Transitioning to Forefront Online Protection for Exchange (FOPE) (Part 5)
If you would like to read the other parts in this article series please go to:
So far in our series we went over the basic components to build the Forefront Online Protection for Exchange (FOPE) solution that supports a transition. At this point of the series, we have achieved the following key tasks of our deployment: outbound and inbound traffic going through FOPE, enabled Directory Synchronization, configured basic security, managed reporting features and a couple of other items.
In this article we are going to deploy one of the best features of the FOPE solution, which is the spam quarantine. In addition we will also touch some other features that will improve your administration experience.
On the main page of any given domain (click Administration, Domains and then the desired domain) we will have the section Domain Settings which provides some interesting features. The first section (Preferences) has localization settings but the section that is interesting is the Domain Services section, click Edit (Figure 01).
In the new dialog box (Figure 02) the administrator can manage the spam filtering and policy filtering of a domain. It is highly recommended to keep both Enabled. One cool thing is that we cannot disable the virus filtering and it is always on.
Depending on your company size you may have to provide Audit information for your critical services and FOPE may be one item in the list. If that is the case don’t worry because FOPE has a built-in feature called Audit Trail that logs all information, such as: access, creation, deletion, updates, and bulk uploads objects.
In order to use the Audit Trail feature, click the Information tab and then Audit Trail. The new page will be similar to Figure 03. The information is going to be user e-mail, domain (if applicable), activity, and date and time of the action.
We can narrow down the results by clicking any of the items of the Views section. Also, we can narrow down the results by defining an initial and final date in the Date Range section.
Another cool feature is that, depending on the context that you are in the FOPE Admin Console, you will see a Track Changes option on the Tasks section. In Figure 04, we are in the user properties and when we click on Track Changes the Audit Trail page will open automatically as expected, however with the search parameters configured to any changes related to that user and the same applies to any other object. If you need to find out who messed up your CIO account for example, just open his user and click on Track Changes.
Using FOPE the administrator can configure several types of notifications such as inbound/Outbound Virus Admin, Deferral, Virus Sender, Inbound Virus recipient and spam quarantine. The Notifications will always show up on the left side at the Domain level configuration.
They are all similar to configure but in order to check the notification we can work on one of the most important - the deferral notification. This notification is critical for us messaging administrations and we should always keep a close eye on this event especially when we are using a cloud service like FOPE. As you may remember from previous articles, we do have reports that provide historical information, however we should be the first ones to be notified in case anything happens. To do that you should enable referrals by clicking Activate (as shown in Figure 05).
On the new page (Figure 06), we can define the number of referrals before triggering the notification. In our case, 10 was the defined number and the last step is to configure an e-mail to send the message. Since we are talking about deferral, we must use an e-mail address different from the one being managed by FOPE.
It’s important to keep an eye on the e-mail address defined in this section. A best practice is to keep that e-mail configured on your smartphone to be the first one to receive the message in case of a higher number of deferrals.
FOPE is a natural spam killer and according to FOPE documentation by default the service will protect your organization with 98% accuracy against spammers. However the administrator can use FOPE features and allow a way to check those messages and see if there are any false-positives (messages that were identified as spam but aren’t).
When the topic is SPAM, FOPE can use up to 4 (four) different methods, as follows:
- Spam Quarantine: All messages identified as spam are stored for up to 15 days and the user has access through https://quarantine.messaging.microsoft.com.
- Modifying the header of the message: Then you can use Transport Rules or Outlook rules to deal with the message
- Redirect to a mailbox: Move all spam to a mailbox and then sort out what is not spam and forward to the user.
- Modify the subject of the message: Similar to the header, however the change is on the subject and from there the user have visual information that is spam.
It is most likely that all messages will be spam, and wasting time of end-users or having an administrator checking all messages seems a little bit too much in my opinion.
All spam configurations are done at domain level, which means that when logged on the FOPE Admin Console click the Administration tab, click Domains and from the list click on the desired domain. On the main administration page of the domain, click the Edit link located in the Service Settings section then Spam action. In the new box that is displayed we can decide how the domain will deal with spam, and in our case it is Spam Quarantine and then click Save, as shown in Figure 07.
After the configuration is applied and replicated to FOPE servers, all spam messages will be delivered to that special location for each user.
Our next step is to enable the spam quarantine feature to all users and we do that on the same domain main page. Let’s click Edit in the Quarantine section. In the dialog box that comes up (Figure 08), we can enable users to access the quarantine by clicking Allow user access and allow a hyperlink to be displayed on the same quarantine page to download an add-in for Outlook where users can report spam directly from their Outlook.
The second section of this box is the Policy Quarantine where we can allow users to see messages that were quarantined. When end-users have the ability to see policy quarantine messages, we can define if they can release and download attachments.
The last section is the false positive submission copy. By default when the end-user clicks Not Junk the message will go to the abuse team of FOPE services and if we add an e-mail address on that field we will receive a copy of the submission on that e-mail address.
It’s all good and our users are able to access their quarantine, however you don’t want to send a message to all users to connect to Microsoft’s site to check their spam, right? The first reason is that after 1 week 95% of the people won’t even remember your initial message explaining the feature.
In order to enable notification, we should go to the bottom of the desired domain page, and then click Activate located in the Notifications section, and Spam Quarantine Notification subsection. In the new dialog box, we can define which format will be our spam messages (HTML or Text) and the notification interval (minimum 3 days and maximum 14 days).
We can go one-step further and customize the message to end-users by clicking Custom Settings on the Notification e-mail section. After deciding about your parameters click Save, as shown in Figure 09.
We are all set from the FOPE perspective relevant to spam quarantine, now it’s time to understand the end-user experience with FOPE.
Spam Quarantine User Experience…
The beauty of FOPE is that it has a database with all our company users and their respective addresses and it makes it easier to set up passwords in FOPE in case they need it without the administrator intervention.
My favorite feature, and I bet that is going to be in your top 3 features of the product, is the notification message that the end-users will receive (Figure 10).
The user can also go to the quarantine page and reset/initialize his password. After logging on, the end-user will have a list with all spam as shown in figure 11. From that page, the user has the similar options when using a regular OWA.
In this article we went over the spam quarantine capabilities provided by FOPE, we also checked Audit Trail and Domain Settings page.
If you would like to read the other parts in this article series please go to: