A corporate environment includes Exchange Server 2010 and Active Directory Domain Services (AD
DS). Client computers run Windows 7 and Microsoft Outlook 2010. A transport rule is configured to
apply a disclaimer to all outbound email messages. The transport rule is not applying the disclaimer
to encrypted email messages. You need to recommend a solution that allows the existing transport
rule to apply the disclaimer to encrypted email messages. What should you recommend?
A.
Mutual Transport Layer Security (MTLS)
B.
message classification
C.
Active Directory Rights Management Services (AD RMS)
D.
Secure/Multipurpose Internet Mail Extensions (S/MIME)
Explanation:
Information workers exchange sensitive information such as financial reports and data, customer
and employee information, and confidential product information and specifications, by e-mail
everyday. In Microsoft Exchange Server 2010, Microsoft Outlook, and Microsoft Office Outlook Web
App, users can apply Information Rights Management (IRM) protection to messages by applying an
Active Directory Rights Management Services (AD RMS) rights policy template. This requires an AD
RMS deployment in the organization. For more information about AD RMS, see Active Directory
Rights Management Services.
However, when left to the discretion of users, messages may be sent in clear text without IRM
protection. In organizations that use e-mail as a hosted service, there’s a risk of information leakage
as a message leaves the client and is routed and stored outside the boundaries of an organization.
Although e-mail hosting companies may have well-defined procedures and checks to help mitigate
the risk of information leakage, after
a message leaves the boundary of an organization, the organization loses control of the information.
Outlook protection rules can help protect against this type of information leakage.
Automatic IRM Protection in Outlook 2010
In Exchange 2010, Outlook protection rules help your organization protect against the risk of
information leakage by automatically applying IRM-protection to messages in Outlook 2010.
Messages are IRM-protected before they leave the Outlook client. This protection is also applied to
any attachments using supported file formats. When you create Outlook protection rules on an
Exchange 2010 server, the rules are automatically distributed
to Outlook 2010 by using Exchange Web Services. For Outlook 2010 to apply the rule, the AD RMS
rights policy template you specify must be available on users’ computers.Important: If a rights policy template is removed from the AD RMS server, you must modify any
Outlook protection rules that use the removed template. If an Outlook protection rule continues to
use a rights policy template that’s been removed, and transport decryption is enabled in the
organization, the Decryption agent will fail to decrypt the message protected with a template that’s
no longer available. If transport decryption is configured as mandatory, the Hub Transport server will
reject the message and send a non-delivery report (NDR) to the sender. For more details about
transport decryption, see Understanding Transport Decryption. For more details about AD RMS
rights policy templates, see AD RMS Policy Template Considerations.
In Windows Server 2008, rights policy templates can be archived instead of deleted. Archived
templates can still be used to license content, but when you create or modify an Outlook protection
rule, archived templates aren’t included in the list of templates.
Outlook protection rules are similar to transport protection rules. Both are applied based on
message conditions, and both protect messages by applying an AD RMS rights protection template.
However, transport protection rules are applied on the Hub Transport server by the Transport Rules
agent. Outlook protection rules are applied in Outlook 2010, before the message leaves the user’s
computer. Messages protected by an Outlook protection rule enter the transport pipeline with IRM
protection already applied. Additionally, messages protected with an Outlook protection rule are
also saved in an encrypted format in the Sent Items folder of the sender’s mailbox.