Microsoft has released a nifty automated tool for building threat modeling documents for applications you develop.
It organizes relevant data points, such as entry points, assets, trust levels, data flow diagrams, threats, threat trees, and vulnerabilities into an easy-to-use tree-based view. The tool saves the document as XML, and will export to HTML and MHT using the included XSLTs, or a custom transform supplied by the user.
This might seem to have low relevance for Exchange, but if you take a look at what’s in these documents, you’ll get a good jump start on understanding how to build a threat model for your network and deployed messaging applications (yes, even if you’re using something besides Exchange).
Paul's Down-Home Page 