When it comes to messaging and Exchange, I’m always interested in new features or new innovations. Office 365’s Exchange Online is no different. Microsoft is constantly improving and experimenting with new features. Recently these new features were added to Office 365:
- Exchange Online Advanced Threat Protection
- NDR backscatter protection
- Quarantine Message Body Preview
- Removal of support for RC4 cipher algorithm for TLS in Exchange Online
- Save to OneDrive for Business
I wanted to write about these features as they because there was more of a focus on SPAM protection in these releases. As many engineers know, fighting SPAM is continual process with no silver bullet and it require continual efforts to keep inbound messages clean. In this vein I will cover the first three features in the above list.
Exchange Online Advanced Threat Protection
Advanced Threat Protection (ATP). Spam has always been an annoyance when it comes to email. Something SPAM because more than that. With the introduction of malware and bad links, SPAM can be potentially damaging and costly when it comes to lost productivity, cleanup and possibly worse with the advent of cryptolocker type malware. This is where ATP comes into play. Think of ATP as a testing ground for malware and bad links that is used by Microsoft to clean out these even worse forms of SPAM.
How does it work? Emails, when passed through this filter, are placed in a sandbox environment in order to test out software and or URL links present in the emails. ATP performs various tests and if the email passes, the email is delivered normally. If, however, the email fails the ATP tests, the email is deleted and not delivered. Thus keeping the end user safe.
For the administrator, there are PowerShell cmdlets available that enable you to make changes to the ATP configuration. See this blog post by fellow Exchange MVP Brian Reid.
ATP is not a perfect solution, as any new innovation is. The potential is great but so is the reliance on software to weed out the bad for the human at the other end. ATP should be enabled as another layer of protection. End users should also be trained in how to detect SPAM, Malware and bad URL links. These together would greatly reduce the security issues seen with emails today.
Per Microsoft “Starting June 1, 2015 you will be able to order ATP through MOSP. You can also purchase ATP through Volume Licensing and Cloud Solution Partners starting August 1, 2015. At launch, Exchange Online ATP is only available to Office 365 commercial and multi-tenant Government (Government Pricing) customers. For Education, Government Community Cloud (GCC), and Nonprofit customers, ATP will be made available at a later date.” SOURCE
NDR backscatter protection
A quick read on this feature can be found here. Again this is a feature that Microsoft is releasing to further enhance an end user’s protection against what is essentially a flood of useless crap in your Inbox. It does this by preventing a slew of NDR messages from landing in your Inbox that may have been generated by a spammer using your email address as cover. The NDRs would come from bad destination SMTP addresses that caused the NDRs to be generated and sent back to you instead of the spammer. This works hand in hand with their Boomerang technology that was released to help with the NDRs being marked as SPAM. In this case the first few will make it through or be marked as SPAM and the rest will be deleted once the storm is detected. Thus keeping your Inbox and Junk Mail folders / Quarantine’s clean from these annoying messages. The feature prevents your Inbox from becoming completely useless.
Quarantine Message Body Preview
Simply put, this feature allows the end user to see more of the message, specifically the message body, to determine if a message is legitimate or SPAM. This is done in the user’s quarantine and is done without triggering malicious content that may be in the message. Microsoft apparently received lots of feedback on this and made an investment in adding this functionality for the end user.
Removal of support for RC4 cipher algorithm for TLS in Exchange Online
Why is removing a cipher in TLS a good thing? Due to the ever changing landscape when it comes to securing servers with certificates, cipher security is ever evolving. Qualys provides a good description of the RC4 cipher issue that Microsoft is trying to resolve with its removal from Office 365. See their link HERE.
I find this a sign that Microsoft is indeed paying attention to the security landscape and is taking steps to provide a more secure environment for their user base n the cloud.
Lastly, here is the Microsoft article on the advisory to disable RC4 – Security Advisory 2868725: Recommendation to disable RC4
Microsoft has posted information for those with Exchange On-premises Exchange to follow the same advice:
TLS Best Practices
Save to OneDrive for Business
As a user of One Drive for Personal and Business use, I can see how this feature will be useful to those with Business accounts. For business I use my One Drive as a sharing point for client data while working on a project. Some of the files will be shared internally with my team while others will be shared outside the team and with the client for their own team to go through. Putting documents hear as part of a work process while in the document will certainly take a step out of the sharing process making it quicker and easier to put those documents there to be reviewed at a later date or even at the same time with other users of One Drive.
This new enhancement just makes the process easier while in OWA for Office 365. Sharing documents or just being mobile with your own documents, has been made easier now.
More on ATP
Brian Reid on ATP
Saving to One Drive for Business
TLS Best Practices