Keeping Your Organization Safe with the new Exchange


Editor’s note: Beginning this week at the Microsoft Exchange Conference (MEC), you will have opportunities to have in-depth dialogues with the Exchange team – both in-person and virtually. We kick off this week with a blog post that highlights a need of organizations everywhere and of every size as they look towards ensuring they have control of their data in a secure and manageable fashion. We hope to continue the conversation with you this week at the conference, and in the future via the EHLO and Office Next blogs. Today Harv Bhela, General Manager for Exchange Program Management, joins Office Next to kick off the week.


Taming the Email Data Beast

This is the age of big data. Around the world, people are creating and transmitting data in unprecedented volume. At the same time, organizations have an extraordinary need to manage liability of this information. A survey conducted by Harris Interactive in March of 2012 showed that 68 percent of companies send sensitive data via email.[1] Another survey showed that 63 percent of organizations are extremely or very concerned about their organization losing sensitive data without their organization knowing it.

Enterprises face extraordinary challenges in keeping all this data safe. Staying ahead of ever-more-sophisticated external threats such as viruses, malware, and spam is a daunting task in businesses of all sizes. IT managers also need to comply with industry regulations by preserving data in a way that is both immutable and accessible. They must also deal with the risk that users will unintentionally create data leaks, typically due to a lack of awareness or education. For example, in April of 2012, a physician at the University of Arkansas for Medical Sciences emailed a document containing the un-redacted personal financial information of 7,000 patients to an outside party.[2] Businesses need tools that can prevent this type of common but potentially disastrous error.

While the responsibilities of IT professionals grow, their relative numbers dwindle. Over the next ten years, while worldwide data is expected to grow exponentially, the number of people employed in IT will increase only fractionally. With the ratio of data to IT professionals growing rapidly, it is becoming increasingly critical to enable workers to manage this email risk without hindering their productivity and experiences, and to automate and streamline the risk management process wherever possible. Microsoft understands and is addressing these challenges. The data protection and archiving features of Exchange are designed to help IT professionals take control of data protection and archiving in a big-data world. These new and improved features include:

  • Cloud-based email hygiene with Exchange Online Protection
  • Data Loss Prevention (DLP) technology to identify, monitor, and protect sensitive information
  • In-place email archiving, hold, and native data governance to preserve email as long as necessary
  • Advanced, yet easy-to-use eDiscovery tools to locate information in the organization
  • Integration with SharePoint supports safe team collaboration with site mailboxes

Move Email Protection to the Cloud with Exchange Online Protection

Exchange Online Protection is the Microsoft cloud-based email protection service, which works with Exchange on-premises and online. Companies using Exchange Online Protection no longer have to worry about the disparity between data volume and staff available to manage it. They also benefit from email protection that is continuously updated to deal with present and emerging threats. Microsoft security researchers constantly monitor spam, phishing, malware, and network attacks globally and update Exchange Online Protection to protect against them. Exchange Online Protection uses a sophisticated multi-engine malware detection approach to catch viruses and spam messages before they are delivered. Even the most security-conscious companies would find it difficult to maintain the level of security vigilance, innovation, and virtually unlimited scalability Exchange Online Protection provides.

To keep customers’ email available 24/7, Exchange Online Protection uses a globally load-balanced network of data centers to provide five nines (99.999 percent) network uptime. Exchange Online Protection can actually increase email reliability by queuing email for up to five days, eliminating bounces if on-premises email servers go down. Exchange Online Protection is also highly scalable: when organizations grow, Exchange Online Protection grows with them, seamlessly.

Moving email hygiene to the cloud also has a number of operational benefits. Microsoft has designed Exchange Online Protection to help customers offload the costly, repetitive, and unproductive aspects of email protection such as purchasing and servicing hardware, applying software updates, and managing network connections. At the same time, it gives customers control over what really matters to their businesses. Organizations can set specific filtering rules and policies through an easy-to-use, web-based administration tool. Exchange Online Protection also delivers comprehensive reporting, auditing, and message trace capabilities.

Use Sensitive Data Safely with Data Loss Prevention Technology

Many organizations handle personally identifiable information (PII), financial data, regulatory or other sensitive information in the daily course of business. They need ways to ensure data is sent and used appropriately, keeping it safe without affecting worker productivity. Data Loss Prevention (DLP) technology in Exchange uses deep content analysis to identify, monitor, and protect sensitive information.

Exchange administrators can easily create DLP policies in the Exchange Administration Console. DLP policies can include rules, actions, and exceptions, and uses the full power of Exchange transport rules. Upon identifying sensitive information, DLP can automatically take action such as applying Information Rights Management protection, appending a disclaimer, generating an audit log, sending the message for moderation, or preventing a message from being sent. DLP works with a new feature called Outlook Policy Tips that informs users of a potential policy violation before it occurs. Policy Tips help educate users about what sensitive data has been found in the email and can educate them about related company policies. This ongoing education helps users manage data appropriately and avoid sending sensitive data to unauthorized users. The DLP feature is a sophisticated system built into Exchange for helping users work with sensitive data safely and efficiently.

Manage Data with Large Mailboxes, In-Place Archiving, and Retention Policies

With growing volumes of email data, organizations used to face a difficult choice: keep email archives on slow, expensive, third-party archiving systems, or limit the amount of historical email available to users. With Exchange, organizations can provide users with large mailboxes and keep archived and current email data in one system through in-place archiving technology. This provides a number of advantages. Users can access archived and current email quickly and easily, and they no longer have to waste time managing their inboxes to stay within quotas. They also do not need to store messages in .PST files outside the control of Exchange administrators and backup policies.

From the perspective of IT, administrators have the flexibility to balance storage performance and cost to suit business needs. They can manage and search archived and current email through one interface and no longer need to deploy and maintain separate archiving infrastructure. This also means they have a single place to manage compliance and retention.

With large mailboxes, organizations need efficient, automated ways to manage message retention and expiration. Exchange provides easy-to-manage policies for controlling how long messages are kept so users do not have to worry about it. Retention policies can apply to messages, folders, or even entire mailboxes. Organizations can achieve all these benefits while choosing to keep Exchange archives on-premises or in the cloud using Exchange Online Archiving.

Making Data Tamper-Proof with Hold and Searching It Efficiently

Many organizations need the ability to capture and store email in a tamper-proof (or “immutable”) archive. HR policies or litigation can create the need to make content immutable. At one time, virtually the only way to enforce immutability was through journaling—basically, forwarding email to a special, separate archive deployed and managed independently from Exchange. Today, Exchange makes immutability simple with in-place hold. With this technology, an IT administrator can easily place a group, a user, a mailbox, or even individual items on hold from the web-based eDiscovery Center. Users on hold experience no change to their workflow, and there are no client plug-ins to manage.

The ability to search current, archived, and held email is critical in big data environments. Because it can keep archived and active email data in one system, Exchange makes such searches easy. In tandem with SharePoint, Exchange allows organizations to search email, instant messages, calendars, and contacts, as well as SharePoint documents, sites, file shares, blogs, wikis, and more, all from the eDiscovery Center. For greater efficiency, IT administrators can use role-based access control to delegate search, hold, retention policy management, and auditing to HR or legal personnel without providing full administrative privileges. Finally, auditing capabilities built into Exchange can record configuration changes and compliance activities. Audit logs can be used to prove due diligence and, if necessary, pinpoint tampering by an administrator.

Collaborate while Maintaining Compliance using Site Mailboxes

With site mailboxes, Exchange works with SharePoint to give users more ways to collaborate while keeping data safe. In a site mailbox, members of a SharePoint site can access project emails and documents in a central location place—right from Outlook on the desktop or the SharePoint site itself. Users view site mailbox emails just as they would any other Exchange message, while SharePoint enables versioning and coauthoring of documents. Site mailboxes can be searched using the Exchange eDiscovery Center, and the email and documents stored in site mailboxes can be put on legal hold. Additionally, site mailboxes adhere to the lifecycle policies applied to the SharePoint site with which they are associated, enabling automated retention and archiving of the entire site mailbox.

Turn Email Data from Challenge to Asset

Exchange helps organizations deal efficiently and effectively with the explosion in email data. A wide range of new technologies built into Exchange can reduce costs, improve security, and keep workers productive. Businesses can move email hygiene to the cloud with Exchange Online Protection, stopping viruses and spam before they get anywhere close to the company’s network. New DLP technology enables organizations to work with sensitive information safely and helps everyone in an organization better manage sensitive data. In-place archiving and large mailboxes offer better access to the information and organizational knowledge contained in past email while eliminating the need for third-party archives. Built-in eDiscovery functionality makes it easy to find needed information across held, archived, and current email. In tandem with SharePoint, organizations can search email, instant messages, calendars, and contacts, as well as SharePoint documents, sites, file shares, blogs, wikis, and more, all from the eDiscovery Center. Site mailboxes allow users to naturally work together – while compliance policies are applied behind the scenes. By integrating all of these data protection features into one system, Exchange greatly simplifies IT infrastructure and helps reduce costs. With Exchange, organizations can do more than tame vast and growing amounts of email data—they can turn it to their advantage.


– Harv Bhela
General Manager, Exchange Program Management