Professional Documents
Culture Documents
Implementing Microsoft
Exchange Hosted Services
Implementing Microsoft Exchange Hosted Services
Table of Contents
Implementing Microsoft Exchange Hosted Services ................................................................. 1
Exercise 1 Setting Up Domains in the EHS Admin Center ...........................................................................................2
Exercise 2 Changing an MX Record to Direct Inbound SMTP Messages to the EHS Data Center Network ...............3
Exercise 3 Modifying a Firewall to Accept only Messages from EHS .........................................................................4
Exercise 4 Configuring Outbound E-Mail to Flow Through the EHS Network............................................................5
Exercise 5 Setting Up Password Policies and Administrative Privileges in the EHS Admin Center ............................6
Exercise 6 Setting Up Envelope Journaling to Capture Internal E-Mail for EHA.........................................................9
Implementing Microsoft Exchange Hosted Services
Page 1 of 13
Implementing Microsoft Exchange Hosted Services
Exercise 1
Setting Up Domains in the EHS Admin Center
Scenario
In this exercise, you will add and activate a domain in the EHS Admin Center.
You need to add and enable a new domain on the EHS filtering services. To do this, you will add a new domain for
your organization’s Admin Center account and transfer settings from an existing domain.
When your services are initially configured and set up, at least one domain will be set up for you. You can set up
additional domains from the Add a Domain section of the Organizations page.
For any domain that is sending outbound mail through the filtering services, you must specify the Internet Protocol
(IP) address and the domain name address (as explained in the following section).
Page 2 of 13
Implementing Microsoft Exchange Hosted Services
Exercise 2
Changing an MX Record to Direct Inbound SMTP Messages
to the EHS Data Center Network
Scenario
In this exercise, you will modify your MX Domain Name System (DNS) record so messages sent to your
organization are first delivered to EHS.
Note: There are many methods for setting up and configuring an MX record, depending on how an organization
manages their DNS. This exercise shows one method for redirecting an MX record to send e-mail to the EHS data
center network. If your Internet service provider (ISP) is managing your DNS, you would need to contact your ISP
to make this change to your MX record.
When implementing EHS, the first step is to redirect SMTP messages to the EHS data center network, where
messages are processed to eliminate spam, viruses, and other unwanted content before continuing on to your
organization’s network.
Page 3 of 13
Implementing Microsoft Exchange Hosted Services
Exercise 3
Modifying a Firewall to Accept only Messages from EHS
Scenario
In this exercise, you will modify your organization’s firewall—in this case, Microsoft Internet Security and
Acceleration (ISA) Server—to only allow receipt of SMTP messages from EHS.
Note: This exercise focuses only on the steps for modifying Microsoft Internet Security and Acceleration (ISA)
Server. If your organization uses a different firewall product, you will need to consult its documentation for
instructions on performing these modifications.
The next step in implementing EHS is to ensure that only SMTP connections from the EHS data center are accepted.
This will protect your organization from rogue SMTP hosts trying to connect to your SMTP gateway, while
ensuring that all valid e-mail will be delivered from EHS.
Page 4 of 13
Implementing Microsoft Exchange Hosted Services
Exercise 4
Configuring Outbound E-Mail to Flow Through the EHS
Network
Scenario
In this exercise, you will modify your Exchange Server SMTP Connector to send all outbound e-mail to EHS. All
outbound e-mail will be scanned for viruses and any outbound policies, such as policies requiring encryption
between your organization and a partner organization.
When configuring your organization’s outbound Internet e-mail to be delivered to EHS and then relayed to the
recipient’s organization, you will allow all outbound messages to be scanned for viruses as well as conformity with
corporate e-mail policies.
Page 5 of 13
Implementing Microsoft Exchange Hosted Services
Exercise 5
Setting Up Password Policies and Administrative Privileges
in the EHS Admin Center
Scenario
Administrators have the option of imposing strict password policies for Spam Quarantine and Admin Center
accounts to comply with varying corporate password policies. In this exercise, you will set up password policies to
enable the organization’s administrators and end users to access the Admin Center and Spam Quarantine. You will
also add administrator accounts with varying privileges.
Your company has recently added new administrators to its IT staff and wants to grant them access to the EHS
Admin Center. While adding the new domain and administrators, you want to increase the security of your
information, so you will implement strong password policies by using the Admin Center password tool.
Page 6 of 13
Implementing Microsoft Exchange Hosted Services
Tasks Detailed Steps
box, type P@s$w0rd and then press ENTER.
j. In the Confirm Password text box, type P@ssw0rd and press ENTER.
k. Click Create Accounts.
Note: The Admin Center informs you of the number of accounts you are creating.
l. Click Proceed.
Note: The accounts are created.
3. Set full Note: In this procedure, you will give Rachel Valdez (whose account was added in a
administrative previous exercise) full administrative access to the entire Admin Center.
privileges a. On the Admin Center toolbar, select accounts.
b. In the Search text box, type rachel@contoso.com, press ENTER, and then click
Search.
c. In the Name section, type Rachel in the First Name text field, and then press
ENTER. Type Valdez in the Second Name text field, and then press ENTER.
d. Click the right scroll bar to scroll down the page, and then click Save Changes.
e. Click the right scroll bar, and then click Add Permissions.
f. In the Administrative Permissions section, click Company to set it as the
Target, and then on the Target drop-down menu, select Contoso.
g. Click the right scroll bar and then on the Section drop-down menu, select All
Standard Areas.
h. Under Privileges, select Full.
i. Click Save Permission.
j. Click the right scroll bar and then click Save Changes.
4. Set partial Note: In this procedure, you will give Maurice Taylor (whose account was added in a
administrative previous exercise) permissions to access and make changes to the domains area, while
privileges limiting him to read-only access elsewhere in the Admin Center.
a. On the Admin Center toolbar, select accounts.
b. In the Search text box, type maurice@contoso.com, press ENTER, and then click
Search.
c. In the Name section, click the First Name text field, type Maurice and then press
ENTER. Type Taylor in the Second Name text field, and then press ENTER.
d. Click the right scroll bar and then click Save Changes.
e. Click the right scroll bar and then click Add Permissions.
f. In the Administrative Permissions section, click Company to set it as the
Target, and then on the Target drop-down menu, select Contoso.
g. Click the right scroll bar and then on the Section drop-down menu, select
Domains Area.
h. Under Privileges, select Full.
i. Click Save Permission.
Note: Notice that the new permission set shows under Administrative Permissions.
j. Click the right scroll bar and then click Add Permissions.
k. In the Administrative Permissions section, click Company to set it as the
Target, and then on the Target drop-down menu, select Contoso.
l. Click the right scroll bar and then on the Section drop-down menu, select All
Standard Areas.
m. Under Privileges, verify that Read-Only is selected.
Page 7 of 13
Implementing Microsoft Exchange Hosted Services
Tasks Detailed Steps
n. Click Save Permission.
o. Click the right scroll bar and then click Save Changes.
p. Click LOGOUT.
Note: If you are using the Spam Quarantine option to manage your spam and want the
newly created administrators to help manage Spam Quarantine user accounts, you
must add Spam Quarantine/Quarantine as an additional permission.
If you are using Directory Services, you must also add the Directory Service
permission to be able to add and manage Directory Services users.
You can give each of your new administrators read-only access, or read and write
(full) access. You can also restrict permissions by selecting None
q. On the Lab navigation menu, in the lower-right area of the screen, click 6 to
continue to the next exercise.
Page 8 of 13
Implementing Microsoft Exchange Hosted Services
Exercise 6
Setting Up Envelope Journaling to Capture Internal E-Mail
for EHA
Scenario
Envelope journaling is a Microsoft Exchange journaling enhancement that provides e-mail archiving solutions with
the opportunity to identify Blind Carbon Copy (Bcc) and distribution list recipients of any e-mail message.
In this exercise, you will configure envelope journaling on your Exchange messaging system to capture messages
between users within your Exchange organization.
Woodgrove Bank wants to archive all messages sent to and received from the Internet. The company also wants to
archive messages sent between users within the organization. You will achieve this by using the envelope journaling
feature provided in Exchange Server 2007. This will involve the following procedures:
• Create a new mailbox store on the primary or another Exchange server.
• Create a Microsoft Active Directory® contact with an external SMTP e-mail address.
• Create an Active Directory user with a local mailbox in the new mailbox store created in step 1.
• Create a server-side Exchange rule on the mailbox of the Active Directory user created in step 3. The rule
will forward each message to the Active Directory contact created in step 2 and will then move each
message to the Deleted Items folder.
• Configure Mailbox Manager to housekeep that local mailbox.
• Enable standard journaling on the primary mailbox store(s), journaling all mail into the mailbox of the
Active Directory user created in step 3.
• Enable envelope journaling.
Page 9 of 13
Implementing Microsoft Exchange Hosted Services
Tasks Detailed Steps
been modified for the purpose of this simulation.
i. Click OK to the message reporting that the store was successfully mounted.
j. Close Exchange System Manager.
2. Create an Active a. Click Start and then click Active Directory Users and Computers.
Directory contact b. Under nwtraders.msft, click Users, click New, and then click Contact.
named Journal
Note: Normally, this action would be executed with a right-click; however, this has
RemoteContact been modified for the purpose of this simulation.
c. Click the First name text box, type Journal and then press ENTER.
d. In the Last name text box, type RemoteContact and then press ENTER.
e. Click the Display name text box, type Journal RemoteContact and then press
ENTER.
f. Click Next.
g. On the New Object – Contact page, click Modify.
h. In the New E-mail Address dialog box, click SMTP Address and then click OK.
i. In the E-mail address field, type
copy.demo0041@archive.message.frontbridge.com, press ENTER, and then
click OK.
j. Verify that the appropriate SMTP address is shown in the E-mail field, click Next,
and then click Finish to create the contact.
3. Create an Active a. Under nwtraders.msft, click the Users OU, click New, and then click User.
Directory user named Note: Normally, this action would be executed with a right-click; however, this has
Journal LocalUser been modified for the purpose of this simulation.
b. Click the First name text box, type Journal and then press ENTER.
c. In the Last name text box, type LocalUser and then press ENTER.
d. In the User logon name text box, type Journal LocalUser and then press ENTER
and click Next.
e. In the Password text box, type P@ssw0rd and then press ENTER.
f. In the Confirm Password text box, type P@ssw0rd and then press ENTER.
g. Clear the User must change password at next logon check box, and then click
Next.
h. Verify that the Create an Exchange mailbox check box is selected.
i. Click the Mailbox Store drop-down list, click EnvelopeJournal/Journaling
Mailbox Store, and then click Next.
j. Click Finish to create the new user.
k. Close Active Directory Users and Computers.
4. Create a server-side Note: On the new mailbox of the Journal LocalUser you just created, you need to
Exchange rule create a mailbox rule on a client workstation that has Microsoft Office Outlook® 2003
installed and is configured for Journal LocalUser. The mailbox rule does the
following:
• Forwards a copy of each message to the offsite Microsoft Exchange Hosted
Archive.
• Moves each message from the Inbox to the Deleted Items folder for proper
housekeeping (pruning).
a. The video will automatically switch to a Microsoft Windows XP workstation and
log on as Journal LocalUser.
b. Click Start and then click E-Mail.
Page 10 of 13
Implementing Microsoft Exchange Hosted Services
Tasks Detailed Steps
c. On the menu bar, click Tools and then click Rules and Alerts.
d. On the E-mail Rules tab, click New Rule.
e. At the top of the Rules Wizard dialog box, click Start from a blank rule and then
click Next.
Note: In the Which condition(s) do you want to check? dialog box, do not select any
conditions from the list. You deliberately want to create a rule that fires on all
conditions.
f. Click Next.
g. Because a rule that applies to every message is unusual, Outlook will prompt you
for confirmation. Click Yes.
h. In the Rules Wizard dialog box, click the forward it to people or a distribution
list check box.
i. In the Step 2: Edit the rule description (click an underlined value) text box,
click the underlined people or distribution list link.
j. Double-click Journal RemoteContact and then click OK.
k. Click the Move it to the specified folder check box.
l. In the Step 2: Edit the rule description (click an underlined value) text box,
click the specified link.
m. Click the Deleted Items folder, click OK, and then click Next twice.
n. Verify that Journal RemoteContact is entered in the Specify a name for this
rule text box, and that the Turn on this rule check box is selected, and then click
Finish.
o. Click OK to close the Rules and Alerts window.
p. Close Outlook.
q. The video display will automatically switch back to the Windows Server 2003
server.
5. Configure Mailbox Note: The Deleted Items folder of the Journal LocalUser mailbox may grow beyond
Manager to maintain manageability unless you implement some maintenance. You can configure Mailbox
the journal mailbox Manager to keep the mailbox under control.
a. Click Start and then click System Manager.
b. Expand Recipients.
c. Click Recipient Policies, click New, and then click Recipient Policy.
Note: Normally, this action would be executed with a right-click; however, this has
been modified for the purpose of this simulation.
d. In the New Policy dialog box, click the Mailbox Manager Settings check box,
and then click OK.
e. Click in the Name text box, type Journal Mailbox Maintenance Rule, press
ENTER, and then click Modify.
f. In the Find Exchange Recipients dialog box, leave all of the check boxes on the
General tab clear except for the check box labeled Users with Exchange
mailbox.
g. Click the Storage tab, click Mailboxes in this mailbox store, and then click
Browse.
h. In the Enter the object name to select field, type Journaling Mailbox Store and
then press ENTER.
i. Click OK.
j. Click the Advanced tab, click the Field drop-down list, click User, and then click
Page 11 of 13
Implementing Microsoft Exchange Hosted Services
Tasks Detailed Steps
Display Name.
k. In the Value text box, type Jou and then press ENTER.
l. Click Find Now.
m. In the Find in the Directory window, click Yes.
n. Notice that only one user named Journal LocalUser is in the Search results
window, and then click OK.
Note: The recipient policy should resolve to exactly one mailbox: the one you created
for Journal LocalUser.
o. In Exchange System Manager notification, click OK.
p. Click the Mailbox Manager Settings (Policy) tab.
q. In the list of folders, clear the check boxes for all for the following folders:
Inbox
Sent Items
Calendar
Tasks
Journal
Contacts
Notes
System Cleanup
r. Click the When processing a mailbox drop-down list and then click Delete
Immediately.
s. In the Folder column, clear the All Other Mail Folders check box.
t. In the folder list, click Deleted Items and then click Edit.
u. In the Folder Retention Settings dialog box, clear the check box for Message
Size (KB).
v. Leave the Age Limit (Days) text field set at 30.
Note: The default policy is to purge messages that have been in the Deleted Items
folder for 30 days. If you do not have adequate storage to hold 30 days worth of e-
mail, you might want to consider decreasing the age limit. You are encouraged to keep
a full 30 days of e-mail, but if that is not possible, keep at least 7 days.
w. Click OK.
x. In the Properties dialog box, click OK.
y. Expand Administrative Groups, expand First Administrative Group, and then
expand the Servers.
z. Click EXBE01 and then click Properties.
Note: Normally, this action would be executed with a right-click; however, this has
been modified for the purpose of this simulation.
aa. In the Properties dialog box, click the Mailbox Management tab.
bb. Click the Start mailbox management process drop-down list and then click Run
Saturday at Midnight.
cc. Click OK in the Properties dialog box to save your Mailbox Manager schedule.
6. Enable standard a. Expand First Storage Group, click Mailbox Store, and then click Properties.
journaling Note: Normally, this action would be executed with a right-click; however, this has
been modified for the purpose of this simulation.
b. In the Properties dialog box, click the Archive all messages sent or received by
Page 12 of 13
Implementing Microsoft Exchange Hosted Services
Tasks Detailed Steps
the mailboxes on this store check box, and then click Browse.
c. In the Enter the object name to select field, type Journal Loc, press ENTER,
and then click Check Names. This should validate your entry.
d. Click OK.
e. Click Apply and then click OK to save your settings and close the Properties
dialog box.
f. Close Exchange System Manager.
Note: Normal journaling is now enabled. Copies of messages will be sent to the
Exchange Hosted Archive, but they will be in standard format, not in envelope journal
format.
7. Enable envelope Note: Previously the Exchange Email Journaling Advance Configuration (exejcfg)
journaling tool was installed on the server. The tool was installed to the C:\EXejcfg folder. After
you open the command prompt, the video presentation will demonstrate how this tool
executes to enable the Email Journaling Advanced Configuration feature.
a. Click Start and then click Command Prompt.
Note: Your environment is now fully configured to send envelope journal–formatted
messages to the Exchange Hosted Archive.
b. On the Lab navigation menu, in the lower-right area of the screen, click EXIT to
return to the Lab 1 menu.
c. In the upper-right corner, click Lab 2 to begin the Lab 2 exercises.
Page 13 of 13