Wednesday 7 July 2010

OWN Partners – Enable Encryption Policy Management For Existing ExchangeDefender Subscribers

As an ExchangeDefender Service Provider, we need to enable encryption policy management in the ExchangeDefender client admin portal:

image

  • Encryption: Disabled

This setting enables an admin Web page for adding, removing, and managing existing encryption policies for individual e-mail addresses or e-mail domains.

Once enabled in the admin portal either our client or we will see:

image

ExchangeDefender Encryption Policies can be defined based on the following criteria:

  1. Sender’s e-mail address
    • All e-mail sent by this user will be encrypted by default.
  2. Sender’s e-mail domain
    • All e-mail sent from this particular e-mail domain will be encrypted by default.
  3. recipient’s e-mail address
    • All e-mail sent to this recipient will be encrypted by default.
  4. Recipient’s e-mail domain
    • All e-mail sent to this e-mail domain will be encrypted by default.

By enabling default encryption policies, users save time since they will not need to place the [Encrypt] tag in the subject line each time they need to send a confidential or sensitive e-mail out to the same recipients.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

4 comments:

Dana Epp said...

Just to be clear, the email will NOT be encrypted until it arrives at ExchangeDefender. Which means it will still be clear text on the local LAN to the local Exchange server, and then clear text from your Exchange server over the Internet to ExchangeDefender, unless you force TLS security between servers.

Philip Elder Cluster MVP said...

Dana,

Yes, there is indeed an assumption that there will be no listening parties between the source server and ExchangeDefender's servers.

Thanks for that clarification!

Now to see if we can get a TLS based connection between the two to eliminate this loophole.

Philip

jgsa said...

Philip, did you ever get the TLS connection to work with OWN? We are looking into this currently and can't find much documentation on it.

Philip Elder Cluster MVP said...

jgsa,

We have not changed our configurations, but iirc the folks at OWN did mention that TLS is a part of their setup.

Philip