ExchangeDefender security solutions experienced a burst in demand that has not let up, and neither has our development output. I’ve been involved in the strategy and our roadmap more than I’ve been in several years and I wanted to give you an informal update on some of our awesome projects and Q4 progress before we turn our attention to 2021. Hopefully we can help you.
Encryption has been an undisputed heavyweight champion of sales in 2020 and we’ve heavily invested into the service that is now being used by our clients to secure everything from email stock trade notifications to doctor office sms/txt delivery of lab results. The ability to sell this product a-la-carte without ExchangeDefender (or MX/DNS changes) has significantly expanded our market and reach, while the ability to encrypt and distribute messages via web and sms/txt to mobile devices has opened up the application and use case scenarios exponentially. The demand for the product has not slowed down, and we’re already working on the 3rd update to this service in a year.
The bad news is that due to the demand we’ll stop partner training on December 1st, and Encryption sales will officially stop for 2020 on December 11th (expected to resume in late January 2021). We have a very large enterprise and government presence where most of the contracts, deployment, and projects happen in late December (and with Covid / office / travel restrictions our schedule is already packed).
We are making significant upgrades to our core ExchangeDefender features, and most of them are focused around productivity and management efficiency. For example, we’re starting our ExchangeDefender Outlook/OWA Addin beta later this month. We’re simplifying the way for you to implement and manage DKIM, SPF, and DMARC. We’re launching some other exciting features as an addon pack, which should help many organizations that need better controls to police notifications, confirmations, spear phishing attempts, and full transport rules. Where we’re in highest demand at ExchangeDefender is professional email services, where we’re brought in to assist with a specific email problem. Over the past year we’ve been hired to run mail audits, security audits, insurance company hired us to double-check in house IT, we’ve built several SMS/txt/email gateways, and almost on the hourly basis: security protocol implementations. It’s getting to the point that business email delivery and issue troubleshooting is a full time job. The future of cybersecurity looks bright!
Because business is ultimately about making money, we’ve been pressed to return the Exchange Essentials service. Listen, I understand it, budgets are going to be tougher in 2021 and everyone is going to need an affordable but secure Exchange experience. Even if cuts aren’t crucial, for some organizations it makes sense to spend IT budgets elsewhere other than a $15 mailbox (most people these days spend their time in Outlook on their phone than on the desktop)
We’re bringing Exchange Essentials back at $4.99 for a limited time.
P.S. This is gonna sell out by Christmas, so if you have an opportunity and need us to hold some seats please call us at 877-546-0316, and let us know.
We decided to give Wrkoo Startup away for free with no limits when we were first looking to shut down our offices in March — we knew small businesses were not prepared for an extended “work from home” and that keeping everyone informed was on every managers mind. We gave Wrkoo away for free to everyone that worked with our partners, everyone that had ExchangeDefender, and aggressively promoted it here in Orlando because we wanted to help our community. We are truly all in this together because small businesses depend on each other. This is a rather expensive marketing write-off, but we’ve pledged to keep it free through at least one quarter after the USA gets vaccines.
Through this time we’ve heard from people who are using Wrkoo to provide customer service, to send out invoices, to track time, to manage entire projects, we have a translation service that runs on it, and a business vertical of every kind. And with ExchangeDefender we keep on connecting business productivity with the way people actually work and communicate when they need to get stuff done. We couldn’t be happier to have been a part in someone getting their business together in the cloud. Throughout all this mess, Wrkoo is the way we keep everyone accountable and on the same page. I know it can do the same for your business, or recommend it to a friend.
ExchangeDefender Email Encryption is a service that helps you control and distribute sensitive information. There is no shortage of solutions that help comply with the alphabet soup of regulatory requirements that help mitigate data leakage – the real challenge is making people that rely on encryption to be more productive.
We spoke to thousands of our users, across industries, to gain understanding for how they use the service and what would make it optimal. Here is their wishlist, delivered:
Encrypted Messages are about more than email
While Email Encryption services were designed to automate encryption of email that contained sensitive information, the practical use for email encryption is simply to securely deliver and track access of those messages. Depending on the urgency, sensitivity and the receiving party, ExchangeDefender’s Advanced Encryption Options make it possible to customize how long the message is available for, if the recipient needs to enroll in the service or simply click to view, who should be notified of message delivery/receipt/read status, and more.
ExchangeDefender is the only Email Encryption solution to feature multi-channel delivery of sensitive content. Simply put, organizations no longer only share data via email. Companies are now texting more than ever, as well as leveraging different portal and chat solutions to which sensitive content can be attached. ExchangeDefender enables you to send encrypted messages – automatically based on content or by your custom preference – but you can send it as an email, as an SMS/text message to a mobile phone, or as a URL link pasted on Facebook/Slack/Teams or any web or social media property.
Simply put, when you need to know that it got there securely and what they did with it afterwards, ExchangeDefender has the policies, processes, and automation to make it possible and simple.
Encryption isn’t an IT / CCO problem, it’s a business challenge
No software to install. No need to change any DNS records or move your email hosting. No devices or appliances to maintain or support. It takes just a few minutes to sign up for ExchangeDefender Corporate Encryption, add your users, and set the default corporate encryption policy and suggested lexicons/pattern searches to keep everyone secure. In minutes, IT’s job is done.
The real encryption challenge is with the people that rely on encryption to get things done. Staff that sends out hundreds of encrypted medical records each day. Staff that communicates sensitive financial information between multiple organizations. Staff that is more concerned about the message getting to the intended recipient that can easily access it – or they become the front line IT support for every recipient that can’t view the message, didn’t get the message, or worst case scenario, message was sent to the wrong party (you can revoke it at any time).
ExchangeDefender approaches the business challenge by helping the sender customize the environment and save settings to eliminate repetitive work.
Outlook or Outlook Web App
ExchangeDefender Corporate Encryption comes with an Outlook and OWA add-in product that adds buttons to the Outlook/OWA ribbon. Safe delivery of sensitive information is really just a click away: just click on encrypt. This approach removes the need for the web interface entirely, and follows the default encryption policy as defined by your IT and Chief Compliance Officer.
Most of encrypted email work is related to message delivery: When you want to know that they got the message and what they did with it. With traditional offerings this is a painful process of searching through tons of email notifications – but ExchangeDefender takes that a few steps forward.
ExchangeDefender Corporate Encryption features a powerful Activity tab that enables users to see live activity across all the messages they’ve sent recently. For example, if you’d like to know whether the recipient attempted to print or forward a message you restricted them from printing or forwarding, you’ll find an alert on the Activity page. If you send a ton of mail, our powerful search will help you define the actions you’re looking for, search for a specific time period, or just search by text/subject. From there you can export it to Excel, PDF, CSV, or just print out the report.
If you don’t send a lot of messages or dislike constant email notifications from encryption services, we’ve got you covered as well. ExchangeDefender features a weekly email report that shows you all the messages you sent and the associated activity.
Management Default Policies
ExchangeDefender makes it really simple to define a corporate security policy that automates the encryption of sensitive information. Whether you want to screen for standard personally identifiable information (PII), or use one of the predefined lexicons for a number of industries, or you want to define a default corporate policy to keep all users secure, ExchangeDefender has you covered.
ExchangeDefender keeps its users productive by eliminating the user interface clutter – a byproduct of a highly flexible and customizable interface. Sending an encrypted message is simple and requires no training by design, the entire process is obvious and intuitive.
To be productive, you will need to rely on some of the more advanced features of ExchangeDefender Encryption that help control notifications, message rights, message age, and additional security requirements. ExchangeDefender allows you to save your policy customizations as a new policy, so that all the settings you configured can be reused and reapplied with just one click, on demand.
The Encryption Opportunity
The purpose of email encryption is to help automate the encryption of sensitive information. ExchangeDefender excels at this requirement with domain policies, lexicons, advanced pattern searches, and custom policies.
There is a lot more to encryption when you consider the people that rely on it to do their job – and ExchangeDefender offers Outlook/OWA addins to make encrypted email as simple as a mouse click. From there we provide powerful Activity reports in the encryption portal that allows you to search for messages, activities, and even filter down to the right time frame. Because encryption isn’t only about sending – it’s about knowing that the message was received securely – you can create custom reports that can be printed, saved, or exported to Excel.
Ultimate opportunity is in realizing that message encryption needs to evolve with how we work. Covid-19, office closures, physical distancing, and reducing touch points has made us all rely on social media, chat platforms, portals, and social media to communicate with our coworkers, partners, and clients. We now share sensitive information via email but also over the web and via text/sms to mobile devices. ExchangeDefender supports them all, secures them all, and enables secure productivity.
It’s easy to see why Corporate Encryption is our most popular product, please submit a ticket for a free trial.
ExchangeDefender Encryption is getting it’s second massive upgrade of 2020 – not just because it’s our most popular new product, but because more and more of our clients are starting to leverage it to solve old business communications problems more securely. This is a feature packed upgrade, heavily focused on automation, branding, encryption policies, long term message archiving, and most of all productivity updates.
We have listened to our clients and their challenges in the Covid-19 business interruption era and found that the biggest need is in the area of business productivity. It is no secret that almost all the compliance and encryption services were designed specifically for FINRA, SOX, PCI, and other popular regulatory standards. But what we’ve found out is that most of encrypted email traffic is actually focused on descretely and securely delivering lots of messages as a matter of business process.
It’s the modern version of a notary service, and it must fit the way people interact with email. When it doesn’t, when it’s clunky, when it’s slow, when it requires too many clicks, when it’s authentication is antiquated, when it is too restrictive – ultimately, when it’s not convenient people will not use it. That introduces inefficiency and lowered security standards.When we updated the ExchangeDefender Encryption in April of 2020, we focused on the user experience. We have kicked that up several notches, all based on the client feedback.
Encryption 2020 2.0
Live on Tuesday, September 29th at noon EST
We can’t wait to show it to you.
Features not available from anyone else in the industry.
Please take a moment to come see it. Due to popular demand, I’ll hit all the highlights in the first 15 minutes, and then go into full detail about what this can do. We’ll also be offering free trials and NFR during the event. Because this service doesn’t require the mail flow to go through us (no MX record or hosting/provider changes) it’s super quick and easy to deploy and requires no technical expertise to manage.
We’ve had a very busy summer, working on all sorts of features that are helping our clients and partners run a more profitable & predictable business. All of these new features will be available through ExchangeDefender as well as Wrkoo shortly.
This post is unfortunately not about one of those features. During the implementation of full automation for service subscriptions, terminations, and billing we found several partners that were committing outright financial fraud against us. This has caused us to revise our billing process and policies so that we can continue to provide a service that is both affordable and profitable for everyone.
In 2019, we’ve spent an average of ~62 hours per month dealing with delinquent accounts.
Delinquent accounts are those that do not pay their bills by the 5th of the month. By our policy every account that does not pay their invoice in full on the 1st has a ticket generated and assigned to the Billing Contact for the company. We then follow up with an email and a phone call to the billing contact. We understand that business can be difficult and unpredictable (credit cards get compromised, it’s hard to track expirations with all the vendors, some clients pay slow, etc) and we go out of our way to make sure the business is aware of an unpaid invoice. Invoices that are not paid by the 5th (after we’ve contacted the billing contact every possible way) are charged a late fee. If the invoice is still not paid we continue to make the best effort, and if it’s still not paid after the 15th the service is disconnected.
Delinquent Account Handling
If you were seriously late paying an invoice more than twice in 2020, your account will be flagged as delinquent. If any of the future invoices are unpaid by the 5th, you will be asked to provide a secondary funding source:
If neither funding source can be charged by EOD on the 3rd (after tickets have been opened and emails sent), the services will be suspended.We are hoping that this automation helps our partners and clients avoid service interruptions and late fees.
Due to popular demand, we’ve added some new Distribution Group features to our Exchange/M365 Service Manager. The features are all about external (mail enabled) contacts that have a huge presence in the SMB/consulting organizations:
External Contacts or Mail Enabled Contacts are great when you need to give a person an email address on your domain without giving them their own mailbox. This is a very popular feature in SMB/consulting community when it comes to contractors and third parties that already have their own email infrastructure but for compliance (or vanity) purposes they need an email on your domain.
External Contacts allow you to assign an email address on your domain (firstname.lastname@example.org) and automatically forward all their mail to their existing email address (email@example.com).
Not only does this feature help save money on licensing costs, it also eliminates the need for the person to setup another account and check mail at a new place.
The upgrade we’re announcing today has to do with External or Mail Enabled contacts as a part of a Distribution Group (Exchange term for “mailing list”): You can now add external email addresses to any internal/external distribution group from the Service Manager at https://support.ownwebnow.com. Now when you try to create or modify a distribution group, your “Add a new member” screen will show your defined external contacts as well!
This is one of the most demanded features in Service Manager, and we hope it serves your business well!
But her (external) emails!
Unfortunately for some, the Internet standards still apply and most service providers are rapidly removing features that have anything to do with external mail forwarding. This is mainly due to rise of SMTP authentication/authorization protocols like SPF, DomanKeys (DKIM) that do not work with the way mail enabled external contacts are implemented in Microsoft Exchange and other email servers. When the mail is being forwarded to the external contact, the From line remains intact so that the recipient can identify the person sending the email (for example, firstname.lastname@example.org). But when the message is forwarded to the external contact, the receiving server will look at the from line and see that the message is from a domain hosted on Gmail but sent from the ExchangeDefender address space (that is obviously not a part of Google Gmail SPF/DKIM record) and depending on configuration might consider that message to be a forgery/spoof/SPAM.
This isn’t an ExchangeDefender issue, or a Microsoft issue, or a Gmail issue, it’s a part of the protocol specification. And while everyone else is making this feature go away (because it can affect server reputation), we’re working on rewriting/improving it. We are currently working on a feature that will rewrite the From line, so when Exchange forwards an email “From: Vlad Mazek <email@example.com>” to an external contact, the recipient will get an email that shows this on the from line: “From: Vlad Mazek <firstname.lastname@example.org>” that will help bypass SPF/DKIM checks on the receiving side.
It’s been a year since we launched the ExchangeDefender Automatic Enrollment feature and it recently got a major upgrade to function with our new cloud infrastructure. This is our favorite way to enroll ExchangeDefender users for two reasons: it’s the simplest and the most seamless way to onboard new users.
When ExchangeDefender detects a new email, it will put it in the enrollment process which consists of the following:
– Creating an ExchangeDefender account and supporting service accounts
– Applying existing policy defaults for the organization
– Creating LiveArchive account and routing policy
– Updating administrative and licensing systems
– Generating a welcome email
On the service provider side, there is a full and searchable log of all account enrollments so everyone is kept in the loop in real-time.
As for the user experience, everything is branded and automatically taken care of. When they send an email to any external email, their address will be provisioned within 1 hour and they’ll get the following email inviting them to get started. Even if they ignore it, the ExchangeDefender auto attendant will automatically apply all the domain/organization specific policies for them automatically. And of course, if something on your network is sending email by mistake you can just block it and you won’t be billed for it.
There is a lot of work and testing currently being done on several Microsoft integrations (Azure Directory sync, Outlook/OWA addin) but more on that during our August webinar. We are also doing some very interesting integrations on the Enterprise side, and some of those features may appeal to our MSP partners (although some may be cost / infrastructure prohibitive). For example, we have a client who required accounts to be approved before they could be auto-created (even though they were synced through our Azure integration) and we were able to enable them to do that. If you’ve got feature ideas we’d love to hear them, but there is a lot we can also build with our partners.
At ExchangeDefender we get an over-sized serving of “weird email problems” on a daily basis, and keeping the client up and running and email flowing securely is our first priority. Trouble is, some of the issues our clients face can’t be easily replicated because they often involve a complex setup or a device that we do not have control over, naturally leaving the paying client in a position to make us prove that we aren’t causing the problem. And the customer is always right.
Today we are announcing a new service, included with ExchangeDefender Pro, that will help improve monitoring, problem detection, recovery, and diagnostics for email problems that fall in the weird category. By simulating real-world email traffic we can match up our timestamps, headers, diagnostics logs, and identify problems and their cause in real-time. Our email diagnostics service can be scheduled with preset intervals, message specifications, test parameters and more to help detect a problem with the mailbox or mail routing in general.
What kind of tests can we run? Here are a few of the top used cases:
– Email sometimes experiences a delay
– None of the emails with attachments sync with the mobile device
– Messages aren’t consistently signed with DKIM
– Messages to/from different sources cause a delay
– Messages “arrive all at once” or “never at all from 9PM to 11PM”
In the two months that we’ve been testing this new service, we have yet to find a problem that can either not be identified by this tool or that we cannot fix very quickly. This system can detect issues within the ExchangeDefender cloud, as well as any other email infrastructure out there (Office/Microsoft 365, Gmail, etc). This feature is a part of a much larger set of security enhancements we’ve been developing/testing, and would welcome any feedback and suggestions.
If you have found an issue that is causing a problem for the client, please let us know by opening a ticket. From there we can simulate the sort of traffic that is not reaching their mailbox correctly and give you tons of samples that will help identify exactly where the issue likely is.
To get started, open a ticket with “Email Diagnostics Request” and the type of problem you’re trying to solve and we’ll get right on it. This service is a part of a more elaborate mail testing package we are currently building to assure all our clients are properly setup, properly locked down, and ensure any issues are detected and addressed before they impact productivity.
Today we received word from Microsoft explaining that they are currently investigating the technical issues involving the sudden crashing of their Outlook email app. (For the record, no – it’s not us.) Their twitter confirmed later in the day with the following alert:
“We’re investigating whether a recently deployed update could be the source of this issue,” explains Microsoft… “As a workaround, users can utilize Outlook on the web or their mobile clients.”
This comes after thousands of Office 365 users reported that the email app immediately shuts down upon opening. This has come after the recent upgrade to Exchange 2016.
As for ExchangeDefender, we have not received any support requests as of yet, but we wanted to give you a heads up in the event that you experience difficulty using the app.
Our tip: Use OWA with your web browser, you should be able to login with no issue. If you are still experiencing delays, please submit a ticket via our support portal, so that we can troubleshoot your issue further.
Our Official NOC announcement is available here!
We’ve been running Exchange migrations to/from Microsoft 365 and Gmail since 2015 and as of this month all our users are on our latest tech (Microsoft 365 / Office 365). With all the new modern tools and Microsoft cloud tech you’ll automatically get backend updates from here on out and hopefully the words “email migration” will never come up for you.
We realize that there are some clients that would prefer to move their mail elsewhere so before we retire all our legacy infrastructure, we are making one final offer. We can manage your migration, either by just providing the pst export of data or managing the entire process end to end.
The cost for the PST export is $39/mailbox if you’d like us to handle it for you (or you can do it for free yourself), and the cost for the full migration service is $59/mailbox.
PST Export ($39/mailbox) includes exporting your data to a standard PST file and making it available on a secure web site.
Full migration ($59/mailbox) includes the export as well as the following:
– Mail proxied through ExchangeDefender delivering to current mailbox as well as the mailbox at the new location, allowing you to stay in business even while we do the mail moves.
– DNS management including configuration of the new SPF, DKIM/DMARC, and MX records.
– Current mail (pst) upload to the new mailbox
– Disconnection/removal of the existing email infrastructure
– Warranty and support for the whole process.
We recommend going with the full migration including a year of ExchangeDefender service. This option allows us to make sure the configuration is accurate on both clouds, that data is moved correctly and securely, that MX/SPF/DKIM/DMARC are operational and do not cause issues down the road, as well as LiveArchive to assure that should anything go wrong you can still send/receive email.
P.S. If you have basic IT skills, or if you work with an IT/MSP/VAR/tech provider, you can do this on your own. Simply make the following changes to your hosts file and you will be able to connect Microsoft Outlook and export mail to a pst file on your own. Our legacy systems will be permanently retired on August 1st, 2020.
If you are interested in this offering, please download the application and submit it to us via ticket at https://support.ownwebnow.com
or call us at 877-546-0316 x720
We wanted to offer a major update on the migration, specifically covering the major issues we have addressed for some clients during the cleanup phase.
Distribution groups, forwarding
We have received reports from several organizations regarding issues covering distribution groups, group members, forwarding account directions (forward vs. store & forward). If any objects failed to import due to configuration/contents/policy/etc it is in the retry queue and will be published shortly.
Add / Delete Mailbox
We have addressed a bug in the add/remove process that was prohibiting certain organizations to add/remove accounts. Originally, as noted on anythingdown.com NOC, we blocked this function entirely because users were looking at an empty list and creating mailboxes (that would cause a collision when the new mailbox was migrated from the source). This problem is fixed, if you encounter an issue please open a ticket with a screenshot and as much info as you can provide.
Add / Delete Organization/Domain
At this moment it is not possible to add/remove organizations, or those that were in the system recently. In order to finalize the migration, the routing policies are locked down (meaning if you deleted a domain, ExchangeDefender will still treat them as local). We look forward to wrapping this up shortly.
Password / Login issues
This is by far the biggest ticket group category, we are still processing double digit requests for credentials, credential resets, and credential tests. Similar to the next group:
We are still spending a lot of time going through the basic Outlook configuration steps. For an overwhelming majority, this transition has been transparent. Those that did not and had to take a manual configuration route, the process has been described at anythingdown.com 1) Make sure you have an autodiscover record 2) Make sure it propagates, then run the autodiscoverregistryhacks.zip 3) If you don’t control your DNS, make adjustments to your local systems hosts file 4) Setup Outlook with autodiscover, the UPN must be used as your login address if you’ve changed it from your primary SMTP address.
Missing & Syncing Emails
Every mailbox that has been reconnected has either had all it’s mail delivered directly, delivered in a Catchall account – email@example.com. Some users are confusing items they see in their Inbox in LiveArchive but not in their Outlook/OWA (but after extensive searching we keep on finding missing messages in folders, Deleted Items, etc). If something is missing and absolutely critical in LiveArchive just click on the message and click Forward to your email address and the message will be forwarded to your Outlook/OWA.
Store & Forward
Several users were also unfortunately caught up in a custom policy that did not get migrated to the new Exchange. These are more legacy configs we did for some users in AUDC, things like renaming the OU or primary domains. For some of those accounts, the store and forward rule because a forwarding only rule, skipping the Inbox and going straight to the person that it’s being copied to. We have fixed this issue and it should not be happening again.
We have gotten several complaints about autodiscover. Microsoft has removed manual configurations in 2013 and no modern version of Microsoft Exchange supports a manual server setup. However, this is something that could be easily rectified even with minimal technical skills by modifying the local hosts file if you don’t have the credentials to do it properly by modifying the DNS. Absolutely everything in the new infrastructure relies on the autodiscover record!
iPhone / Android Setup
For the most part, we are just confirming that all mobile devices should work fine with owa.xd.email as the server name, ditto for EWS integrated applications, we have not received more than an inquiry for the server name. For Android, things get sketchier when you consider all the different vendors, apps, and configurations. Again, so long as autodiscover is present and configured properly and your device is using a modern client, it should just work. When it doesn’t, recreating it takes a few minutes.
Non delivery receipts and errors are always of high interest to our NOC team as we continue to go through cleanup and audit all the tickets and users.
These are the issues we are currently working on, in 3 shifts, and sorting them all out as fast as possible. I know that for many of our clients this transition has been messy, but you are on such a better and more secure platform that won’t require you go through this process again. While modern platforms are more secure, their recovery from a disaster or issue (as some of you unfortunately went through) is extensive and at times unpredictably slow – so you have this much of a commitment for us, we will make sure LiveArchive is able to step in on a whole new level when things like this happen.
Important links to remember
ExchangeDefender Exchange Setup
Autodiscover Registry Hacks
ExchangeDefender Service Documentation (Knowledgebase)