| 1. | Start the ISA Management tool. |
| 2. | Create a destination set that includes Windows Live Messenger destinations. To do this, follow these steps:| a. | Expand Servers and Arrays, expand the particular server or array in which you want to create the destination set, expand Policy Elements, and then click Destination Sets. | | b. | On the Action menu, point to New, and then click Destination Set. | | c. | In the Name box, type a descriptive name such as Live Messenger Destinations. | | d. | Click Add, leave the default Destination option selected, type *.live.com in the Destination box, and then click OK. | | e. | Click Add, click IP addresses, type 207.46.108.35 in the From box, and then click OK two times. |
|
| 3. | Create a content group that contains the following three content types:| • | application/x-msn-messenger | | • | text/x-msmsgsprofile | | • | text/x-msmsgsinitialmdatanotification |
To do this, follow these steps:| a. | Under Policy Elements, click Content Groups. | | b. | On the Action menu, point to New, and then click Content Group. | | c. | In the Name box, type a descriptive name such as Live Messenger Content. | | d. | In the Available types list, type application/x-msn-messenger, and then click Add. | | e. | In the Available types list, type text/x-msmsgsprofile, and then click Add. | | f. | In the Available types list, type text/x-msmsgsinitialmdatanotification, and then click Add. | | g. | Click OK. |
|
| 4. | Create a protocol rule to deny the MSN Messenger protocol. This rule should deny outgoing requests on port 1863. To do this, follow these steps:| a. | Expand Access Policy, and then click Protocol Rules. | | b. | On the Action menu, point to New, and then click Rule. | | c. | In the Protocol rule name box, type a descriptive name, and then click Next. | | d. | Click Deny, click Next, and then click Selected protocols in the Apply this rule to list. | | e. | In the Protocols list, click to select the MSN Messenger check box, and then click Next. | | f. | Leave the Always option selected in the Use this schedule list, and then click Next. | | g. | Leave the Any request option selected, click Next, and then click Finish. |
|
| 5. | Create a site and content rule to deny the Windows Live Messenger destination set. To do this, follow these steps:| a. | Under Access Policy, click Site and Content Rules. | | b. | On the Action menu, point to New, and then click Rule. | | c. | In the Site and content rule name box, type a descriptive name for the rule, and then click Next. | | d. | Click Deny, click Next, click Deny access based on destination, click Next, and then click Specified destination set in the Apply this rule to list. | | e. | In the Name list, click Live Messenger Destinations.
Note If you used a different name when you created the Windows Live Messenger destination set in step 2, click that name in the Name list. | | f. | Click Next, and then click Finish. |
|
| 6. | Create a site and content rule to deny the Windows Live Messenger content group. To do this, follow these steps:| a. | Under Access Policy, click Site and Content Rules. | | b. | On the Action menu, point to New, and then click Rule. | | c. | In the Site and content rule name box, type a descriptive name for the rule, and then click Next. | | d. | Click Deny, click Next, click Custom, click Next, click All destinations in the Apply this rule to list, and then click Next. | | e. | In the Use this schedule list, click Always, and then click Next. | | f. | Click Any request, click Next, and then click Only the following content types. | | g. | In the Content type list, click to select the Live Messenger Content check box.
Note If you used a different name for the Windows Live Messenger content group that you created in step 3, click to select the check box that corresponds to the appropriate content group. | | h. | Click Next, and then click Finish. |
|