About Us

AllCloudAllTheTime.com is proudly brought to you by the cloud experts at InfinIT Consulting. Contact us at info@infinitconsulting.com with any of your cloud or managed IT services questions!

Become a Fan

Follow InfinIT Consulting

LinkedIn Twitter

Pages

Subscribe to this blog's feed

Archives

Recent Comments

InfinIT Consulting
InfinIT Consulting

Forefront Online Protection for Exchange Feed

03/01/2012

Relay from Internal Exchange Server to Office 365 - Exchange Online

In searching various Office 365 blogs, knowledge base sites, and community user groups we have seen many posts asking how to relay from your internal Exchange Server to Exchange Online / Office 365 to external internet recipients. There is a ton of confusion out there so we wanted to clear it up. The answer is it is NOT POSSIBLE, we repeat it is NOT POSSIBLE to relay to external internet recipients from your local Exchange Server to Exchange Online / Office 365. It simply is not supported. Many articles out there describe how to relay from your local Exchange Server to FOPE (Forefront Online Protection Engine), it is true this is possible but not with the FOPE that comes with Office 365. You have no ability to add Outbound Servers this is disabled. Some would argue you can use a outbound policies to control this or safe lists but this is NOT the case.

Many articles describe how to setup a hybrid setup of Office 365 and your local Exchange Server with various configurations, some pointing the MX records to your on-premise Exchange Server some pointing your MX records to the FOPE Cloud service. The reality is in either configuration no matter what email from your local Exchange Server to external internet recipients can only route from your on-premise Exchange Server to the internet or to another filtering service but there is no setup to allow this to happen through Office 365 version of FOPE. Even when pointing your MX to the cloud external email from the cloud routes through the cloud, external email from your internal Exchange Server routes through your server to the internet or another relay such as MX Logic, etc. The hybrid model simply describes a solution where you can point at the cloud with your MX to control mailflow to internal recipients, in this config mail to your domain from external senders routes to the cloud and is either delivered to a mailbox in the cloud or sent to your internal Exchange Server. Mail from your internal Exchange Server to a Cloud mailbox is routed to the cloud, and mail sent to an external recipient from your internal Exchange Server is always routed to the internet or through some other smart host or filtering solution. You can configure FOPE and Office 365 so that all mail sent from the cloud rather internal or external is routed through your internal Exchange Server but not the other way around.

Just wanted to make this 100% clear… you can setup a mail relay through Office 365 using the SMTP Service in IIS but NOT through an internal Exchange Server. Additionally the SMTP Service is somewhat limited in that it cannot send on behalf, you must configure the from address on the SMTP service that is the same as the authentication address so mail from the SMTP Service will always come from the same address. To avoid this you could setup multiple SMTP relays on the SMPT Service using different IP addresses so different applications could send from different from addresses. Anyway we hope this clears this question up, anyone that doesn't believe us, try it:)

Posted on 03/01/2012 at 12:08 AM in Exchange Online, FAQ, Forefront Online Protection for Exchange, Microsoft Online Services, Office 365, TechNotes | | Comments (1) | TrackBack (0)

| |

02/25/2012

Connect Windows PowerShell to Office 365

In order to use PowerShell to manage the various aspects of Office 365 such as Exchange Online and Forefront Online Protection for Exchange (FOPE) you need to run some commands in PowerShell on the machine you wish to manage to connect to the Microsoft datacenter's server environment and establish a server-side session, which contains the commands to manage the cloud based service.

 
 
BEFORE YOU BEGIN

Before you connect, you need to make sure you have the correct version of Windows PowerShell and WinRM installed and configured on your computer. For more information, see Install and Configure Windows PowerShell.
Verify the account you will use to connect is authorized to connect using Windows PowerShell. For more information, see Control Users' Access to Windows Remote Management.

 
 
CONNECTING POWERSHELL TO CLOUD-BASED SERVICE

1. Click Start > All Programs > Accessories > Windows PowerShell > Windows PowerShell.

2. If this is the first time you have ever used powershell, run this command to allow you to run scripts:
    
      Set-ExecutionPolicy RemoteSigned
 
2. Run the following command:


$LiveCred = Get-Credential


3. In the Windows PowerShell Credential Request window that opens, type the credentials of an account in your cloud-based organization. When you are finished, click OK.


4. Run the following command:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Note: The AllowRedirection parameter enables cloud-based organizations in datacenters all over the world to connect Windows PowerShell to the cloud-based service by using the same URL.


5. Run the following command:


Import-PSSession $Session


A progress indicator appears that shows the importing of commands used in the cloud-based service into the client-side session of your local computer. When this process is complete, you can run these commands.

Posted on 02/25/2012 at 12:06 PM in Cloud Hosting, Exchange Online, FAQ, Forefront Online Protection for Exchange, Microsoft Online Services, Office 365, TechNotes | | Comments (0) | TrackBack (0)

| |

06/24/2010

How does the Hosted Exchange Archive work?

The Exchange Hosted Archive (EHA) is embedded in the Microsoft Exchange Hosted Services (EHS) network. With Forefront Online Protection for Exchange (FOPE) and EHA subscriptions in place, the online repository benefits from edge based spam and virus protection.

The EHS network receives messages via MX record redirect, where after being filtered, clean messages are delivered to the corporate mail server and a copy is added into the archive.

From the corporate mail server, e-mail is copied directly on to the online archive using the journalizing functions of Microsoft Exchange Online or Exchange Server in order to capture e-mail for Exchange customers who do not have a FOPE subscription. The archive elimintaes duplicate messages and single instance storage is employed for maximum storage optimization.

A variety of Instant Message solutions and Bloomberg messaging are compatible with EHA so that IM conversations can also be archived. Messages are assigned a capture and expiration time stamp according to the organization's configured corporate policy. They system automatically trakcs message life cycle, deleting accordingly. Legal hold is also available to temporarily freeze message expiration if needed.

What are backup and retention policies for Exchange Online?

Eha diagram

Posted on 06/24/2010 at 03:33 PM in Exchange Hosted Archive, FAQ, Forefront Online Protection for Exchange | | Comments (0)

| |

Is there a way to control virus and spam filtering settings for Exchange Online?

Exchange Online comes with virus/spam filtering via Microsoft Forefront Online Security for Exchange. As this is a multi-tenant platform, all the settings and components for spam filtration, email encryption, and retention are controlled by Microsoft so there are no customizations that can be made nor is there an administration area for this piece. 

In order to change any of the spam filtration settings, you must submit a ticket to Microsoft and request for a change.  You can find information on how the email filtering can be configured here.  To view any quarantined/retained emails, you will also need to request access to the Forefront Online Protection console via a service request.  Only one person can have access to this feature, so it is suggested to request this access for your "admin@" account.  Access to the Forefront Online Console is read only.

There is an add-on filtering service on top of Forefront that will give you an extra layer of protection by utilizing Forefront Online's advanced security features to connect to your existing environment. 

There is, however, a way to change the level of protection at which your email is sorting through junk mail.  If you find that your important emails are slipping in your junk folder or vice versa, perhaps your junk email protection is too high or too low.  

You can find directions to change these settings here. If you are using an Exchange Server email and are working online, this feature to change the settings will not be available to you.

Posted on 06/24/2010 at 01:19 PM in Exchange Online, FAQ, Forefront Online Protection for Exchange | | Comments (0)

| |