The biggest change to Microsoft Exchange Server 2007 was supposed to have been the introduction of something called Unified Communications -- the introduction of a singular console for the handling of all forms of digital communication, wrapping voice mail, instant messaging, and e-mail into a single delivery system. History may yet vindicate UC as the product's singular achievement.

But in the near term, administrators credit Exchange more for what it gives them than the world at large. In that light, the inclusion of PowerShell as not only the underlying language of the system but as its engine as well, changed everything for the admin. It may very well be why the product has surged to a two-thirds market share, by some estimates, over once formidable competition such as Lotus Notes.

So learning a lesson from history, the message from Microsoft with regard to Exchange Server 2010, which went on sale this morning, is about new levels of control. The idea that e-mail, or any kind of communication, once sent unto the vast Internet is out of the sender's hands -- like a paper sailboat launched from a river pier -- is what the Exchange team has been working to combat. During a beta program which Microsoft says involved dozens of universities, signing up some ten million participants worldwide, the company has completed development of a browser-based endpoint for ES 2010-delivered e-mail that is not only more manageable than Outlook 2007, but that has beaten Outlook 2010 -- the product it's supposed to be derived from -- to market by perhaps eight months.


What that means is, hopefully for a short time only, there will be a functionality gap between what the new Outlook Web App -- hosted by ES 2010 -- can deliver compared to what Outlook 2007 provides. If Julia White, Microsoft's marketing director for Exchange, has anything to say about it, that gap will be shorter rather than longer, but it's not unnoticed.

Microsoft Outlook Web App previews the textual contents of a voice mail. [Courtesy Microsoft Corp.]

White spoke with Betanews this afternoon from Berlin, where she had just completed a TechEd Europe demonstration along with Corporate Vice President Stephen Elop. "Obviously Outlook Web Apps comes with Exchange, so they can use that today; when Outlook 2010 comes out, they can use that," said White, "and we are absolutely planning support for Outlook 2007 in the roadmap here. So it's on the agenda, and we will actually be getting to it."

Much of what Exchange 2010 will deliver absolutely depends on this upgrade to Outlook 2007, as you'll see. We asked White for her take on what she would consider the top three enhancements to administrator functionality in ES 2010.

#3: Transport Protection Rules

Number three on this list is the Transport Protection Rules system, which we described earlier today. It enables the administrator to designate the extent to which the recipient of a message can utilize its contents, based upon rules that enable Exchange to analyze the content itself. "In the demo this morning, I set a Transport Protection Rule based on a keyword. But actually another aspect of that is, those rules can be set based on the sender, the recipient, or even contents of an attachment," White told Betanews.

"Any of those things can be triggered; and having the ability to centrally decide what gets encrypted and what doesn't, is a really powerful tool. With end users, it's hard for them to keep up with corporate policy, pay attention to it, or know about it. So oftentimes it's unintended, versus intended, when information isn't protected. Having that essentially managed brings peace of mind, for the users as well as the IT pros."

The ability to analyze an attachment takes place on a granular level, White told us. If a PowerPoint presentation, for example, were to contain the words "Microsoft Confidential," that fact alone would trigger a rule that automatically encrypts the message outgoing, and that restricts the recipient from being able to pass it on.

#2: Role-Based Access Control

One of the least loved features of Exchange, or anything Microsoft has ever done, disappears in ES 2010: The Access Control List is a Registry-based system for designating which identified and authenticated user had permissions to control specific objects. It has often been a ridiculous concept that starts one off with the assumption that everyone has rights to everything, and that ACLs provide the exceptions.

Exchange Server 2010 replaces this entirely with a concept that is much more rooted in Active Directory. Now, the administrator starts off in a universe where nothing is allowed until groups of users are added into the pool of permissions. Those groups that are added in are called management role groups, with the concept being that a predefined set of roles exist (a concept made popular by Windows Server 2008), and that groups of users or individual users are delegated those roles.

This morning, Julia White demonstrated how Role-Based Access Control enabled an otherwise unprivileged user to search for e-mails through multiple mailboxes on the company's behalf (in this case, Microsoft's usual fictitious firm, Contoso). Her system was delegated a role that let her perform the search, without having to delegate other responsibilities and privileges of a much higher administrative order. "A compliance officer might get that level of capability," White explained to us, "but a help desk might have the rights to increase mail box quota size. Maybe HR would be given the ability to update contact information on behalf of employees. Extending all the way down to end users, even that same roles-based administration capability -- end users can now create and manage their own distribution groups within Exchange. That no longer requires a call to the IT pro...usually that's a lot of overhead."

Next: The best thing ever to happen to old e-mail...