ExchangeDefender has always been a great friend to the SMB community where folks hate passwords and password complexity right until the moment their password gets compromised. Once that happens, it’s up to the MSP or poor IT guy to sit around and reset all the passwords in the organization.
As mentioned previously, a number of ExchangeDefender Enterprise features is being delivered to ExchangeDefender Pro so now you’ll have the ability to reset every single users password quickly.
Under the domain login you will now see a “Security Reset” link that will allow you to either randomly assign a strong password (smart) and send your users a reset link or pick the same password for all users (outright idiotic but “business requirements”).
If you are an MSP assisting a client during an outage and this is the first time you’re making your users aware of ExchangeDefender LiveArchive for business continuity, you can also print out the passwords and/or email them to your users in plain text. This is a horrible, terrible, idiotic, really bad idea that virtually guarantees you’re going to get hacked but we are here to serve and Howard is a really good friend so here it is:
Just a word of warning: If you select to send your users a new password in clear text, and show the roster with the plain text password on the next page, for whatever ungodly reason, please add a note to come back later and lock your users down. Most MSPs keep the same password for ExchangeDefender and Exchange, and these services also affect ExchangeDefender Encryption, LiveArchive, WebFileShare, Compliance Archive, eDiscovery, FailPOP, mobile, etc and leave you open for collateral damage. Unless you’re using 2FA/OTP, restricting IP address ranges, rotating passwords frequently, I can guarantee that your passwords will be compromised. Please, please, please don’t do this, we are only making it available as the feature of last resort.
As we add these advanced security controls into ExchangeDefender Pro (and some even for Essentials) we will be tightening the security of the platform around. To hear more about our plan for 2019, please sign up for the webinar on February 6th at noon EST. Click the banner below to reserve your seat.
ExchangeDefender launches New Security Logs
I have some great news – ExchangeDefender security logs are now available for all users of ExchangeDefender. This move is a part of our larger security ambition for 2019 to introduce Enterprise features of ExchangeDefender across our lower MSP, SMB and retail tiers in order to improve service security.
One of the biggest things in 2019 is the end of the era for plain text passwords. People love them, MSPs rely on them, they are super convenient for everyone including… the hackers that are looking to break in. But more on that in a minute.
The single simplest way to stay on top of account security… is identifying break-in attempts. ExchangeDefender Enterprise logs every event, login, escalation (and so, when you as the enterprise administrator or organization owner choose to automatically login as the user for support purposes) attempt.
We’re happy to bring this feature in across both the service provider, domain and user login. Free of charge.
As the admin or service provider you also have the ability to search the account log for specific user or address that is causing problems. In the Enterprise version you have the ability to further lock things down based on IP, location, charset, and more. But if/when there is an issue, you can clearly see if the account has been compromised. At all other times, you can see login failures that are a good indication that there is a problem.
This feature, and a whole lot more, is coming down to the ExchangeDefender SMB land. While all these features were a premium in the past, the extent to which everything from your PC and the network devices that surround you are susceptible to compromise – we have to treat these features as what they are – essential to your security. As a matter of fact, we’ll be discussing this next Wednesday in our webinar:
Noon, Wednesday, February 6th
Hope to see you there.