Hosted Exchange Distribution Group Management
In February we released our new Exchange web management user interface. Now that everyone is on the new platform, we’re quickly moving to add new features and tweak the ones that are not as intuitive. Remember, our goal with Wrkoo and our M365 UI management is to make it as simple and user friendly that any office manager can handle what are routinely clerical tasks like distribution group memberships.
Distribution Group Management is the feature we’re launching today: a friendly way to manage distribution groups.
Organizations of all sizes use distribution groups to setup internal and external mailing lists, so that one role address like sales@ or info@ can be automatically delivered to multiple people. Distribution groups and shared mailboxes play a vital role in how entire departments communicate with internal and external parties, and ExchangeDefender makes managing them a snap.
First, go to https://support.ownwebnow.com and click on Service Manager. Select the organization you wish to manage.
To quickly create a distribution group, click on the checkbox next to the users that you want to add to the distribution group. As you check users you will see a new toolbar for mass user management: Change Password, Create new group, and Add to existing group.
To manage existing groups, click on the Distribution Groups tab. From here you can manage group members or delete distribution groups. Click on Manage Members.
From here you can just select users to add and remove.
Finally, you can also find out which groups a user belongs to. Click Manage on the user you wish to review and then select Group Memberships.
We are working really hard on new features, if there are things you would like to see in our future updates please let us know by opening a ticket at https://support.ownwebnow.com.
Final Update: Exchange Migration
We wanted to offer one final update before we close the ExchangeDefender NOC covering our Exchange migration.
The past few days have been largely consumed with cleanup and misc configuration requests already covered here. By far the biggest issue has been reseeding and legacy copies of mailboxes exceeding 25GB – using nearly all internal, Microsoft/powershell, and third party tools there seems to be no predictable, foolproof, failsafe way to migrate a mailbox. The larger mailbox gets, the more difficult it seems to port (one particular user has been waiting on their mail for 2 weeks – they have a 70 GB mailbox – and it’s taken dozens of attempts of repair/recheck/export/move/seed/verify) and it has been the greatest source of frustration for us and for our clients, largely because the progress indicators are unreliable and process very prone to failure the larger the mailbox gets. This is why when we started offering 2016 years ago we set up the 50GB quota with 15GB realtime and 35GB in place archive setup so we can deliver on both service restoration and disaster recovery.
We are continuing to assist our partners in the following areas:
– Outlook connectivity (if it keeps on prompting you for a password you need autodiscoverregistryhacks.zip)
– Distribution Group (External) and External Forwards UI (we discovered a bug, the control panel will be back over the weekend and in meantime we’ll create it for you manually with a ticket request)
– Cancelled services (as of yesterday 6/18 we have the ability to remove organizations from ExchangeDefender/O365, so if you client cancelled or went to another service even within O365, open a ticket and request that we delete the org. You can do so on your own as well if you’ve deleted all the mailboxes/forwards/groups.)
– IoT/SMTP (while Exchange/O365 does support SMTP connectivity, managing it through our IoT connector is far more secure and reliable)
– Implementation of Shared Mailboxes. Please, please, please, please DO NOT use Public Folders anymore, for any purpose. Create a Shared Mailbox instead.
At this point everyone can connect, mail delivery and legacy reseeding are in progress, all systems for Exchange, ExchangeDefender, and LiveArchive are working normally.
We’re looking forward to closing this ugly chapter. We have done everything in our power, and we couldn’t be more thankful for our partners who have helped us with the cleanup of the Microsoft disaster. Thank you. We are sorry that so many clients were inconvenienced with this, we planned and managed every step of this migration by the book with thousands of other successful migrations that happened from 2016 – Aug 2019, but when your vendor pulls the rug underneath you and damages hundreds of mailboxes unannounced… many of us will soon be enjoying the first day off in June. The only good news is, you will not have to go through this process again.
Exchange Upgrades Complete
So far 2020 has been surprising on every level, and our legacy Exchange infrastructure was not going to be missing in action: As of May 31st, at 10 PM EST we have decommissioned our legacy Exchange and have moved everyone to the new Office365 SKU (Exchange2016/2019) to provide the best email experience Microsoft has to offer.
We do not anticipate any major issues. Months of engineering/testing/backups went into making this move as smooth as possible, and we really hope you like it.
If there is an issue, we can help:
We have increased staffing levels around the clock from May 31 – June 6th to help our clients and partners with any issues that may come up. If you run into any issues whatsoever, please keep in mind that there are two ways to get your mail even if Outlook is having issues:
Outlook Web App / Outlook Web Access
Both of these systems will allow you to continue sending/receiving email while we we help figure out what isn’t working right. Here are the best ways to get in touch with us:
ExchangeDefender Support Portal
If you do not have an account in our support portal, please submit your issue here:
If neither works, call us*:
USA (877) 546-0316
World: +1 (407) 465-6800
Support portal is the best way to get things done, but if you call or go through the 3rd party help site, we will get your issue into our portal and will work on the issue until everything is sorted out. We thank you in advance for your patience and we look forward to having you on the newer, more reliable, email experience.
Sincerely, Vlad Mazek
New Service Manager for Exchange 2016 – Explained!
The full migration to Exchange 2016 has proved to be extremely challenging, but with much success we are managing to move ALL of our clients hosted with us to the new platform.
New changes have occurred to our Service Manager to best compliment the new migration. Below, you’ll find explanations and screenshots of what you’ll be seeing from now on.
You can access your service manager inside our support portal via support.ownwebnow.com
- Clients must select the organization they would like to manage
- Once they select the organization, the list with all the domains mailboxes and distribution groups under that organization will be updated below
- It is possible to search for specific accounts or filter by domain
If you click the + Create button, a list with options will be displayed:
- New organization
- New mailbox
- New domain
If you click on create organization, a pop-up window will be displayed where you would have to type the name of the organization and add as many domains as they need at once.
If you click on new mailbox, a pop-up window will be displayed where you would have to select the domain and then type all the information for each one of the mailboxes.
Updates are as followed:
- The list of accounts is now grouping the records by domain, and sorting them by the display name in ascending order, that way it makes it easier to find accounts when you have a lot.
- From there you can change the password of multiple accounts at a time, create a distribution group based on your selection or add the accounts selected to existing distribution groups
- You can also delete accounts
If you click on Manage, another view will be displayed with the information of the account selected. From there they can:
- Update the information of their account
- Reset their password
- Create a forward rule
- Add aliases
- Configure their protocols
- Add permission rules
From there, if they want to create new aliases they just have to click on the button +Add alias
To add an alias they will have to pick a domain, and type the local part of the email (local part of the email is everything before the
@) and the alias automatically will be displayed in the table .
To update their protocols they just have to click on the switches to turn them on/off and click on save.
The permissions work pretty much the same way as aliases, with the exception that you have more options.
To add permissions, you must select the type of the permissions you would like to grant and the account (only accounts under your organization will be displayed that do not have a permission rule created for the same mailbox, that way there are no repeated permission rules for the same pair of mailboxes)
IMPORTANT CHANGES THAT COULD AFFECT THE USER’S EXPERIENCE:
- In Hosted Legacy, you could create Distribution Groups with no members and add the members later. In Exchange 2016, there cannot be empty Distribution Groups, so the only way to create groups now is checking the boxes of multiple accounts (mailboxes), and clicking on the button “Create new group”.
- In Hosted Legacy, there were no such thing as an “Organization”, in Exchange 2016 organizations were implemented to give our MSPs a way to group different entities like Domains, Mailboxes, Distribution Groups, etc under the same “Client’s structure” (organization), that way it will be for them to manage their clients since they have everything for each one of them in the same place.
- In Exchange 2016 you can create three types of mailboxes: Regular, Shared or Room (an explanation of each will be provided later).
Managing ExchangeDefender Automatic Account Enrollment
ExchangeDefender recently launched the Automatic Account Provisioning system that replaces our old ExchangeDefender XDSync. The new system automatically finds email addresses that are sending out messages and sends a welcome message to provision the account – the CIO/MSP get a report with a summary of changes and essentially automates the entire process.
For compliance purposes we’re making it super easy to keep track of this process and we’re even providing some tools to help manage accidental activation – for licensing purposes if the email address sends emails out it’s considered a billable user (only inbound aliases/distribution groups/contacts are free)
As a CIO/Service Provider
If the email address was provisioned through the automation process, you will see an icon A next to the email address in your portal. To manage the accounts you’ll have to hop down to the Domain Administrator.
As a Domain Administrator
Domain Admin control panel at https://admin.exchangedefender.com gives you more granular controls over Automatic Account Provisioning. Under the Accounts section you will find the same A icon next to the accounts that were provisioned automatically.
If these accounts were provisioned by mistake and these are not valid users, you can Block them. Blocking an account does two things: it removes the user from the block list so it doesn’t continue to get provisioned after it is deleted and it blocks messages from that user / device / service from relaying mail.
To find users that were blocked from automatic activation (in case that address becomes a regular mailbox/sender in the future) you can click on the Blocked Addresses tab:
Reporting and activity regarding accounts is still in the same place for both admin levels under the Accounts menu. Accounts that were provisioned through automation will show that they were created by ExchangeDefender Automation, and Blocked Addresses will show the name of the admin that blocked them.
What about deletions? What about turning this system off entirely?
We’re working on it – stay tuned! We’re obviously curious why anyone would want this turned off so if you have a legitimate reason (other than it makes it difficult to cheat on licensing) please let us know. If you have a legitimate use for a service/device to relay mail out, you can always configure it with a free IoT account in ExchangeDefender.
We are also currently working on automatic deletions (based on usage patterns) that will be configurable on a per-domain policy. For example, you’ll have the ability to deactivate accounts that have not sent out any email in 3 months.
ExchangeDefender Phishing Firewall User Benefits
ExchangeDefender Phishing Firewall has had an outstanding first * X days * protecting our clients from phishing. While the roll-out of such a massive service is always going to be a challenge, we cannot be more thankful for our users and the relationship that has lead to tons of feedback, bug fixes, new features, and a meteoric rise in additional security that everyone enjoys.
Just as a reminder, ExchangeDefender Phishing Firewall is an always-on phishing protection for email and web. As someone emails you phishing content, in hopes that you’d click on it and give away credentials and download malware, ExchangeDefender both helps keep that email sanitized and quarantined so that it never gets to your Inbox to be clicked on. But that’s not a fool-proof process, nor is it realtime – a site that was safe when the email was sent could have just been hacked and dangerous content uploaded – but we’ve got you protected there too: when you click on any suspicious site in ExchangeDefender scanned messages you will be directed to our firewall site, instead of directly to the suspicious content. Once you’re there, you are further protected by your corporate policies, and you’re given additional information that helps you determine if the site is dangerous or not. Once you’re sure you can either whitelist or blacklist the site and you’ll never be interrupted again.
How cool is that? Well, it’s so cool that during just the first two (2) days of use, ExchangeDefender Phishing Firewall caught 770,000 clicks on suspicious sites that aren’t one of the top 5,000 Internet domains – and 164,000 requests proceeded to known dangerous stuff.
When you’re dealing with email and dangerous links, you need every bit of security and intelligence in your corner and ExchangeDefender Phishing Firewall delivers that:
It’s always on, always scanning your messages
There is nothing to configure, setup, install, or buy
It works on Outlook, Gmail, and any other email service
It protects you on your desktop, laptop, tablet, and anywhere else you click on links
It gives you a database of known dangerous/suspicious sites
It protects you by isolating patterns/data from ExchangeDefender’s reputation table
It secures you by leveraging data-sharing relationships we have with the worlds largest security vendors
It logs your activity so you can backtrack and identify dangerous activity
It gives your business ability to setup custom policies and block/allow access as needed
It gives you control over which sites to whitelist and blacklist so you’re not interrupted
It learns what you click on and how so you don’t have to manage a whitelist
Most importantly, it gives you access to our Chief Security Officer infrastructure where you can Report an Issue and have our team help evaluate a potentially dangerous link.
Not only are we doing everything to keep you safe and secure online, we’re literally available in person to assist when necessary. We know that every feature/block isn’t going to be loved by everyone, we know that every change can grind some folks the wrong way, we know that it’s not going to be perfect – but we’re in your corner, we’re here for you, and keep on sending us feedback so we can build this into a security service everyone loves as much as ExchangeDefender.
Thank you for your business and have a SAFE day on the Internets :slightly_smiling_face:
ExchangeDefender discontinues free migrations for Office365 and Google GSuite
ExchangeDefender has assisted partners and clients with migrations from third party platforms onto our award winning platform. On July 31st 2019, we will schedule our last third party migration onto the ExchangeDefender network and will only support them under special projects going forward.
We’re sure this will disappoint some of our clients and partners that have hoped to bring their clients to our network, unfortunately this work is simply too expensive to deliver free of charge. Over the years we have given our prospects incentives – free licensing, free third party migration tools, free hosting, etc and we were able to do so on the back of deep expertise across other platforms.
But just as we continue to decommission our own older versions of Exchange clusters and third party email systems, the rest of the world is doing likewise. We feel like everyone that was truly interested in a smooth transition has made or scheduled that move already. Clients that have waited on 5+ year old infrastructure probably did so because of customized workflows, third party integrations, older versions of integrated software that doesn’t support Exchange 2016/19, etc. Keeping the immense staging, data transfer, and consulting resources on hand for legacy platforms is expensive and is needed as we roll out new features for ExchangeDefender. SplitMX, Multiroute and duplicate delivery will no longer be supported by ExchangeDefender, on our network or on Office365/Google/3rdparty.
We’ve been mentioning the sun-setting of this service since early 2018, and if we’ve missed anyone there are still 2-3 weeks during which we can swing almost anything over. Past that, we will offer migrations to ExchangeDefender as a part of our enterprise services contract.
Thank you for your business and we’ll continue working hard to keep you in love with ExchangeDefender. If you want to join the fun, let us know by August 1st, 2019.
Introducing ExchangeDefender SS Self Service Portal
Today we’re happy to announce the launch of ExchangeDefender Self Service portal. You can find the application at https://www.ExchangeDefender.com/ss
We’d like to thank our partners and support clients for helping us identify issues and tasks that come up with our platform frequently. These simple tasks often require opening up a ticket, placing a phone call, verifying identity, etc and we’ve decided to give our users the power to manage these issues on their own.
What can you do with ExchangeDefender SS?
Unlock a Hosted Exchange account
Request a PTR bypass because of broken DNS
Get a PIN for phone support
Reset an ExchangeDefender Encryption account
Some of these tasks require multiple steps, but we feel it is easier to address them as a user than to float it up the typical IT support channel. For example, let’s assume you cannot get into your account because it got locked out due to a DDoS or hack attempt. Well, the user already types in their email address and password all day long, it’s easier for them to unlock the account by going to the site than to open up a ticket, place a call, provide all the information, wait, wait, test, etc – and we’ve heard our users loud and clear: You want more control. ExchangeDefender SS gives you that control – and makes it easier to get things done without having to talk to anyone.
Of course, these issues can also be done through the same old fashioned phone and ticket support (and we’d be happy to help you at https://support.ownwebnow.com) – but honestly, this way is quicker and if our Feedback inbox is any indication – the users demand it. We look forward to adding more functionality and making common problems easier to solve, quickly and efficiently through Self Service Portals – so keep on sending us feedback (available at the bottom of every page) and your suggestions.
New look for ExchangeDefender SPAM Release & Re-directions
It’s been about a decade since our last face-lift to the end-user facing part of ExchangeDefender – suffice to say, lot’s of cool new things are possible with the web technology that wasn’t possible in the past. So, allow me to introduce you to the ExchangeDefender Security Center!
As of Thursday, June 27th, when you attempt to release a SPAM message,
you will see our new security center:
Of course, yours will look a little different. If you have ExchangeDefender from a service provider, it may have their color scheme. You can still upload your own logo (at https://admin.exchangedefender.com).
The idea here is to help connect our self-service portals https://www.exchangedefender.com/ss, our chat, our alerts, and documentation into one spot so when an issue comes up we can help the end user right then and there.
Remember that all of this stuff is data driven, so if you’re one of our partners we encourage you to put up your own announcements, deploy the XD NOC for your organization so your branding is preserved, work with our account managers, etc.
Going forward, this will be the default view for unauthenticated connections – so WFS, Encryption Download, SPAM release, and the Phishing Firewall Redirect.
P.S. How do IP restrictions play into this? They don’t. If you have ExchangeDefender enabled only for Trusted Devices and admin portal locked down to the enterprise IP range, the site will still allow the user to release SPAM from the quarantine no matter where they are (think mobile device access). For other functionality, once they click on Login the same 2FA/OTP/Known Device/IP Restrictions are in play.
ExchangeDefender PTR & RBL Whitelisting
ExchangeDefender is opening a wider beta test of our whitelisting functionality, which allows IT Solution Providers to whitelist sender mail servers that have broken DNS (missing PTR, mismatched A/PTR records) and poor sender reputation (hosts listed on multiple RBL blacklists).
If you have a sender you would like to whitelist against these essential network tests, please open a ticket at support.ownwebnow.com with subject “Whitelist PTR/RBL: IP Address” and provide as much information in the ticket so we can accommodate this specific request. Only hard non-negotiable rejections to whitelist will be for unknown address space and dialup/consumer cable IP addresses (because due to their nature those are typically dynamically assigned address spaces that shouldn’t be relaying mail at all, they should be using their ISP mail server provided smarthost)
Requests will be reviewed and either approved (and enrolled) or rejected within 24 hours by our CSO.
Background: Inability to previously whitelist broken DNS and dynamic IP address space is rooted in our mission statement. We are here, beyond everything else, to help secure the email. We know our partners, IT Solution Providers, VARs, MSPs, etc do not have the skill set, the time to properly research underlying issues, enough data and statistical models to evaluate sender IP reputation, or even the incentive to discern how big of a security threat and compromise a specific IP address with broken DNS or poor reputation may pose to your client.
In fact, you pay us to worry about those things and keep your clients secure. But, sometimes clients like to think they know better than their technology experts, generally accepted security standards on the Internet, and ExchangeDefender. And the client is always right. But, when they get infected attachments, broadcast storm, password dumps, or other security compromises because they insisted on lowering their security – then ExchangeDefender is on the hook for securing them. And we don’t get to say “told you so” nor do we have any rapid means to fix the issue.
Since my retirement, all of those hard-line policies designed to keep clients safe beyond whatever “specific business case requirement” they may have, are slowly going away. Good news for the client, good news for the partners. Good news for us, because going forward we will start providing Email Security Engineering services – so when you get a security compromise or an usual issue and you’ve asked us to compromise your security – we will be able to address the issue on your behalf.
I choose to look at this as a positive – we will help our clients meet their business needs and get the mail they desperately need – and if something breaks we will be there to help assist with the cleanup (for a fee, of course). This, among many other service related things, is just the part of the ExchangeDefender being more responsive and service oriented when it comes to our clients demands as opposed to our expert opinion as a security policy.