Friday, 22 April 2016
Sunday, 10 April 2016
Email encryption is an added layer of security to protect being read by non-intended recipients. Even though office 365 is doing secured transmission using TLS (Transport Layer Security) OME is to build more secured mail transactions. Earlier office 365 version which is FOPE/Wave14 encryption needed separate Microsoft hosted Encryption license and tokens were issued by reputed service provider called “Voltage” but with multiple enhancement current version has got in built encryption technology in Office 365.
To enable encryption in Office365 all we need is the active Azure Rights Management License, Bu default it is available in E3 & E4 Subscriptions, for all other subscription you can purchase as an add on for just 2$/user/month.
Enabling Encryption is not that difficult: We just have to,
§ Activate Azure Rights Management License. (If already activated, proceed to next step)
§ Configure Azure Rights Management
§ Configure Transport Rule based on requirement
Activate Azure Rights Management License
1. Login to Office365 Portal
2. Service Settings on Left Pane- > Rights Management-> Manage
3. Click on “Activate”
Below is the screen, You will see post activation.
Configure Azure Rights Management:
2. Run : Get-IRMConfiguration & make sure IRM is not enabled (If already enabled, You saved lot of time, Just transport rule is pending)
Refer table & choose URL of your region.
RMS key sharing location
Office 365 for Government (Government Community Cloud)
Example : For asia below is IRM configuration
§ Set-IRMConfiguration -RMSOnlineKeySharingLocation “https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc”
§ Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
§ Run the following commands to disable IRM templates from being available in OWA and Outlook and then enable IRM for your cloud-based email organization to use IRM for Office 365 Message Encryption:
To disable IRM templates in OWA and Outlook:
Set-IRMConfiguration – ClientAccessServerEnabled $false
To enable IRM for Office 365 Message Encryption:
Set-IRMConfiguration -InternalLicensingEnabled $true
Post configuration you will see it as below:
To make sure all configured properly, You can run test by running “Test-IRMConfiguration -Sender email@example.com
Configure Transport Rule
Microsoft Technet has the detailed information on how to create transport rules with screenshot to apply encryption on messages. Based on your requirement you can customize the conditions to get the message encrypted.
Example, for me the encryption process should be simple so I need all my “High Importance” email should be encrypted, In this case I can simply click on “High Importance” button in Outlook/OWA and mails will be encrypted.
Below is the simple rule to achieve this requirement
After doing this all, I need to do is to simply click on “High Importance” and send the mail.
You can simply sign in using you Microsoft account, or use one time passcode to view the mail.
We can also create rule for confidential mails, By mentioning the condition for header Sensitivity: company-confidential.
Doing this we can change the sensitivity in outlook and send mails.
There are lot more you can do with transport rules to make it more effective way of processing mails.
Feel free to comment below for any suggestions or questions
Monday, 21 March 2016
Cloud Computing : The most familiar term in current technologies & there are many questions we have related to Cloud, But the real fact is “Yes” we all are on Cloud now :-) & there are miles to go, So what it is?:
Few years back someone asked me to make a simple definition for cloud who has no idea about Cloud, I answered: You can store or access your data over the internet from anywhere. This may sound so simple, But at background Cloud has got gigantic, structured infrastructure through which you can customize all your needs On-Demand & pay as you go. It is secured and most reliable, More than the technology security level, Mutual trust also plays a vital role to choose Cloud from major cloud service providers. There are Private, Public, Hybrid deployment modes are available. When I talk about Cloud to those who has no preference to cloud, the first thing comes to my mind : People don’t like change, Do not work in technology :-)
Cloud services typically have the following characteristics:
- Fast and efficient deployment
- Less or no capital investment
- Reliability, Scalability, Sustainability & Resource pooling
- Pay as you go, with no monthly commitment
- Customization is limited
- Highly automated with Utility based system
- There are few Cloud services I have explained below, all below technologies put together can also be called EaaS, Everything as a Services (*aaS), It has not only garnered excitement from technologists but has captured the attention of business leaders around the world.
IaaS: Infrastructure as a Service
Cloud infrastructure services or referred as Infrastructure as a Service (IaaS) is an offering form of Cloud Computing that provides secure virtualized resources over internet which are self-service models for accessing, monitoring, and managing remote data center infrastructures, this includes servers, storage, networking & firewalls.
IaaS users can manage applications, data, Runtime, middleware. IaaS platforms offers highly scalable resources that can be adjusted on-demand. There are lot the Major Cloud service Providers provides this IaaS and they have a wide variety of hardware and software combinations to choose from.
PaaS : Platform as a Service
Cloud Platform Services, also known as Platform as a Services is similar to IaaS with the major difference as there will no control for the users over the network, resources, servers etc, With that said PaaS typically provides no control. This indirectly explains that there will no costs involved for users to manage administration and service provider takes responsible to manage, administrate & and also the maintenance.
SaaS: Software as a Service
Cloud application services or referred as Software as a Service (SaaS) is a software licensing and delivery model, This can also be referred as “Software-on-Demand”, SaaS uses the web to deliver applications that are managed by a the service providers and whose interface is accessed over internet using Web interface.
Being web delivery model there is no need of any installation or complicated setup. Popular SaaS widely used for Email Messaging & Collaboration systems like Exchange, Sharepoint, Lync
Be in Cloud , Stay in Cloud & Enjoy Cloud :-)
Saturday, 12 March 2016
Attachments can be inspected by creating Exchange Transport rules, We had this option earlier however not really worked as expected, Now it is working as expected. This article applies for Exchange & Office365.
Below source : Technet
Conditions can be applied for transport rules:
|Condition name in EAC||Condition name in the Shell||Description|
|Any attachment file name matches these text patterns||This condition matches messages with supported file type attachments when those attachments have a name that contains the characters you specify.|
|Any attachment file extension includes these words||This condition matches messages with supported file type attachments when the file name extension matches what you specify.|
|Any attachment size is greater than or equal to||This condition matches messages with supported file type attachments when those attachments are larger than the size you specify.|
|Any attachment didn’t complete scanning||This condition matches messages when an attachment is not inspected by the transport rules agent.|
|Any attachment has executable content||This condition matches messages that contain executable files as attachments. The supported file types are listed here.|
|Any attachment is password protected||This condition matches messages with supported file type attachments when those attachments are protected by a password.|
The Exchange Management Shell names for the conditions listed here are parameters that require the
- Learn more about the cmdlet at New-TransportRule.
- Learn more about property types for these conditions at Conditions and Condition Properties for a Mailbox Server.
The transport agent uses true type detection by inspecting file properties rather than merely the file extensions. This helps to prevent malicious hackers from being able to bypass your rule by renaming a file extension. The following table lists the executable file types supported by these conditions. If a file is found that is not listed here, the
AttachmentIsUnsupportedcondition is triggered.
|Type of file||Native extension|
|Self-extracting archive file created with the WinRAR archiver.||.rar|
|32-bit Windows executable file with a dynamic link library extension.||.dll|
|Self-extracting executable program file.||.exe|
|Java archive file.||.jar|
|Uninstallation executable file.||.exe|
|Program shortcut file.||.exe|
|Compiled source code file or 3-D object file or sequence file.||.obj|
|32-bit Windows executable file.||.exe|
|Microsoft Visio XML drawing file.||.vxd|
|OS/2 operating system file.||.os2|
|16-bit Windows executable file.||.w16|
|Disk-operating system file.||.dos|
|European Institute for Computer Antivirus Research standard antivirus test file.||.com|
|Windows program information file.||.pif|
|Windows executable program file.||.exe|