Managing Domain Security
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-04-13
Domain Security refers to the set of functionality in Microsoft Exchange Server 2007 and Microsoft Office Outlook 2007 that provides a relatively low-cost alternative to S/MIME or other message-level security solutions. The purpose of the Domain Security feature set is to provide administrators a way to manage secured message paths over the Internet with business partners. After these secured message paths are configured, messages that have successfully traveled over the secured path from an authenticated sender are displayed to users as "Domain Secured" in the Outlook and Outlook Web Access interface.
Domain Security uses Transport Layer Security (TLS) with mutual authentication to provide session-based authentication and encryption. Managing Domain Security requires configuring TLS with mutual authentication on Edge Transport servers and then specifying the business partners by domain name in the transport configuration.
For more information, see the following topics:
- How to Enable PKI on the Edge Transport Server for Domain Security
- Creating a Certificate or Certificate Request for TLS
- How to Configure Mutual TLS for Domain Security
- How to Fix Certificate Validation Errors
- How to Test PKI and Proxy Configuration
- Domain Security White Paper
Message-level encryption is enhanced by or is also available as a service from Microsoft Exchange Hosted Services. Exchange Hosted Services is a set of four distinct hosted services:
- Hosted Filtering This service helps organizations protect themselves from e-mail-borne malware.
- Hosted Archive This service helps organizations satisfy retention requirements for compliance.
- Hosted Encryption This service helps organizations encrypt data to preserve confidentiality.
- Hosted Continuity This service helps organizations preserve access to e-mail during and after emergency situations.
These services integrate with any on-premise Exchange servers that are managed in-house or Hosted Exchange e-mail services that are offered through service providers. For more information about Exchange Hosted Services, see Microsoft Exchange Hosted Services.