ExchangeDefender Service Provider Branding
ExchangeDefender is happy to announce the enhancement of it’s Service Provider branding options. ExchangeDefender is primarily distributed and managed by other IT Solution Providers (MSPs, VARs, IT professionals) and we have exposed as much of our infrastructure as possible for white label functionality. Starting this week, we are also encouraging you to brand messages sent by ExchangeDefender:
ExchangeDefender Email Notice Branding is available at https://admin.exchangedefender.com under your Service Provider login. Click on Configuration > Branding and you will see a section that will allow you to provide any content you’d like us to include on messages sent to users automatically.
We encourage all of our Service Providers to provide at least their basic contact information and a note in this section. While we are always concerned with our partners brand, system notices and urgent security issues may at times require us to contact the user directly. In the event that we do that, it’s helpful for the client to see your information at the top of the message instead of the bottom.
We’re also working hard on delivering additional features to ExchangeDefender sites, so if you have any suggestions or wishes, please let us know by hitting the feedback link anywhere in our system.
P.S. This feature was discussed in detail during our webinar on June 6th, 2019. Watch the webinar here: https://www.exchangedefender.com/media/XDNewPhishing.mp4
ExchangeDefender PTR & RBL Whitelisting
ExchangeDefender is opening a wider beta test of our whitelisting functionality, which allows IT Solution Providers to whitelist sender mail servers that have broken DNS (missing PTR, mismatched A/PTR records) and poor sender reputation (hosts listed on multiple RBL blacklists).
If you have a sender you would like to whitelist against these essential network tests, please open a ticket at support.ownwebnow.com with subject “Whitelist PTR/RBL: IP Address” and provide as much information in the ticket so we can accommodate this specific request. Only hard non-negotiable rejections to whitelist will be for unknown address space and dialup/consumer cable IP addresses (because due to their nature those are typically dynamically assigned address spaces that shouldn’t be relaying mail at all, they should be using their ISP mail server provided smarthost)
Requests will be reviewed and either approved (and enrolled) or rejected within 24 hours by our CSO.
Background: Inability to previously whitelist broken DNS and dynamic IP address space is rooted in our mission statement. We are here, beyond everything else, to help secure the email. We know our partners, IT Solution Providers, VARs, MSPs, etc do not have the skill set, the time to properly research underlying issues, enough data and statistical models to evaluate sender IP reputation, or even the incentive to discern how big of a security threat and compromise a specific IP address with broken DNS or poor reputation may pose to your client.
In fact, you pay us to worry about those things and keep your clients secure. But, sometimes clients like to think they know better than their technology experts, generally accepted security standards on the Internet, and ExchangeDefender. And the client is always right. But, when they get infected attachments, broadcast storm, password dumps, or other security compromises because they insisted on lowering their security – then ExchangeDefender is on the hook for securing them. And we don’t get to say “told you so” nor do we have any rapid means to fix the issue.
Since my retirement, all of those hard-line policies designed to keep clients safe beyond whatever “specific business case requirement” they may have, are slowly going away. Good news for the client, good news for the partners. Good news for us, because going forward we will start providing Email Security Engineering services – so when you get a security compromise or an usual issue and you’ve asked us to compromise your security – we will be able to address the issue on your behalf.
I choose to look at this as a positive – we will help our clients meet their business needs and get the mail they desperately need – and if something breaks we will be there to help assist with the cleanup (for a fee, of course). This, among many other service related things, is just the part of the ExchangeDefender being more responsive and service oriented when it comes to our clients demands as opposed to our expert opinion as a security policy.
ExchangeDefender’s AnythingDown.com – See How It Works!
As promised in the last webinar, we’re moving as aggressively as possible to make sure our partners have as flexible of a tool as we can imagine to communicate with clients in the event of an IT catastrophe. Or, in our case, to further increase transparency and collaboration with all our ExchangeDefender service providers so you can get better insight into our network and when we’re dealing with a lot. That said, I believe that the product/service is now production ready and we’ve already tied it up in our ExchangeDefender Enterprise product so you’ll know as we know. 🙂
Remember, ExchangeDefender’s AnythingDown.com , or https://yourserviceproviderid.xdnoc.com – is your own brandable, real-time alert system that covers ExchangeDefender managed resources as well as your own custom defined events.
Let’s go on a little tour, shall we?
First, here is the nearly-final look of the site. It will of course feature your logo, your contact information, and your own services but you can see that there is now a sign in section as well as nested posts – so when something is updated it’s done so in-line and can be read normally (as opposed to just seeing the latest update and not knowing what it’s about at all).
Sign in screen is for you, just provide your service provider ID and password and you’re in your own portal.
As for your users that want real-time updates via email or RSS/blog, we have a signup page (I know, I know, it’s idiotic but GDPR and EU have put this obstacle in place where we need contracts and disclosures about signing up for an email list).
Once you’ve signed in as the service provider, you will have access to manage and create new service advisories. Just click on the Add New button in the upper right corner. If you’re managing a larger NOC and have a ton of fires going on (you’re among friends, #respect) you can also search current open advisories and make sure you update the correct one.
New advisory posting is pretty flexible and gives you actually quite a bit of power to include images, links, and other multimedia. As network geeks we’re used to plain text, ASCII, 80 columns across black on white kind of alerts but in the 21st century with lots of things going on sometimes you can throw out a quick alert with a screenshot of what’s going on rather than trying to document every single detail (for example, a cloud of daily network/ISP outages as an explanation why things are moving slow or getting delayed or buffered)
And of course, you can update every service advisory.
As mentioned last month, ExchangeDefender XDNOC </a> service is all about helping us work better with the people that pay us to help protect their networks and users. I have some rather personal thoughts on that subject, which will be a matter of another post. However, when you design software and when you serve as the gatekeeper, your primary responsibility to the people you’re protecting and waking up to keep safe every day is not just to keep things going but also to keep everyone aware of what is going on to improve things – because hackers don’t take days off.
Network Upgrades at ExchangeDefender
Many IT professionals have gone through a lifecycle infrastructure upgrade – the all important cycle of improving the infrastructure as the vendors push down new features with ever increasing resource demands. We’ve been doing that since 1997. One thing that has changed in the past 20 years is the scope and magnitude of both attacks and the network demands to manage them all. We’ve done an excellent job keeping up with them all, with our last major outage (that lasted nearly 4 hours) back in 2011. We learned a lot that day – and rolled it up into our products and services that many of our partners have experienced. These days, with the cloud services, the game is completely different.
I hope you have a moment to join our WEBINAR next Thursday, April 11th, at noon
Register here: https://attendee.gotowebinar.com/register/5700720797827651073
It won’t be the usual rah-rah new features new stuff show. I will speak candidly about how we’ve managed to overcome and triumph in the “Cyber” security game and how we’re still always one step behind whatever 0-day attack vector comes down. I’ll be discussing (somewhat intimate) details about the performance issues, DNS issues, DC issues, subscription issues, 3rd party IP issues, and how all of these have become both an IT management issue and customer service nightmare. I truly hope you join us. I know your time is valuable and schedules get tight so if you can’t make it, the recording will be posted in our portal as usual.
What we learned last week – for the millionth time – is that communication in cases of issues is paramount. When things appear to go down, people panic. They require not just information but reassurance, confidence, and a plan required to address issues. For smaller companies, that’s a matter of just falling back to a cell phone – for larger ones (if it’s not already you, it definitely is something to consider for your clients) that is simply not an option and the volume of activity will easily and quickly overwhelm you. I used to see it every day – when issues come up for our partners, their clients call us.
We’ve made an overwhelming investment – not just in technology and features but manpower – that has fueled our growth for the last few years. I want to share, personally, exactly how we operate and how we’ve been able to both prioritize and execute some of the more impressive infrastructure enhancements and how they are going to be here to serve you for years when something happens.
And then I hope to offer you the same – as a token of our appreciation for your business and your loyalty through the years. Pretty excited, I hope you can join us.
Sincerely,
Vlad Mazek
CEO
ExchangeDefender
New Feature: ExchangeDefender Announcements
ExchangeDefender Announcements
As you’ve probably noticed, our feature development has really picked up in 2018 and we have an even more aggressive product roadmap for 2019. To help make sure everyone is on top of all the new features and that our partners (MSP/VAR) have the best possible way to keep all of our clients informed of the new features, we’re happy to announce the Announcements feature!
Starting in late February 2019, our service providers and CIOs alike will have the ability to post announcements that will be featured prominently on the ExchangeDefender admin login page, inside the user control panel, and in the domain/org control panel. As you can imagine, this feature has a lot of flexibility to help you efficiently target the right organizations and users.
Announcement Feature Highlights:
– Announcement title and announcement contents can include HTML and you can even insert a picture for each.
– You can set the announcement expiration date so that the announcement doesn’t show up after a certain date. This is great for sales promotions, webinar registrations, etc.
– You can scope the announcement: It can be global (for all of your domains) or it can be scoped down to a list of domains you choose. As most of our MSPs manage different kinds of organizations, one-size-fits-all announcements rarely work and this feature can help you solve that problem by targeting each organization specifically.
– I want to see this announcement too: If you’re in a larger organization you likely have personnel that is responsible for different departments or companies. Because announcements are visible on the login page of your portal as well as control panels for service provider, domain/org, and end users you have the ability to not show end user announcements to your IT and management staff.
– Include all users: You can even write specific announcements that are targeted at end users.
As ExchangeDefender gets bigger and as the complexity and service portfolio grows, we need to help our partners and CIOs communicate the new ExchangeDefender features more efficiently. Since you control your announcements it is up to you if you use it for ExchangeDefender related stuff or if you use it for your own promotion or if you delegate it to your companies to use it as another outlet to broadcast organization-specific but important news to everyone.
Most ExchangeDefender users interact with the service daily so you have a perfect (captive) spot to reach them about a product they are already interacting with – instead of having it burried in an email newsletter that they likely won’t read. This has been among the most demanded MSP features for years and we’re happy to deliver something with enough power and flexibility that will make both your tech/support people happy (so they can address possible support issues) as well as marketing/sales (so they can better target their message). You can only display up to two (2) announcements at a time though so the only bad news here is that you’ll have to prioritize.
ExchangeDefender Exchange Account Lockout
ExchangeDefender is relieved to announce the availability of automated account lockout notifications. Our clients now have the ability to automatically locate, secure, and unlock email accounts that have been locked down due to too many bad login attempts.
You will now notice a red lock icon next to any accounts that have been locked out and you can choose how to proceed in terms of restoring account access:
Password hacking and guessing is rampant, and has only been getting worse through 2018. Thankfully, we’ve automated the process of unlocking and changing authentication credentials in 2019.
However, there is a special case in which just “Unlock Only” option may be the best.
Suppose you have a power user that has a desktop at work, at home, a laptop or two, 2 iPads, iPhone, Galaxy S9 and a miscellaneous other device that is set to sync mail every minute. Totally not talking about our CEO. But suppose that is the case and you just changed the password – well if all these other devices are trying to authenticate with the old password you may actually trip your corporate policy for the unlock limit and lock the account again.
We hope this automated system will save our partners a ton of time and make managing security and security incidents a breeze. We wish we could have delivered this much sooner but as anyone involved in cybersecurity will tell you, priority #1 is always mitigation of the issue (which we’ve done through all our Exchange 2016 UI and management discussed in our webinars).
This feature will go live later this week (Feb 21, 2019) – please give us feedback and suggestions on what more we can do to give you more power or save you time.
ExchangeDefender IP and Device Restrictions
ExchangeDefender IP and Device Restrictions
ExchangeDefender is continuing it’s march to becoming your central point of secure communications by bringing even more of our custom Enterprise features down to the SMB/MSP space. As of today, you will start seeing another section added to the Service Provider screen specifically to house our advanced security settings.
Restrict ExchangeDefender access to your IP range
All large organizations that depend on ExchangeDefender have static IP addresses and IP ranges assigned to them by the ISP. ExchangeDefender has the power to restrict access to your organization (all domain and user logins) and only allow access from your offices.
Add Trusted/Known Devices For Easier Access
People love the notion of security until that security gets in a way by prompting them. We only want our security infrastructure to get in a way of hackers and to slow down and annoy people that want to do us harm. Good news is, now you can add devices you know to known and trusted device list.
Doing so will minimize some of the additional checks and verification (such as 2FA/OTP one time password checks when you first log in from an unknown address). As an additional bonus, ExchangeDefender will start to deliver notifications and alerts whenever the system is accessed (successfully, meaning they know your password) from an unknown/untrusted device, giving you the first alert that there is a security issue to address.
As you’ve seen with mass password resets, access to advanced access logging, we are adding more, and more, of our enterprise features to the ExchangeDefender Pro product. To find out what else is on our road map, and how ExchangeDefender will evolve in 2019 to serve your other security needs, please tune into our webinar:
ExchangeDefender Mass Password Reset
ExchangeDefender has always been a great friend to the SMB community where folks hate passwords and password complexity right until the moment their password gets compromised. Once that happens, it’s up to the MSP or poor IT guy to sit around and reset all the passwords in the organization.
As mentioned previously, a number of ExchangeDefender Enterprise features is being delivered to ExchangeDefender Pro so now you’ll have the ability to reset every single users password quickly.
Under the domain login you will now see a “Security Reset” link that will allow you to either randomly assign a strong password (smart) and send your users a reset link or pick the same password for all users (outright idiotic but “business requirements”).
If you are an MSP assisting a client during an outage and this is the first time you’re making your users aware of ExchangeDefender LiveArchive for business continuity, you can also print out the passwords and/or email them to your users in plain text. This is a horrible, terrible, idiotic, really bad idea that virtually guarantees you’re going to get hacked but we are here to serve and Howard is a really good friend so here it is:
Just a word of warning: If you select to send your users a new password in clear text, and show the roster with the plain text password on the next page, for whatever ungodly reason, please add a note to come back later and lock your users down. Most MSPs keep the same password for ExchangeDefender and Exchange, and these services also affect ExchangeDefender Encryption, LiveArchive, WebFileShare, Compliance Archive, eDiscovery, FailPOP, mobile, etc and leave you open for collateral damage. Unless you’re using 2FA/OTP, restricting IP address ranges, rotating passwords frequently, I can guarantee that your passwords will be compromised. Please, please, please don’t do this, we are only making it available as the feature of last resort.
As we add these advanced security controls into ExchangeDefender Pro (and some even for Essentials) we will be tightening the security of the platform around. To hear more about our plan for 2019, please sign up for the webinar on February 6th at noon EST. Click the banner below to reserve your seat.
Compelling Reasons To Move To Exchange 2016
The time to move over to Exchange 2016 is NOW!
We previously blogged about our brand new SMB User Interface initiative around Exchange 2016 hosting – we aim to simplify the management of Microsoft Exchange so that any white collar employee can manage business email administration end to end.
But what about Exchange 2016, what is so great about it? Truthfully (and this will not make our MSP friends happy) bulk of the Exchange 2016 benefits are really centered around making our life easier as the service provider – we’ve never been able to say this about ANY Microsoft product in the two decade history: we’ve had 0 issues. You read that correctly, we’ve had absolutely no problems with Exchange 2016 so the primary benefit is the overall reliability and flexibility of the platform. It’s solid.
But if you want to sit with a client and walk them through a set of features that are new and compelling – and a good reason to upgrade to our Exchange 2016 if they are still on another provider or earlier version of Exchange – here are some talking points.
P.S. We recommend getting a demo account with our sales team and discussing how we often position these services to win business. You can talk about it till you’re blue in the face but just showing them the feature live might make them not want to live without it.
Exchange 2016 Notable Features
Expanding Archives – When an archive mailboxes reaches 50 GBs, the archive mailbox expands. Under the covers, once the mailbox reaches a size of 50 GBs, another archive mailbox is automatically created and linked together to form a chain of mailboxes that acts as one logical mailbox. As archive mailboxes are added, the content is distributed across the mailboxes to even out the load. Keep in mind that auto expanding archives still don’t auto expand your storage backend. Make sure you have adequate storage to accommodate such growth.
Calendar – Do Not Forward: This is similar to Information Rights Management (IRM) for calendar items without the IRM deployment requirements. Attendees can’t forward the invitation to other people, and only the organizer can invite additional attendees.
Calendar – Better Out of Office: Additional options when you won’t be in the office. Key options include: add an event to your calendar that shows you as Away/Out of Office, and a quick option to cancel/decline meetings that will happen while you’re away.
Calendar – Remove-CalendarEvents cmdlet: Enables administrators to cancel meetings that were organized by a user that has left the company. Previously, conference rooms or meeting attendees would have these defunct meetings permanently on their calendars.
Outlook on the Web (Formerly known as OWA)
When you use Outlook on the Web you have access to powerful collaboration tools that help to improve productivity. As an end user, you can easily engage in document collaboration, URL and video previews in email messages, and access advanced search functions. These capabilities have been especially enhanced for the most recent web browser versions including Microsoft Edge, Google Chrome, IE 11, Safari, and Mozilla Firefox. Additionally, there is now a productivity toolbar that appears in the top of your web browser for easy access to the functions you frequently use such as calendars, reading and composing email messages, searches, accessing files and documents, and more.
Pin: This function allows you to highlight a message and pin it to your inbox so you can easily locate important messages.
Undo: The Undo function helps you recover messages that were inadvertently deleted and undo actions you accidentally executed.
Sweep: This capability allows you to easily manage messages you frequently receive by configuring the settings for the messages. You can choose to keep messages for a specified number of days, automatically delete certain messages, keep the latest messages, and more.
Emoji’s: The Emoji’s provide enhancement to expressions in your email messages. Since contact is not face to face, you can use this function to display emotions.
Organised Archiving: Exchange 2016 allows you to easily organise old email messages into designated folders with one click of your mouse. This helps to reduce inbox clutter.
Personalisation: A series of new themes have been added to Exchange 2016 to provide a more personalized experience when working with email messages.
Outlook 2016
As mentioned earlier, Outlook 2016 offers enhanced features for collaboration in addition to a few other functions mention here.
Quick Access to Recent Files: This feature allows you to easily access recent files stored in OneDrive for Business, SharePoint
Online, and OneDrive using a convenient dropdown menu.
Improved Screen Resolution: The intuitive DPI support features provides you with enhanced screen rendering when using Outlook.
HTML Format for Appointments and Meetings: You can now use rich HTML for email messages and attachments.
TellMe: The TellMe feature prevents you from having to search the productivity ribbon for a function you want to use.
Smart Lookup: Helps you to locate information on the web related to content in an email message. This feature places the information in directly in your inbox from sources such as Wikipedia, Bing, and others.
Small Screen Support: Enhanced support for small screens allows you to automatically adjust Outlook to adapt to your device screen. A back button allows you to easily switch screens to easily work with your message list and reading window.
Enhanced Multilingual Support: Exchange 2016 offers more international characters to support messages and documents in different languages.
Better Storage: Exchange 2016 offers improved settings that allow you to specify how long you want to retain email on your device. Outlook is designed to monitor disk space. If your space has become reduced, it will automatically set a smaller timeframe for syncing.
More Office Themes: A new Colorful theme has been added to Outlook 2016 while maintaining the previous white and dark grey theme options.
Improved Email Performance: With Exchange 2016, the time it takes to download and display messages as well as wake after hibernation has been reduced.
Outlook for iOS and Android
Early last year, Microsoft introduced Outlook email for the iOS and Android operating systems. This move helped to expand Exchange capabilities to more devices and operating systems.
Some of the features include:
Quick File Access: This features allows you to easily separate important emails from less urgent ones by using the double tab feature.
Calendar Availability Notification: The Calendar feature allows you to easily send the times you are available to your colleagues, friends, and co-workers.
Schedule Emails: This function allows you to remove an inbox message and schedule to appear at a later time when it is more convenient.
Directory Search: The Directory Search function provides a way to quickly find people and their location.
Automatic Replies: Exchange 2016 allows you to set messages to let others know you are out of the office. An icon remains on the screen to remind you this function is activated.
ExchangeDefender Office Macro (OLE) Dangerous Content Filtering
ExchangeDefender Office Macro (OLE) Dangerous Content Filtering
ExchangeDefender now includes advanced protection from dangerous Microsoft Office macro code (OLE). Since usage of Office macro code is very limited (and seldom moved via email) it’s almost universally used as an attack vector by hackers who send malicious macro code embedded in Microsoft Office documents that target vulnerabilities in Outlook, Word, Excel, Powerpoint, and more.
Specifically, our service scans the following attachments for the presence of dangerous, encrypted, malformed, malicious, or suspicious code: doc,dot,pot,ppa,pps,ppt,sldm,xl,xla,xls,xlt,xslb,docm,dotm,ppam,potm,ppst,ppsm,pptm,sldm,xlm,xlam,xlsb,xlsm, and xltm. If we detect something suspicious or dangerous the message will not be destroyed or quarantined (as is the case with virus or infected attachments) – rather we just filter it to SureSPAM.
Managing Your OLE Protection
We will start strictly enforcing macro protection on January 1, 2019. However, the feature is available now and can be enabled at any time by going to https://admin.exchangedefender.com and logging in as a domain administrator (if you don’t see the setting, you aren’t logging in with your domain account but your personal or service provider account).
Click on Configuration > Policies > Phishing Options.
At the bottom of the form you will see “ExchangeDefender Office Macro Protection” section that is currently (October 2018) set to Off. The following options are available:
Off – Turns off ExchangeDefender Office Macro (OLE) protection
On – Turns on the protection but whitelisting the domain/email will bypass it
Strict – Turns on the protection and ignores whitelists
ExchangeDefender recommends this setting be configured as Strict in order to protect from spoofing where clients own domain or vendor (that doesn’t have SPF/DKIM implemented) address is used to deliver a dangerous attachment. Using “Strict” setting bypasses whitelist checks so if the message contains dangerous content it will automatically go into SureSPAM even if the domain is whitelisted.
What do I tell the users?
First, set the setting to Strict. Then, adjust the date in the message below and make sure SureSPAM settings are set to Quarantine.
“Starting with January 1, 2019, ExchangeDefender will protect you from dangerous attachments that contain rarely used Microsoft Office macro (OLE) code. If dangerous macro code is detected in an attachment, message will go into SureSPAM category and if configured to quarantine the message will be accessible at https://admin.exchangedefender.com in the SureSPAM quarantine. We have enabled the protection for you. If you ever see a familiar contact/domain but you were not expecting the message, it’s likely being spoofed/forged in order to trick you to click on a dangerous attachment. Take an extra step and contact the sender asking them if they sent you a document. If not, delete the message.”
We hope this helps keep your users more secure and in our production use so far it’s helping stop 100% of dangerous content