Managing ExchangeDefender Automatic Account Enrollment
ExchangeDefender recently launched the Automatic Account Provisioning system that replaces our old ExchangeDefender XDSync. The new system automatically finds email addresses that are sending out messages and sends a welcome message to provision the account – the CIO/MSP get a report with a summary of changes and essentially automates the entire process.
For compliance purposes we’re making it super easy to keep track of this process and we’re even providing some tools to help manage accidental activation – for licensing purposes if the email address sends emails out it’s considered a billable user (only inbound aliases/distribution groups/contacts are free)
As a CIO/Service Provider
If the email address was provisioned through the automation process, you will see an icon A next to the email address in your portal. To manage the accounts you’ll have to hop down to the Domain Administrator.
As a Domain Administrator
Domain Admin control panel at https://admin.exchangedefender.com gives you more granular controls over Automatic Account Provisioning. Under the Accounts section you will find the same A icon next to the accounts that were provisioned automatically.
If these accounts were provisioned by mistake and these are not valid users, you can Block them. Blocking an account does two things: it removes the user from the block list so it doesn’t continue to get provisioned after it is deleted and it blocks messages from that user / device / service from relaying mail.
To find users that were blocked from automatic activation (in case that address becomes a regular mailbox/sender in the future) you can click on the Blocked Addresses tab:
Reporting and activity regarding accounts is still in the same place for both admin levels under the Accounts menu. Accounts that were provisioned through automation will show that they were created by ExchangeDefender Automation, and Blocked Addresses will show the name of the admin that blocked them.
What about deletions? What about turning this system off entirely?
We’re working on it – stay tuned! We’re obviously curious why anyone would want this turned off so if you have a legitimate reason (other than it makes it difficult to cheat on licensing) please let us know. If you have a legitimate use for a service/device to relay mail out, you can always configure it with a free IoT account in ExchangeDefender.
We are also currently working on automatic deletions (based on usage patterns) that will be configurable on a per-domain policy. For example, you’ll have the ability to deactivate accounts that have not sent out any email in 3 months.
ExchangeDefender Account Provisioning Live
As noted nearly two months ago, ExchangeDefender is starting Automated ExchangeDefender Provisioning. In the long, long ago when everyone ran their own Exchange servers, ExchangeDefender offered XDSync to automate creation of ExchangeDefender users as soon as they were added to the Active Directory.
Fast forward to 2019: Few people still run their own Active Directory and most users are now on cloud-based email services that don’t use Active Directory. This puts a burden on our CIO/MSP/IT personnel that has to manage users manually – so we solved that problem with ExchangeDefender. Here is the user experience.
Automated Provisioning – User Experience
When ExchangeDefender detects a new email address from your domain sending outbound mail, it will automatically provision the account for you. This way nobody has to deal with the account management and maintenance, nor do they have to filter and audit the list as local accounts, distribution groups, etc do not send out external emails anyhow. If they do, from the licensing standpoint, it’s treated as a user. When we detect a new user, they get this email:
The email contains branding and contact information of an MSP if the client is managed by an MSP. Otherwise, only the domain administrator and ExchangeDefender basic contact info is provided.
At this point, the user is added and configured for ExchangeDefender services according to the domain defaults the IT department configured for this domain.
Clicking on the “Complete Enrollment” button takes the user to the website to setup basic settings. This part is actually VERY cool and something our clients have been begging for – something that shows the user how to actually use the product.
The enrollment wizard is only 2 steps long and gets the essential settings that 99% of users change.
Setup your password, tell us what to do with SPAM, tell us what time you want the email report (if enabled by CIO/MSP/IT) and that’s it – user is done. We’re also working on additional customization/templating of the welcome emails which should be launching later this year.
Automated ExchangeDefender Provisioning
Keeping up with ExchangeDefender subscriptions used to be relatively easy back in the day when everyone had their own server.. and while we still proudly support XDSync, the new usage scenarios and new platforms are making user management a chore for IT people and those in charge of reconciling billing alike.
Starting with July 2019, ExchangeDefender will automate the provisioning, billing, and enrollment of new users automatically.
How will it work? How ExchangeDefender will be monitoring outbound flow of mail from the organizations that are protected by ExchangeDefender. Whenever we encounter a new email address sending email, we will check the existing users table and if we find someone new we’ll start the enrollment process. It will work as follows:
(1) ExchangeDefender finds a new email address on a protected domain.
(2) ExchangeDefender creates a new account and provisions default domain security policy.
(3) ExchangeDefeneder sends the user a welcome email with an enrollment link.
(4) ExchangeDefender sends the domain administrator and CIO (or service provider) a notification.
That’s it, we’re keeping it that simple. And since you never get billed for ExchangeDefender accounts added in the middle of the month you can always correct any mistakes and lock down mailboxes that get created as a result of a security breach for example.
FAQ
Q: Will the bill for the new user be prorated?
A: We never bill during the partial month, so if you sign up a new user on the 14th, they will not be billed for the service for the part of the month.
Q: Will this automatically categorize printers, devices, etc?
A: Printers and smart devices are free if they are setup as an IoT device.
Q: What if this is just an alias on someone else’s account?
A: In ExchangeDefender, inbound aliases are free (terminated employees email addresses, vanity accounts, department or distribution groups, etc) as long as they are associated with another users account. If for some reason they both receive AND send mail, those accounts under our licensing model are indistinguishable from users and must be billed as such.
Q: Will I have the chance to review the new additions?
A: Yes, you will get an email from enrollment@exchangedefender.com when the account is added and remember, you will not be billed for it until the 1st of the month. So long as you delete the account more than 72 hours before the end of the month, it will not be billed.
Q: What will the user experience be like?
A: Identical to the way it is now. They will receive the same welcome email they would get if you manually added them at https://admin.exchangedefender.com
Q: So which address should they email to start the enrollment?
A: Any address you wish.
Q: How about automatically deleting accounts that aren’t being used? A: We are working on it. As we’re dealing with folks email (and compliance, encryption, archiving, contacts) automatic deletion is never a good idea but we realize that billing and account management is a pain. The way we’re currently designing it is with the expectation that the domain owner will set an inactive date in the portal. Any user that hasn’t sent email in the quarter or in a year (depending on policy) will automatically be removed from the active roster and you’ll be able to nuke them all through a review process.