Messaging policy and compliance – Exchange 2016

There are many new and updated message policy and compliance functional features in Exchange 2016.

 

Email has turn out to be a reliable and ubiquitous communication medium for information exchange among employees in the organizations of all sizes. Messaging stores and mailboxes are turning our as repositories of valuable data.

 

It’s imperative for organizations to formulate messaging policies which dictate the fair use of their messaging systems, offer user guidelines for how to act on the policies, and where needed, provide details regarding the types of communication which may not be permitted.

 

Organizations should also design and develop policies to manage email lifecycle, retain and sustain messages for the length of time depending upon business, legal, and regulatory needs, and preserve to retain email records for litigation and investigation purposes, and be ready to search and provide the required email records to fulfill eDiscovery needs.

 

The following given table depicts an overview of the messaging policy and compliance functional features in Microsoft Exchange Server 2016 :

 
 

Characteristics Detail Description
In-Place Archiving In-Place Archiving supports helps to regain control of your organization’s messaging data by eradicating the need for personal store (.pst) files and permitting users to store messages present in an archive mailbox which is accessible in Outlook 2010, later editions and Outlook over the web.
In-Place Hold and Litigation Hold While an obvious expectation of litigation is available, organizations are required to retain and preserve electronically stored information, consisting of email that’s related to the case. In-Place Hold permits you to find and preserve messages matching query parameters. Litigation Hold only permits you to place all items in a mailbox on hold. For both kinds of holds, messages are secured and protected from permanent deletion, tampering, modification, and can be preserved to retain indefinitely or for a specified period.
In-Place eDiscovery In-Place eDiscovery permits you to search mailbox data across your Exchange organization, preview search conclusions, replicate search outputs to a Discovery mailbox, or export the outputs to a PST file
Administrator audit logging Administrator audit logs allow you to maintain a log of changes performed by administrators to Exchange server and organization configuration and to Exchange recipients. You may use administrator audit logging as section of your change control process, track or monitor changes and access to configuration and recipients for compliance purposes.
Mailbox audit logging As mailboxes can significantly contain sensitive, high business impact data and information, also, personally identifiable information, it’s important that you track to monitor who logs on to the mailboxes in your enterprise and what actions are required to be taken. It’s especially imperative to track access to mailboxes via users other than the mailbox owner (known as delegate users). Utilizing mailbox audit logging, you can log mailbox access by administrators, delegates (consisting of administrators with full access permissions), and mailbox owners.
Data loss prevention Data loss prevention (DLP) in Exchange 2016 consists of 80 sensitive information categories that are ready for you to use in your DLP policies.
Transport rules Utilize Exchange transport guidelines & rules to look for specific conditions in messages which pass through your organization and take required action on them. You can also use transport rule conditions and exceptions to declare or define when a transport rule is applied, and then apply a transport rule action on messages when the condition is satisfied.

 
 

Data loss prevention

 

Data loss prevention (DLP) abilities help or support you protect your mission critical sensitive data and inform users of internal compliance policies. DLP can also help keep intact your organization safe from users who may mistakenly send mission critical sensitive information to unauthorized people. DLP helps you determine or identify, monitor, and protect mission-critical sensitive data via deep content analysis. Exchange 2016 provides built-in DLP policies depending on regulatory standards like personally identifiable information (PII) and payment card sector data security standards (PCI), and is extensible to support other policies significant to your business. With a DLP policy in Exchange 2016, you may now identify, track, monitor, and protect 80 variant types of  mission-critical sensitive information.

 

Mail flow guideline and rules (transport rules)

 

You can use Exchange mail flow guideline and rules (also denoted as transport rules) to explore for specific conditions in messages which pass through your organization and perform action on them. For instance, your organization may require that particular types of messages are blocked or dejected in order to address legal or compliance requirements, or to deploy specific business needs. Mail flow guideline and rules are similar to the Inbox rules which are available in Outlook. The main variation between mail flow rules and Inbox rules is that mail flow rules perform action on messages when they’re in transit as opposed to after the message is sent and delivered. Mail flow rules and guideline also contain a richer set of conditions, exceptions, and actions that gives you the flexibility to deploy many types of messaging policies.

 
 

Such features are new to mail flow guidelines and rules in Exchange 2016:

 

  • Exchange mail flow rules and guideline can now identify 80 distinguish kinds of sensitive information, inclusive of 30 new sensitive information types targeting on identifiers from Europe, South America, and Asia. These 80 built-in default types are included, however you can also build your own type from scratch.
  •  

  • With the turning new condition Any attachment has these characteristics, including any of these words, a mail flow guidelines and rule can match messages where the mentioned property of the attached Office document consists of specified words. Such condition makes it simple and easy to integrate your Exchange mail flow guideline or rules and DLP policies with SharePoint, Windows Server 2012 R2 File Classification Infrastructure (FCI), or a third-party classification system.
  •  

  • With the new task or action Notify the recipient with a message, a mail flow guidelines or rule can send a notification to the recipient with the specified text. For instance, you can inform the recipient which the message was rejected by a mail flow guidelines or rule, or that it was marked as spam and going to be delivered to their Junk Email folder.
  •  

  • The action Generate incident report and send it to has been duly updated to enable the notification of several recipients by permitting a group address to be setup and configured as the recipient
  •  

  • Additional mail flow guidelines or rules predicates and actions.

 
 

Azure Rights Management connector 

 

The Azure Rights Management connector is an optional application which helps you improve data security and protection for your Exchange 2016 server by connecting to the cloud-based Azure Rights Management service (also denoted as Microsoft Rights Management or Azure RMS). Once installation of  the RMS connector is been done then, it provides continuous data protection and security throughout the life span of the information and as these services are customizable and can be tailored, you can define the stages or level of protection you need. For instance, you can restrict email message access to particular users or set view-only rights for particular messages.

 

Duly In-place Archiving, retention, and eDiscovery in Exchange 2016

 

Exchange 2016 comprises of the following enhancements to In-Place Archiving, retention, and eDiscovery to help and support organization addressing its compliance requirements:

 

  • Public folder support for In-Place eDiscovery and In-Place Hold :

Exchange 2016 combines public folders in the In-Place eDiscovery and Hold workflow. User can use In-Place eDiscovery to find public folders in his/her organization, and user can also put an In-Place Hold on public folders. Similar to placing a mailbox on hold, user can set a query-based and a time-based hold on public folders. Presently, user is allowed to only search and place a hold on all public folders. In later release editions, user might be able to select specific public folders to find and place on hold.

 
 

  • Compliance Search :

Compliance Search is a newly added eDiscovery search tool in Exchange 2016 consisting of new and enhanced scaling and performance abilities. User is allowed to use it to search huge number of mailboxes in a single attempt of search. Actually, there’s no set limit on the number of mailboxes which can be included in a single attempt of search, such that user can search all mailboxes present in his/her organization at once.
 

There’s also no limit set on the number of searches which can execute or run at the same time. For In-Place eDiscovery in Exchange 2016, the limits feature are the similar to, as it used to be in Exchange 2013 where user is allowed to search up to 10,000 mailboxes in a single search attempt and organization can execute a maximum of two In-Place eDiscovery searches attempts at the same time.

 

The feature of compliance Search is ONLY available via using the Exchange Management Shell, In Exchange 2016.

 

Kindly  note:
To have access to the Compliance Search cmdlets, an administrator or eDiscovery manager should be assigned the Mailbox Search management functional role or be a member of the Discovery Management functional role group.

 
 

Duly In-place Archiving, retention, and eDiscovery in Exchange 2016

 

Exchange 2016 comprises of the following enhancements to In-Place Archiving, retention, and eDiscovery to help and support organization addressing its compliance requirements:

 

  • In-Place Hold  is a unified hold model that permits you to address legal hold requisitions in the following scenarios:

i) Conserve the results of the query (query-based hold), that is permitted for scoped immutability across mailboxes.

 

ii) Place and set a time-based hold to attain retention requirements (for instance, retaining all items in a mailbox for 7 years, a scenario which need the use of Single Item Recovery/Removed Item Retention in Exchange 2010).

 

iii) Place and set a mailbox on indefinite hold (very similar to litigation hold in Exchange 2010).

 

iv) Place and set a user on multiple holds to address different case requirements.

 
 

  • In-Place eDiscovery   allows authenticated users to search mailbox data over all mailboxes and In-Place Archives in an Exchange 2016 organization and replicate messages to a discovery mailbox for review. In Exchange 2016, In-Place eDiscovery permits discovery managers to perform more effective and efficient searches and hold.

 

i) Federated search permits you to find and retain to preserve data across multiple data repositories. With Exchange 2016, you are allowed to perform in-place eDiscovery searches across Exchange, SharePoint, and Skype for Business. You are also permitted to use the eDiscovery Center in SharePoint 2013 to conduct In-Place eDiscovery search and hold.

 

ii) Query-based In-Place Hold permits you to save the outputs of the query, which permits for scoped immutability across mailboxes.

 

iii) Export search outputs Discovery Managers may export mailbox content to a .pst file from the SharePoint 2013 eDiscovery Console. Mailbox export request cmdlets are no longer needed to export a mailbox to a .pst file.

 

iv) Keyword statistics details Search statistics are provided on a per search term basis. This allows a Discovery Manager to quickly make intelligent decisions regarding how to further refine the search query to offer better results. eDiscovery search results are sorted by relevance.

 

v) KQL syntax format Discovery Managers can use Keyword Query Language (KQL) syntax to locate or in search queries. KQL is similar to the Advanced Query Syntax (AQS), which was used for discovery searches in Exchange 2010.

 

vi) In-Place eDiscovery and Hold wizard Discovery Managers permit you to use the In-Place eDiscovery and Hold wizard to conduct eDiscovery and hold operations.

 

Kindly Note:

In case SharePoint 2013 isn’t available, a subset of the eDiscovery functionality is present in the Exchange admin center.

 

vii) Public folder support for In-Place eDiscovery and In-Place Hold Exchange 2016 has coupled and integrated public folders into the In-Place eDiscovery and Hold workflow. You can use In-Place eDiscovery to find and search public folders in your organization, and you can put a In-Place Hold on public folders. Similar to placing a mailbox on hold, you are also allowed to place a query-based and a time-based hold on public folders. Presently, you can only find and place a hold on all public folders.

 

viii) Compliance Search is a new novice eDiscovery search tool mechanism in Exchange 2016 with new and enhanced scaling and performance abilities. You can use it to locate very huge numbers of mailboxes in a single search. Actually, there’s no limit on the number of mailboxes which can be included in a single search, therefore, you can search all mailboxes present in your organization at once. There’s also no restriction, no limit on the number of searches which can run at the same time. For In-Place eDiscovery in Exchange 2016, the limits are similar as in Exchange 2013: you can locate or search up to 10,000 mailboxes performing a single search and your organization might run a maximum of two In-Place eDiscovery searches at the same time.

 

Kindly Note:

To view the Compliance Search cmdlets, an administrator or eDiscovery manager should be assigned the Mailbox Search management functional role or be a member of the Discovery Management role group.

 

  • Search across primary and archive mailboxes in Outlook over the web Users can explore and search across their primary and archive mailboxes in Outlook over the web. Two different searches are no longer needed.
  • Archive Skype for Business content Exchange 2016 helps and supports archiving of Skype for Business content in a user’s mailbox. You are allowed to place Skype for Business content on hold using In-Place Hold and use In-Place eDiscovery to locate and search Skype for Business content archived in Exchange.

 

Auditing
Exchange 2016 consists of the following enhancements to auditing:

 

  • Auditing reports The EAC consists of auditing functionality such that you can run and execute the reports or export entries from the mailbox audit log and the administrator audit log. Whenever, in the mailbox audit log records, a mailbox is accessed by somebody other than the person who owns the mailbox. This might help you determine who has traversed or accessed a mailbox and what actions or tampering they have performed. The administrator audit log records or save any action and tasks based on an Exchange Management Shell cmdlet, conducted by an administrator. This can help and support troubleshoots configuration related issues or identifies the factors of problems related to security or compliance.
  •  

  • Viewing or accessing the administrator audit log Rather than exporting the administrator audit log, that can consume up to 24 hours to receive in an email message, you are allowed to view administrator audit log entries in the EAC. To perform this, go to the menu Compliance Management > Auditing and select View the administrator audit log. Up to 1000 entries is permitted to be displayed on multiple pages. To narrow the search further, you can specify a date range and apply other filtering mechanisms.

As an additional enhancement, you are also allowed to export the audit log data in a format which is common to both Exchange 2016 and SharePoint Server 2016. This makes it easier to combine and integrate with third-party tools to access the data and create richer reports.

Kristin is a content strategist at Techarex Networks. Kristin follows the B2B technology space closely and loves to write on the latest changes in technology, futuretech and fixes for day to day how to issues. Besides writing Kristin also loves music, moves and skating.

Techarex Networks provides the complete range of Hosted Exchange solutions and services, giving access to reliable, secure, messaging and collaborative enterprise-grade solutions having 99.999% uptime with unmatched SLA. Provide enterprise-level sync with Outlook Web App and mobile devices. Anywhere, anytime access using Instant Message and video calling integration.