User Guide for Service Providers

Navigating around ExchangeDefender's User Interface (UI) is simple, with a tool bar across the top for most common tasks, and management sections (links) on the left. The rest of the UI contains the main functionality for whichever section you're currently managing.

Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions. When you are in sections that require your full attention and you want them to take up most of the screen (for going through SPAM messages, auditing access logs, etc) you can also click on the << icon next to shrink all the navigation and menu displays and focus on the content of the section you are working on. Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions.

ExchangeDefender for Service Providers can manage and add new domains and organizations by clicking on the Management tab. To add a new domain simply click on the New Account Wizard button.

To manage existing domains and organizations, locate them in the list on the management screen. Each organization can have multiple (alias) domains. The first domain in the organization is displayed in the header row and all actual domain configuration is managed below.

Quick edit button, as well as the + button next to the domain name expand all the users and policies in place for the domain. As service providers and CIOs are generally concerned with policy enforcement, this section enables you to quickly review the settings for compliance purposes and modify policies as a part of the management routine.

This screen is located under ExchangeDefender Service Provider > Management > Domain > Security Reset

ExchangeDefender for Service Providers enables service providers to quickly lock down the entire organization by mass resetting access security credentials. Security reset will provide you with the domains in the organization, mailbox totals for each domain and present you with options for New Password, User Notification, and Security Override.

New Password

ExchangeDefender allows you to pick and set the same password for all users in your organization "I want to pick the password", or allow the service to randomly assign passwords for each user "Allow ExchangeDefender to automatically pick a new password for each user". Picking the same password for all users is convenient for smaller organizations where you can direct everyone to reset their password - but it comes at a cost of security and privacy because now users know each other's passwords and can use them to maliciously access mailboxes they aren't authorized to access.

User Notification

ExchangeDefender can either notify each user on your behalf. If you select "Do not notify", ExchangeDefender will reset all security credentials but the user will not be notified. If you select "Send a password reset link to every user" the security credentials will be reset and the user will be sent a link to configure their new password.

Security Override

ExchangeDefender Security Override is designed for service providers that want to keep a roster of all users and their security credentials. By checking this box, you will be directed to the new page where all email addresses and passwords will be printed before they are applied to the database. Please note that even though this page is encrypted and secure, if your endpoint isn't this is a huge security compromise and ExchangeDefender does not recommend using it.

This screen is located under ExchangeDefender Service Provider > Management > Domain > Secure IP Range.

ExchangeDefender for Service Providers enables service providers to quickly set up IP restrictions in the event of a breach or compromise. The same setting is available on the Domain/Organization level.

By default, ExchangeDefender is accessible from anywhere. If the client has a known IP range and is primarily managing their ExchangeDefender service from an office with a Static IP address, you can restrict access to just that range by selecting “Allow access only from these IP ranges:”

Notifications

By checking the box labeled "Send me an email notification every time a login attempt is made from an unauthorized IP" you can get a notice when someone is attempting to hack or compromise your account. If you do not wish to receive an email, there is also a log in the User control panel that allows you to review recent authentication failures.

ExchangeDefender supports domain aliases. These are additional domains that are used for vanity purposes and generally deliver mail to the same users. To add an alias domain click on Management > Domain > Actions > Add domain alias.

ExchangeDefender makes it easy to update domain security policies. Just click on Management > Domain > Actions > Policies and you will be taken to the Domain Administrators view of the mail delivery policies. It allows you to quickly change organization settings without logging in as the domain / organization administrator.

ExchangeDefender enables you to designate Administrators that can access the Service Provider management interface. To add a new administrator to your organization click on +New Administrator and type in the email address of the user you want to grant permissions to.

Any user in the ExchangeDefender cloud can be promoted to a Service Provider Administrator, even for temporary access. Controls for each user enable you to Pause, Resume Access, and Delete the user. Because each user already exists in ExchangeDefender they already benefit from our 2FA/MFA authentication & authorization for security purposes (sharing of service provider login is strongly discouraged).

ExchangeDefender for Service Providers has a special Settings section that enables you to customize the security and policies of the Service Provider login. You can configure your primary language, time zone, passwords, password reset policies, password expiration, OTP/2FA, restrict access to your IP range, and even monitor access.

ExchangeDefender for Service Providers exposes many configuration settings that allow you to customize the look and feel of ExchangeDefender for your organizations and clients – you can even rename ExchangeDefender and not have it show up anywhere in your portals, down to the SSL certificate (via https://admin.securexd.com). Here is a brief overview of our Branding policies:

• Branding - Overall look and feel of ExchangeDefender, allowing you to change the logo, colors, product name, site footer, and emails.
• RSS Feeds - ExchangeDefender enables you to embed your RSS feeds into domain and user dashboards, so you can syndicate your blog or other services.
• Terms of Service - ExchangeDefender provides service-wide TOS, AUP, and SLA policies, and you can also include your own legal disclaimer that users are required to agree to before they can use the service.
• Notifications - Every email that ExchangeDefender service sends can be customized here, along with default disclaimers and message signatures.
• SPAM Report - ExchangeDefender allows you to customize the ExchangeDefender Daily and Intraday SPAM / Quarantine report message sender, from, and product lines.
• Contact Info - General contact information used throughout the ExchangeDefender site as the point of contact for the service.

The most popular ExchangeDefender branding screen allows you to customize the overall look of your entire portal.

• Portal logo - Logo for your ExchangeDefender site, displayed prominently on every page and email, located in the upper left hand side.
• Tagline – Additional logo/image displayed on the left, under the navigation tabs. This image can be used for additional branding or promotions.
• Product Name – ExchangeDefender allows you to change the name of the product.
• Notifications – Every email that ExchangeDefender service sends can be customized here, along with default disclaimers and message signatures.
• Background Color – ExchangeDefender enables you to change background and accent colors.
• Default Footer – ExchangeDefender enables you to customize the default footer shown to your users. By default, it will show whatever you provide here along with links to TOS, AUP, and SLA.
• Email Notice Branding – ExchangeDefender sends miscellaneous notices (for abuse, password reset links, new feature announcements, maintenance announcements, etc) and you can customize the look and content of those notices here.

ExchangeDefender enables you to syndicate your RSS feeds from blogs and other services. These entries would be pulled in realtime and displayed on the dashboard for Domain Administrators and Users.

ExchangeDefender provides standard Terms of Service, Acceptable Use Policy, and Service Level Agreement. If you have additional legal disclosures or notices, you can provide them here and your users and administrators will be prompted to review and accept them before using the service.

ExchangeDefender Notification section enables you to customize the look and feel of email messages ExchangeDefender generates when new domains and users are enrolled.

• Activation Message - ExchangeDefender default welcome message sent to users when they are enrolled in ExchangeDefender.
• Domain Welcome – ExchangeDefender default welcome message sent to Domain Administrators when a new domain / organization is added to ExchangeDefender.
• Announcement – Contents of this message are displayed on the https://admin.exchangedefender.com login page.
• Text Signature – Default ExchangeDefender text email signature (disclaimer) attached whenever a message is sent out of the ExchangeDefender network (outbound mail).
• HTML Signature – Default ExchangeDefender HTML email signature (disclaimer) attached whenever a message is sent out of the ExchangeDefender network (outbound mail).

ExchangeDefender Pro subscribers can enable Quarantine SPAM Reports, daily and intraday emails that contain a list of all the messages ExchangeDefender blocked as SPAM/SureSPAM. This section enables service providers to customize who the message is coming from (display/from name and email address).

Server policy determines if the links embedded in the Quarantine SPAM Reports go to the ExchangeDefender.com site, or the unbranded / white branded SecureXD.com site.

ExchangeDefender Contact Info is used for all other automatically generated ExchangeDefender messages and notices that are sent on behalf of the Service Provider account.

ExchangeDefender Features and Licensing screen shows you all of the tenants and domains protected by ExchangeDefender along with the number of accounts protected for each domain.

You can download the roster of users and all email addresses associated with the domain by clicking the icon under Download Accounts. This file can be opened by spreadsheet software of your choice and makes it easy to reconcile user accounts and licensing.

Licensing button will lead you to a screen that controls the licensed features for your domain. Enabling the feature will make all functionality and settings available to Domain Administrator and users under that domain. You can also export your account roster and see at a glance how many users are protected.

ExchangeDefender enables Service Providers to generate a security template that is assigned to every new organization when it is added to ExchangeDefender. It is important to stress that these are just a template that is loaded in when you start configuring a new domain – and you can change all the values and configurations as necessary.

Making changes to these security defaults will only apply to new organizations you add to ExchangeDefender. They will not apply to any existing accounts.

ExchangeDefender Phishing Allow / Block list is the top level permit/block list for the service provider and all organizations enrolled underneath them. Any policy established here can not be overwritten by the ExchangeDefender Domain Administrators.

To add a new phishing policy, please click on +Add New

Your allow/block policy can be scoped to the entire domain or a single email address. Your phishing policy is defined by what it does to links it finds in emails as they are processed by ExchangeDefender.

• Allow list  - Allows links to domains that match this policy to be allowed through. The user never sees any other site and is automatically taken to the link in the email using their web browser.
• Block list - Always blocks any links to domains that match this policy. Instead, they are redirected to r.xdref.com explaining the block policy.

Additions and removals of these policies are instant. ExchangeDefender has built this global enterprise facility specifically to allow service providers to immediately respond to zero day outbreaks or very specific cyber attacks. For example, if a service provider sees that there is an attack that has links going to amazonaws.com, service provider can quickly block amazonaws.com links sent to some/all of the users on the domain or the organization. Once you have neutralized the threat with this policy, you can login to organizations that should be excluded from global policies and make your adjustments accordingly.

ExchangeDefender Service Providers Logs section is designed to give you the ability to troubleshoot ExchangeDefender. Here you can audit all mail going through ExchangeDefender, all service provider or domain account activity (additions and deletions, for licensing purposes), centralized phishing reports of click-throughs and reports, and login security alerts.

• Mail Log - Search through incoming mail, sent mail, and mail server logs.
• Accounts - Search through account additions, removals, and security alerts.
• Phishing - Search through blocked or allowed click-through activity.
• Session Activity - Search through login activity of the Service Provider account.

ExchangeDefender enables Service Providers to have full visibility into how messages go in and out of ExchangeDefender, so they can better troubleshoot mail flow issues. ExchangeDefender allows you to search through inbound and outbound mail logs and retrieve full message headers and SMTP transaction logs. You can even download raw SMTP logs that contain all the email transaction data for your tenant.

ExchangeDefender offers interactive access to all inbound and outbound mail logs. You can search by date, subject, to/from, or message ID. When you've provided your parameters click on Search and we will quickly generate a list of messages that meet your criteria.

Clicking on the Subject or View Logs will display the message details, SMTP email headers, and low-level SMTP logs that can be useful for message tracking and delivery. You can also download the .csv of your search results and use them for advanced analytics/search.

In addition to providing interactive access to logs, ExchangeDefender also enables you to download the full low-level SMTP logs for all the messages in your search. These verbose and detailed logs show how the message goes through ExchangeDefender, show the result of common security scans, as well as email server-to-server communications that include message delivery confirmations or delivery errors.

These logs can be imported into a third party logs analytics package or downloaded for compliance purposes. SMTP logs are very detailed and it can take time to collect all the data from all the nodes that processed the message. ExchangeDefender SLA is 24 hours to deliver the reports but even our largest clients can expect the mail logs to be available within 1 hour during normal times.

Click on the green Raw Email Logs Files button to access the download area. If your report is not ready you can click on the and provide your email address so we can email you when the report is ready.

ExchangeDefender enables Service Providers to have full access to security audit logs for support and administrative purposes. In the event that you need to track down when a specific policy change was made, when a new policy was added, when some aliases were deleted – you can search through the security audit logs to get the time and date it was made.

ExchangeDefender enables Service Providers to audit session activity and logins into the service provider account. If you cannot recognize many failed login attempts please review your internal systems and contact us for assistance (someone may be attempting to hack you).

ExchangeDefender Broadcast Messages is a communications tool that makes it easy for you to reach all of your clients, or just a selected a few.

This service is convenient for business cases where you need to reach every user at the client site or every single user protected by ExchangeDefender.

ExchangeDefender Broadcast Messages are easy, simple, automated, and free.

Features:

Simple- Sending a broadcast message is simple. Go to admin.exchangedefender.com, login as a Service Provider and click on Broadcast Messages.

Automatic - Broadcast Messages are always up to date and require no management or maintenance, for compliance purposes you can be certain every address on the domain will get the message.

Flexible - Messages support full HTML and our user friendly editor can help you design beautiful messages.

Branded - To save time, each message will automatically get the logo and contact information from the Service Provider contact information data.

How-to guide:

To send a message simply go to https://admin.exchangedefender.com, login as the service provider , and click on Broadcast Messages.

You will be prompted to choose an audience: specific domains (allowing you to pick from the list) or everyone. Type your message and hit Preview. You will see your message here, and it looks exactly the same as your recipients will see it in their Inbox. There are two checkboxes on the bottom to insert your logo and insert a default signature. If you are happy with the look of it click on Submit and messages will be sent within 60 seconds.

ExchangeDefender enables Service Providers to quickly respond to an incident or an attack and create routing policies for important clients/vendors.

To add a new entry click on +Add New and provide an IP address or domain you wish to permit or block access to your tenant. ExchangeDefender also allows wildcard policies that can take an entire domain or class C allocation.

For example, to allow/block a subdomain such as "s29cv.outbound.sendgrid.net" you would type in *.outbound.sendgrid.net. This policy will allow hostnames such as s31cv.outbound.sendgrid.net or o1.outbound.sendgrid.net to be allowed or blocked. Keep in mind that this does not work on subdomains, so *.outbound.sendgrid.net will not match a hostname subdomain.o1.outbound.sendgrid.net.

You can also add entire class C address blocks to the allow/block policy by removing the last octet. This is popular for larger providers that send email from big IP allocation blocks or broadcast networks, if you wish to allow any IP from 65.99.255.0-65.99.255.255 to relay email you would create a policy as "65.99.255." - just skip the last set of numbers and ExchangeDefender will treat the whole address block as one.