locked
Encryption with Unified Messaging RRS feed

  • Question

  • Is there a way to specify that all email coming in from Unified Messaging (voice mail) be encrypted at rest?  We would like to assure that any information possibly left for individuals dealing with Export Controlled data are encrypted.
    Monday, March 11, 2013 4:58 PM

Answers

  • Your best option will be to look at AD RMS integration to achieve this. 

    Casper Pieterse, Principle Consultant - UC, Dimension Data North America, Microsoft Certified Master: Exchange 2007 / 2010

    • Marked as answer by BCantoni Thursday, April 4, 2013 4:49 PM
    Monday, March 25, 2013 3:09 PM

All replies

  • UM Runs on TLS encryption itself.
    So you want to restrict end user from exporting the voice mail data?

    Gulab Prasad,
    Exchange Ranger
    Z-Hire Employee Provisioning App

    Sunday, March 17, 2013 4:27 PM
  • Your best option will be to look at AD RMS integration to achieve this. 

    Casper Pieterse, Principle Consultant - UC, Dimension Data North America, Microsoft Certified Master: Exchange 2007 / 2010

    • Marked as answer by BCantoni Thursday, April 4, 2013 4:49 PM
    Monday, March 25, 2013 3:09 PM
  • no, the intent is to make sure foriegn national administrators cannot access the content of the mail/voice mail.

    Thursday, April 4, 2013 4:48 PM
  • Casper's right; if you deploy AD RMS then you can specify that all users in a given dial plan (i.e. your host nation users) have their voice mail automatically marked as private. This causes AD RMS to encrypt the messages before transport. However, AD RMS superusers will be able to decrypt them; if your foreign-nation admins have or can get AD RMS superuser permission, they will be able to decrypt the voice mails.

    Gulab is also right: TLS is always used for transport of UM messages. That doesn't help protect data at rest though.

    There is no supported way to superencrypt voice mail messages, unfortunately. They go into Exchange mailbox databases, which you can protect using BitLocker. You would probably be best off with using RBAC to "scope out" the foreign-nation admins so that they don't have any access to the databases (and/or servers) where your host-nation users store their voice messages.

    Thursday, April 4, 2013 7:56 PM