Implementing Microsoft Exchange Hosted Services

Microsoft Virtual Labs
Implementing Microsoft
Exchange Hosted Services
Implementing Microsoft Exchange Hosted Services
Table of Contents
Implementing Microsoft Exchange Hosted Services ................................................................. 1
Exercise 1 Setting Up Domains in the EHS Admin Center ...........................................................................................2
Exercise 2 Changing an MX Record to Direct Inbound SMTP Messages to the EHS Data Center Network ...............3
Exercise 3 Modifying a Firewall to Accept only Messages from EHS .........................................................................4
Exercise 4 Configuring Outbound E-Mail to Flow Through the EHS Network............................................................5
Exercise 5 Setting Up Password Policies and Administrative Privileges in the EHS Admin Center ............................6
Exercise 6 Setting Up Envelope Journaling to Capture Internal E-Mail for EHA.........................................................9
Implementing Microsoft Exchange Hosted

Services
After completing this lab, you will be better able to:
Objectives Note: Exchange Hosted Services provides messaging services "in the cloud." As
software-as-a-service, EHS does not require any hardware or software to be
installed, and all administration and interaction with the services is performed
via Web-based tools. This lab replicates the EHS Web-based user and
administrative interface in a controlled-action lab environment. Unlike the live
product interface, your actions in this lab are restricted to the steps prescribed in
the lab exercises to most optimally simulate the actual service environment.
Create new domains on the EHS.
Change a Mail Exchange (MX) record to direct inbound SMTP messages to
the EHS data center network.
Modify a firewall to accept only messages from EHS.
Configure outbound e-mail to flow through the EHS network.
Set up journaling in Exchange to capture internal e-mail for the Microsoft
Exchange Hosted Archive (EHA).
Understand inbound and outbound message flow.
This lab demonstrates the ease of setup and configuration of Microsoft®
Scenario Exchange Hosted Services (EHS). You will configure inbound Simple Mail
Transport Protocol (SMTP) messages to be directed to EHS. You will then
configure the Exchange SMTP hosts to only accept messages from EHS. You
will also use the Administration Console to perform implantation tasks necessary
to enable basic EHS services.
Estimated Time to 60 Minutes

Complete This Lab
Page 1 of 13
Exercise 1
Setting Up Domains in the EHS Admin Center
Scenario
In this exercise, you will add and activate a domain in the EHS Admin Center.
You need to add and enable a new domain on the EHS filtering services. To do this, you will add a new domain for
your organization’s Admin Center account and transfer settings from an existing domain.
When your services are initially configured and set up, at least one domain will be set up for you. You can set up
additional domains from the Add a Domain section of the Organizations page.
For any domain that is sending outbound mail through the filtering services, you must specify the Internet Protocol
(IP) address and the domain name address (as explained in the following section).
Tasks Detailed Steps

1. Set up your domain a. Notice that Internet Explorer is opened to https://admin.global.frontbridge.com/.
in the EHS Admin b. On the Admin Center Log On page, log on to EHS by typing jim@contoso.com in
Center the Email Address text box, and then pressing ENTER.
c. Click in the Password text box, type P@ssw0rd, and then press ENTER.
d. Click Log On.
e. On the menu bar, click organizations.
f. In the organizations area, click Add Domains.
g. In the Add Domains text box, type woodgrovebank.com and then press ENTER.
h. To carry over the same settings of a previously customized domain, click the
Choose Template drop-down list and then click contoso.com.
Note: When carrying over the settings from a previously customized domain, you can
also copy the SMTP delivery profile by selecting Use mail distribution profile from
template.
i. Select the Use mail distribution profile from template check box and then click
Add Domains to add your new domain.
Note: Domains cannot be deleted after they have been entered. A domain can be
disabled, but the domain listing will remain in your organization’s Admin Center.
Note: Because Use mail distribution profile from template was selected, this domain
will be automatically activated. If this option is not selected during domain creation,
you will need to add the inbound mail server and then activate the domain. After the
domain has been activated, allow at least 30-90 minutes after the top of the hour, and
then change the MX record (the mail server that is responsible for handling the e-
mail) for this domain so that the primary and only MX record is
mail.global.frontbridge.com. This time period allows your additional domains to first
be replicated to our network.
j. Click LOGOUT.
k. On the Lab navigation menu, in the lower-right area of the screen, click 2 to
continue to the next exercise.
Page 2 of 13
Exercise 2
Changing an MX Record to Direct Inbound SMTP Messages
to the EHS Data Center Network
Scenario
In this exercise, you will modify your MX Domain Name System (DNS) record so messages sent to your
organization are first delivered to EHS.
Note: There are many methods for setting up and configuring an MX record, depending on how an organization
manages their DNS. This exercise shows one method for redirecting an MX record to send e-mail to the EHS data
center network. If your Internet service provider (ISP) is managing your DNS, you would need to contact your ISP
to make this change to your MX record.
When implementing EHS, the first step is to redirect SMTP messages to the EHS data center network, where
messages are processed to eliminate spam, viruses, and other unwanted content before continuing on to your
organization’s network.

1. Change the MX a. Click Start, click Administrative Tools, and then click DNS.
record to direct b. Expand EXBE01, expand Forward Lookup Zones, and then click
inbound SMTP WoodgroveBank.com.
messages to EHS
c. Double-click the record for the type Mail Exchanger (MX). This is the
highlighted record.
Note: Normally, this action would be executed with a right-click; however, this has
been modified for the purpose of this simulation.
d. Click Properties.
e. In the Fully qualified domain name (FQDN) of mail server field, click
exfe01.woodgrovebank.com. to delete the entry, type
mail.global.frontbridge.com and then press ENTER and click OK.
f. Close the DNS management console.
g. On the Lab navigation menu, in the lower- right area of the screen, click 3 to
Page 3 of 13
Exercise 3
Modifying a Firewall to Accept only Messages from EHS
Scenario
In this exercise, you will modify your organization’s firewall—in this case, Microsoft Internet Security and
Acceleration (ISA) Server—to only allow receipt of SMTP messages from EHS.
Note: This exercise focuses only on the steps for modifying Microsoft Internet Security and Acceleration (ISA)
Server. If your organization uses a different firewall product, you will need to consult its documentation for
instructions on performing these modifications.
The next step in implementing EHS is to ensure that only SMTP connections from the EHS data center are accepted.
This will protect your organization from rogue SMTP hosts trying to connect to your SMTP gateway, while
ensuring that all valid e-mail will be delivered from EHS.

1. Modify the firewall a. Click Start, click All Programs, click Microsoft ISA Server, and then click ISA
to accept only Server Management.
messages from EHS b. In the navigation tree, expand the Server named NYC-ISA1 and then click
Firewall Policy.
c. In the result pane, click SMTP Traffic and then click Properties.
d. Click the From tab, select External, and then click Remove.
e. Click the top Add button.
f. In the Add Network Entities window, click New and then click Network.
g. In the New Network Wizard, in the Network name text box, type Microsoft
Exchange Hosted Services, press ENTER, and then click Next.
h. On the Network Type page, click External Network and then click Next.
i. On the Network Addresses page, click Add.
j. In the IP Address Range Properties window, in Starting address text box type
12.129.199.61 and then press ENTER. In the Ending address text box, type
12.129.199.61 press ENTER, and then click OK.
k. Repeat steps p and q for addresses 63.161.60.29 and 63.161.60.61.
Note: In a typical installation, there will 12 addresses to add.
l. After the IP addresses have been entered, click Next.
m. Review the summary and then click Finish.
n. In the Add Network Entities window, expand Networks, select the Microsoft
Exchange Hosted Services network you just created, and then click Add.
o. Notice that Microsoft Exchange Hosted Services is added to the window on the
From tab. In the Add Network Entities window, click Close.
p. Click Apply and then click OK.
q. Click Apply to save changes and update the configuration, and then click OK.
r. On the Lab navigation menu, in the lower-right area of the screen, click 4 to
continue to the next exercise
Page 4 of 13
Exercise 4
Configuring Outbound E-Mail to Flow Through the EHS
Network
Scenario
In this exercise, you will modify your Exchange Server SMTP Connector to send all outbound e-mail to EHS. All
outbound e-mail will be scanned for viruses and any outbound policies, such as policies requiring encryption
between your organization and a partner organization.
When configuring your organization’s outbound Internet e-mail to be delivered to EHS and then relayed to the
recipient’s organization, you will allow all outbound messages to be scanned for viruses as well as conformity with
corporate e-mail policies.

1. Configure outbound a. Click Start, click All Programs, click Microsoft Exchange, and then click
e-mail to flow System Manager.
through the EHS b. In Exchange System Manager, expand Administrative Groups, expand First
network Administrative Group, expand Servers, expand EXFE01, expand Protocols,
click the lower scroll bar to scroll to the right, and then expand SMTP.
c. Click Default SMTP Virtual Server and then click Properties.
d. Click the Delivery tab and then click Advanced.
e. In the Smart Host text box, type mail.global.frontbridge.com and then press
ENTER and click OK twice.
f. Close Exchange System Manager.
g. On the Lab navigation menu, in the lower-right area of the screen, click 5 to
continue to the next exercise
Page 5 of 13
Exercise 5
Setting Up Password Policies and Administrative Privileges
in the EHS Admin Center
Scenario
Administrators have the option of imposing strict password policies for Spam Quarantine and Admin Center
accounts to comply with varying corporate password policies. In this exercise, you will set up password policies to
enable the organization’s administrators and end users to access the Admin Center and Spam Quarantine. You will
also add administrator accounts with varying privileges.
Your company has recently added new administrators to its IT staff and wants to grant them access to the EHS
Admin Center. While adding the new domain and administrators, you want to increase the security of your
information, so you will implement strong password policies by using the Admin Center password tool.

1. Set a secure a. On the Admin Center Log On page, click in the Email Address text box, type
password policy jim@contoso.com and then press ENTER.
b. Click the Password text box, type P@ssw0rd and then press ENTER.
c. Click Log on.
d. On the menu bar, click organizations.
e. Click the right scroll bar once to scroll down the page.
f. At the lower-right side of the Organizations page, in the Password Policy section,
click the Minimum length text box, type 7, and then press ENTER.
g. Click the Maximum length text box, type 12, and then press ENTER.
h. Click the check box next to Require mixed case.
i. Clear the check boxes next to Allow same chars consecutively, Allow username
as password, and Allow username reversed.
j. Click the right scroll bar to scroll down the page.
k. Clear the check box next to Allow password reuse.
l. Click Update Company.
2. Create new user Note: The Accounts page is where you create and administer individual user accounts,
accounts for your as well as add new administrators.
new administrators a. On the Admin Center toolbar, select accounts.
b. On the Select Action drop-down menu, verify that Create/Manage Account(s) is
selected, and then click Go.
c. On the Select Domain drop-down menu, select contoso.com and then click Go.
d. In Step 1, use the Select Account Type drop-down menu to select Spam
Quarantine/Quarantine/Admin Center account(s).
e. In Step 2, verify that Select Action is set to Add to existing accounts.
f. In Step 3, click the Enter Addresses text box, type rachel@contoso.com, and
then press ENTER. Type maurice@contoso.com, and then press ENTER.
g. Click the right scroll bar twice to scroll the page down.
h. In Step 4, verify that Yes is selected for Spam Filter and Spam Notifications.
i. In Step 5, under Assign Password To Accounts, click the Enter Password text
Page 6 of 13
box, type P@s$w0rd and then press ENTER.
j. In the Confirm Password text box, type P@ssw0rd and press ENTER.
k. Click Create Accounts.
Note: The Admin Center informs you of the number of accounts you are creating.
l. Click Proceed.
Note: The accounts are created.
3. Set full Note: In this procedure, you will give Rachel Valdez (whose account was added in a
administrative previous exercise) full administrative access to the entire Admin Center.
privileges a. On the Admin Center toolbar, select accounts.
b. In the Search text box, type rachel@contoso.com, press ENTER, and then click
Search.
c. In the Name section, type Rachel in the First Name text field, and then press
ENTER. Type Valdez in the Second Name text field, and then press ENTER.
d. Click the right scroll bar to scroll down the page, and then click Save Changes.
e. Click the right scroll bar, and then click Add Permissions.
f. In the Administrative Permissions section, click Company to set it as the
Target, and then on the Target drop-down menu, select Contoso.
g. Click the right scroll bar and then on the Section drop-down menu, select All
Standard Areas.
h. Under Privileges, select Full.
i. Click Save Permission.
j. Click the right scroll bar and then click Save Changes.
4. Set partial Note: In this procedure, you will give Maurice Taylor (whose account was added in a
administrative previous exercise) permissions to access and make changes to the domains area, while
privileges limiting him to read-only access elsewhere in the Admin Center.
a. On the Admin Center toolbar, select accounts.
b. In the Search text box, type maurice@contoso.com, press ENTER, and then click
Search.
c. In the Name section, click the First Name text field, type Maurice and then press
ENTER. Type Taylor in the Second Name text field, and then press ENTER.
d. Click the right scroll bar and then click Save Changes.
e. Click the right scroll bar and then click Add Permissions.
f. In the Administrative Permissions section, click Company to set it as the
g. Click the right scroll bar and then on the Section drop-down menu, select
Domains Area.
h. Under Privileges, select Full.
i. Click Save Permission.
Note: Notice that the new permission set shows under Administrative Permissions.
j. Click the right scroll bar and then click Add Permissions.
k. In the Administrative Permissions section, click Company to set it as the
l. Click the right scroll bar and then on the Section drop-down menu, select All
Standard Areas.
m. Under Privileges, verify that Read-Only is selected.
Page 7 of 13
n. Click Save Permission.
o. Click the right scroll bar and then click Save Changes.
p. Click LOGOUT.
Note: If you are using the Spam Quarantine option to manage your spam and want the
newly created administrators to help manage Spam Quarantine user accounts, you
must add Spam Quarantine/Quarantine as an additional permission.
If you are using Directory Services, you must also add the Directory Service
permission to be able to add and manage Directory Services users.
You can give each of your new administrators read-only access, or read and write
(full) access. You can also restrict permissions by selecting None
q. On the Lab navigation menu, in the lower-right area of the screen, click 6 to
Page 8 of 13
Exercise 6
Setting Up Envelope Journaling to Capture Internal E-Mail
for EHA
Scenario
Envelope journaling is a Microsoft Exchange journaling enhancement that provides e-mail archiving solutions with
the opportunity to identify Blind Carbon Copy (Bcc) and distribution list recipients of any e-mail message.
In this exercise, you will configure envelope journaling on your Exchange messaging system to capture messages
between users within your Exchange organization.
Woodgrove Bank wants to archive all messages sent to and received from the Internet. The company also wants to
archive messages sent between users within the organization. You will achieve this by using the envelope journaling
feature provided in Exchange Server 2007. This will involve the following procedures:
• Create a new mailbox store on the primary or another Exchange server.
• Create a Microsoft Active Directory® contact with an external SMTP e-mail address.
• Create an Active Directory user with a local mailbox in the new mailbox store created in step 1.
• Create a server-side Exchange rule on the mailbox of the Active Directory user created in step 3. The rule
will forward each message to the Active Directory contact created in step 2 and will then move each
message to the Deleted Items folder.
• Configure Mailbox Manager to housekeep that local mailbox.
• Enable standard journaling on the primary mailbox store(s), journaling all mail into the mailbox of the
Active Directory user created in step 3.
• Enable envelope journaling.

1. Create a new a. Click Start, click All Programs, click Microsoft Exchange, and then click
mailbox store System Manager.
b. Expand Administrative Groups, expand First Administrative Group, expand
Servers, and then click EXBE01.
c. Click New, and then click Storage Group.
d. Click the Name text box, type EnvelopeJournal press ENTER, and then click
OK.
e. Expand EXBE01.
f. Click the EnvelopeJournal storage group, click New, and then click Mailbox
Store.
g. Click the Name text box, type Journaling Mailbox Store, press ENTER, and then
click OK.
Note: Do not select the Archive all messages sent or received by mailboxes on this
store check box.
h. Click Journaling Mailbox Store, and then click Mount Store.
Page 9 of 13
i. Click OK to the message reporting that the store was successfully mounted.
j. Close Exchange System Manager.
2. Create an Active a. Click Start and then click Active Directory Users and Computers.
Directory contact b. Under nwtraders.msft, click Users, click New, and then click Contact.
named Journal
RemoteContact been modified for the purpose of this simulation.
c. Click the First name text box, type Journal and then press ENTER.
d. In the Last name text box, type RemoteContact and then press ENTER.
e. Click the Display name text box, type Journal RemoteContact and then press
ENTER.
f. Click Next.
g. On the New Object – Contact page, click Modify.
h. In the New E-mail Address dialog box, click SMTP Address and then click OK.
i. In the E-mail address field, type
copy.demo0041@archive.message.frontbridge.com, press ENTER, and then
click OK.
j. Verify that the appropriate SMTP address is shown in the E-mail field, click Next,
and then click Finish to create the contact.
3. Create an Active a. Under nwtraders.msft, click the Users OU, click New, and then click User.
Directory user named Note: Normally, this action would be executed with a right-click; however, this has
Journal LocalUser been modified for the purpose of this simulation.
b. Click the First name text box, type Journal and then press ENTER.
c. In the Last name text box, type LocalUser and then press ENTER.
d. In the User logon name text box, type Journal LocalUser and then press ENTER
and click Next.
e. In the Password text box, type P@ssw0rd and then press ENTER.
f. In the Confirm Password text box, type P@ssw0rd and then press ENTER.
g. Clear the User must change password at next logon check box, and then click
Next.
h. Verify that the Create an Exchange mailbox check box is selected.
i. Click the Mailbox Store drop-down list, click EnvelopeJournal/Journaling
Mailbox Store, and then click Next.
j. Click Finish to create the new user.
k. Close Active Directory Users and Computers.
4. Create a server-side Note: On the new mailbox of the Journal LocalUser you just created, you need to
Exchange rule create a mailbox rule on a client workstation that has Microsoft Office Outlook® 2003
installed and is configured for Journal LocalUser. The mailbox rule does the
following:
• Forwards a copy of each message to the offsite Microsoft Exchange Hosted
Archive.
• Moves each message from the Inbox to the Deleted Items folder for proper
housekeeping (pruning).
a. The video will automatically switch to a Microsoft Windows XP workstation and
log on as Journal LocalUser.
b. Click Start and then click E-Mail.
Page 10 of 13
c. On the menu bar, click Tools and then click Rules and Alerts.
d. On the E-mail Rules tab, click New Rule.
e. At the top of the Rules Wizard dialog box, click Start from a blank rule and then
click Next.
Note: In the Which condition(s) do you want to check? dialog box, do not select any
conditions from the list. You deliberately want to create a rule that fires on all
conditions.
f. Click Next.
g. Because a rule that applies to every message is unusual, Outlook will prompt you
for confirmation. Click Yes.
h. In the Rules Wizard dialog box, click the forward it to people or a distribution
list check box.
i. In the Step 2: Edit the rule description (click an underlined value) text box,
click the underlined people or distribution list link.
j. Double-click Journal RemoteContact and then click OK.
k. Click the Move it to the specified folder check box.
l. In the Step 2: Edit the rule description (click an underlined value) text box,
click the specified link.
m. Click the Deleted Items folder, click OK, and then click Next twice.
n. Verify that Journal RemoteContact is entered in the Specify a name for this
rule text box, and that the Turn on this rule check box is selected, and then click
Finish.
o. Click OK to close the Rules and Alerts window.
p. Close Outlook.
q. The video display will automatically switch back to the Windows Server 2003
server.
5. Configure Mailbox Note: The Deleted Items folder of the Journal LocalUser mailbox may grow beyond
Manager to maintain manageability unless you implement some maintenance. You can configure Mailbox
the journal mailbox Manager to keep the mailbox under control.
a. Click Start and then click System Manager.
b. Expand Recipients.
c. Click Recipient Policies, click New, and then click Recipient Policy.
d. In the New Policy dialog box, click the Mailbox Manager Settings check box,
and then click OK.
e. Click in the Name text box, type Journal Mailbox Maintenance Rule, press
ENTER, and then click Modify.
f. In the Find Exchange Recipients dialog box, leave all of the check boxes on the
General tab clear except for the check box labeled Users with Exchange
mailbox.
g. Click the Storage tab, click Mailboxes in this mailbox store, and then click
Browse.
h. In the Enter the object name to select field, type Journaling Mailbox Store and
then press ENTER.
i. Click OK.
j. Click the Advanced tab, click the Field drop-down list, click User, and then click
Page 11 of 13
Display Name.
k. In the Value text box, type Jou and then press ENTER.
l. Click Find Now.
m. In the Find in the Directory window, click Yes.
n. Notice that only one user named Journal LocalUser is in the Search results
window, and then click OK.
Note: The recipient policy should resolve to exactly one mailbox: the one you created
for Journal LocalUser.
o. In Exchange System Manager notification, click OK.
p. Click the Mailbox Manager Settings (Policy) tab.
q. In the list of folders, clear the check boxes for all for the following folders:
Inbox
Sent Items
Calendar
Tasks
Journal
Contacts
Notes
System Cleanup
r. Click the When processing a mailbox drop-down list and then click Delete
Immediately.
s. In the Folder column, clear the All Other Mail Folders check box.
t. In the folder list, click Deleted Items and then click Edit.
u. In the Folder Retention Settings dialog box, clear the check box for Message
Size (KB).
v. Leave the Age Limit (Days) text field set at 30.
Note: The default policy is to purge messages that have been in the Deleted Items
folder for 30 days. If you do not have adequate storage to hold 30 days worth of e-
mail, you might want to consider decreasing the age limit. You are encouraged to keep
a full 30 days of e-mail, but if that is not possible, keep at least 7 days.
w. Click OK.
x. In the Properties dialog box, click OK.
y. Expand Administrative Groups, expand First Administrative Group, and then
expand the Servers.
z. Click EXBE01 and then click Properties.
aa. In the Properties dialog box, click the Mailbox Management tab.
bb. Click the Start mailbox management process drop-down list and then click Run
Saturday at Midnight.
cc. Click OK in the Properties dialog box to save your Mailbox Manager schedule.
6. Enable standard a. Expand First Storage Group, click Mailbox Store, and then click Properties.
journaling Note: Normally, this action would be executed with a right-click; however, this has
b. In the Properties dialog box, click the Archive all messages sent or received by
Page 12 of 13
the mailboxes on this store check box, and then click Browse.
c. In the Enter the object name to select field, type Journal Loc, press ENTER,
and then click Check Names. This should validate your entry.
d. Click OK.
e. Click Apply and then click OK to save your settings and close the Properties
dialog box.
f. Close Exchange System Manager.
Note: Normal journaling is now enabled. Copies of messages will be sent to the
Exchange Hosted Archive, but they will be in standard format, not in envelope journal
format.
7. Enable envelope Note: Previously the Exchange Email Journaling Advance Configuration (exejcfg)
journaling tool was installed on the server. The tool was installed to the C:\EXejcfg folder. After
you open the command prompt, the video presentation will demonstrate how this tool
executes to enable the Email Journaling Advanced Configuration feature.
a. Click Start and then click Command Prompt.
Note: Your environment is now fully configured to send envelope journal–formatted
messages to the Exchange Hosted Archive.
b. On the Lab navigation menu, in the lower-right area of the screen, click EXIT to
return to the Lab 1 menu.
c. In the upper-right corner, click Lab 2 to begin the Lab 2 exercises.
Page 13 of 13

Implementing Microsoft Exchange Hosted Services

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Implementing Microsoft Exchange Hosted Services

Uploaded by

Copyright:

Available Formats

Microsoft Virtual Labs

Implementing Microsoft Exchange Hosted

Estimated Time to 60 Minutes

Tasks Detailed Steps

Tasks Detailed Steps

Tasks Detailed Steps

Tasks Detailed Steps

Tasks Detailed Steps

Tasks Detailed Steps

You might also like