ExchangeDefender Exchange Setup

This guide is intended for IT solution providers, CIO, and technical staff that is in charge of setting up and managing email. While Exchange is a very complex and robust environment, our control panel is designed to help personnel of all technical skill levels manage email. In Figure 1 above you can see our Service Manager, the user friendly way to manage every aspect of email in your Exchange organization.

This site is accessible at https://support.ownwebnow.com and your MSP/CIO has access to manage the Service Manager on demand. For the purposes of this guide, we only reference this site because it is where management begins: the rest of the guide is to help every user configure their Microsoft Outlook, or mobile Android / iOS devices.   

Important Server Names

Microsoft Outlook, iOS and Android devices connect to the Microsoft Exchange infrastructure through several web services. If your IT provider has configured your Autodiscover DNS properly, you will never need to know about these sites, but it is important to know where the resources are in the event that you need to configure something more complex to work with Exchange. Figure 2.

Each Exchange organization managed by ExchangeDefender has their own branded set of OWA, EWS, and Autodiscover records. While we recommend you use the branded one for your organization, the default ones will work the same way and they all point to the same network resources.

Outlook Web App
https://owa.xd.email/owa/

Outlook Web App (formerly known as Outlook Web Access) is the web version of Outlook that works in your browser. While not as powerful or as flexible as Outlook, unless you are a power user, it will do the job. You can point your cell phone, tablet, laptop, or workstation to the URL above and it will give you access to the most popular Outlook features over the web.

EWS URL
https://owa.ownwebnow.xd.email/EWS/Exchange.asmx

Exchange Web Services (EWS) is the web service endpoint for advanced configurations. If you need to integrate a service or a device with Exchange Web Services, this is the URL to use. As of Exchange 2013, there is no support MAPI.

Autodiscover

autodiscover.xd.email

Exchange Autodiscover service makes it easy to deploy Outlook without providing manual configuration parameters – all you need is your email address and your password. Since 2013, Autodiscover has become the only way to configure Outlook/Exchange and manual configuration is no longer possible. If you do not have Autodiscover record in your DNS you need to create it and point it as a CNAME to autodiscover.xd.email (if this is not possible for some reason, see Appendix A)

ExchangeDefender Admin Control Panel

https://admin.exchangedefender.com

Managing ExchangeDefender security, including the included Exchange antispam, antiphishing, and business continuity services, is done through our admin control panel. Most organizations are managed through the domain login (domain.com) or user login (user@domain.com). Please see https://www.exchangedefender.com/docs for more information on how to manage this powerful service.

ExchangeDefender Next Generation LiveArchive (NGE)

https://nge.exchangedefender.com

ExchangeDefender LiveArchive is a business continuity (email resilience) platform independent of Microsoft Exchange that is running in parallel with your email infrastructure. When Microsoft Exchange experiences a technical problem, you can still send and receive email from any device using the same email and password that you use for Outlook and OWA. Please see https://www.exchangedefender.com/docs for more information.

Configuring Outlook

For the purposes of this guide, we are assuming that your IT personnel has already created all the required DNS records (MX, SPF, DKIM, and most importantly, Autodiscover) and that you know your login credentials (you can test them by going to https://owa.xd.email/owa/)

Step 1: Download and run Outlook Registry Tools

Open your web browser and go to the following site: https://www.exchangedefender.com/media/autodiscoverregistryhacks.zip

Step 2: Open the Outlook Registry Tools

Click on autodiscoverregistryhacks.zip to open the archive (Figure 3):

Find the version of Outlook you have (registryhacks2016 will work for both Outlook 2016 and 2019) and drag it to the desktop.

Click on Start, type cmd, and then right click on the Command Prompt.

Click on Run as administrator.

Change directory to your desktop: cd C:\Users\YourUsername\Desktop\

Note: Please substitute your username for YourUsername in the path. My example is C:\Users\Vlad\Desktop\

Run the batch file you extracted and moved to your desktop in the previous step. If you do it right, this is the output you will see (Figure 4):

IMPORTANT: Reboot your PC.

Step 4: Outlook Configuration

Start Microsoft Outlook and your configuration wizard will start. This process can take a few minutes for each step to be complete, if you’re waiting more than 10 minutes something is likely not done correctly.

Figure 5: Outlook Welcome

Select Exchange.

Your system will now contact the Autodiscover web service to obtain all the Microsoft Outlook configuration credentials. If it worked, you will be prompted to accept server settings:

Next you will have to provide your password.

Microsoft Outlook will now authenticate with our servers and configure everything for you. Next you should see the notification that Account successfully added.

Click on the link on the bottom under Done and confirm that checkbox is not checked next to Set up Outlook Mobile on my phone, too. Figure:

That is all! You are set and ready to go. Microsoft Outlook will now continue to set everything up and in a few moments.

That is all, enjoy Microsoft Outlook powered by ExchangeDefender managed Exchange.

Managing Calendar Permissions

Designed for Outlook 2013/2016

Select the Calendar button in the Navigation Bar.

Select the calendar that you would like to share, right-click on the Calendar and choose Share > Calendar Permissions.

On the Permissions tab, you may add or remove users to whom you have delegated access to your calendar.

To add a new delegate, select Add… and search for the desired user by Last Name. You can search the Global Address List or your personal contacts list by selecting the appropriate dropdown menu under Address Book. Under the Permissions heading, choose the level of detail you would like to provide to the user.

To remove a delegate, select the user and choose Remove.

Choose Apply > OK. 

Configuring iOS Devices (iPhone, iPad)

Configuring iOS Devices is very simple. Just start your Mail app and you will be prompted to setup a new account. Select Microsoft Exchange, second option from the top.

Next, you will be prompted for your account credentials. Your login credentials are the same as for Outlook Web Access.

Tap on Next.

Your device will now attempt to locate the Autodiscover server and obtain all the settings.

You will be prompted to verify server identity, tap on Continue.

Next, you will be prompted to provide the server and login credentials, same as in the previous screen.

Server for iOS is owa.xd.email

Tap on Next.

After a few minutes the device will autoconfigure and allow you to select which iOS applications should sync data with the Exchange server.

Android Setup

Android setup is very similar to iOS but most vendors use their own email app. If you choose to use the stock Android Gmail app, or other Android phone vendor email app, you will need to know your:

Server address: owa.xd.email

Username & password which are the same as the ones you use to login to https://owa.xd.email/owa/

Configuring MacOS X with ExchangeDefender Exchange

The following instructions are for MacOS Catalina, and the instructions work very similarly for all other versions of MacOS X. So long as you have your Autodiscover record configured properly, your setup process will just require your email address, password, and a few clicks along the way.

1.First, start the MacOS Mail app. If you aren’t prompted to add an account click on Mail > Add Account

2. Select Exchange from the “Choose a Mail account provider…” screen. Click Continue.

3. You will now be prompted for your name and email address. Type them in and click Continue.

4. This is where Autodiscover kicks in. Manual setup is not supported. Click on Sign In.

5. Type in your ExchangeDefender password and click on Sign In.

6. You will be prompted to accept an SSL certificate. Click on Continue.

7. You will now be prompted to add the certificate. Please type in your MacOS X password here. Click on Update Settings.

8. You will now be prompted which apps you want to have access and sync with your Exchange data. Make an appropriate selections and click Done.

Congratulations, you’re all set. Exchange will now sync with your MacOS. If you need to make changes, you can always click on Mail > Accounts and go from there.

If the process fails for any reason, make sure you have an Autodiscover record set and pointed to the right direction. Make sure you are using the right credentials, you can test them at https://owa.xd.email/owa/ and if they work there, they should work on your Mac. 

Appendix A: Hacking Autodiscover

As of Microsoft Exchange 2013 and Outlook 2013, you have to use Autodiscover records to configure Outlook. Your domain administrator must create an Autodiscover record in your domain.

Hostname: Autodiscover

Host Type: CNAME

Host value: Autodiscover.xd.email

After the host is created, it can take up to 72 hours for the DNS change to propagate (most should propagate in minutes).

If you cannot modify your DNS, you can hack it by using the Windows Hosts File. This is not recommended nor supported by ExchangeDefender and will likely be blocked by your antivirus, but if you’re technically sophisticated and can troubleshoot DNS you can point the Autodiscover.yourdomain.com hostname to the IP address of Autodiscover.xd.email. This is a temporary measure only, if you cannot immediately create a DNS record in your domain, and is not supported by our team.

---

UPDATE: Exchange Migration

We have been keeping our partners and clients in the loop on the migration issues, around 340 accounts are still affected and we are doing everything in our power to get the last users back to productivity. As usual, all technical stuff is located on our NOC which has been updated regularly through the day/night since the first issue with legacy disconnections started:

ExchangeDefender Migration NOC Post

In the meantime:

If you are among the affected users rest assured we are doing all we can and working around the clock to get you back into your Inbox. However, just because your Outlook won’t start up doesn’t mean you cannot send and receive email from anywhere in the world. Here are the steps to enable the LiveArchive failover:

1. Go to our admin portal at https://admin.exchangedefender.com. Login as the domain admin (just type in your domain name, if you do not have the password you can get a password reminder or open a ticket with subject “LIVE ARCHIVE UNLOCK” and we’ll reset it for you)

3. After you set the password it should take 1 minute for it to apply.

4. Instruct the user to go to https://nge.exchangedefender.com. Their username is their login, their password should let them in. If you run into an issue logging in, open a ticket “LIVEARCHIVE USER” with email, password and we will reset the credentials for you.

This is not available just for the affected ExchangeDefender mailboxes, this is available and included in your service for everything we protect – public folders, shared mailboxes, etc. If a folder or user is missing just create an address as a user in admin.exchangedefender.com, enable LiveArchive, set credentials, and you’ll be back to sending/receiving email.

We are still working on this, and we will not stop until everyone is back to normal, on the new platform that will be the end of legacy Exchange issues we’ve had to contend for so long. Please stay on top of the NOC, we are doing the best we can to keep everyone updated but priority is currently on restoring access and service. If your clients are upset, understandably, please point them to LiveArchive and get them back to work, it’s functional on mobile as well as the PC. Our current status is that we’re restoring mail flow and mail access to anyone, with public folder infrastructure to follow later today.

Access to Live Archive – https://nge.exchangedefender.com/

ExchangeDefender Feedback Loop – SPAM Reporting

ExchangeDefender SPAM Reporting (Feedback Loop) is a simple way for users to report SPAM messages that get delivered to their Inbox. This is a user-level feature in ExchangeDefender that inserts a link at the bottom of each processed email and gives users one-click reporting and blacklist management. Service providers and domain administrators can customize the appearance of the link that is automatically inserted at the bottom of the message.

Feedback Loop Feature

Login as the domain administrator And click on Mail Delivery > SPAM Feedback Loop. Click on Enable Feedback Loop Feature, make any optional additions to the signature, and click Save.

Enable Feedback Loop Reporting for Users

Once the feature has been enabled for the domain, Users will get a new feature in their Settings. Click on Settings > Settings and click on the SPAM Feedback Loop to enable signatures for email addresses associated with this user.

What does it look like?

The signature you designed on the Domain admin level will appear at the bottom of every HTML/text message that arrives in your Inbox. When the users click on the link it will open a web browser and take them to their ExchangeDefender account (if they are not logged in, they will see the login screen).

Once authenticated, the user can review the message, confirm that’s something they don’t want to see again, and we’ll look into it and make sure messages similar to the one they are reporting is not delivered to the Inbox.Users also have an option of providing feedback, uploading a copy of .msg file, as well as a checkbox that will automatically place the sender domain on a blacklist.

In conclusion, we realize that not everyone lives in Outlook or a web browser all day – so we’ve designed this process to help users that are mobile, or that interact with ExchangeDefender very infrequently – reporting and getting rid of SPAM is now just a click away. It also helps us improve the performance and accuracy of our filtering.

Try it out today!

Killing Spam from the Quarantine

On March 12th our entire team left our offices and everyone has been working remotely, nearly around the clock, to keep everyone secure and productive. I returned from Los Angeles on a redeye flight, held a quick meeting in our parking lot 10 feet away from everyone – and nobody has been to the office since. I wanted to write a brief note to our clients and partners to let you know how we’re doing and what we are up to.

Technical Toll

Managing a massive international operation, that spans continents and data centers that have taken similar work-from-home precaution, has been a massive technical challenge. Just because we’re not there doesn’t mean that hard drives don’t die, that servers don’t melt down, that switches and firewalls and routers don’t go through their usual cycles. Thankfully the technical changes we’ve made to our cloud in 2017-2018 have made it possible for us to keep service levels at normal levels.

The load on our tech has increased steadily – I’m sure you’ve noticed that every single person you’ve ever interacted with has emailed you about their Covid-19 policy. You’ve probably also gotten an email from every loan scam operation on the planet trying to get you PPP/EIDL.

Perhaps most regretfully, the scum of the earth that we exist to eradicate has picked up their activity exponentially. Never in my life have I seen charts and load graphs like we’ve experienced over the past month. Hackers and scammers know that most people are working from home, where IT security is mostly non-existent, and that makes all those endpoints ripe for hacking. Which immediately becomes a source of SPAM and more malware.

Things were bad before, now they are bad x ugly. And we’ve been working around the clock to keep the threats quarantined.

Personal Toll

IT security is a passion of everyone that works here. We’ve built all the infrastructure, systems, monitoring, reporting – you name it – so when someone finds a way to get SPAM through it’s a very personal failure for our team.

Most of us live in Florida, where just about everything has been shut down (I’m sure you’ve read about Tom Brady getting kicked out of a public park). Have I mentioned how much I love my team? We have all been working far, far, far longer hours during the quarantine than we ever have before. We have system upgrades, software upgrades, new features, and some more exciting stuff that our partners and clients are going to need in order to save money after this quarantine ends. Needless to say, we’re tired.Nerves have also been on a somewhat of a thin line. We have a young-ish staff and most of us have families for whom we are not just providers but suddenly school teachers. Our partners and clients are in a similar boat. Those home frustrations can get even more pronounced when technology fails – and we have done our best to brush off some rather abusive behavior in the support portal. I get it, everything in the world is frustrating you, you’re losing control and visibility in general, and now you’ve got IT problems too. We keep on repeating “We’re here to serve, we’re here to help, we’re sorry for the inconvenience” and at no point in the past has this been more true than it is today.So overworked, cranky, abused, and locked down – but we’re still here. And we know most of you are in the same boat, sharing the same frustration. Hang in there, we’ll need to be at our best for the huge challenge that awaits us in supporting our clients as they get back to normal.

In Conclusion

In conclusion, I have the best team on the planet and I am so happy that we can keep you safe and productive during this uncertain time. I owe a debt of gratitude to them that I will repay eventually. But first, foremost, and most important – thank you. As large of a footprint as we may have, we are still a small business and thanks to our clients loyalty we have been able to continue working, growing, and serving during the time that many businesses have had to turn to the government for a bailout. My team and I are eternally grateful. People like to say “shop small business” but I have lost the count of times that we’ve been fired for Office 365 or a competitor that was even a penny cheaper – cause there are sentiments and then there is business. I get it. And at the same time we are so thankful that you’ve kept on supporting our business, I promise you nobody here is going to forget it — this is why we work so hard for our clients and I can’t wait to show you how we’re going to help next.

Sincerely,
Vlad Mazek
CEO
Own Web Now Corp

P.S. Nearly two decades ago I wrote the first version of ExchangeDefender – and in my infinite wisdom and English as a second language, I used “quarantine” as the term for SPAM that I kept out of your inbox. I’m less amused that a global apocalypse has validated the choice of that term.