[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1277
  • Last Modified:

Is Exchange 2010 email encrypted by default?

Hi Experts, I have a couple questions about email encryption. What I REALLY need is as follows:

I have a client (financial services) that has a need to make sure all internal email is encrypted. External email does not matter at this point. Just internal.

Here are my questions:

1) If I do a fresh install of Server 2008 R2 then Exchange 2010. Does the default setup provide email encryption? I am not able to get a clear cut answer anywhere.

2) If the default config does not enable this, what are the things I need in order to enable it (3rd party certs. etc. etc) remember, this is just for internal use.

3) If I need 3rd party certs, does each user need their own cert? Does this need to be manually installed in each clients outlook?

4) Currently they have outlook 2007, would we need to upgrade to 2010?

5) If it is encrypted, what happens when IPADS connect directly to exchange? Does the message stay encrypted because the IPAD's connection to exchange is encrypted?

SO far the only solid way I can find to offer encryption is PGP, unfortunately Symantec bought them but it seems to work pretty well.
0
Mark Rohrbeck
Asked:
Mark Rohrbeck
2 Solutions
 
NavdeepCommented:
Hi,

By default in exchange 2010 MAPI RPC connections between outlook 2007/2010 are encrypted. In Exchange 2010 SP1 its disabled but you can enabled it. Check the following article
http://technet.microsoft.com/en-us/library/ee332317.aspx
Section: Configure RPC Encryption Setting.

I think this has answered all your questions. For iPAD they will be using active sync, for which you need a trusted thirdparty cert, which will encrypt the data for you on wire when transmitting over wan.

Regards,
Navdeep [v-2nas]
exchangeadtech.wordpress.com
0
 
e_aravindCommented:
Here are my answers:

1) If I do a fresh install of Server 2008 R2 then Exchange 2010. Does the default setup provide email encryption? I am not able to get a clear cut answer anywhere.
If you are planning about the email encryption...where the mails are stored as encrypted...you need to do some more configuration @ the Outlook clients

Encrypt email messages
http://office.microsoft.com/en-us/outlook-help/encrypt-email-messages-HP010355559.aspx

2) If the default config does not enable this, what are the things I need in order to enable it (3rd party certs. etc. etc) remember, this is just for internal use.
Mostly this is an Outlook end modification, configuration rather than the server\store level modification

3) If I need 3rd party certs, does each user need their own cert? Does this need to be manually installed in each clients outlook?
Yes, its preferred to have the 3rd party Root-Certificates for this purpose
To assign these certs. to the end-users...we need to do some auto-enrollment process to push the keys to the end-users
auto-enrollment of user-certificates: should be publishing the certs. to the user
http://technet.microsoft.com/en-us/library/cc771882(WS.10).aspx
If auto-enrollment fails...then you need to manually install @ the Outlook clients

4) Currently they have outlook 2007, would we need to upgrade to 2010?
When ever you are changing the client-machine, profile..ensure that you have a correct profile migration
Only then we can get the old user-certificates available on the new profile\machines

5) If it is encrypted, what happens when IPADS connect directly to exchange? Does the message stay encrypted because the IPAD's connection to exchange is encrypted?
Understanding Exchange ActiveSync
http://technet.microsoft.com/en-us/library/aa998357.aspx

Device Encryption Policies   There are a number of mobile phone or device encryption policies that you can enforce for a group of users. These policies include the following:
Require encryption on device   Select this check box to require encryption on the mobile phone. This increases security by encrypting all information on the mobile phone.
Require encryption on storage cards   Select this check box to require encryption on the mobile phone’s removable storage card. This increases security by encrypting all information on the storage cards for the mobile phone

Note: if the mobile OS fails to do the encryption then you should look for some 3rd party app. to do so

0
 
Mark RohrbeckOwner - Celera IT ServicesAuthor Commented:
Thank you both. It looks like this will be all the info I need.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now