1 / 31

Microsoft Exchange Server 2013 Security

Microsoft Exchange Server 2013 Security. Mick Tomlinson– Technical Instructor New Horizons. Introducing Exchange 2013 New features Exchange 2013 Role Based Access Control Security. Introducing Exchange 2013. Exchange 2013 Top Features Exchange Admin Center Architecture Changes

tory
Télécharger la présentation

Microsoft Exchange Server 2013 Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Exchange Server 2013Security Mick Tomlinson– Technical Instructor New Horizons

  2. Introducing Exchange 2013 New features • Exchange 2013 Role Based Access Control Security

  3. Introducing Exchange 2013 • Exchange 2013 Top Features • Exchange Admin Center • Architecture Changes • Policy and Compliance • New Recipient Types • Some Other Stuff

  4. Exchange Top Features • Remain in Control • Move to the Cloud on your terms • Decrease the amount of time spent on management • Keep important data in one place • Do More, On Any Device • A clean, intuitive inbox experience • Working better together • Customize using OWA Apps

  5. Exchange Top Features • Keep Your Organization Safe • Protect sensitive data and enforce compliance policies • In-Place Discovery across Exchange, SharePoint and Lync from a single interface

  6. Exchange Admin Center • A single unified management console that allows for ease of use and is optimized for management of on-premises, online, or hybrid deployments • Replaces the Exchange 2010 Exchange Management Console and the Exchange Control Panel

  7. Exchange Admin Center • List View • Secure the Virtual Directory • Public Folder Management • Notifications • Role Based Access Control User Editor • Unified Messaging Tools

  8. Exchange Admin Center

  9. Architecture Changes • Exchange 2007 and 2010 • Five server roles primarily due to CPU limitations • Mailbox Server, Client Access Server • Hub Transport Server, Edge Transport Server • Unified Communications Server • Had several restrictions • Version Dependency • Geo Affinity • Session Affinity

  10. Architecture Changes • New Architecture in Exchange 2013 • Only Two Server Roles • Mailbox Server Role • Includes all the traditional server components: the Client Access protocols, Transport service, Mailbox databases, and Unified Messaging • Handles all activity for the active mailboxes on that server • Client Access Server Role • Provides authentication, limited redirection, and proxy services • Doesn’t perform any data rendering • No data is cached or stored on the CAS

  11. Architecture Changes • Some Benefits of the New Design • Version upgrade flexibility • Session indifference • Deployment simplicity • CAS is no longer limited to same site access • Three More Things • RPC is no longer a supported direct access protocol • Outlook clients no longer connect to FQDN but a new GUID address learned from Auto Discover • Exchange 2013 only supports Outlook 2007 and later

  12. Policy and Compliance • Data loss prevention (DLP) is a new feature in Exchange 2013 • Helps protect your sensitive data by either using built-in or custom policies • Helps to keep your organization safe from users mistakenly sending sensitive information to unauthorized people

  13. Policy and Compliance • In-Place Hold • In-Place eDiscovery • Simultaneous searches across primary and archive mailboxes • Archive Lync content • Retention Policy Improvements • Calendar and Task Retention Tags

  14. New Recipient Types • In addition to the recipient types Exchange 2013 carries over from previous versions, a few new ones have either been added or modified: • New Public Folders • Site Mailboxes • Shared Mailboxes

  15. New Recipient Types • New Public Folders • No more public folder databases • Public Folder hierarchy and content is now stored in special mailboxes • Public Folder replication is now handled by continues replication model used by the mailbox databases • This also means Exchange is moving away from a multi-master replication model towards a single-master replication model

  16. New Recipient Types • Site Mailboxes • Email and documents are traditionally kept in two unique and separate data repositories. This usually results in a reduction in user productivity and a degraded user experience • Site Mailboxes try to rectify this problem by providing a single interface to access mail stored in Exchange and documents stored in SharePoint

  17. New Recipient Types • Shared Mailboxes • Shared Mailboxes are mailboxes that are accessed by multiple users • Did exist in Exchange 2010 but had to be created in a separate multi step process • In Exchange 2013, Shared Mailbox is a type of recipient that can be created by a single step from the EAC

  18. Some Other Stuff • New OWA interface designed for smartphones and tablets • Batch mailbox moves • Improved and simplified setup process • Built-in Anti-Malware Protection • Includes Anti-Spam, Anti-Virus and Anti-Spyware • High Availability Enhancements • Automatic reseed • Automatic recovery

  19. Exchange 2013 RBAC Security • What is RBAC • What are the components of RBAC • What are Scopes?

  20. RBACRole Based Access Control • The permissions to perform certain tasks are granted to roles • Users are assigned roles based on their job functions. • Permissions are based on the task, rather than the resource. RBAC is the permissions model used by Exchange 2013

  21. Three ways to assign permissions • Direct user role assignment • Management Role Assignment Policies • Management Role Groups

  22. Direct User Role Assignment • Assigning management roles directly to users or groups without using a role group or a role assignment policy. • NOT RECOMMENDED!

  23. Management Role Assignment Policies • Collections of one or more end-user management roles. • Enable admins to specify how end-users can manage their own mailboxes and associated settings. • All users are assigned a Default Role Assignment Policy • Most organizations will choose to use the built in Default Role Assignment Policy

  24. Management Role Groups • universal security groups used in RBAC permissions model in Exchange 2010 • Simplifies the assignment of management roles to users • Assigned administrator and specialist user roles • Includes several built-in Role Groups, or uses custom Role groups created by Exchange Admins Adding or removing users and groups to Management Role Groups is how you most often assign permissions to administrators or specialist users

  25. Role Holders • Mailboxes that have been added as members of a Role Group

  26. Management Role Group • Universal Security Group that contains Role Holders. • Is assigned one or more Management Roles. • Is located in the “Microsoft Exchange Security Groups” OU in the forest root domain. Role Group

  27. Management Role • Container for one or more Management Role Entries • Logical grouping of cmdlets • Used to define specific tasks associated with a job duty Role

  28. Management Role Entries Role Entry Cmdlet Cmdlet Cmdlet • One or more cmdlets the role holder will be allowed to run • Role Entries can limit the parameters a cmdlet is allowed to touch • Role Entries can also reference scripts the role holder is allowed to execute. Role Entry Cmdlet: Param1 Param2 Param3

  29. RBAC Scopes • Scopes are used to control WHERE a role can be exercised. • Scopes are part of the Management Role Assignment that binds a Role to a Role Group

  30. Types of Scopes • Scopes can be Implicit or Explicit • Scopes can be Regular or Exclusive • Custom scope types: • OU Scope • Recipient Filter Scope • Configuration Scope

  31. Thanks for ComingMick Tomlinsonmtomlinson@nhaustin.com

More Related