New Feature: ExchangeDefender Announcements
ExchangeDefender Announcements
As you’ve probably noticed, our feature development has really picked up in 2018 and we have an even more aggressive product roadmap for 2019. To help make sure everyone is on top of all the new features and that our partners (MSP/VAR) have the best possible way to keep all of our clients informed of the new features, we’re happy to announce the Announcements feature!
Starting in late February 2019, our service providers and CIOs alike will have the ability to post announcements that will be featured prominently on the ExchangeDefender admin login page, inside the user control panel, and in the domain/org control panel. As you can imagine, this feature has a lot of flexibility to help you efficiently target the right organizations and users.
Announcement Feature Highlights:
– Announcement title and announcement contents can include HTML and you can even insert a picture for each.
– You can set the announcement expiration date so that the announcement doesn’t show up after a certain date. This is great for sales promotions, webinar registrations, etc.
– You can scope the announcement: It can be global (for all of your domains) or it can be scoped down to a list of domains you choose. As most of our MSPs manage different kinds of organizations, one-size-fits-all announcements rarely work and this feature can help you solve that problem by targeting each organization specifically.
– I want to see this announcement too: If you’re in a larger organization you likely have personnel that is responsible for different departments or companies. Because announcements are visible on the login page of your portal as well as control panels for service provider, domain/org, and end users you have the ability to not show end user announcements to your IT and management staff.
– Include all users: You can even write specific announcements that are targeted at end users.
As ExchangeDefender gets bigger and as the complexity and service portfolio grows, we need to help our partners and CIOs communicate the new ExchangeDefender features more efficiently. Since you control your announcements it is up to you if you use it for ExchangeDefender related stuff or if you use it for your own promotion or if you delegate it to your companies to use it as another outlet to broadcast organization-specific but important news to everyone.
Most ExchangeDefender users interact with the service daily so you have a perfect (captive) spot to reach them about a product they are already interacting with – instead of having it burried in an email newsletter that they likely won’t read. This has been among the most demanded MSP features for years and we’re happy to deliver something with enough power and flexibility that will make both your tech/support people happy (so they can address possible support issues) as well as marketing/sales (so they can better target their message). You can only display up to two (2) announcements at a time though so the only bad news here is that you’ll have to prioritize.
UPDATE: ExchangeDefender Enterprise Security Features
To say that our security webinar went well is an understatement – partners actually loved it. It’s a strange and welcome departure from how my security and hacking conversations usually go (nobody ran away from me crying and screaming into their cell phone) and I cannot tell you how gratifying it felt to introduce security features and have people line up to offer them.
Frankly, it was time. The state of email (and email security) is unsustainable if we let the users and infrastructure we manage act like account security is an afterthought – that just leads to more compromised endpoints that just amplify the next attack that will be more sophisticated, harder to defend – AND – will eventually lead to increase in costs as more infrastructure is needed to protect users who want to act the same ways spammers do. We’ve put a smart lock on the door, it’s your choice whether you want to lock it.
That said – all these features are a part of the ExchangeDefender Enterprise which is designed for very large companies and government where organizational policies override any complaints and gripes end users may have with the security inconvenience. Which is exactly the opposite from the small businesses that MSPs tend to manage.
We get it. And we’re not giving up.
In the nearly two weeks that we’ve been rolling out the new security features to the MSP/SMB UI, we’ve noticed some severe pain points for our users that we’ve moved very aggressively to address and mitigate. Which is my commitment to you – we will keep on stepping up the security and we will find ways to mitigate some of the prompts, alerts, and notifications along the way if you don’t want your users to be aware of what is going on under the hood.
First up, if you’ve chosen to lock down ExchangeDefender admin panels to the restricted IP range you own, you now have the option to turn off email notices every time a login attempt is made from outside of this range.
We’re in progress of making additional changes and exceptions to the IP address restriction policy and removing it from the SPAM release process – so if your employees are mobile or working from home they will soon be able to release a legitimate message (false positive SPAM) from anywhere even with IP restrictions in place. They won’t be able to login to the control panel and make modifications or see other settings but they will be able to get to their email.
We hope this feature enhancement will reduce the amount of email notifications – you will still see them in your event logs.
Second, we have opened up our OTP/2FA infrastructure to the whole world.
Finally, the alerts on the clients dashboard. I am going to phrase this carefully as I’m not happy to announce this and will likely change it eventually: You can turn that alert off and stop users from being required to change their passwords very X days. Just set the value to 0. We will revisit this within 30 days but as a mitigation to any unwelcome support calls, yes 0 will just turn it off.
We’ve been working on the announcement and training features for quite some time now and we hope that they will make security implementation and support a problem for ExchangeDefender to handle, instead of burdening our partners with it. In an ideal world, those features would have launched first and we’d slowly trickle down ExchangeDefender Enterprise. Unfortunately, another 600+ million usernames, passwords and other PII has been leaked last week from some very popular sites and the odds that those users and passwords have the same credentials there as at ExchangeDefender are pretty good.
My point is, we are paid to protect and lock down your organizations communication and secrets, something we take extremely seriously. In order to protect all the data you trust us with, we have to lock things down. And as we do so, we will keep user experience front and center.
Thank you for trusting us with your data and thank you for your business.
Sincerely,
Vlad Mazek
CEO
ExchangeDefender
Better Password Policies
ExchangeDefender has been SMB friendly – to a fault, but the era of terrible passwords and plain text passwords is finally over. Not a single piece of ExchangeDefender stores (or offers) user credentials in plain text anymore. We’ve made the transition exceptionally smooth as well, requiring no changes or IT intervention at all.
But we cannot encourage it enough. And over the next year you will see us introduce several features meant to help you lock down ExchangeDefender and use it to lock down your overall IT security strategy. We’re happy to introduce password age configuration that allows you to force users to reset their passwords automatically.
This setting can be accessed from the Domain Administrator > Policies > Features section of admin.exchangedefender.com
When the password is older than your preset number of days (by default, 90) the user will see an ugly red notice telling them to update their password.
If you set the password expiration to 0 days you will turn this feature off entirely but we cannot discourage it more. The feature is there to help your users avoid having their accounts compromised.
If you implement some of these stronger security features we’ve also got you when it comes to minimizing account management – users can reset their password at any time if they have their PIN on them. So even if their mail server is down, having their PIN handy will let them reset the password without additional authentication. Forgot your pin? No problem, we can email you a reset link to a known email address.
As you can tell, ExchangeDefender will go the extra step of helping your users configure a strong password. It will also keep memory of recent passwords so that they can’t just rotate it back and forth between the same two passwords they use elsewhere.
As you’ve seen with mass password resets , access to advanced access logging , known trusted devices and IP restrictions , we are adding more, and more, of our enterprise features to the ExchangeDefender Pro product.
To hear about all these new security features in more detail please check out the webinar that covers our current security portfolio and how these features make sense.
ExchangeDefender Mass Password Reset
ExchangeDefender has always been a great friend to the SMB community where folks hate passwords and password complexity right until the moment their password gets compromised. Once that happens, it’s up to the MSP or poor IT guy to sit around and reset all the passwords in the organization.
As mentioned previously, a number of ExchangeDefender Enterprise features is being delivered to ExchangeDefender Pro so now you’ll have the ability to reset every single users password quickly.
Under the domain login you will now see a “Security Reset” link that will allow you to either randomly assign a strong password (smart) and send your users a reset link or pick the same password for all users (outright idiotic but “business requirements”).
If you are an MSP assisting a client during an outage and this is the first time you’re making your users aware of ExchangeDefender LiveArchive for business continuity, you can also print out the passwords and/or email them to your users in plain text. This is a horrible, terrible, idiotic, really bad idea that virtually guarantees you’re going to get hacked but we are here to serve and Howard is a really good friend so here it is:
Just a word of warning: If you select to send your users a new password in clear text, and show the roster with the plain text password on the next page, for whatever ungodly reason, please add a note to come back later and lock your users down. Most MSPs keep the same password for ExchangeDefender and Exchange, and these services also affect ExchangeDefender Encryption, LiveArchive, WebFileShare, Compliance Archive, eDiscovery, FailPOP, mobile, etc and leave you open for collateral damage. Unless you’re using 2FA/OTP, restricting IP address ranges, rotating passwords frequently, I can guarantee that your passwords will be compromised. Please, please, please don’t do this, we are only making it available as the feature of last resort.
As we add these advanced security controls into ExchangeDefender Pro (and some even for Essentials) we will be tightening the security of the platform around. To hear more about our plan for 2019, please sign up for the webinar on February 6th at noon EST. Click the banner below to reserve your seat.
November New Features Webinar Reminder + SM Update
We’re trying something new, because we’re launching a new product.
We’re enormously proud (and a bit nervous) to introduce our partners and clients to a brand new product category from ExchangeDefender: focused on business process management, optimization and accountability. We’ve learned a thing or two about information management and security by handling Microsoft Exchange for businesses for over two decades and the new product that we’re going to announce on Thursday will help complement it.
We would like to extend an invitation to our partners (*** This webinar is live, there will be no recording ***; style this prominently) to take a look at what we’ve built, what has managed our business for years, and to collect feedback and suggestions on what more we can to do help you count on our new product as a profitable way to help businesses gain some accountability.
The webinar itself will be more of a town hall meeting than our typical death by PowerPoint.
The primary goal is to explain what has been working for us and see what more we can do so it can work for you as well. We will be going over our roadmap, our implementation, our business model and where/how this new thing works. Aside from some cool swag and custom marketing collateral, you’ll also be the first one to get access to the beta version that you can use for free and see how it can manage your business and where you may have a sales opportunity.
Exchange 2016 Built For End Users
Exchange 2016 Built For End Users
Have you ever wanted an email system that anyone in your organization could manage, with no IT training? Something so simple even a teenager could master it? Well, you’re in luck, now you can do that with Microsoft Exchange 2016 and ExchangeDefender. We’re putting the power of all the enterprise Exchange features into the hands of businesses to help reduce IT costs and improve office productivity.
How? We’ve made it so it’s impossible to make a mistake.
Why? Because as a service provider, we too pay a price when support is necessary for some basic and routine tasks. We’ve automated them, simplified the process flow, and given you access to provision services and answer all the questions you’ll possibly have in a jargon-free language.
For example, let’s say a new employee starts today. All you have to do is login to our portal at https://support.ownwebnow.com, click on Service Manager, Exchange 2016, Quick Actions, Mailbox.
Just 3 more clicks and some basic information typed in – and you’re done. You’ve created a mailbox.
Thing is, you’ve done far more than just creating a mailbox. You’ve added an email address to the organization and provisioned all the security templates that match your organization. You’ve enforced your corporate password policy. You’ve ordered the correct plan and assigned the right licensing for this user (it’s automatically done for you). You’ve provisioned all the required services that your organization requires be it corporate encryption, 2 factor authentication, or even compliance archiving and eDiscovery.
You’ve also become your own support person for basic settings, configurations, and guides. The entire system is on-demand, self-service, instant gratification to the max. You can get more done, by yourself, on your schedule and quickly. That is the value behind ExchangeDefender powered Exchange 2016.
Now wait till you see what we can do for the IT personnel managing 100+ user organizations! Are you ready to migrate your users to Exchange 2016? Simply click on the Early Adopters banner below, submit a ticket requesting early adoption, and we’ll get started!
New ExchangeDefender AntiSPAM Engine
The more SPAM stays the same, the more ways they find to get it through to your mailbox.
How we determine something to be SPAM vs legitimate mail is a bit of a science and it incorporates a ton of statistical analysis, data feeds, real-time blacklists, IP reputation scores, several antivirus products, several malware detection products, subscription services, etc. We pass each inbound message through almost all of these subsystems and assign it a score – as that score adds up the message becomes categorized as SPAM or SureSPAM based on the amount of UCE/malware/infected content the message has.
Every year we rebuild the ExchangeDefender engine to pull out things that no longer perform well, add new promising technologies, shift around the different plugins and so on. While ExchangeDefender filtering is updated in real-time and by tons of different vendors along with our in house technology, major improvements and technology shifts are necessary in order to prevent truly dangerous stuff from getting through. Unfortunately, this means that for about a week or two the amount of junk mail that gets through goes up as we reset all our scores, statistical models, weighs for different services and the implementation. While we wish we could just point and click, the process is far more complex than that, and requires delicate changes over a few days.
We appreciate your patience with us as we get the new engine online. The SPAM filtering levels should return to 100% shortly and we realize SPAM is annoying – which is why we’re doing this in the first place. Thank you for your business and trusting us with your email, we look forward to getting our best ever SPAM detection online shortly.
(10/17) Webinar: ExchangeDefender launches New Features
A new webinar for October 17th at noon has been scheduled! We’ve been working around the clock to provide our partners, and their clients new features that make all of our work process easier, and more effective. Cool things that are happening as of today, October 1st :
Exchange 2016, Finally
The new exchange 2016 comes with a lot of new features. We’re particularly excited about the ability to create shared mailboxes, and manage password and lockout policies.
Corporate Encryption
You can now reset your recipients accounts (PIN+Password) in Corporate Encryption.
SPAM Reporting
New ExchangeDefender SPAM Email Reports are launching on October 1st 2018 and we’ve made several significant changes to the look and feel based on user feedback.
Friendly Names
You’ve only been waiting 20 years for this feature and we’re happy to finally deliver it: ExchangeDefender will now show friendly display names and email addresses, giving you a better idea of who the email sender is.
Watch ExchangeDefender’s CEO, Vlad Mazek discuss newsworthy topics to be discussed during the upcoming webinar on the 17th at noon. Stay tuned as we share key advancements of our products and within the company. Reserve for the webinar now!
Partner to Retail: Automating the Service Transfer Process
Partner to Retail Transfers
After nearly 21 years in business, we have seen just about everything, from partners dying to companies disappearing overnight. More often than not, they leave businesses they served stranded and ExchangeDefender has to pick up the pieces. As each case is different, we’ve always handled every issue delicately with great care from a dedicated employee at ExchangeDefender to handle the issue.
While that sounds nice on the surface, it’s actually a horrific mess with a point person playing coordinator, negotiator, project manager, liason, unofficial legal advisor and more often than not wasting more time than neccessary.
As a result, there is now a 3 month initiative at ExchangeDefender to streamline and automate most of our processes that involve external parties. The honor of the first such automated process is the “Transfer of Services”:
Transfer of Service
ExchangeDefender is exclusively sold through our IT Solution Partners. However, when one partner disappears (death, bankruptcy, laziness, poor customer service) we do not have the means to refer them to a new partner. Often, even if we can find someone local, partner may not have an incentive or business case to sell them ExchangeDefender if the client will not sign up for other support services that are required by our partners to deliver XD. Sometimes, clients get bought/sold, hire their own IT staff, or move to a new provider and want to keep ExchangeDefender. All of these scenarios create a massive mess for ExchangeDefender, for the client, and ultimately for the partner.
The site is designed to create a process-oriented survey that ties in all the parties involved in service delivery – the client requesting the transfer, the existing partner, and if applicable the new IT Solution Provider. This way we have the contact information about everyone, we have set milestones in the process, we have everyone moving along the project and we have deadlines so nobody is left stuck or forgotten. The same ExchangeDefender SLA for support applies to the transfer process but it makes ExchangeDefender handle it.
That is the key part and perhaps the most valuable one for our existing partners that may be worried about account transfers. From our experience, when a client decides they want to leave the service (be it ours, or our partners) there is little that will stand in their way of either moving to another ExchangeDefender partner or another service. This can be painful, awkward, and at times emotional as a loss of business can be stressful. This is where ExchangeDefender can help as well – instead of having to deal with asset control, configuration, transferring credentials and doing support and the work of the new IT Service Provider, our partner can just sign a waiver and from that point on anything regarding the old client and ExchangeDefender will be handled by our team. This way the current partner that is losing the service isn’t stuck with an uncomfortable process of dealing with a client that fired them or training their competitor how to manage the service – it’s simply all on us.
We had to do something. All our future transfers will happen through the “Partner To Retail” web site at https://exchangedefender.com/transfer
Our mantra remains the same, we are still very much a partner-channel based organization. These process automation projects are meant to give our partners and clients a more predictable, measurable, and accountable system backed by an SLA rather than a single point person. If there are processes that you’ve found frustrating, unpredictable, difficult, or frustrating please let us know by contacting your account manager and we’ll put some priority on those. Otherwise, we look forward to serving you better.
ExchangeDefender’s Billing Compliance Enforcement Notice
Billing Compliance Enforcement
September marks another huge month in which we’re cleaning up some of our old “small business ways and means” and replacing them with industry standards, in every facet of our business. But before we get into that, as the changes are both service related and product related, we would again like to remind you to sign up for the big webinar we have on September 5th:
ExchangeDefender New Stuff Webinar
Wednesday, September 5th. Noon EST
https://attendee.gotowebinar.com/register/1810967512151336450
“I cannot urge you enough to attend the webinar and see the changes and improvements that are coming to our products and services. You truly need to understand the structure and the vision behind it because we’re doing the same thing we’ve always done: respond to client requests and how the marketplace dictates what people will pay for and how. So I urge you to please attend the webinar and hear directly from me what we’re up to and how you can run into fewer issues and make more money with us.”
-Vlad Mazek
CEO, ExchangeDefender
Billing Policies
None of the following policies are new or designed to impact our clients in good standing.
Our billing policy has not changed in 20+ years, but we’ve never enforced it fully, and we believe it won’t be an issue for anyone. So for the record:
– We need a 30 day notice on any services you wish to remove from ExchangeDefender (and any of our products, sites and services). We tend to be fairly flexible with this and will continue to do so.
– Any services cancelled within the last 2-3 business days of the 1st of the month will be billed on the 1st and there will be no refunds. See the 30 day policy above.
– Service cancellations will be disabled within the last 12 hours of the month. Our staff will not be able to process them via phone/tickets, they will be locked out as well.
The reason we are suddenly enforcing this policy is because we’ve noticed a significant amount of fraud related to people gaming first/last of the month (where you cancel the service on the last of the month, skip the billing cycle that runs on the 1st, then setup the new service on the 1st and get a free month). If our enforcement of our billing policies seems unfair please keep in mind that we do give you free service from the moment you sign up for the service until the 1st of the month. The other reason is that we cannot process changes and update invoices within hours of the amounts being submitted to the credit card processor.
Late Fees
Late fees will also affect a small but persistent contingent of our client base that is trying to game and hide from what are fair business practices of paying the vendor. Because we’ve never charged late fees we have a few dozen clients that hide, provide fake credit card numbers or otherwise try to get as much free service as possible. Payment for all services is due on the 1st. If the invoice isn’t paid by the 5th (12:01 AM) invoice will automatically get a $39 late fee. If the invoice remains unpaid by the 15th (12:01 AM) the services will be suspended and subject to other legal remedies, along with an additional $69 re-connection fee.
These policies have not been enforced as a matter of personal courtesy we extended to our partners during the economic collapse of 2006-2009. Today, they require personal interaction and activity by a member of our staff, and every unpaid invoice and billing ticket about not cancelling the service in a timely manner is costing us (and our partners) which isn’t fair.
As mentioned above, these policies will not be an issue for anyone but a small handful that has been abusing the system. As a security company we are constantly being audited and leaving open invoices, not charging, late fees, policies that aren’t being enforced and so on are constantly flagged by our accounting, legal and even compliance auditors so we’re being forced to get a grip on everything. Thankfully, it won’t be much of an issue and we look forward to using freed up resources to deliver a better service to all of our clients.