Product Information > Tours

Microsoft Exchange Server 2007 Compliance Tour

Introduction

Microsoft Exchange Server 2007 provides a flexible set of compliance tools that can be configured to meet the unique needs of your organization. While the compliance needs of some organizations are motivated by government requirements, other organizations must comply with industry regulations. Still other organizations may have litigation concerns driving their compliance needs.

With this tour we will explore how Exchange Server 2007 can help your organization achieve its compliance goals.

*
On This Page
Microsoft Exchange Server 2007 Topology OverviewMicrosoft Exchange Server 2007 Topology Overview
Transport RulesTransport Rules
Ethical WallsEthical Walls
Filtering Personal InformationFiltering Personal Information
Message ClassificationMessage Classification
Journaling Administrative ExperienceJournaling Administrative Experience
Journaling Reports and ArchivingJournaling Reports and Archiving
Messaging Records Management Administrative ExperienceMessaging Records Management Administrative Experience
Messaging Records Management User ExperienceMessaging Records Management User Experience

Microsoft Exchange Server 2007 Topology Overview

Microsoft Exchange Server 2007 Topology Overview

With Exchange Server 2007, all e-mail messages flow through the Hub Transport server role. By having all e-mail messages pass through the Hub Transport server role Exchange Server 2007 can enforce global mail flow controls.

The two required server roles are:

Mailbox – Hosts mailboxes, public folders, and core services, including calendaring

Hub Transport – Provides internal routing and a policy engine for enforcing compliance rules

The three optional server roles are:

Client Access – Provides Outlook Web Access, mobility, and Web services

Unified Messaging – Integrates with PBX systems for voice mail, fax receiving, and voice access services

Edge Transport – Acts as an SMTP gateway, providing antivirus, anti-spam, and messaging security services (If implemented, this server role should be deployed in the perimeter network)

Top of pageTop of page

Transport Rules

Transport Rules

Transport Rules are centrally configured at the organization level and influence mail flow. Transport Rules are very flexible and can be used to handle a variety of mail flow issues.

Ethical Walls, the filtering of personal information (SSNs, account numbers, etc.), and Message Classifications, which flags messages for special handling, can all be set with Transport Rules. Additional items can be configured with Transport Rules such as:

Adding legal disclaimers to e-mail messages

Blind copying messages to additional senders

Blocking messages with enhanced status codes

Top of pageTop of page

Ethical Walls

Ethical Walls

An ethical wall helps to isolate an individual or group from information to which they should not have access. Here you can see a Transport Rule that would configure an ethical wall between a financial company’s research analysts and their traders. Financial organizations need to ensure the integrity of their transactions, and to do so they often disallow communications between research analysts and traders. Transport Rules simplify configuration for the administrator by using the information, such as distribution lists and people, which have already been entered in Active Directory directory service.

Transport Rules follow the familiar pattern of Outlook rules so they’re intuitive and easy to configure. Once conditions and actions have been configured exceptions can also be added. For example, an exception to the ethical wall could be communications that have the word “emergency” in the subject line. Another feature of Exchange Server 2007 that helps administrators communicate policies to the users is the ability to configure custom non-Delivery Reports, also known as NDRs, to give rich troubleshooting information.

Top of pageTop of page

Filtering Personal Information

Filtering Personal Information

The ability to filter personal information is crucial in many environments. In addition to filtering based on Active Directory information, filtering can also be performed based on subject or message content. You can ensure that Social Security or account numbers are not accidentally sent outside the organization. Additionally you may want to limit which users or distribution list members are allowed to e-mail certain types of information.

In the screen above a Transport Rule is being created that will filter Social Security numbers1. \d is a variable that represents a digit and the pattern with hyphens maps to the pattern of a social security number. The variables can be used to ensure that numbers or text with certain patterns, like a Social Security number, account number, or employee ID number, cannot go to the wrong recipient.

Top of pageTop of page

Message Classification

Message Classification

Microsoft Exchange Server 2007 introduces Message Classifications, which allow administrators and users to flag messages for special handling. You can choose to create message classifications that are unique to your organization, or you can choose to use Message Classifications are built-in to Exchange Server 2007. The built-in classifications include:

A/C Privilege (Attorney-Client Privilege) – Applies a banner and adds information to the header of the message, explaining that the message contains privileged information

Company Confidential – Works with Microsoft Windows Rights Management Services for Windows Server 2003 to ensure that only individuals with correct permissions are able to read protected company information

Company Internal – Works with Microsoft Windows Rights Management Services for Windows Server 2003 to block messages from being sent to external recipients (individuals outside the organization)

While there may be times that all messages should have a classification applied (like using company internal when discussing trade secrets), there are other times when only the user will know that a classification is appropriate (like adding A/C privilege to a message for a unique question). Message Classifications can be applied to messages in transit by using Transport Rules and they can also be selected by the user through Microsoft Outlook or Outlook Web Access.

Top of pageTop of page

Journaling Administrative Experience

Journaling Administrative Experience

Many government regulations require that organizations journal e-mail for some, or all, users. Journaling sends a copy of a message to a secondary location, typically called an archive. Exchange Server 2007 can journal to any archive that has an SMTP address. An archive could be an Exchange mailbox, an Exchange Hosted Archive or a third party archiving solution.

There have been substantial improvements to journaling in Exchange Server 2007. Journaling can be done on a per-database, per-distribution list, or on a per-user basis. Additionally journaling can be configured for only certain types of mail (for example only internal or external mail) or mail that meets criteria established in Transport Rules. Journaling can also be configured for messages that are moved into Managed Folders. Managed Folders help users store information they need and delete information which is obsolete.

Top of pageTop of page

Journaling Reports and Archiving

Journaling Reports and Archiving

Journaling sends a copy of a message to an archive. The message copy is attached to a journal report which includes specific information about the message to facilitate discovery and faster searches. Exchange Server 2007 journal reports expand BCC and distribution list information. Forwarded mailboxes are also listed.

Top of pageTop of page

Messaging Records Management Administrative Experience

Messaging Records Management Administrative Experience

Messaging Records Management can be used for compliance, data retention, and mailbox management needs. Messaging Records Management helps ensure that your users are effectively managing their mailbox. Settings can be configured by the administrator and pushed to the user or the user can add managed folders to their Mailbox through a Web interface. Items placed in Managed Folders can also be journaled to an archive.

In addition to custom Managed Folders, Messaging Records Management lets you set policies on the default Mailbox folders. The Inbox, Sent Items, etc can all be configured to handle items in specific and customizable ways. For example, an administrator could choose to set a 150-day limit on the Inbox. Once an e-mail message is more than 150 days old, it could be permanently deleted, moved to the deleted items folder or moved to a custom Managed Folder.

Top of pageTop of page

Messaging Records Management User Experience

Messaging Records Management User Experience

Managed Folders help users store information they need, and delete information which is obsolete. Both age limits and size limits can be configured for Managed Folders. In addition an administrator can configure Managed Folders to journal messages to an archive for long term retention.

Managed Folders are easy for the end user to use. Managed Folders display under the user’s Mailbox and users can add sub-folders to the tree to help them organize their information and increase their productivity. Different Managed Folders can be configured for different users so that each user has the folders that are appropriate for their role.

1Social Security numbers are nine-digit numbers issued to citizens and other residents of the United States of America to uniquely identify those individuals for taxation and benefit purposes. Because the number is linked to an individual’s identity for use in sensitive health care and financial records, its use and disclosure in both public and private transactions is generally closely controlled and often regulated.

Top of pageTop of page