5 Security and Compliance Improvements with Exchange 2013 SP1

Microsoft released service pack 1 (SP1) for Exchange Server 2013 in February, ahead of the Microsoft Exchange Conference (MEC) in Austin, Texas. Many companies refuse to consider upgrading before the release of SP1, when it’s believed the product is finally “finished”, while other organizations are moving to subscription services such as Microsoft Office 365 to avoid the whole upgrade cycle.

In any case, Exchange 2013 SP1 brings with it the usual bug fixes and performance improvements, but it also includes new features and functionality, many of which will have an impact on the security and compliance aspects of Exchange organizations, both for on-premises and cloud deployments. Here’s a list of some of the top new features to be aware of, whether you’re using Exchange 2013 now or considering an upgrade.

1. Support for Windows Server 2012 R2. With the release of Exchange 2013 SP1, it’s finally supported to run Exchange 2013 on the latest release of Windows Server. Although this isn’t directly a security upgrade to Exchange, it lets you take advantage of the many security enhancements and new features made available with Windows Server 2012 R2. For a list of what you can expect, take a look at the Microsoft TechNet article, “Security and Protection.” Windows 2012 R2 also includes many improvements in Hyper-V virtualization, which will be of interest if you choose to run Exchange in a virtual environment. In addition to this Exchange 2013 SP1 update, Exchange 2010 and Exchange 2007 also received updates to provide compatibility with Windows 2012 R2; check the Exchange Team Blog for details.

2. Return of the Edge Transport server. When Exchange 2013 was initially released, it didn’t include the Edge Transport server role, which provides perimeter security for an Exchange network. The Edge Transport server can provide anti-spam and virus protection as well as handling mail flow. Before SP1, you could use an Edge Transport server from Exchange 2010, but that required running a hybrid environment. Now, Exchange 2013 has its own Edge Transport role. You’ll have to manage the Edge role through PowerShell, as there’s no GUI, but hopefully Exchange admins have come to terms with PowerShell by now.

3. Cmdlet logging back in EAC. If you’re not adept at PowerShell, you’re certainly familiar with the Exchange Admin Center (EAC). The Exchange 2010 version of EAC included cmdlet logging, which let you see the PowerShell commands that were executed with each action you took in the GUI. This feature was dropped in Exchange 2013—until now. Cmdlet logging returns with Exchange 2013 SP1. What this means is that any action you can perform through the GUI, you can learn how to perform in PowerShell. From a security perspective, it also means you have access to that steam of commands in order to troubleshoot problems or see why something didn’t happen as you might have expected.

4. S/MIME support for OWA. S/MIME is a protocol for secure, encrypted email, but its support was dropped in Outlook Web App (OWA) for Exchange 2013. With the release of SP1, S/MIME support has been reintroduced to OWA, although only on Internet Explorer 9 and later. Other browsers that run OWA (i.e., Chrome, Firefox, Safari) will have to wait and see if S/MIME support is added later.

5. Enhancements to DLP capabilities. Exchange 2013 SP1 improves its data loss protection (DLP) feature set in a number of ways. First, DLP policy tips will now appear in OWA as well as Outlook 2013. This means when a policy violation in an email is detected, the user will see a warning (and potentially the message can be blocked) before it’s sent. Next, in addition to built-in detection of common information (financial or personal information), Document Fingerprinting lets you create custom policies for forms specific to your organization. Together, policy tips and Document Fingerprinting give admins a great deal of help in preventing sensitive information from inadvertently leaving your organization.

Exchange 2013 SP1 includes many other improvements and enhancements. For more detailed information, check out the Exchange Team Blog article, “Released: Exchange Server 2013 Service Pack 1? or Tony Redmond’s “Exchange Server 2013 SP1: A Mixture of New and Completed Features.”

You can find out more about features of Exchange 2013 in some of earlier articles: CAS Configuration (Part 1 and Part 2) and Multi site CAS URL configuration. Don’t miss out on information about free tools, as well as solutions with full auditing functionality for Exchange.