ExchangeDefender Service Provider Manual
ExchangeDefender Admin Portal for Service Providers is the top level of administrative control over ExchangeDefender. It gives large organizations, CIOs, MSPs, resellers, and personnel in charge of multiple domains and organizations a single login to manage every aspect of ExchangeDefender from a single interface. The login credentials are sent by ExchangeDefender and service providers can access all the services here:
Navigating around ExchangeDefender's User Interface (UI) is simple, with a tool bar across the top for most common tasks, and management sections (links) on the left. The rest of the UI contains the main functionality for whichever section you're currently managing.
Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions. When you are in sections that require your full attention and you want them to take up most of the screen (for going through SPAM messages, auditing access logs, etc) you can also click on the << icon next to shrink all the navigation and menu displays and focus on the content of the section you are working on. Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions.
Service Provider - Managing Domains/Organizations
ExchangeDefender for Service Providers can manage and add new domains and organizations by clicking on the Management tab. To add a new domain simply click on the New Account Wizard button.
To manage existing domains and organizations, locate them in the list on the management screen. Each organization can have multiple (alias) domains. The first domain in the organization is displayed in the header row and all actual domain configuration is managed below.
Actions for Domain Management are as follows:
- Add Domain Alias - Add a new domain to this organization.
- Delete Account - Delete the domain and all users/configuration related to it.
- Manage Account - Login to the domain as the administrator of that organization to directly manage users and settings.
- Policies - Quickly adjust popular configuration items for a single domain.
- Secure IP - Configure IP address restrictions for portal and service access.
- Security Reset - Quickly lock down the domain by resetting credentials.
Quick edit button, as well as the + button next to the domain name expand all the users and policies in place for the domain. As service providers and CIOs are generally concerned with policy enforcement, this section enables you to quickly review the settings for compliance purposes and modify policies as a part of the management routine.
Service Provider - Security Reset
This screen is located under ExchangeDefender Service Provider > Management > Domain > Security Reset
ExchangeDefender for Service Providers enables service providers to quickly lock down the entire organization by mass resetting access security credentials. Security reset will provide you with the domains in the organization, mailbox totals for each domain and present you with options for New Password, User Notification, and Security Override.
ExchangeDefender allows you to pick and set the same password for all users in your organization "I want to pick the password", or allow the service to randomly assign passwords for each user "Allow ExchangeDefender to automatically pick a new password for each user". Picking the same password for all users is convenient for smaller organizations where you can direct everyone to reset their password - but it comes at a cost of security and privacy because now users know each other's passwords and can use them to maliciously access mailboxes they aren't authorized to access.
ExchangeDefender can either notify each user on your behalf. If you select "Do not notify", ExchangeDefender will reset all security credentials but the user will not be notified. If you select "Send a password reset link to every user" the security credentials will be reset and the user will be sent a link to configure their new password.
ExchangeDefender Security Override is designed for service providers that want to keep a roster of all users and their security credentials. By checking this box, you will be directed to the new page where all email addresses and passwords will be printed before they are applied to the database. Please note that even though this page is encrypted and secure, if your endpoint isn't this is a huge security compromise and ExchangeDefender does not recommend using it.
Service Provider - Secure IP Range
This screen is located under ExchangeDefender Service Provider > Management > Domain > Secure IP Range.
ExchangeDefender for Service Providers enables service providers to quickly set up IP restrictions in the event of a breach or compromise. The same setting is available on the Domain/Organization level.
By default, ExchangeDefender is accessible from anywhere. If the client has a known IP range and is primarily managing their ExchangeDefender service from an office with a Static IP address, you can restrict access to just that range by selecting “Allow access only from these IP ranges:”
By checking the box labeled "Send me an email notification every time a login attempt is made from an unauthorized IP" you can get a notice when someone is attempting to hack or compromise your account. If you do not wish to receive an email, there is also a log in the User control panel that allows you to review recent authentication failures.
Service Provider - Domain Aliases
ExchangeDefender supports domain aliases. These are additional domains that are used for vanity purposes and generally deliver mail to the same users. To add an alias domain click on Management > Domain > Actions > Add domain alias.
Service Provider - Domain Policies
ExchangeDefender makes it easy to update domain security policies. Just click on Management > Domain > Actions > Policies and you will be taken to the Domain Administrators view of the mail delivery policies. It allows you to quickly change organization settings without logging in as the domain / organization administrator.
Service Provider - Settings
ExchangeDefender for Service Providers has a special Settings section that enables you to customize the security and policies of the Service Provider login. You can configure your primary language, time zone, passwords, password reset policies, password expiration, OTP/2FA, restrict access to your IP range, and even monitor access.
Service Provider - Branding
ExchangeDefender for Service Providers exposes many configuration settings that allow you to customize the look and feel of ExchangeDefender for your organizations and clients – you can even rename ExchangeDefender and not have it show up anywhere in your portals, down to the SSL certificate (via https://admin.securexd.com). Here is a brief overview of our Branding policies:
- Branding - Overall look and feel of ExchangeDefender, allowing you to change the logo, colors, product name, site footer, and emails.
- RSS Feeds - ExchangeDefender enables you to embed your RSS feeds into domain and user dashboards, so you can syndicate your blog or other services.
- Terms of Service - ExchangeDefender provides service-wide TOS, AUP, and SLA policies, and you can also include your own legal disclaimer that users are required to agree to before they can use the service.
- Notifications - Every email that ExchangeDefender service sends can be customized here, along with default disclaimers and message signatures.
- SPAM Report - ExchangeDefender allows you to customize the ExchangeDefender Daily and Intraday SPAM / Quarantine report message sender, from, and product lines.
- Contact Info - General contact information used throughout the ExchangeDefender site as the point of contact for the service.
The most popular ExchangeDefender branding screen allows you to customize the overall look of your entire portal.
- Portal logo - Logo for your ExchangeDefender site, displayed prominently on every page and email, located in the upper left hand side.
- Tagline – Additional logo/image displayed on the left, under the navigation tabs. This image can be used for additional branding or promotions.
- Product Name – ExchangeDefender allows you to change the name of the product.
- Notifications – Every email that ExchangeDefender service sends can be customized here, along with default disclaimers and message signatures.
- Background Color – ExchangeDefender enables you to change background and accent colors.
- Default Footer – ExchangeDefender enables you to customize the default footer shown to your users. By default, it will show whatever you provide here along with links to TOS, AUP, and SLA.
- Email Notice Branding – ExchangeDefender sends miscellaneous notices (for abuse, password reset links, new feature announcements, maintenance announcements, etc) and you can customize the look and content of those notices here.
ExchangeDefender enables you to syndicate your RSS feeds from blogs and other services. These entries would be pulled in realtime and displayed on the dashboard for Domain Administrators and Users.
ExchangeDefender provides standard Terms of Service, Acceptable Use Policy, and Service Level Agreement. If you have additional legal disclosures or notices, you can provide them here and your users and administrators will be prompted to review and accept them before using the service.
ExchangeDefender Notification section enables you to customize the look and feel of email messages ExchangeDefender generates when new domains and users are enrolled.
- Activation Message - ExchangeDefender default welcome message sent to users when they are enrolled in ExchangeDefender.
- Domain Welcome – ExchangeDefender default welcome message sent to Domain Administrators when a new domain / organization is added to ExchangeDefender.
- Announcement – Contents of this message are displayed on the https://admin.exchangedefender.com login page.
- Text Signature – Default ExchangeDefender text email signature (disclaimer) attached whenever a message is sent out of the ExchangeDefender network (outbound mail).
- HTML Signature – Default ExchangeDefender HTML email signature (disclaimer) attached whenever a message is sent out of the ExchangeDefender network (outbound mail).
ExchangeDefender Pro subscribers can enable Quarantine SPAM Reports, daily and intraday emails that contain a list of all the messages ExchangeDefender blocked as SPAM/SureSPAM. This section enables service providers to customize who the message is coming from (display/from name and email address).
Server policy determines if the links embedded in the Quarantine SPAM Reports go to the ExchangeDefender.com site, or the unbranded / white branded SecureXD.com site.
ExchangeDefender Contact Info is used for all other automatically generated ExchangeDefender messages and notices that are sent on behalf of the Service Provider account.
Service Provider - Security Settings
ExchangeDefender enables Service Providers to generate a security template that is assigned to every new organization when it is added to ExchangeDefender. It is important to stress that these are just a template that is loaded in when you start configuring a new domain – and you can change all the values and configurations as necessary.
Making changes to these security defaults will only apply to new organizations you add to ExchangeDefender. They will not apply to any existing accounts.
Service Provider - Phishing
ExchangeDefender Phishing Whitelist / Blacklist is the top level whitelist/blacklist for the service provider and all organizations enrolled underneath them. Any policy established here can not be overwritten by the ExchangeDefender Domain Administrators.
To add a new phishing policy, please click on +Add New
Your whitelist/blacklist policy can be scoped to the entire domain or a single email address. Your phishing policy is defined by what it does to links it finds in emails as they are processed by ExchangeDefender.
- Whitelist - Whitelist allows links to domains that match this policy to be allowed through. The user never sees any other site and is automatically taken to the link in the email using their web browser.
- Blacklist - Blacklist always blocks any links to domains that match this policy. Instead, they are redirected to r.xdref.com explaining the block policy.
Additions and removals of these policies are instant. ExchangeDefender has built this global enterprise facility specifically to allow service providers to immediately respond to zero day outbreaks or very specific cyber attacks. For example, if a service provider sees that there is an attack that has links going to amazonaws.com, service provider can quickly block amazonaws.com links sent to some/all of the users on the domain or the organization. Once you have neutralized the threat with this policy, you can login to organizations that should be excluded from global policies and make your adjustments accordingly.
Service Provider - Logs
ExchangeDefender Service Providers Logs section is designed to give you the ability to troubleshoot ExchangeDefender. Here you can audit all mail going through ExchangeDefender, all service provider or domain account activity (additions and deletions, for licensing purposes), centralized phishing reports of click-throughs and reports, and login security alerts.
- Mail Log - Search through incoming mail, sent mail, and mail server logs.
- Accounts - Search through account additions, removals, and security alerts.
- Phishing - Search through blocked or allowed click-through activity.
- Session Activity - Search through login activity of the Service Provider account.
Service Provider - Mail Logs
ExchangeDefender enables Service Providers to have full visibility into how messages go in and out of ExchangeDefender, so they can better troubleshoot mail flow issues. ExchangeDefender allows you to search through inbound and outbound mail logs and retrieve full message headers and SMTP transaction logs.
Service Provider - Accounts Logs
ExchangeDefender enables Service Providers to have full access to security audit logs for support and administrative purposes. In the event that you need to track down when a specific policy change was made, when a new policy was added, when some aliases were deleted – you can search through the security audit logs to get the time and date it was made.
Service Provider - Session Activity
ExchangeDefender enables Service Providers to audit session activity and logins into the service provider account. If you cannot recognize many failed login attempts please review your internal systems and contact us for assistance (someone may be attempting to hack you).