logo XD
  • ExchangeDefender  

    ExchangeDefender: Keep your email, and company data safe and secure.

    • security
      ExchangeDefender PRO Multi-layered email security suite protects against SPAM, viruses, phishing attacks and more.
    • lock
      Corporate Encryption Send and receive encrypted messages by email, url, or sms.
    • managedserver
      Compliance Archive Assures full archiving of all inbound, outbound, and internal email for regulatory compliance.
    • cloudup
      Web File Server Unlimited document sharing and secure file storage.
    • cloudconnect
      Business Continuity Enables organizations access to email during unexpected service outages.
    • vault
      Password Vault Securely store, manage and share passwords with a centralized management system.
    GET STARTED NOW
    Enable secure communication of sensitive information.
    Schedule a demo Get a quote See it live

    Looking for ExchangeDefender for home/hobby/small team?

  • Solutions  

    Solutions: Solve IT problems with our email & cloud expertise.

    • managedserver
      Exchange Hosting Microsoft Exchange mailbox for secure business communication.
    • plane
      SMS Proxy Virtual number that forwards text messages to email, web, Slack & Teams.
    • cloudsecurity
      Exchange Essentials Our Microsoft Exchange mailbox service for home and small offices.
    • servers
      Web Hosting Custom web site and web application hosting services.
    • cloudmanaged
      Cloud Service Management Management & support of Amazon AWS & Microsoft Azure cloud services.
    • headphones
      Wrkoo Service and support portal solution that helps manage business & clients.
    5 reasons why MSPs use our support software Wrkoo In our fast-pace world full of technology, customers want you to deliver impeccable customer service online…

    Can't find what you're looking for? Contact our customer service at (877) 546-0316

  • Partners  

    Partners: Make better profits, join our industry-leading partner program today!

    • document
      Marketing Marketing collateral and sales documentation to help you close deals.
    • support
      Support Need help? We offer an industry leading SLA with 24/7 support here.
    • Managed Services for Legal Services
    • Support Portal
    • Managed Healthcare
    • Webinar Library
    • ExchangeDefender Threat Protection
    • Contact us
    • More
    • More
    Become a partner Add our email and cloud expertise to your portfolio and profit from it.

    See why MSPs love working with us

  • Company  

    Company: Learn more about our company, get the latest news, or contact us.

    • thumbup
      About Us Learn more about ExchangeDefender and our 20+ year journey in email.
    • phone
      Contact Us All the ways you can get in touch with us.
    • blog
      Blog The latest news, releases, and service updates from our team.
    • privacy
      Regulatory Compliance ExchangeDefender compliance audits and security collateral.
    • alert
      NOC Network Operations Center advisories and current network events.
    • headphones
      3rd Party Support Technical support for our platform if you're not a client.
    5 reasons why MSPs use our support software Wrkoo In our fast-pace world full of technology, customers want you to deliver impeccable customer service online…

    Can't find what you're looking for? Contact our customer service at (877) 546-0316

  • Docs
  • Login  
    • emailopen
      ExchangeDefender Admin
    • servers
      Compliance Archive
    • question
      ExchangeDefender Support
    • lock
      Encryption
    • cloudfiber
      Web File Sharing
    • repair
      Live Archive
    Premium Support
    US: +1(877)546-0316 INT: +1(407)465-6800 UK: 0800 8620149 AU: +61 0390010641
logo Antler
ExchangeDefender
ExchangeDefender PRO Corporate Encryption Compliance Archive Web File Server Business Continuity Password Vault
Solutions
Exchange Hosting SMS Proxy Exchange Essentials Web Hosting Cloud Service Management Wrkoo
Partners
Marketing Support Managed Services for Legal Services Managed Healthcare Webinar Library ExchangeDefender Threat Protection
Company
About Us Contact Us Blog Regulatory Compliance NOC 3rd Party Support
Docs
Support
ExchangeDefender Admin Compliance Archive ExchangeDefender Support Encryption Web File Sharing Live Archive
February 20, 2024
ExchangeDefender General Product Features Security login MFA security

Enhanced MFA Enforcement Policy: Strengthening ExchangeDefender Security Measures

For years, ExchangeDefender users have enjoyed enhanced login security via multi-factor authentication security (aka MFA, 2FA, OTP). In our March feature update, we hope to improve your security and enhance MFA enrollment to keep you and your data safe. Allow us to introduce to you the new MFA Enforcement Policy!


Note from the boss: Before we get to any discussion of policies, our official recommendation is to enforce MFA on every service we provide and to rotate passwords at least once a quarter. I know, nobody likes the second validation prompt but this is a standard in the industry and I can’t think of a bank or a vendor that doesn’t require it. Maybe I’m jaded because we’re a cybersecurity company.. and with all the layers of MFA/VPN/auth we have in place I spend an insane amount of time trying to find my key or wait for the new pin to display in my authentication app. Because when I interact with a vendor that holds my information and they have no login security.. all I can wonder is what else they’re not doing to keep my data safe? Is this a real business or some WordPress plugin?

At the same time, I understand we have a ton of customers in SMB space where sometimes (obnoxious) tech can be slow and difficult to implement. But you pay us to keep you safe – and to keep your backups safe, and to keep your business continuity safe, and to do that we absolutely must require MFA. But we also can’t expect staff who have clicked on a Release/Trust link for over a decade to be cool with suddenly being forced into MFA enforcement workflow on Monday. So we designed a compromise. I hope it fits your organization and I hope you adopt it as fast as possible.

Sincerely,
–Vlad Mazek, CEO Own Web Now Corp.

In March 2024 you will have the ability to enforce or require MFA enrollment at the domain level. What this means is that you’ll be able to require MFA enrollment with an authenticator app for everyone with just one click at https://admin.exchangedefender.com:

With this policy, you can secure your users’ login with multi-factor authentication without making them enroll a device.

How does it work?

When your users go to admin.exchangedefender.com and attempt to access Inbox, WFS, or LiveArchive we will check their MFA enrollment and if none is found we’ll just tell them we have to verify their identity:

When they check their mailbox they’ll see an email from ExchangeDefender and just provide the code back.

This way your ExchangeDefender login is technically secured at ExchangeDefender with MFA even if you haven’t enrolled a device in MFA yet. There is no way to get into the secure areas of your account without enrolling into MFA. But what if someone guessed the password, they can just enroll a device and hijack the account, right? No.

When you set MFA Enforcement to Required/Forced, all your users are automatically set into an MFA mode that relies on their email address for secondary verification. When they visit admin.exchangedefender.com for the first time and provide their username and password the system will check their MFA enrollment and if email MFA is detected the system will send them an email with a verification code to proceed. This way we’re using the email MFA as a way to verify their identity and then we enroll their authenticator app as usual by scanning the QR code.

ExchangeDefender Quarantine Reports behavior will not change at all as a result of the change in the MFA Enforcement policy. ExchangeDefender Quarantine Reports do not rely on the login system at all as the user is never prompted to authenticate to trigger the release of the message. Instead, quarantine operations are tokenized and one “release” request does not automatically grant any other release or trust requests with the same token. It also doesn’t automatically log them into ExchangeDefender so there is no getting by the MFA!

 Secure your logins now

It’s 2024 and the world has changed when it comes to authentication and identity when dealing with services online. Experiencing a cybersecurity threat or compromise is an incredibly expensive and frustrating experience that can easily be avoided by requiring an ID check before granting access to sensitive information. ExchangeDefender MFA Enforcement Policy is your way to protecting your organization from unauthorized and unverified access.

Like
Improved SPAM Release Security: Quick Release
February 16, 2024
Enhanced Security: ExchangeDefender Now Supports Custom Authenticator Apps for MFA!
February 23, 2024

Related Posts

23
Sep
ExchangeDefender General Security
ExchangeDefender Rolls Out Advanced ‘Reject Policies’ for Safer Inboxes
Read More
19
Aug
General
How to Protect Sensitive Data in Your Emails
Read More
General
Why Email Security Isn’t Optional Anymore (Even for Small Businesses)
Read More

Recent Posts

  • Reject vs Quarantine vs Allow: What Email Filtering Policies Really Do
  • Top 7 IT Solutions Every Small Business Needs in 2025
  • ExchangeDefender Rolls Out Advanced ‘Reject Policies’ for Safer Inboxes
  • Hackers Use Fake WeTransfer Emails to Steal Your Information
  • What Happens After a Cyber-Attack? The Real Cost for Small Businesses

Categories

  • Archiving (21)
  • Business Continuity (13)
  • Compliance (8)
  • ExchangeDefender (348)
  • General (587)
  • Hosted Services (86)
  • Industry News (28)
  • Marketing (18)
  • Phishing (4)
  • PRO TIPS (43)
  • Product Features (54)
  • Security (64)
  • Shockey Monkey (22)
  • Spamfilter (5)
  • Support (45)
  • Webinars (44)
Products
  • Hosted Exchange
  • ExchangeDefender PRO
  • Compliance Archive
  • Live Archive
  • Corporate Encryption
  • Cloud Application Security
  • Web File Server
  • Password Vault
Solutions
  • Office 365
  • Email for Enterprise
  • Email-Borne Threats
  • Information Protection
  • Password Management
  • Email Disaster Recovery
  • Secure Document Sharing
  • HIPAA & E.U. GDPR
Corporate
  • About Us
  • Compliance Documents
  • Contact Us
  • Become a Partner
  • Managed Service Program
  • Log in to Support Portal
logo
  • info@exchangedefender.com
  • Toll-free USA: +1 877 546-0316
  • International: +1 407 465-6800
  • United Kingdom: 0800 8620149
  • Australia: +61 0390010641
  • Fax: +1 (954) 839-8737
  • © 2021 Own Web Now Corp - All rights reserved
  • ❮/❯ with in Orlando US Flag
  • SLA
  • TOS
  • PRIVACY
  • AUP