrypted mail portal Set-OMEConfiguration -Identity <OMEConfigurationIdParameter> -PortalText "128 characters" Logo Set-OMEConfiguration -Identity <OMEConfigurationIdParameter> -Image <Byte[]>
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Using OME
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T When is OME the right choice? • Users need to send secure email to recipients outside your organization • Recipients may be on any email platform • Users and/or recipients may not have technical sophistication for S/MIME
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Rights Management Services (RMS) • Uses encryption to enforce usage rights on messages and documents • Using controls in Office applications (or OWA) users can apply templates to messages and documents • Most functionality of RMS works best within the same organization
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T RMS options Feature RMS for Office 365 EMS or Azure RMS Standalone Users can create and consume protected content by using Windows clients and Office applications yes yes Users can create and consume protected content by using mobile devices yes yes Integrates with Exchange Online, SharePoint Online, and OneDrive for Business yes yes Integrates with Exchange Server 2013/Exchange Server 2010 and SharePoint Server 2013/SharePoint Server 2010 on-premises via the RMS connector yes yes Administrators can create departmental templates yes yes Organizations can create and manage their own RMS tenant key in a hardware security module (the Bring Your Own Key solution) yes yes Supports non-Office file formats: Text and image files are natively protected; other files are generically protected yes yes RMS SDK for all platforms: Windows, Windows Phone, iOS, Mac OSX, and Android yes yes Integrates with Windows file servers for automatic protection with FCI via the RMS connector yes Preview: Users can track usage of their documents During preview only yes Preview: Users can revoke access to their documents During preview only yes https://technet.microsoft.com/en-us/network/dn858608.aspx
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring RMS • See OME section • Three default templates o Do Not Forward o Company – Confidential - View, Reply, Reply All, Save, Edit, and Forward. o Company – Confidential View Only - View • Use advanced features button to create new templates • On-premises AD can be used for RMS in Exchange Online
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring RMS Advanced features > Rights Management
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T RMS Sharing App • https://portal.azurerms.com • Allows you to see who has opened your RMS protected documents • Allows you to revoke access
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Using RMS • Templates that start with Company are only useable within that tenant • Do Not Forward template can be used with other Office 365 tenants, but does not work well with non-Office 365 mail systems • BYOK is available in Azure AD, but currently does not work with RMS • RMS is not a foolproof protector against violations • Templates are usable in other Office applications
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T When is RMS the right choice? • Sensitive documents and messages need to be protected internally • Recipients need time limited access to documents and messages • Should be considered a tool to assist users in following policy
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Secure/Multipurpose Internet Mail Extensions (S/MIME) • Developed in 1995, V3 in 1999 and achieved wide acceptance • Provides: oDigital signatures oEnd-to-end message encryption
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Obstacles to using S/MIME • Not all email software supports S/MIME • Because S/MIME encryption and decryption is done at client, message traffic is not inspected by transport stack • Requires SSL certificate to be installed on client machine
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME digital signatures Digital signatures provide: • Authentication • Nonrepudiation • Data integrity Digital signatures DO NOT provide: • Confidentiality
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME signing process When a message is signed: • The text of the message and the user’s private key are processed together • The output is a signature that is appended to the message When recipient receives a message: • The digital signature process is repeated using public key • The output is compared to the original signature
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME message encryption Message encryption provides: • Confidentiality • Data integrity Message encryption DOES NOT provide: • Authentication • Nonrepudiation
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME message encryption • S/MIME message encryption works backward • You install an SSL certificate so others can send you encrypted messages
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME digital signatures + message encryption • Both can be applied to the same message • Provides all the benefits • For added security, use one certificate for signing and one certificate for encryption • By default OWA “triple wraps” messages that are signed and encrypted • Outlook does not “triple wrap” messages, but can read triple-wrapped messages
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring S/MIME • Install your SSL certificate on your PC - Free certificate from http://startssl.com/ • Certmgr.msc • Export • Select Microsoft Serialized Certificate Store (.SST)
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring S/MIME • $sst = Get-Content <sst filename>.sst -Encoding Byte • Set-SmimeConfig - SMIMECertificateIssuingCA $sst • Outlook > File > Options > Trust Center > Trust Center Settings… > Email Security > Settings…
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME with on-premises PKI • You can use an on-premises PKI to set up S/MIME in Office 365 • Once on-premises CA is in place, enabling S/MIME for users is much the same process
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Using S/MIME in Outlook • Options > More Options • Security settings
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Using S/MIME in OWA • From new message select … • Show message options • Under options > S/MIME you can set default to encrypt and/or sign all messages • Must install S/MIME control on each PC in addition to certificate
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME messages
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T When is S/MIME the right choice? • Small number of sophisticated users send and receive many highly sensitive messages • IT staff has the technical knowledge to manage complex encryption • Sensitive messages need to be secured from end to end
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T What doesn’t work in Exchange Online • Journal report decryption • Outlook Protection Rules • Domain Security
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Summary • Why encrypt? • Transport Layer Security • Office 365 Message Encryption • Information Rights Management • Secure/Multipurpose Internet Mail Extensions • Questions?
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Q&A
A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Thank You www.enowsoftware.com

Recommandé

Information security principles an understanding
Information security principles an understandingInformation security principles an understanding
Information security principles an understandingHelpWithAssignment.com
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Active-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxActive-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxMeriemBalhaddad
 
Presentation On Com Dcom
Presentation On Com DcomPresentation On Com Dcom
Presentation On Com DcomBharat Kumar Katur
 
Information retrieval introduction
Information retrieval introductionInformation retrieval introduction
Information retrieval introductionnimmyjans4
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecturerahuldaredia21
 
Hitachi Content Platform
Hitachi Content PlatformHitachi Content Platform
Hitachi Content PlatformIndika Dias
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 

Recommandé

Information security principles an understanding
Information security principles an understandingInformation security principles an understanding
Information security principles an understandingHelpWithAssignment.com
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Active-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxActive-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxMeriemBalhaddad
 
Presentation On Com Dcom
Presentation On Com DcomPresentation On Com Dcom
Presentation On Com DcomBharat Kumar Katur
 
Information retrieval introduction
Information retrieval introductionInformation retrieval introduction
Information retrieval introductionnimmyjans4
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecturerahuldaredia21
 
Hitachi Content Platform
Hitachi Content PlatformHitachi Content Platform
Hitachi Content PlatformIndika Dias
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
ORDBMS
ORDBMSORDBMS
ORDBMSbaabtra.com - No. 1 supplier of quality freshers
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
It8073 information security syllabus
It8073 information security syllabusIt8073 information security syllabus
It8073 information security syllabusssuserb2f734
 
Assignment 4-it409-IT Security & Policies questions and answers
Assignment 4-it409-IT Security & Policies questions and answersAssignment 4-it409-IT Security & Policies questions and answers
Assignment 4-it409-IT Security & Policies questions and answersKarthik Srinivasan
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Multimedia Database
Multimedia Database Multimedia Database
Multimedia Database Avnish Patel
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureAdeel Javaid
 
Data warehouse architecture
Data warehouse architectureData warehouse architecture
Data warehouse architecturepcherukumalla
 
Data warehousing and online analytical processing
Data warehousing and online analytical processingData warehousing and online analytical processing
Data warehousing and online analytical processingVijayasankariS
 
System security
System securitySystem security
System securitysommerville-videos
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainNapoleon NV
 
Major issues in data mining
Major issues in data miningMajor issues in data mining
Major issues in data miningSlideshare
 
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION OPERATING SYSTEMS DESIGN AND IMPLEMENTATION
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION sathish sak
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Database concepts
Database conceptsDatabase concepts
Database conceptsHarry Potter
 
3 Data Mining Tasks
3 Data Mining Tasks3 Data Mining Tasks
3 Data Mining TasksMahmoud Alfarra
 
Bioinformatioc: Information Retrieval - II
Bioinformatioc: Information Retrieval - IIBioinformatioc: Information Retrieval - II
Bioinformatioc: Information Retrieval - IIDr. Rupak Chakravarty
 
Schemas for multidimensional databases
Schemas for multidimensional databasesSchemas for multidimensional databases
Schemas for multidimensional databasesyazad dumasia
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
IBM Domino Hybrid cloud configuration
IBM Domino Hybrid cloud configurationIBM Domino Hybrid cloud configuration
IBM Domino Hybrid cloud configurationKris De Bisschop
 
talk
talktalk
talkJohn Hines
 

Contenu connexe

Tendances

Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
It8073 information security syllabus
It8073 information security syllabusIt8073 information security syllabus
It8073 information security syllabusssuserb2f734
 
Assignment 4-it409-IT Security & Policies questions and answers
Assignment 4-it409-IT Security & Policies questions and answersAssignment 4-it409-IT Security & Policies questions and answers
Assignment 4-it409-IT Security & Policies questions and answersKarthik Srinivasan
 
Multimedia Database
Multimedia Database Multimedia Database
Multimedia Database Avnish Patel
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureAdeel Javaid
 
Data warehouse architecture
Data warehouse architectureData warehouse architecture
Data warehouse architecturepcherukumalla
 
Data warehousing and online analytical processing
Data warehousing and online analytical processingData warehousing and online analytical processing
Data warehousing and online analytical processingVijayasankariS
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainNapoleon NV
 
Major issues in data mining
Major issues in data miningMajor issues in data mining
Major issues in data miningSlideshare
 
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION OPERATING SYSTEMS DESIGN AND IMPLEMENTATION
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION sathish sak
 
Bioinformatioc: Information Retrieval - II
Bioinformatioc: Information Retrieval - IIBioinformatioc: Information Retrieval - II
Bioinformatioc: Information Retrieval - IIDr. Rupak Chakravarty
 
Schemas for multidimensional databases
Schemas for multidimensional databasesSchemas for multidimensional databases
Schemas for multidimensional databasesyazad dumasia
 

Tendances (20)

ORDBMS
ORDBMSORDBMS
ORDBMS
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
 
It8073 information security syllabus
It8073 information security syllabusIt8073 information security syllabus
It8073 information security syllabus
 
Assignment 4-it409-IT Security & Policies questions and answers
Assignment 4-it409-IT Security & Policies questions and answersAssignment 4-it409-IT Security & Policies questions and answers
Assignment 4-it409-IT Security & Policies questions and answers
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Multimedia Database
Multimedia Database Multimedia Database
Multimedia Database
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architecture
 
Data warehouse architecture
Data warehouse architectureData warehouse architecture
Data warehouse architecture
 
Data warehousing and online analytical processing
Data warehousing and online analytical processingData warehousing and online analytical processing
Data warehousing and online analytical processing
 
System security
System securitySystem security
System security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
 
Major issues in data mining
Major issues in data miningMajor issues in data mining
Major issues in data mining
 
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION OPERATING SYSTEMS DESIGN AND IMPLEMENTATION
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Database concepts
Database conceptsDatabase concepts
Database concepts
 
3 Data Mining Tasks
3 Data Mining Tasks3 Data Mining Tasks
3 Data Mining Tasks
 
Bioinformatioc: Information Retrieval - II
Bioinformatioc: Information Retrieval - IIBioinformatioc: Information Retrieval - II
Bioinformatioc: Information Retrieval - II
 
Schemas for multidimensional databases
Schemas for multidimensional databasesSchemas for multidimensional databases
Schemas for multidimensional databases
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 

Similaire à Managing Encryption in Office 365

IBM Domino Hybrid cloud configuration
IBM Domino Hybrid cloud configurationIBM Domino Hybrid cloud configuration
IBM Domino Hybrid cloud configurationKris De Bisschop
 
[Collinge] Office 365 Enterprise Network Connectivity Using Published Office ...
[Collinge] Office 365 Enterprise Network Connectivity Using Published Office ...[Collinge] Office 365 Enterprise Network Connectivity Using Published Office ...
[Collinge] Office 365 Enterprise Network Connectivity Using Published Office ...European Collaboration Summit
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Mark Adcock
 
Collaborez en sécurité dans #Office365 avec #RMS
Collaborez en sécurité dans #Office365 avec #RMSCollaborez en sécurité dans #Office365 avec #RMS
Collaborez en sécurité dans #Office365 avec #RMSSoumaya Toumi
 
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...Priyanka Aash
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Amazon Web Services
 
Salesforce shield &amp; summer 20 release
Salesforce shield &amp; summer 20 releaseSalesforce shield &amp; summer 20 release
Salesforce shield &amp; summer 20 releaseDevendra Sawant
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Office 365 in today's digital threats landscape: attacks & remedies from a ha...
Office 365 in today's digital threats landscape: attacks & remedies from a ha...Office 365 in today's digital threats landscape: attacks & remedies from a ha...
Office 365 in today's digital threats landscape: attacks & remedies from a ha...panagenda
 
Office365 in today's digital threats landscape: attacks & remedies from a hac...
Office365 in today's digital threats landscape: attacks & remedies from a hac...Office365 in today's digital threats landscape: attacks & remedies from a hac...
Office365 in today's digital threats landscape: attacks & remedies from a hac...Benedek Menesi
 
Featured Webinar: How T&T Motors used Email Archival and Ediscovery to contro...
Featured Webinar: How T&T Motors used Email Archival and Ediscovery to contro...Featured Webinar: How T&T Motors used Email Archival and Ediscovery to contro...
Featured Webinar: How T&T Motors used Email Archival and Ediscovery to contro...Vaultastic
 
Troubleshooting Exchange Hybrid Deployments
Troubleshooting Exchange Hybrid DeploymentsTroubleshooting Exchange Hybrid Deployments
Troubleshooting Exchange Hybrid DeploymentsENow Software
 
The Future of Enterprise Identity Management
The Future of Enterprise Identity ManagementThe Future of Enterprise Identity Management
The Future of Enterprise Identity ManagementOneLogin
 
M365VM-Kai Stenberg - 5 ways to succeed on Teams Telephony.pptx
M365VM-Kai Stenberg - 5 ways to succeed on Teams Telephony.pptxM365VM-Kai Stenberg - 5 ways to succeed on Teams Telephony.pptx
M365VM-Kai Stenberg - 5 ways to succeed on Teams Telephony.pptxKai Stenberg
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore apponix123
 

Similaire à Managing Encryption in Office 365 (20)

IBM Domino Hybrid cloud configuration
IBM Domino Hybrid cloud configurationIBM Domino Hybrid cloud configuration
IBM Domino Hybrid cloud configuration
 
talk
talktalk
talk
 
Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL Explained
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Data security and compliancy in Office 365
Data security and compliancy in Office 365Data security and compliancy in Office 365
Data security and compliancy in Office 365
 
[Collinge] Office 365 Enterprise Network Connectivity Using Published Office ...
[Collinge] Office 365 Enterprise Network Connectivity Using Published Office ...[Collinge] Office 365 Enterprise Network Connectivity Using Published Office ...
[Collinge] Office 365 Enterprise Network Connectivity Using Published Office ...
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3
 
Back to Front Vision for Mithi's Collaboration Environment
Back to Front Vision for Mithi's Collaboration Environment Back to Front Vision for Mithi's Collaboration Environment
Back to Front Vision for Mithi's Collaboration Environment
 
Collaborez en sécurité dans #Office365 avec #RMS
Collaborez en sécurité dans #Office365 avec #RMSCollaborez en sécurité dans #Office365 avec #RMS
Collaborez en sécurité dans #Office365 avec #RMS
 
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
 
Salesforce shield &amp; summer 20 release
Salesforce shield &amp; summer 20 releaseSalesforce shield &amp; summer 20 release
Salesforce shield &amp; summer 20 release
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
Office 365 in today's digital threats landscape: attacks & remedies from a ha...
Office 365 in today's digital threats landscape: attacks & remedies from a ha...Office 365 in today's digital threats landscape: attacks & remedies from a ha...
Office 365 in today's digital threats landscape: attacks & remedies from a ha...
 
Office365 in today's digital threats landscape: attacks & remedies from a hac...
Office365 in today's digital threats landscape: attacks & remedies from a hac...Office365 in today's digital threats landscape: attacks & remedies from a hac...
Office365 in today's digital threats landscape: attacks & remedies from a hac...
 
Featured Webinar: How T&T Motors used Email Archival and Ediscovery to contro...
Featured Webinar: How T&T Motors used Email Archival and Ediscovery to contro...Featured Webinar: How T&T Motors used Email Archival and Ediscovery to contro...
Featured Webinar: How T&T Motors used Email Archival and Ediscovery to contro...
 
Troubleshooting Exchange Hybrid Deployments
Troubleshooting Exchange Hybrid DeploymentsTroubleshooting Exchange Hybrid Deployments
Troubleshooting Exchange Hybrid Deployments
 
The Future of Enterprise Identity Management
The Future of Enterprise Identity ManagementThe Future of Enterprise Identity Management
The Future of Enterprise Identity Management
 
M365VM-Kai Stenberg - 5 ways to succeed on Teams Telephony.pptx
M365VM-Kai Stenberg - 5 ways to succeed on Teams Telephony.pptxM365VM-Kai Stenberg - 5 ways to succeed on Teams Telephony.pptx
M365VM-Kai Stenberg - 5 ways to succeed on Teams Telephony.pptx
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 

Dernier

Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 

Dernier (20)

Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 

Managing Encryption in Office 365

  • 1. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Managing Encryption in Exchange Online
  • 2. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T @enowconsulting Find us! ENow Software ENowSoftware ENowSoftware.com Some of ENow’s Loyal Customers • Microsoft Silver ISV & Messaging Microsoft Partner • Focused on building software solutions that simplify the life of IT administrators • Software architected by MVPs with >15 years experience in high-end Microsoft consulting and management • Customers in over 60 countries ENow Software About ENow
  • 3. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T
  • 4. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T About the Speaker • Office 365 MVP • Microsoft Certified Solutions Master: Messaging • Consultant @ SPS (spscom.com) • @MCSMLab • Nathan@MCSMLab.com • Linkedin.com/in/nathanobryan • http://www.mcsmlab.com
  • 5. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Introduction • Why encrypt? • Transport Layer Security • Office 365 Message Encryption • Information Rights Management • Secure/Multipurpose Internet Mail Extensions
  • 6. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Why encrypt email? • The vast majority of email is sent over the Internet in plain text • Reasons to encrypt: • Compliance • Protect organizational Intellectual Property • Security • Expand your job role
  • 7. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T About compliance • Four main areas to focus on when thinking about compliance o Retain and Remove o Discover and Search o Protection against disclosure o Protection against misuse • In this webcast, we’ll be focusing on protecting against disclosure and misuse
  • 8. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Transport Layer Security (TLS) • TLS creates a point to point encrypted tunnel between two organizations • Using specific connectors, TLS sends all traffic between two organizations over port 587 • Domain Secure is not available in Office 365
  • 9. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Domain Security in Exchange On-prem • TLS + end user notification that message delivery is secured • Uses mutual TLS • Requires edge servers
  • 10. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring TLS • Office 365 Admin Portal > Exchange > mail flow > connectors • + to add a new connector • From: Office 365 • To: Partner organization • Next
  • 11. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring TLS • Give the new connector a name and description that will be meaningful to your organization’s IT staff • Next
  • 12. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring TLS • Specify the domain or domains that you want to use this connector • Next • On the next page, specify if you want to route messages via MX record or to a specific smart host
  • 13. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring TLS • Check the box to use TLS, and specify the details for the expected certificate • Confirm your settings on the final page of the wizard • After the configuration runs, you’ll be asked to provide an email address to use in validating the connector
  • 14. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T When is TLS the right choice? • Many users in your organization send many sensitive messages to another organization • Message traffic between two separate organizations are considered internal • It can be set up between two separate Office 365 tenants
  • 15. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Office 365 Message Encryption (OME) • Simple way for users to send secure messages over the internet • Using transport rules, OME will secure messages that meet specific conditions • OME encrypted messages can be sent to users on any platform
  • 16. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME
  • 17. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME • North America: Set-IRMConfiguration - RMSOnlineKeySharingLocation https://sp- rms.na.aadrm.com/TenantManagement/ ServicePartner.svc • European Union: Set-IRMConfiguration - RMSOnlineKeySharingLocation https://sp- rms.eu.aadrm.com/TenantManagement/ ServicePartner.svc • Asia-Pacific: Set-IRMConfiguration - RMSOnlineKeySharingLocation https://sp- rms.ap.aadrm.com/TenantManagement/ ServicePartner.svc
  • 18. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME • Import- RMSTrustedPublishingDo main -RMSOnline -name “RMS Online” • Set-IRMConfiguration - InternalLicensingEnabled $True
  • 19. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME
  • 20. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME • Adding Disclaimer and branding • Get-OMEConfiguration • Set-OMEConfiguration
  • 21. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring OME Customize this feature Use commands Default text Set-OMEConfiguration -Identity <OMEConfigurationIdParameter> -EmailText "up to 1024 characters" Disclaimer statement Set-OMEConfiguration -Identity <OMEConfigurationIdParameter> DisclaimerText "1024 characters" Text at the top of the encrypted mail portal Set-OMEConfiguration -Identity <OMEConfigurationIdParameter> -PortalText "128 characters" Logo Set-OMEConfiguration -Identity <OMEConfigurationIdParameter> -Image <Byte[]>
  • 22. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Using OME
  • 23. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T When is OME the right choice? • Users need to send secure email to recipients outside your organization • Recipients may be on any email platform • Users and/or recipients may not have technical sophistication for S/MIME
  • 24. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Rights Management Services (RMS) • Uses encryption to enforce usage rights on messages and documents • Using controls in Office applications (or OWA) users can apply templates to messages and documents • Most functionality of RMS works best within the same organization
  • 25. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T RMS options Feature RMS for Office 365 EMS or Azure RMS Standalone Users can create and consume protected content by using Windows clients and Office applications yes yes Users can create and consume protected content by using mobile devices yes yes Integrates with Exchange Online, SharePoint Online, and OneDrive for Business yes yes Integrates with Exchange Server 2013/Exchange Server 2010 and SharePoint Server 2013/SharePoint Server 2010 on-premises via the RMS connector yes yes Administrators can create departmental templates yes yes Organizations can create and manage their own RMS tenant key in a hardware security module (the Bring Your Own Key solution) yes yes Supports non-Office file formats: Text and image files are natively protected; other files are generically protected yes yes RMS SDK for all platforms: Windows, Windows Phone, iOS, Mac OSX, and Android yes yes Integrates with Windows file servers for automatic protection with FCI via the RMS connector yes Preview: Users can track usage of their documents During preview only yes Preview: Users can revoke access to their documents During preview only yes https://technet.microsoft.com/en-us/network/dn858608.aspx
  • 26. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring RMS • See OME section • Three default templates o Do Not Forward o Company – Confidential - View, Reply, Reply All, Save, Edit, and Forward. o Company – Confidential View Only - View • Use advanced features button to create new templates • On-premises AD can be used for RMS in Exchange Online
  • 27. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring RMS Advanced features > Rights Management
  • 28. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T RMS Sharing App • https://portal.azurerms.com • Allows you to see who has opened your RMS protected documents • Allows you to revoke access
  • 29. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Using RMS • Templates that start with Company are only useable within that tenant • Do Not Forward template can be used with other Office 365 tenants, but does not work well with non-Office 365 mail systems • BYOK is available in Azure AD, but currently does not work with RMS • RMS is not a foolproof protector against violations • Templates are usable in other Office applications
  • 30. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T When is RMS the right choice? • Sensitive documents and messages need to be protected internally • Recipients need time limited access to documents and messages • Should be considered a tool to assist users in following policy
  • 31. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Secure/Multipurpose Internet Mail Extensions (S/MIME) • Developed in 1995, V3 in 1999 and achieved wide acceptance • Provides: oDigital signatures oEnd-to-end message encryption
  • 32. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Obstacles to using S/MIME • Not all email software supports S/MIME • Because S/MIME encryption and decryption is done at client, message traffic is not inspected by transport stack • Requires SSL certificate to be installed on client machine
  • 33. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME digital signatures Digital signatures provide: • Authentication • Nonrepudiation • Data integrity Digital signatures DO NOT provide: • Confidentiality
  • 34. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME signing process When a message is signed: • The text of the message and the user’s private key are processed together • The output is a signature that is appended to the message When recipient receives a message: • The digital signature process is repeated using public key • The output is compared to the original signature
  • 35. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME message encryption Message encryption provides: • Confidentiality • Data integrity Message encryption DOES NOT provide: • Authentication • Nonrepudiation
  • 36. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME message encryption • S/MIME message encryption works backward • You install an SSL certificate so others can send you encrypted messages
  • 37. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME digital signatures + message encryption • Both can be applied to the same message • Provides all the benefits • For added security, use one certificate for signing and one certificate for encryption • By default OWA “triple wraps” messages that are signed and encrypted • Outlook does not “triple wrap” messages, but can read triple-wrapped messages
  • 38. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring S/MIME • Install your SSL certificate on your PC - Free certificate from http://startssl.com/ • Certmgr.msc • Export • Select Microsoft Serialized Certificate Store (.SST)
  • 39. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Configuring S/MIME • $sst = Get-Content <sst filename>.sst -Encoding Byte • Set-SmimeConfig - SMIMECertificateIssuingCA $sst • Outlook > File > Options > Trust Center > Trust Center Settings… > Email Security > Settings…
  • 40. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME with on-premises PKI • You can use an on-premises PKI to set up S/MIME in Office 365 • Once on-premises CA is in place, enabling S/MIME for users is much the same process
  • 41. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Using S/MIME in Outlook • Options > More Options • Security settings
  • 42. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Using S/MIME in OWA • From new message select … • Show message options • Under options > S/MIME you can set default to encrypt and/or sign all messages • Must install S/MIME control on each PC in addition to certificate
  • 43. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T S/MIME messages
  • 44. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T When is S/MIME the right choice? • Small number of sophisticated users send and receive many highly sensitive messages • IT staff has the technical knowledge to manage complex encryption • Sensitive messages need to be secured from end to end
  • 45. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T What doesn’t work in Exchange Online • Journal report decryption • Outlook Protection Rules • Domain Security
  • 46. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Summary • Why encrypt? • Transport Layer Security • Office 365 Message Encryption • Information Rights Management • Secure/Multipurpose Internet Mail Extensions • Questions?
  • 47. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Q&A
  • 48. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Thank You www.enowsoftware.com

Notes de l'éditeur

  1. https://freedom.press/encryption-works
  2. https://en.wikipedia.org/wiki/Transport_Layer_Security https://blogs.office.com/2015/06/29/enhancing-mail-flow-security-for-exchange-online/
  3. https://technet.microsoft.com/en-us/library/bb124392(v=exchg.141).aspx
  4. https://technet.microsoft.com/en-us/library/ms.exch.eac.connectorselection(v=exchg.150).aspx http://www.expta.com/2014/03/troubleshooting-tls-smtp-connections-to.html http://checktls.com/
  5. To configure OME, first you need to active IRM on your tenant. In the Office 365 Admin Center > service settings > rights management You will be redirected to the page on the right. Choose “activate”.
  6. Remaining configuration is done in PowerShell. Connect to your tenant via remote PowerShell designate your IRM online key sharing location.
  7. http://www.microsoft.com/en-us/download/details.aspx?id=34768 http://windowsitpro.com/exchange-server/encryption-exchange-online-part-4
  8. http://windowsitpro.com/exchange-server/encryption-exchange-online-part-5
  9. https://en.wikipedia.org/wiki/S/MIME
  10. http://windowsitpro.com/exchange-server/encryption-exchange-online-part-6