Join David Elfassy for an in-depth discussion in this video Managing Exchange compliance settings, part of Administration for Cloud-Based Office 365.
- View Offline
Compliance management has become a key functionality of managing your emails within your Exchange online infrastructure. As part of your office 365 deployment, you now have the ability to control your messages and to see who has access, and what content is stored in user mailboxes. This can be key in discovery processes, whether for legal purposes or auditing purposes. So let's take a look at some of those functionalities. The first one we see here is in place eDiscovery & hold.
Now, in place eDiscovery & hold actually gives me the ability to discover content that's stored in user mailboxes, or hold the content that's been discovered. Now by hold, I mean the user is prevented from actually deleting an email that contains specific key words that I've specified as my criteria in my hold. Now, this is a good functionality in order to ensure that an email retains in my infrastructure and is not deleted by a user. Now, here, for example, I've created an eDiscovery & hold, where I've specified the hold status of yes, which means that the information that is discovered is going to be retained, and there's information in terms of what is going to be searched here.
Now I'm searching everything that has the word meeting for demonstration purpose only. In place eDiscovery & hold are not available for all subscriptions of Office 365, only for specific enterprise subscription plans. Now, we've got the auditing functionality. Auditing functionality gives us the ability to run reports that give us information about who has access mailboxes, or even who has modified configurations in our Office 365 deployment, so let's take a look at some of these.
One of those that I really like to look at is the admin audit log, and if I click on the admin audit log, I actually can create a filter that tells me which days of audit activity do I want to view. Now, in my scenario, here I'm going to look at the last 15 days, and it will show me what actions were performed in my Exchange online environment. Now, you see here that these are listed as command lits. Now, the command lits are the actual commands that run in the background of Exchange online.
Even though we were using a graphical, web-based interface, in the background, real commands are being issued to Exchange online. These commands can be used within Powershell. In a later video in this course, we'll look at how we modify Exchange online by using Powershell, so take a look at these here. This set user command lit was run, and this set user command lit modified an object here. Also, I can run a non-owner mailbox access report. This is a very useful report that provides you the ability to see if an administrator has accessed the mailbox of a user.
Now, that is key information in ensuring that there are no rogue administrators in your organization that are accessing mailboxes of users and deleting or even viewing the content inside those mailboxes. The users themselves may not know that their mailbox is being accessed, but you can identify this information by running this report. Several reports can also be emailed. If I click export the admin auto log, I will be provided the option to email the report to an administrator, and you can choose one of the contacts within the organization to whom you can email the report.
Next, we've got data loss prevention. Now, DLP, or data loss prevention, is a functionality that gives you the ability to notify users when they're sending an email that contains specific private information, or prevent them from sending the emails with that private information. If they are going to be notified, they are going to be notified by what we call policy tips. Those are similar to the mail tips we discussed in an earlier video in this course. If you're going to prevent the users from sending that email, that will be done through rules.
Now, the rules are created through templates. Let me show you how that works. Within my interface here, I can create a new DLP policy, so DLP again, data loss prevention, policy, from a specific template. Now, the policies are created based on geographical requirements. Some of these requirements based on legal functionality, so legal requirements. Now, I'm from Canada, so I'm going to show you that we have some that are related to the Canada Health Information Act, so these are specific requirements where we are preventing information such as passport numbers and health information, such as health card registration information, from being transferred over email, so if I select this, and let me give it a name, so I'm going to call this the Canada Health Policy, and I'm going to click save, and by doing that, it's going to create a set of rules, or a number of rules in my organization, that are based on searching specifically for information that would be deemed to circumvent the Canada Health Information Act, and those are based on pre-programmed sets of number sequences, or types of keywords that would be detected as the emails are transferred to the organization.
Those would be typical types of words or numbers that contain health information. So now my DLP policy has been created. Now let me just go and inspect it to show you what's been created in here. Again, my policy here. I can choose to enable or disable this policy. It's enabled by default. Now note that the mode of this policy is set to test with DLP policy without policy tips, which means we're only testing this policy. We're only auditing the results of this policy. We're not actually enforcing this policy from preventing emails to flow through our organization.
If I click on rules, I see the rules that are associated with my DLP policy. Now, these rules are actual transport rules, the same kind of rules that we saw in a previous video in the course that allowed us to manipulate emails going in and out of our organization. Manipulations, such as applying a disclaimer to all emails that are being sent to a specific distribution list, so here, I can specify that if I'm going to scan text limit exceeded, so there's a specific text that's going to be scanned in here, in the messages based on the policy, and the rule mode again is going to be to only audit this.
This means I would have to run a report to be able to see how many messages were affected by this rule. I'm not going to actually prevent users from sending emails that contain that private health information. If I go back in my general page, and I click enforce, I want you to note the change that I'm going to be performing. I'm going to click save here, and once I go back into my rules, you will note that now all my rules are set with enforce, and the enforce parameter will specify that now if an email matches one of the criterias, one of these rules, then an action in the rule will be performed, and the action in the rule might be to prevent the email from actually going out of the organization.
Again, data loss prevention rules are implemented through transport rules, and even though we control them through this interface over here, they are truly transport rules. Retention policies are available in Exchange online in order to ensure that email gets deleted or archived after a specific time frame. Now, if I have email that has been stored in my mailbox for x number of years, I can specify that a criteria set will define that all email messages in a specific folder that are older than x number of days will automatically be archived or deleted, based on a specific criteria that I set.
This is specified in a default MRN policy that exists in my Exchange online organization by default. I didn't have to create this one. It was created by Office 365. However, I can create additional MRN policies, and then apply those policies to the mailboxes. If I look in the properties of a recipient, you will note that each recipient has a retention policy defined. The default one is always defined to our users, unless we go and we specify a different policy.
The criterias within the policy will define whether email messages will be deleted after a specific period of time. What types of messages can also be modified from our retention tags? So our retention policy contains retention tags. Those retention tags identify the types of messages, or which folders they're located in, and the retention policies group those retention tags together and apply them to specific sets of users.
Now, general rules interact with retention policies, except they're a little bit different where they actually don't move messages, delete messages, archive messages. They just tell you about what messages are falling within your retention policies. Now, you can create general rules that actually list the information, or the specific messages that are affected by a retention.
- Managing global subscription settings, domain names, and user settings
- Managing Exchange mailboxes
- Implementing Exchange distribution and security groups
- Using Message Trace
- Implementing Exchange rules
- Managing SharePoint compliance settings
- Managing Lync settings
- Using remote PowerShell to manage Office 365