Microsoft Exchange Server 2013 Adds Compliance Power

Microsoft builds new security tools into latest version of Exchange that are designed to stop compliance breaches before they occur.
Windows 8 Preview: Key Features
Windows 8 Preview: Key Features
(click image for slideshow)
Heard the one about the doctor who sent an email blast exposing personal, and highly confidential, information on 7,000 patients? Microsoft did, so it's building tools into Exchange Server 2013 that will make it easier for IT administrators and compliance officers to guard against such mistakes.

"We've layered a new policy engine on top of Exchange that allows IT managers, whether they're online or on premises, to define data-loss prevention policies to help keep information inside the network," Michael Atalla, Microsoft's director for Exchange Product Management, said in an interview Monday.

The tools include software that scans outgoing emails for information, such as credit card or social security numbers, that could violate industry regulations or privacy laws if sent to a third party. If a potential violation is detected, Exchange Server 2013 can automatically block the outgoing mail, or it can be configured to simply warn the user that they are about to send restricted information.

"These are out-of-the-box policies," said Atalla, who earlier in the day touted the software's new features during a keynote at the Microsoft Exchange Conference in Orlando. He noted that organizations can also create their own rules for emails that contain sensitive data such as bank routing numbers, medical reports, financial reports, and the like.

[ Microsoft has a lot of new products on the launch pad. Read 5 Reasons To Like Windows Server 2012. ]

One user who could have benefited from such technology is a physician at the University of Arkansas for Medical Sciences, who in February unwittingly exposed personal information on 7,000 patients to an outside recipient. "Administrators and compliance officers can now alert their end users to potential policy violations before they take place," said Atalla.

Microsoft is beefing up other compliance tools in Exchange 2013. One new feature adds proximity matching to archive searches, making it easier to recover specific communications that may be needed for discovery or other legal proceedings. For example, users can ask the system to retrieve documents that contain the term "financial results", but only if it's a certain number of words, or less, away from another term, such as "third quarter".

"The best case in e-discovery results is the most narrow set possible," said Atalla.

Microsoft has not released a final ship date for Exchange 2013, but a preview version is now available as a free download from the company's website. Many of the new features in the product will also work their way into Exchange Online, Microsoft's cloud-based version of Exchange Server.

About 64% of organizations now use a combination of on-premises and cloud-based tools for email and collaboration, according to a survey released this week by Harris Interactive. "We've been on a journey of delivering both on premises server products and online services," said Atallla. "And this version of Exchange really brings complete parity across both."

Pricing for the new version of Exchange has not been announced. Atalla said there are "no substantial" licensing changes between Exchange Server 2013 and its predecessor, Exchange Server 2010.