ExchangeDefender Domain Admin Manual
ExchangeDefender Admin Portal gives organization (domain) administrators central access to all policies, logs, configurations, service subscriptions, branding, and user management. From this secure site, accessible via desktop and mobile, you can manage your entire organization and tailor it to your specific needs. The login credentials or password reset link will be sent to you by your IT department and you can access all services here:
ExchangeDefender Admin Portal
Navigation through the ExchangeDefender User Interface (UI) is simple with a tool bar across the top management sections/links on the left. The rest of the UI contains the main functionality for whichever section you’re currently managing. Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions.
Domains - Dashboard
ExchangeDefender domain / organization administrator’s dashboard contains important information for admins to glance at every time they login to ExchangeDefender: Announcements, ExchangeDefender Blog and SPAM Trends.
- Announcements – ExchangeDefender announcements give ExchangeDefender, service providers, and you the ability to get important service-related notices in front of all administrators and users. Domain / organization administrators can add new announcements under the Announcement section.
- ExchangeDefender Blog – ExchangeDefender blog contains the latest information from ExchangeDefender.
- Domain SPAM Trends – SPAM trend graphs give you an overview of recent activity for each domain protected by ExchangeDefender. Please note that these are the consolidated logs that show normalized activity, we do not report the 99.9% of the junk that is eliminated outright due to its known malicious / SPAM content (because that data skews the graphs, is irrelevant, and while it makes ExchangeDefender look great it doesn’t provide the administrator with any useful information).
Domains – Accounts
ExchangeDefender domain / organization administrators manage all user accounts from a single interface available from the Accounts tab. Across the top you will see tabs for Accounts, Compliance Officers, and IoT Accounts .
Accounts tab for domain / organization administrators has all the ExchangeDefender protected email addresses. To protect another user, click on +Add New. All users are listed below and the form supports multi-select, enabling administrators to apply the same action to multiple accounts (for example, if nobody got their daily ExchangeDefender SPAM Quarantine Report you can highlight multiple accounts and select “Resend SPAM Report”)
Email addresses are listed on this screen and domain administrators have the ability to manage them centrally. If you click on the actions you will see several options:
- Modify Account – Modify account enables you to change account configuration and policies.
- Manage Account– Manage Account is a superuser shortcut, clicking on this action will log you in and allow you to impersonate the user (and see what they see, for support purposes)
- Delete Account – Deleting an account will remove the email address from ExchangeDefender as well as all their policies and data.
- Change Password – Change Password allows you change the user’s password and select a new password. This is different from Reset Password.
- Resent SPAM Report – ExchangeDefender Pro subscribers can setup Daily SPAM Quarantine Reports that email them the list of messages we quarantined as SPAM, this option allows you to send them the report again (the new report will be generated)
- Reset Password– This option will send the user a reset link. Unlike Change Password, you will not be asked to pick a new password, the password will be changed to a random secure password, and the user will get a reset link to pick a new password. This is helpful if the account has been compromised or you just want to force the user to change their password for security reasons.
- Resend Welcome– ExchangeDefender will send the original welcome email to the user as configured by the service provider.
- Add Alias– Protect an additional email address and associate it with the selected account.
Domains - Accounts – Compliance Officers
ExchangeDefender domain/organization administrators can designate Compliance Officers that are part of the organization and are responsible for Corporate Encryption and Corporate Archiving. These solutions help organizations comply with regulatory requirements, business requirements, and notification requirements.
Compliance Officers also have additional functionality and reporting options in ExchangeDefender. Additionally, they may be contacted by ExchangeDefender and ExchangeDefender services when policies require them to be notified (Corporate Encryption alerts).
Domains – Accounts – IoT Accounts
ExchangeDefender enables organizations to connect their IoT (Internet of Things) devices to the Internet and enable email functionality. These devices range from printers, copiers, alarms, sensors, and even third-party services that generate alerts and require a local SMTP server. Since most organizations no longer have SMTP servers, ExchangeDefender provides a free SMTP gateway. In order to add a new IoT account click on +Add.
ExchangeDefender strongly encourages domain / organization administrators to create an IoT account for every device or service on the network. If one of the devices or services gets compromised (common IoT issue) they will have free access to relay mail and ExchangeDefender aggressively shuts down abuse. Because IoT devices tend to have complex configuration processes, changing the password on multiple devices should be avoided at all cost by setting up an account for each device. For this reason alone, ExchangeDefender IoT accounts are free of charge.
Username & Password – ExchangeDefender
randomly generates the username and password
for each device.
Description – Device or service description.
Disclaimers – ExchangeDefender requires strict compliance to assure security of our platform, asking you not to use the accounts for commercial/SPAM purposes or put the credentials on shared systems (WordPress blogs/forms)
Domains – Policies
This screen is located under ExchangeDefender Domain > Policies.
Administrator Name & Email –This person or department is the main contact point for ExchangeDefender for this domain. It will receive any service notifications from ExchangeDefender and the Service Provider. This information is also used to send any messages or notifications ExchangeDefender generates for the users (New account welcome, password reset links, etc).
LiveArchive – Enable or disable ExchangeDefender LiveArchive email business continuity service.
Domains– Policies-Mail Options
Inbound IP Address – Inbound IP address (or hostname) is where ExchangeDefender delivers inbound mail that has been processed and scrubbed.
Outbound IP Address – Outbound IP address is the address from which we will allow outbound relay for outgoing email.
ExchangeDefender supports advanced routing for both Inbound and Outbound routes, allowing for complex configurations such as accepting mail from an entire subnet or multihomed routing for small businesses with multiple IP addresses from multiple ISPs (but no BGP).
While technical support for this feature is not available, it is relatively simple to configure an MX record to configure failover and redundancy in ExchangeDefender delivery to multiple IP addresses. Simply create a new MX record (with as many ISP IP addresses as you have assigned to you) and provide that hostname here.
ExchangeDefender will look up the MX record, resolve IP addresses, and proceed to attempt email delivery based on the weight of each record found. If one IP does not answer on port 25, ExchangeDefender will move on to the next one in seconds.
Domains – Policies - SPAM Options
SPAM Life – Number of days that ExchangeDefender will keep SPAM messages and make them available for review/release.
SPAM Action – ExchangeDefender has 3 options when it comes to handling SPAM messages.
Tag & Deliver – When ExchangeDefender
classifies a message as SPAM, it will append
[SPAM] to the subject and deliver the
message to the client.
Quarantine – When ExchangeDefender classifies a message as SPAM it will quarantine the message on our network. Users can get a daily SPAM and intraday SPAM report that gets emailed to them, or through the admin portal at https://admin.exchangedefender.com , or through Outlook add-in, or through Windows Desktop client. ExchangeDefender Essentials can only access their quarantined messages via the portal. Once a message is quarantined it can be accessed, previewed, printed, replied to or forwarded, and it can also be released down to the client’s mail server on demand.
Delete – When ExchangeDefender classifies a
message as SPAM it will delete the message.
Please note that this action is not
reversible , the message is discarded before
being stored on any of our servers so there
is no way to recover the message once it’s
SureSPAM Action – ExchangeDefender has the same three options for handling SPAM. SureSPAM is a classification for SPAM messages that we have a 99.9% confidence that the message is SPAM based on its origin, patterns, and advanced SPAM detection.
Domains – Policies - Report Options
Domains – Policies - Signatures
ExchangeDefender enables organizations to standardize their corporate email signature or disclaimer on all outbound messages. This is a global setting for all domains in the organization and every message coming from the domain will be signed with the text and HTML markup provided here.
Domains - SPAM Czar
ExchangeDefender SPAM Czar section is intended for email administrators that are in charge of managing and releasing infected or SPAM messages on behalf of the other users in an organization. Some smaller organizations (typically law, medical, construction) designate a person on staff that is responsible for releasing SPAM messages and infected files on behalf of other employees. Two sections of the SPAM Czar are Quarantine Search and Infected Files.
SPAM Czar - Quarantine Search
ExchangeDefender Quarantine Search is essentially the ExchangeDefender SPAM Quarantine Report for the entire organization. Domain administrators may use this form to locate any piece of junk mail quarantined for the entire organization and quickly act on it. The actions are identical to the ones found in the user portal and are as follows:
Release – Selected messages will be released from the ExchangeDefender SPAM quarantine and delivered to the recipients Inbox.
Trust Sender – Selected messages will be released from the ExchangeDefender SPAM quarantine, delivered to the recipients Inbox, and the senders email address will be added to the user’s whitelist.
Review – Review option simply flags the
message as reviewed so it does not show up
in future searches. This option is
convenient and designed for staff that is
checking the list often and only wants to
see messages that were quarantined since the
Each message also has actions that can be taken to get more information
Info – Clicking on the Info icon next to the message will show more message details such as sender IP, SPAM score, and timestamp.
Preview – Clicking on the preview icon will bring up a window with a preview of the message contents (if available). You can also click on the message to reply to the sender on your user’s behalf.
SPAM Czar - Infected Files
ExchangeDefender enables domain / organization administrators to access infected file quarantines on behalf of users. If one of ExchangeDefender’s many antivirus engines detects a threat, it is quarantined or saved on our network and the user is sent a notice that one of the dangerous attachments has been removed with a tracking id. Administrators can use the search to locate the message and get the download link.
Email link to option gives domain administrators to send the attachment download link via email to the user or to another party that can review it. The email simply contains the message information and the link to download the attachment.
Domains – Logs – Security
ExchangeDefender Security Audit Log features extensive logging and security audit tools that can help domain administrators track login activity for security and troubleshooting purposes. The security audit log can be done on a Domain basis or you can click on Users to show the security login by email address.
The Security Audit Log will show you the activity, user, time of the activity, and the source IP address. Security Audit Logs can help domain administrators see potential threats and attacks/hack attempts.
Domains - Logs – Phishing
ExchangeDefender Phishing logs contain activity from ExchangeDefender Security Center (https://r.xdref.com) and give domain administrators access to URLs that were intercepted by the ExchangeDefender Phishing Firewall with either no or bad reputation.
This information is provided for security audit purposes and for tracking which sites may have lead to a security breach/compromise. Because dangerous malware distributed through phishing often results in destruction of a PC and/or network, ExchangeDefender as an external resource can help you determine which links may have been involved in distributing dangerous payload.
Domains - Security Reset
ExchangeDefender enables domain / organization administrators to quickly lock down the entire organization by mass resetting access security credentials. Security reset will provide you with the domains in the organization, mailbox totals for each domain and present you with options for New Password, User Notification, and Security Override.
New Password – ExchangeDefender allows you to pick and set the same password for all users in your organization “I want to pick the password”, or allow the service to randomly assign passwords for each user “Allow ExchangeDefender to automatically pick a new password for each user”. Picking the same password for all users is convenient for smaller organizations where you can direct everyone to reset their password – but it comes at a cost of security and privacy because now users know each other’s passwords and can use them to maliciously access mailboxes they aren’t authorized to access.
User Notification – ExchangeDefender can notify each user on your behalf. If you select “Do not notify”, ExchangeDefender will reset all security credentials but the user will not be notified. If you select “Send a password reset link to every user” the security credentials will be reset and the user will be sent a link to configure their new password.
Security Override – ExchangeDefender Security Override is designed for domain administrators that want to keep a roster of all users and their security credentials. By checking this box, you will be directed to the new page where all email addresses and passwords will be printed before they are applied to the database.
Please note that even though this page is encrypted and secure, if your endpoint isn’t this is a huge security compromise and ExchangeDefender does not recommend using it.
Domains – Announcements
ExchangeDefender enables domain / organization admins to display messages to users as they interact with the service. These announcements are displayed prominently on the login page for all of our major services such as the admin portal, Encryption Portal, Corporate Encryption, LiveArchive, Compliance Archive, and Web File Server. Announcements are also featured prominently on the dashboard for Domain and User portals.
ExchangeDefender Announcements support HTML, images, and have a few configuration options:
Expiration Date – ExchangeDefender can automatically expire and remove the announcement. This is helpful when you need to make a service announcement for a short period of time and then have it disappear automatically.
Audience – By checking the “I want to see this announcement too” the announcement will be displayed to Domain administrators on the dashboard. This is useful when your announcement also applies to other personnel managing this organization.
Include all users – By checking “Include all users” the announcement will be displayed to domain/organization administrators and users. If this box is not checked, the announcement is only displayed to the domain/organization administrators.