Microsoft 365 | Planning and configuring Exchange Online services




View Post: 269 người truy cập bài viết
Tags :

Lab A: Configuring message transport in Exchange Online

Exercise 1: Configuring message-transport settings

Task 1: Create a custom send and receive connector to enforce TLS

  1. On LON-CL1, on the taskbar, select Microsoft Edge.
  2. In Microsoft Edge, in the search box, type https://portal.office.com, and press Enter.
  3. At the login page, sign in as [email protected], where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
  4. To open the Office 365 admin center, select Admin.
  5. In the Microsoft 365 admin center, on menu on the left, in Admin centers, select Exchange.
  6. In the Exchange admin center, select mail flow, and then select connectors.
  7. Select New.
  8. On the Select your mail flow scenario page, in the From box, select Office 365.
  9. In the To box, select Partner organization, and then select Next.
  10. On the New connector page, in the Name box, type Humongous Insurance Outgoing, and then select Next.
  11. Select Only when email messages are sent to these domains, and then select Add.
  12. On the add domain page, type humongousinsurance.com, select OK, and then select Next.
  13. Select Use the MX record associated with the partner’s domain, and then select Next.
  14. Select the Always use Transport Layer Security (TLS) to secure the connection check box, select Issued by a trusted certificate authority (CA), and then select Next.
  15. On the Confirm your settings page, select Next.
  16. On the Validate this connector page, select Add.
  17. In the Send the test email to the address box, type [email protected], select OK, and then select Validate.
  18. Wait while validation completes, and then select Close.
  19. On the Validation Result page, select Save.
  20. In the Warning window, select Yes.

Note: Validation of mail flow will fail because the connector is to a fictitious organization. This is expected behavior for this lab.

  1. In the Exchange admin center, on the connectors tab, select New.
  2. On the Select your mail flow scenario page, in the From box, select Partner organization.
  3. In the To box, select Office 365, and then select Next.
  4. On the New connector page, in the Name box, type Humongous Insurance Incoming, and then select Next.
  5. Select Use the sender’s domain, and then select Next.
  6. Select Add, type humongousinsurance.com, select OK, and then select Next.
  7. Select the Reject email messages if they aren’t sent over TLS check box, and then select Next.
  8. On the Confirm your settings page, select Save.

Task 2: Create transport rules

  1. On LON-CL1, in the Exchange admin center page, select rules.
  2. Select New, and then select Apply disclaimers.
  3. In the new rule window, in the Name box, type A. Datum Disclaimer.
  4. In the Apply this rule if box, select The recipient is located, select Outside the organization, and then select OK.
  5. Select Enter text.
  6. In the specify disclaimer text window, type <HR> If you are not the intended recipient of this message, you must delete it. and then select OK.
  7. Select Select one.
  8. In the specify fallback action window, select Wrap, and then select OK.
  9. In the new rule window, select Save.
  10. If the Warning window appears, select Yes.
  11. In Exchange admin center, select New, and then select Send messages to a moderator.
  12. In the new rule window, in the Name box, type Moderate Project Team.
  13. In the Apply the rule if box, select The recipient is a member of, in the Select Members window, select Project Team, select add, and then select OK.
  14. In the Do the following box, select Forward the message for approval to, select Beth Burke, select add, and then select OK.
  15. In the new rule window, select Save.
  16. On LON-CL2, on the taskbar, select Microsoft Edge.
  17. In Microsoft Edge, in the search box, type https://portal.office.com, and then press Enter.
  18. Sign in as [email protected], where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
  19. In Office 365, select Outlook.
  20. In the Mail window, select New.
  21. In the To field, type [email protected], where [email protected] is the Microsoft account that you configured at the beginning of this course.
  22. In the Subject field, type Disclaimer Test.
  23. In the message body, type This message will have a disclaimer, and then select Send.
  24. Sign in to Outlook.com, and then verify that the message has the disclaimer If you are not the intended recipient of this message, you must delete it added at the end of the message body. If the message is not in the Inbox, check the Junk folder.
  25. In the Mail window in which you are signed is as Francisco, select New.
  26. In the To field, type Cai.
  27. In the Subject field, type Moderation Test.
  28. In the message body, type This message requires approval by Beth, and then select Send.
  29. On LON-CL1, select Start, type Outlook, and then select Outlook.
  30. Type [email protected], replacing yyxxxxx with your unique Adatum number, and the password you created in Module 1 in the Windows Security dialog box.
  31. In Outlook, read the approval request, and then select Approve.
  32. Close Outlook.

Task 3: Create a journal rule for members of the research department

  1. On LON-CL1, in the Exchange admin center, select compliance management, select journal rules, and then select Select address.
  2. In the non-delivery reports window, select Browse, select Beth Burke, select OK, and then select Save.
  3. In the Warning window, select OK.
  4. Select New.
  5. In the new journal rule window, in the Send journal reports to box, type [email protected].
  6. In the Name box, type Operations Messages.
  7. In the If the message is sent to or received from box, select A specific user or group, select Operations, select add, and then select OK.

Note: If Operations doesn’t show up in the list, type [email protected] in the box next to Check names and then select Check names.

  1. In the Journal the following messages box, select All messages, and then select Save.

Task 4: Track internal and external message delivery

  1. On LON-CL1, in the Exchange admin center, select mail flow, and then select message trace.
  2. Review the available search options, and then select search.
  3. In the Message Trace results window, double-click the message sent to [email protected].
  4. Review the information in the message, including the message events that show that the disclaimer was applied.
  5. Select Close.
  6. Double-click the message sent from Francisco to Cai.
  7. Review the information in the message, including that the message was sent for moderation.
  8. Select Close.
  9. In the Message Trace Results window, select Close.

Result: After completing the exercise, you will have configured message-transport settings.

Lab B: Configuring email protection and client policies

Exercise 1: Configuring email protection

Task 1: Configure the malware filter

  1. On LON-CL1, in the Exchange admin center, select protection, and then select malware filter.
  2. Select Default, and then select Edit.
  3. In the Default window, select settings.
  4. Under Notifications, select the Notify internal senders check box.
  5. Select the Notify administrator about undelivered messages from internal senders check box.
  6. In the Administrator email address box, type [email protected], replacing yyxxxxx with your unique Adatum number.
  7. Select the Notify administrator about undelivered messages from external senders check box.
  8. In the Administrator email address box, type [email protected], replacing yyxxxxx with your unique Adatum number, and then select Save.

Task 2: Configure the connection filter

  1. On LON-CL1, in the Exchange admin center, select connection filter.
  2. Select Default, and then select Edit.
  3. In the Default window, select connection filtering.
  4. Under IP Block list, select Add.
  5. In the add blocked IP address window, type 192.168.0.0/24, and then select OK.
  6. Select the Enable safe list check box, and then select Save.

Task 3: Configure the spam filter

  1. On LON-CL1, in the Exchange admin center, select spam filter.
  2. Select Default, and then select Edit.
  3. In the Default window, select spam and bulk actions.
  4. In the High confidence spam box, select Quarantine message, and then select Save.
  5. Select New.
  6. In the new spam filter policy window, in the Name box, type Sales spam policy.
  7. In the Spam box, select Prepend subject line with text.
  8. In the High confidence spam box, select Move message to Junk Email folder.
  9. In the Prepend subject line with this text box, type Junk:.
  10. Scroll to the bottom of the window, and under Applied To, in the If box, select The recipient is a member of.
  11. In the Select Members window, next to Check names, enter [email protected], replacing yyxxxxx with your unique Adatum number, select Check names, and then select OK.
  12. Select Save.

Task 4: Test the spam-filter settings (optional)

  1. In a new Edge window, sign in to Outlook.com using the Microsoft account you created for this course.
  2. Create a new message to send to [email protected], where yyxxxxx is your unique Adatum number.
  3. In the body of the message, include the text XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X, and then send the message.
  4. Create a new message to send to [email protected], where yyxxxxx is your unique Adatum number.
  5. In the body of the message, include the text XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X, and then send the message.
  6. On LON-CL1, in the Exchange admin center, select protection, and then select quarantine.In the quarantine notice, select Quarantine page.
  7. Verify that the message sent to Francisco is in quarantine, but the message sent to Kendra is not.
  8. Select the message sent to Francisco, select Release Message, and then select Release messages to ALL recipients. Select Release messages.
  9. In the message window, select Done.
  10. When processing is complete, select Close and then close the Office 365 Security & Compliance center.
  11. On LON-CL2, in Outlook on the web, verify that the message was delivered.

Task 5: Enable Advanced Threat Protection

  1. Switch to LON-CL1.
  2. In Exchange admin center, select advanced threats, and then select safe attachments.
  3. Select New.
  4. In the new safe attachments policy window, in the Name box, type Sales policy.
  5. Under Safe attachments unknown malware response, select Replace – Block the attachments with detected malware, continue to deliver the message.
  6. Below Applied To in the If… box, select The recipient is a member of.
  7. In the Select Members window, next to Check names enter [email protected], replacing yyxxxxx with your unique Adatum number, select Check names, select add, and then select OK.
  8. In the new safe attachments policy window, select Save.
  9. In the Warning window, select OK.

Result: After completing this exercise, you should have configured anti-spam and antivirus settings.

Exercise 2: Configuring client access policies

Task 1: Configure an Outlook Web App policy

  1. On LON-CL1, in the Exchange admin center, select permissions, and then select Outlook Web App policies.
  2. Select New.
  3. In the new Outlook Web App mailbox policy window, in the Policy name box, type Limited features.
  4. Clear the following check boxes:
    • Instant messaging
    • Text messaging
    • Unified messaging
    • LinkedIn contact sync
    • Journaling
  5. Under Private computer or OWA for devices, clear the Direct file access check box, and then select Save.
  6. Select recipients, select mailboxes, select Kendra Sexton, and then select Edit.
  7. In the Kendra Sexton window, select mailbox features.
  8. Under Email Connectivity, select View details.
  9. In the Outlook Web App mailbox policy window, select Browse, select Limited features, select OK, and then select Save.
  10. In the Kendra Sexton window, select Save.
  11. On LON-CL1, select Start, type Outlook and then select Outlook. If prompted, type [email protected], replacing yyxxxxx with your unique Adatum number, and the password you created in Module 1 in the Windows Security dialog box.
  12. Select New Email.
  13. In the new email window, in the To box, type [email protected], replacing yyxxxxx with your unique Adatum number, and then select Check Names.
  14. In the Subject box, type Attachment Test.
  15. In the ribbon, select Attach File, and then select Browse This PC.
  16. In the Insert File window, browse to C:\Windows\Logs\DISM, select dism, and then select Insert.
  17. Select Send.
  18. On LON-CL2, in Outlook on the web, sign out, and then sign in again as [email protected], where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
  19. On the Outlook page, select your time zone and select Save.
  20. Read the new Attachment Test message.
  21. Select the message attachment.
  22. Select OK to close the message, indicating that you do not have permission to download files.

Note: In some cases, it may take a few minutes for the new Outlook Web App mailbox policy to take effect. Until it takes affect, you can save the attachment.

Task 2: Configure device access using client access rules

  1. On LON-CL1, select Start and type PowerShell
  2. Right-click Windows PowerShell and select Run as administrator.
  3. In the User Account Control dialog, provide the following credentials:
    • User name: Administrator
    • Password: Pa55w.rd

Note: You can copy and paste these commands into the virtual machine.

  1. In the Windows PowerShell window, type the following command, and then press Enter:

$credential = Get-Credential

  1. In the Enter Credentials dialog box, in the User name box, type [email protected], replacing yyxxxxx with your unique Adatum number.

Note: You assigned Olivia to the Organization Management role group in the previous module.

  1. In the Password box, type the password you created in Module 1, and then select OK.
  2. Type the following command, and then press Enter:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $credential -Authentication Basic -AllowRedirection

Type the following command, and then press Enter:

Import-PSSession $Session

Type the following command press Enter, press Y, then press Enter:

New-ClientAccessRule -Name “Block ActiveSync” -Action DenyAccess -AnyOfProtocols ExchangeActiveSync -ExceptAnyOfClientIPAddressesOrRanges 192.168.10.1/24

 

Test the client access rule

  1. Type the following command, replacing yyxxxxx with your unique Adatum number, and then press Enter:

Test-ClientAccessRule  -User [email protected] -AuthenticationType BasicAuthentication -Protocol ExchangeActiveSync -RemoteAddress 192.168.10.10 -RemotePort 443

 

The command should return the client access rule you created earlier.

Type the following command, replacing yyxxxxx with your unique Adatum number, and then press Enter:

 

Test-ClientAccessRule  -User [email protected] -AuthenticationType BasicAuthentication -Protocol OutlookWebApp -RemoteAddress 172.17.17.26 -RemotePort 443

 

The command should return nothing, because the parameters do not match the client access rule.

 

Task 3: Configure mobile-device access

  1. On LON-CL1, in the Exchange admin center, select mobile, and then select mobile device access.
  2. Select edit.
  3. In the Exchange ActiveSync access settings window, select Quarantine – Let me decide to block or allow later.
  4. Under Quarantine Notification Email Messages, select Add, select Beth Burke, select add, and then select OK.
  5. In the Exchange ActiveSync access settings window, select Save.

 

Task 4: Configure a mailbox policy for mobile devices

  1. On LON-CL1, in the Exchange admin center, on the mobile menu, select mobile device mailbox policies.
  2. Select Default (default), and then select Edit.
  3. In the Default window, select security, and then select the Require a password check box.
  4. Select the Allow simple passwords check box.
  5. Select the Minimum password length check box, enter a value of 4, and then select Save.

Task 5: Validate mobile-device management policies (optional)

  1. On your mobile device, add a new ActiveSync account for Francisco Chaves.
  2. If Autodiscover does not detect the server name, enter outlook.office365.com.
  3. Your device will be placed into quarantine, and you must approve the device before you can send and receive messages.
  4. After you configure the Exchange ActiveSync account, the security settings from the mobile-device mailbox policy will apply, and you may be prompted to create a password on your device.
  5. When you finish your testing, you can delete the account from your mobile device.
  6. Leave the virtual machines running for the next lab.

Result: After completing this exercise, you should have configured client access policies.

5 1 vote
Article Rating
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments