Due to popular demand, we’ve added some new Distribution Group features to our Exchange/M365 Service Manager. The features are all about external (mail enabled) contacts that have a huge presence in the SMB/consulting organizations:
External Contacts or Mail Enabled Contacts are great when you need to give a person an email address on your domain without giving them their own mailbox. This is a very popular feature in SMB/consulting community when it comes to contractors and third parties that already have their own email infrastructure but for compliance (or vanity) purposes they need an email on your domain.
External Contacts allow you to assign an email address on your domain (firstname.lastname@example.org) and automatically forward all their mail to their existing email address (email@example.com).
Not only does this feature help save money on licensing costs, it also eliminates the need for the person to setup another account and check mail at a new place.
The upgrade we’re announcing today has to do with External or Mail Enabled contacts as a part of a Distribution Group (Exchange term for “mailing list”): You can now add external email addresses to any internal/external distribution group from the Service Manager at https://support.ownwebnow.com. Now when you try to create or modify a distribution group, your “Add a new member” screen will show your defined external contacts as well!
This is one of the most demanded features in Service Manager, and we hope it serves your business well!
But her (external) emails!
Unfortunately for some, the Internet standards still apply and most service providers are rapidly removing features that have anything to do with external mail forwarding. This is mainly due to rise of SMTP authentication/authorization protocols like SPF, DomanKeys (DKIM) that do not work with the way mail enabled external contacts are implemented in Microsoft Exchange and other email servers. When the mail is being forwarded to the external contact, the From line remains intact so that the recipient can identify the person sending the email (for example, firstname.lastname@example.org). But when the message is forwarded to the external contact, the receiving server will look at the from line and see that the message is from a domain hosted on Gmail but sent from the ExchangeDefender address space (that is obviously not a part of Google Gmail SPF/DKIM record) and depending on configuration might consider that message to be a forgery/spoof/SPAM.
This isn’t an ExchangeDefender issue, or a Microsoft issue, or a Gmail issue, it’s a part of the protocol specification. And while everyone else is making this feature go away (because it can affect server reputation), we’re working on rewriting/improving it. We are currently working on a feature that will rewrite the From line, so when Exchange forwards an email “From: Vlad Mazek <email@example.com>” to an external contact, the recipient will get an email that shows this on the from line: “From: Vlad Mazek <firstname.lastname@example.org>” that will help bypass SPF/DKIM checks on the receiving side.
ExchangeDefender has always tried to help our partners when it comes to billing management. Perhaps you’ve noticed that no matter when you sign up for the service during the month you are not charged. Not even a prorated amount.
The terms of service do require a 30 day notice, but we understand that sometimes our IT partners are too busy to remember to cancel stuff. As we’ve grown over the years, it’s become necessary to lock down our subscription management a few days before the billing cycle that runs on the 1st. Inevitably someone forgets or waits till the last moment and opens a ticket nearly at midnight making for an awkward pointing to terms of service. Worse, some partners make their staff wait till the last of the month to manage cancellations and adjustments, which stresses everyone out unnecessarily.
So we’ve got a solution. When you come to delete / cancel the service you will be given the option of selecting a cancellation date. This allows our partners to have the service scheduled for automatic deletion so you don’t have to worry or wait until the end of the month. Now that this bit is automated, our team will no longer accept cancellations of services unless they are made through the Service Manager
It’s been a year since we launched the ExchangeDefender Automatic Enrollment feature and it recently got a major upgrade to function with our new cloud infrastructure. This is our favorite way to enroll ExchangeDefender users for two reasons: it’s the simplest and the most seamless way to onboard new users.
When ExchangeDefender detects a new email, it will put it in the enrollment process which consists of the following:
– Creating an ExchangeDefender account and supporting service accounts
– Applying existing policy defaults for the organization
– Creating LiveArchive account and routing policy
– Updating administrative and licensing systems
– Generating a welcome email
On the service provider side, there is a full and searchable log of all account enrollments so everyone is kept in the loop in real-time.
As for the user experience, everything is branded and automatically taken care of. When they send an email to any external email, their address will be provisioned within 1 hour and they’ll get the following email inviting them to get started. Even if they ignore it, the ExchangeDefender auto attendant will automatically apply all the domain/organization specific policies for them automatically. And of course, if something on your network is sending email by mistake you can just block it and you won’t be billed for it.
There is a lot of work and testing currently being done on several Microsoft integrations (Azure Directory sync, Outlook/OWA addin) but more on that during our August webinar. We are also doing some very interesting integrations on the Enterprise side, and some of those features may appeal to our MSP partners (although some may be cost / infrastructure prohibitive). For example, we have a client who required accounts to be approved before they could be auto-created (even though they were synced through our Azure integration) and we were able to enable them to do that. If you’ve got feature ideas we’d love to hear them, but there is a lot we can also build with our partners.
At ExchangeDefender we get an over-sized serving of “weird email problems” on a daily basis, and keeping the client up and running and email flowing securely is our first priority. Trouble is, some of the issues our clients face can’t be easily replicated because they often involve a complex setup or a device that we do not have control over, naturally leaving the paying client in a position to make us prove that we aren’t causing the problem. And the customer is always right.
Today we are announcing a new service, included with ExchangeDefender Pro, that will help improve monitoring, problem detection, recovery, and diagnostics for email problems that fall in the weird category. By simulating real-world email traffic we can match up our timestamps, headers, diagnostics logs, and identify problems and their cause in real-time. Our email diagnostics service can be scheduled with preset intervals, message specifications, test parameters and more to help detect a problem with the mailbox or mail routing in general.
What kind of tests can we run? Here are a few of the top used cases:
– Email sometimes experiences a delay
– None of the emails with attachments sync with the mobile device
– Messages aren’t consistently signed with DKIM
– Messages to/from different sources cause a delay
– Messages “arrive all at once” or “never at all from 9PM to 11PM”
In the two months that we’ve been testing this new service, we have yet to find a problem that can either not be identified by this tool or that we cannot fix very quickly. This system can detect issues within the ExchangeDefender cloud, as well as any other email infrastructure out there (Office/Microsoft 365, Gmail, etc). This feature is a part of a much larger set of security enhancements we’ve been developing/testing, and would welcome any feedback and suggestions.
If you have found an issue that is causing a problem for the client, please let us know by opening a ticket. From there we can simulate the sort of traffic that is not reaching their mailbox correctly and give you tons of samples that will help identify exactly where the issue likely is.
To get started, open a ticket with “Email Diagnostics Request” and the type of problem you’re trying to solve and we’ll get right on it. This service is a part of a more elaborate mail testing package we are currently building to assure all our clients are properly setup, properly locked down, and ensure any issues are detected and addressed before they impact productivity.
Today we received word from Microsoft explaining that they are currently investigating the technical issues involving the sudden crashing of their Outlook email app. (For the record, no – it’s not us.) Their twitter confirmed later in the day with the following alert:
“We’re investigating whether a recently deployed update could be the source of this issue,” explains Microsoft… “As a workaround, users can utilize Outlook on the web or their mobile clients.”
This comes after thousands of Office 365 users reported that the email app immediately shuts down upon opening. This has come after the recent upgrade to Exchange 2016.
As for ExchangeDefender, we have not received any support requests as of yet, but we wanted to give you a heads up in the event that you experience difficulty using the app.
Our tip: Use OWA with your web browser, you should be able to login with no issue. If you are still experiencing delays, please submit a ticket via our support portal, so that we can troubleshoot your issue further.
Our Official NOC announcement is available here!
In February we released our new Exchange web management user interface. Now that everyone is on the new platform, we’re quickly moving to add new features and tweak the ones that are not as intuitive. Remember, our goal with Wrkoo and our M365 UI management is to make it as simple and user friendly that any office manager can handle what are routinely clerical tasks like distribution group memberships.
Distribution Group Management is the feature we’re launching today: a friendly way to manage distribution groups.
Organizations of all sizes use distribution groups to setup internal and external mailing lists, so that one role address like sales@ or info@ can be automatically delivered to multiple people. Distribution groups and shared mailboxes play a vital role in how entire departments communicate with internal and external parties, and ExchangeDefender makes managing them a snap.
First, go to https://support.ownwebnow.com and click on Service Manager. Select the organization you wish to manage.
To quickly create a distribution group, click on the checkbox next to the users that you want to add to the distribution group. As you check users you will see a new toolbar for mass user management: Change Password, Create new group, and Add to existing group.
To manage existing groups, click on the Distribution Groups tab. From here you can manage group members or delete distribution groups. Click on Manage Members.
From here you can just select users to add and remove.
Finally, you can also find out which groups a user belongs to. Click Manage on the user you wish to review and then select Group Memberships.
We are working really hard on new features, if there are things you would like to see in our future updates please let us know by opening a ticket at https://support.ownwebnow.com.
We’ve been running Exchange migrations to/from Microsoft 365 and Gmail since 2015 and as of this month all our users are on our latest tech (Microsoft 365 / Office 365). With all the new modern tools and Microsoft cloud tech you’ll automatically get backend updates from here on out and hopefully the words “email migration” will never come up for you.
We realize that there are some clients that would prefer to move their mail elsewhere so before we retire all our legacy infrastructure, we are making one final offer. We can manage your migration, either by just providing the pst export of data or managing the entire process end to end.
The cost for the PST export is $39/mailbox if you’d like us to handle it for you (or you can do it for free yourself), and the cost for the full migration service is $59/mailbox.
PST Export ($39/mailbox) includes exporting your data to a standard PST file and making it available on a secure web site.
Full migration ($59/mailbox) includes the export as well as the following:
– Mail proxied through ExchangeDefender delivering to current mailbox as well as the mailbox at the new location, allowing you to stay in business even while we do the mail moves.
– DNS management including configuration of the new SPF, DKIM/DMARC, and MX records.
– Current mail (pst) upload to the new mailbox
– Disconnection/removal of the existing email infrastructure
– Warranty and support for the whole process.
We recommend going with the full migration including a year of ExchangeDefender service. This option allows us to make sure the configuration is accurate on both clouds, that data is moved correctly and securely, that MX/SPF/DKIM/DMARC are operational and do not cause issues down the road, as well as LiveArchive to assure that should anything go wrong you can still send/receive email.
P.S. If you have basic IT skills, or if you work with an IT/MSP/VAR/tech provider, you can do this on your own. Simply make the following changes to your hosts file and you will be able to connect Microsoft Outlook and export mail to a pst file on your own. Our legacy systems will be permanently retired on August 1st, 2020.
If you are interested in this offering, please download the application and submit it to us via ticket at https://support.ownwebnow.com
or call us at 877-546-0316 x720
We wanted to offer one final update before we close the ExchangeDefender NOC covering our Exchange migration.
The past few days have been largely consumed with cleanup and misc configuration requests already covered here. By far the biggest issue has been reseeding and legacy copies of mailboxes exceeding 25GB – using nearly all internal, Microsoft/powershell, and third party tools there seems to be no predictable, foolproof, failsafe way to migrate a mailbox. The larger mailbox gets, the more difficult it seems to port (one particular user has been waiting on their mail for 2 weeks – they have a 70 GB mailbox – and it’s taken dozens of attempts of repair/recheck/export/move/seed/verify) and it has been the greatest source of frustration for us and for our clients, largely because the progress indicators are unreliable and process very prone to failure the larger the mailbox gets. This is why when we started offering 2016 years ago we set up the 50GB quota with 15GB realtime and 35GB in place archive setup so we can deliver on both service restoration and disaster recovery.
We are continuing to assist our partners in the following areas:
– Outlook connectivity (if it keeps on prompting you for a password you need autodiscoverregistryhacks.zip)
– Distribution Group (External) and External Forwards UI (we discovered a bug, the control panel will be back over the weekend and in meantime we’ll create it for you manually with a ticket request)
– Cancelled services (as of yesterday 6/18 we have the ability to remove organizations from ExchangeDefender/O365, so if you client cancelled or went to another service even within O365, open a ticket and request that we delete the org. You can do so on your own as well if you’ve deleted all the mailboxes/forwards/groups.)
– IoT/SMTP (while Exchange/O365 does support SMTP connectivity, managing it through our IoT connector is far more secure and reliable)
– Implementation of Shared Mailboxes. Please, please, please, please DO NOT use Public Folders anymore, for any purpose. Create a Shared Mailbox instead.
At this point everyone can connect, mail delivery and legacy reseeding are in progress, all systems for Exchange, ExchangeDefender, and LiveArchive are working normally.
We’re looking forward to closing this ugly chapter. We have done everything in our power, and we couldn’t be more thankful for our partners who have helped us with the cleanup of the Microsoft disaster. Thank you. We are sorry that so many clients were inconvenienced with this, we planned and managed every step of this migration by the book with thousands of other successful migrations that happened from 2016 – Aug 2019, but when your vendor pulls the rug underneath you and damages hundreds of mailboxes unannounced… many of us will soon be enjoying the first day off in June. The only good news is, you will not have to go through this process again.
We wanted to offer a major update on the migration, specifically covering the major issues we have addressed for some clients during the cleanup phase.
Distribution groups, forwarding
We have received reports from several organizations regarding issues covering distribution groups, group members, forwarding account directions (forward vs. store & forward). If any objects failed to import due to configuration/contents/policy/etc it is in the retry queue and will be published shortly.
Add / Delete Mailbox
We have addressed a bug in the add/remove process that was prohibiting certain organizations to add/remove accounts. Originally, as noted on anythingdown.com NOC, we blocked this function entirely because users were looking at an empty list and creating mailboxes (that would cause a collision when the new mailbox was migrated from the source). This problem is fixed, if you encounter an issue please open a ticket with a screenshot and as much info as you can provide.
Add / Delete Organization/Domain
At this moment it is not possible to add/remove organizations, or those that were in the system recently. In order to finalize the migration, the routing policies are locked down (meaning if you deleted a domain, ExchangeDefender will still treat them as local). We look forward to wrapping this up shortly.
Password / Login issues
This is by far the biggest ticket group category, we are still processing double digit requests for credentials, credential resets, and credential tests. Similar to the next group:
We are still spending a lot of time going through the basic Outlook configuration steps. For an overwhelming majority, this transition has been transparent. Those that did not and had to take a manual configuration route, the process has been described at anythingdown.com 1) Make sure you have an autodiscover record 2) Make sure it propagates, then run the autodiscoverregistryhacks.zip 3) If you don’t control your DNS, make adjustments to your local systems hosts file 4) Setup Outlook with autodiscover, the UPN must be used as your login address if you’ve changed it from your primary SMTP address.
Missing & Syncing Emails
Every mailbox that has been reconnected has either had all it’s mail delivered directly, delivered in a Catchall account – email@example.com. Some users are confusing items they see in their Inbox in LiveArchive but not in their Outlook/OWA (but after extensive searching we keep on finding missing messages in folders, Deleted Items, etc). If something is missing and absolutely critical in LiveArchive just click on the message and click Forward to your email address and the message will be forwarded to your Outlook/OWA.
Store & Forward
Several users were also unfortunately caught up in a custom policy that did not get migrated to the new Exchange. These are more legacy configs we did for some users in AUDC, things like renaming the OU or primary domains. For some of those accounts, the store and forward rule because a forwarding only rule, skipping the Inbox and going straight to the person that it’s being copied to. We have fixed this issue and it should not be happening again.
We have gotten several complaints about autodiscover. Microsoft has removed manual configurations in 2013 and no modern version of Microsoft Exchange supports a manual server setup. However, this is something that could be easily rectified even with minimal technical skills by modifying the local hosts file if you don’t have the credentials to do it properly by modifying the DNS. Absolutely everything in the new infrastructure relies on the autodiscover record!
iPhone / Android Setup
For the most part, we are just confirming that all mobile devices should work fine with owa.xd.email as the server name, ditto for EWS integrated applications, we have not received more than an inquiry for the server name. For Android, things get sketchier when you consider all the different vendors, apps, and configurations. Again, so long as autodiscover is present and configured properly and your device is using a modern client, it should just work. When it doesn’t, recreating it takes a few minutes.
Non delivery receipts and errors are always of high interest to our NOC team as we continue to go through cleanup and audit all the tickets and users.
These are the issues we are currently working on, in 3 shifts, and sorting them all out as fast as possible. I know that for many of our clients this transition has been messy, but you are on such a better and more secure platform that won’t require you go through this process again. While modern platforms are more secure, their recovery from a disaster or issue (as some of you unfortunately went through) is extensive and at times unpredictably slow – so you have this much of a commitment for us, we will make sure LiveArchive is able to step in on a whole new level when things like this happen.
Important links to remember
ExchangeDefender Exchange Setup
Autodiscover Registry Hacks
ExchangeDefender Service Documentation (Knowledgebase)
This guide is intended for IT solution providers, CIO, and technical staff that is in charge of setting up and managing email. While Exchange is a very complex and robust environment, our control panel is designed to help personnel of all technical skill levels manage email. In Figure 1 above you can see our Service Manager, the user friendly way to manage every aspect of email in your Exchange organization.
This site is accessible at https://support.ownwebnow.com and your MSP/CIO has access to manage the Service Manager on demand. For the purposes of this guide, we only reference this site because it is where management begins: the rest of the guide is to help every user configure their Microsoft Outlook, or mobile Android / iOS devices.
Important Server Names
Microsoft Outlook, iOS and Android devices connect to the Microsoft Exchange infrastructure through several web services. If your IT provider has configured your Autodiscover DNS properly, you will never need to know about these sites, but it is important to know where the resources are in the event that you need to configure something more complex to work with Exchange. Figure 2.
Each Exchange organization managed by ExchangeDefender has their own branded set of OWA, EWS, and Autodiscover records. While we recommend you use the branded one for your organization, the default ones will work the same way and they all point to the same network resources.
Outlook Web App
Outlook Web App (formerly known as Outlook Web Access) is the web version of Outlook that works in your browser. While not as powerful or as flexible as Outlook, unless you are a power user, it will do the job. You can point your cell phone, tablet, laptop, or workstation to the URL above and it will give you access to the most popular Outlook features over the web.
Exchange Web Services (EWS) is the web service endpoint for advanced configurations. If you need to integrate a service or a device with Exchange Web Services, this is the URL to use. As of Exchange 2013, there is no support MAPI.
Exchange Autodiscover service makes it easy to deploy Outlook without providing manual configuration parameters – all you need is your email address and your password. Since 2013, Autodiscover has become the only way to configure Outlook/Exchange and manual configuration is no longer possible. If you do not have Autodiscover record in your DNS you need to create it and point it as a CNAME to autodiscover.xd.email (if this is not possible for some reason, see Appendix A)
ExchangeDefender Admin Control Panel
Managing ExchangeDefender security, including the included Exchange antispam, antiphishing, and business continuity services, is done through our admin control panel. Most organizations are managed through the domain login (domain.com) or user login (firstname.lastname@example.org). Please see https://www.exchangedefender.com/docs for more information on how to manage this powerful service.
ExchangeDefender Next Generation LiveArchive (NGE)
ExchangeDefender LiveArchive is a business continuity (email resilience) platform independent of Microsoft Exchange that is running in parallel with your email infrastructure. When Microsoft Exchange experiences a technical problem, you can still send and receive email from any device using the same email and password that you use for Outlook and OWA. Please see https://www.exchangedefender.com/docs for more information.
For the purposes of this guide, we are assuming that your IT personnel has already created all the required DNS records (MX, SPF, DKIM, and most importantly, Autodiscover) and that you know your login credentials (you can test them by going to https://owa.xd.email/owa/)
Step 1: Download and run Outlook Registry Tools
Open your web browser and go to the following site: https://www.exchangedefender.com/media/autodiscoverregistryhacks.zip
Step 2: Open the Outlook Registry Tools
Click on autodiscoverregistryhacks.zip to open the archive (Figure 3):
Find the version of Outlook you have (registryhacks2016 will work for both Outlook 2016 and 2019) and drag it to the desktop.
Click on Start, type cmd, and then right click on the Command Prompt.
Click on Run as administrator.
Change directory to your desktop: cd C:\Users\YourUsername\Desktop\
Note: Please substitute your username for YourUsername in the path. My example is C:\Users\Vlad\Desktop\
Run the batch file you extracted and moved to your desktop in the previous step. If you do it right, this is the output you will see (Figure 4):
IMPORTANT: Reboot your PC.
Step 4: Outlook Configuration
Start Microsoft Outlook and your configuration wizard will start. This process can take a few minutes for each step to be complete, if you’re waiting more than 10 minutes something is likely not done correctly.
Figure 5: Outlook Welcome
Your system will now contact the Autodiscover web service to obtain all the Microsoft Outlook configuration credentials. If it worked, you will be prompted to accept server settings:
Next you will have to provide your password.
Microsoft Outlook will now authenticate with our servers and configure everything for you. Next you should see the notification that Account successfully added.
Click on the link on the bottom under Done and confirm that checkbox is not checked next to Set up Outlook Mobile on my phone, too. Figure:
That is all! You are set and ready to go. Microsoft Outlook will now continue to set everything up and in a few moments.
That is all, enjoy Microsoft Outlook powered by ExchangeDefender managed Exchange.
Managing Calendar Permissions
Designed for Outlook 2013/2016
Select the Calendar button in the Navigation Bar.
Select the calendar that you would like to share, right-click on the Calendar and choose Share > Calendar Permissions.
On the Permissions tab, you may add or remove users to whom you have delegated access to your calendar.
To add a new delegate, select Add… and search for the desired user by Last Name. You can search the Global Address List or your personal contacts list by selecting the appropriate dropdown menu under Address Book. Under the Permissions heading, choose the level of detail you would like to provide to the user.
To remove a delegate, select the user and choose Remove.
Choose Apply > OK.
Configuring iOS Devices (iPhone, iPad)
Configuring iOS Devices is very simple. Just start your Mail app and you will be prompted to setup a new account. Select Microsoft Exchange, second option from the top.
Next, you will be prompted for your account credentials. Your login credentials are the same as for Outlook Web Access.
Tap on Next.
Your device will now attempt to locate the Autodiscover server and obtain all the settings.
You will be prompted to verify server identity, tap on Continue.
Next, you will be prompted to provide the server and login credentials, same as in the previous screen.
Server for iOS is owa.xd.email
Tap on Next.
After a few minutes the device will autoconfigure and allow you to select which iOS applications should sync data with the Exchange server.
Android setup is very similar to iOS but most vendors use their own email app. If you choose to use the stock Android Gmail app, or other Android phone vendor email app, you will need to know your:
Server address: owa.xd.email
Username & password which are the same as the ones you use to login to https://owa.xd.email/owa/
Configuring MacOS X with ExchangeDefender Exchange
The following instructions are for MacOS Catalina, and the instructions work very similarly for all other versions of MacOS X. So long as you have your Autodiscover record configured properly, your setup process will just require your email address, password, and a few clicks along the way.
1.First, start the MacOS Mail app. If you aren’t prompted to add an account click on Mail > Add Account
2. Select Exchange from the “Choose a Mail account provider…” screen. Click Continue.
3. You will now be prompted for your name and email address. Type them in and click Continue.
4. This is where Autodiscover kicks in. Manual setup is not supported. Click on Sign In.
5. Type in your ExchangeDefender password and click on Sign In.
6. You will be prompted to accept an SSL certificate. Click on Continue.
7. You will now be prompted to add the certificate. Please type in your MacOS X password here. Click on Update Settings.
8. You will now be prompted which apps you want to have access and sync with your Exchange data. Make an appropriate selections and click Done.
Congratulations, you’re all set. Exchange will now sync with your MacOS. If you need to make changes, you can always click on Mail > Accounts and go from there.
If the process fails for any reason, make sure you have an Autodiscover record set and pointed to the right direction. Make sure you are using the right credentials, you can test them at https://owa.xd.email/owa/ and if they work there, they should work on your Mac.
Appendix A: Hacking Autodiscover
As of Microsoft Exchange 2013 and Outlook 2013, you have to use Autodiscover records to configure Outlook. Your domain administrator must create an Autodiscover record in your domain.
Host Type: CNAME
Host value: Autodiscover.xd.email
After the host is created, it can take up to 72 hours for the DNS change to propagate (most should propagate in minutes).
If you cannot modify your DNS, you can hack it by using the Windows Hosts File. This is not recommended nor supported by ExchangeDefender and will likely be blocked by your antivirus, but if you’re technically sophisticated and can troubleshoot DNS you can point the Autodiscover.yourdomain.com hostname to the IP address of Autodiscover.xd.email. This is a temporary measure only, if you cannot immediately create a DNS record in your domain, and is not supported by our team.