Delving into Office 365's email security

Microsoft is integrating its Forefront filtering technology into Office 365 and BPOS to make it easier for Exchange admins to let go

Page 2 of 2

Out of the box -- or out of the cloud, in the case of Office 365 -- FOPE allows for only a handful of mail flow scenarios. For example, you can use it for a fully hosted Exchange environment and a full on-premises environment. But to implement FOPE across a mix of hosted and on-premise Exchange environments, you need connectors that enable complex mail flow paths and allow administrators to provide more granular control.

For example, as is, FOPE lets you create policy rules, but adding connectors lets you provide policies at the network edge, which allow for greater control over every stage of mail flow. Thus, you can establish inbound connectors that examine mail coming into customer domains by looking at the connection (source IP, source domain), the security (opportunistic and forced TLS, aka Transport Layer Security), and the filtering (connection, spam, policy). You can also configure outbound connectors.

Here are examples of the workflows possible with connectors:

  • Connectors allow for shared address space with hosted and on-premise Exchange environments, where the MX record points to FOPE with hosted and on-premise mailboxes.
  • You can have shared address space with on-premise address rewrite, where the MX record points on premise with hosted and on-premise mailboxes.
  • You can have regulated partners with forced TLS (the MX record points to the partner with hosted mailboxes), which requires inbound and outbound TLS to secure all routing channels with business-regulated partners.
  • You can have outbound smart host (the MX record points to FOPE with mailboxes on premise or hosted) where FOPE is a smart host, redirecting outbound mail to an on-premise server that performs additional filter work on that mail before sending it out.
  • You can have inbound safe listing (the MX record points to FOPE with mailboxes on premise or hosted), which allows mail to skip IP address filtering on inbound mail sent addresses that are on an IP safe list.

Microsoft is really pushing its cloud services, and by integrating FOPE into BPOS today and Office 365 when it becomes available, Microsoft is making it easier for administrators to consider relinquishing more of their on-premise control to a Microsoft-hosted service. It will be interesting to see how Exchange administrators react.

This article, "Delving into Office 365's email security," was originally published at Read more of J. Peter Bruzzese's Enterprise Windows blog and follow the latest developments in Windows at For the latest business technology news, follow on Twitter.

| 1 2 Page 2