Introducing ExchangeDefender Inbox
Cybersecurity tops the list of IT concerns and spending, with email still being the most popular service with users and hackers alike: over 90% of compromises start with an email. If that sounds familiar you’ve undoubtedly had to deal with new email authorization standards, user training, troubleshooting mail flow, trying to figure out why email to or from certain people is bouncing, reconciling it all with new IT trends, cyber-insurance requirements, marketing. In a nutshell, email security is still a challenge and users just want something that works.
We’ve reimagined what the email security should look like in 2022 and we cannot wait to show it off:
ExchangeDefender Inbox Webinar
Wed, Sep 28, Noon EST
We hope you can join us for the webinar and see just how we’ve integrated all the ExchangeDefender security and productivity services to give users a single panel of glass to make email work for them even when they have issues with email. Can’t wait till next Wednesday? Shoot us a ticket at support.exchangedefender.com and ask us to enable it for you today!
ExchangeDefender Inbox combines over two decades of email security experience with the modern, mobile-first world of countless email issues. It enables our clients to get things done with email security and work through all the issues without involving IT. Users want a quick and reliable email platform that just works – work around SPAM filters, around SPF/DKIM policies, around bounces – all while leveraging email encryption to protect sensitive data. The service has been enormously popular with our enterprise clients and now we’re bringing it to all ExchangeDefender users – see you next Wednesday!
oAuth Launch Scheduled for May 19th, 2022
In January 2021 we launched *our oAuth implementation* to help clients get rid of passwords. On May 19th, 2022 our legacy systems (existing email/txt 2FA/MFA) will be shut down and all ExchangeDefender services will rely on oAuth for authentication. Clients will not see a major difference and will login the same way they always have at https://admin.exchangedefender.com:
The new authorization backend will help improve the security of all users that rely on ExchangeDefender to keep them safe: better password policies, no need to reauthenticate every time you visit our services, support for hardware authentication devices and tokens, support for software authentication such as Google/Microsoft/Authy authenticator solutions, and a lot more.
The era where someone can get access to all your data just by guessing or hacking your password is coming to an end. More importantly, industry standards and cybersecurity insurance underwriters are requiring 2FA/MFA and this is a huge opportunity for our partners to deploy a more secure access to the arguably most insecure and public endpoint in every organization: email.
We look forward to keeping all your data secure and your users safe from dangerous email exploits.
ExchangeDefender Invoices Got A Makeover!
We have listened to our partners and decided to redesign our invoicing system so it works better for our partners. One of the many benefits of having both Wrkoo and ExchangeDefender teams working together, (more details in our next webinar on September 10th, 2019) is that we can take great ideas from all sorts of businesses and adapt them to serve our IT partners better. Specifically, new ExchangeDefender invoices will be grouped by client:
This will give you a clear indication of how many services each client is subscribed to, what type, amount, etc. For deeper dives by your CPA, you can filter and group by service and client so you can get exactly what you’re looking for (by default everything is sorted alphabetically, by the client):
And for the full details, just tap the title:
We’ll shortly be adding the ability to move services around, adjust titles, and for even more functionality as well as branding options you will have the ability to customize literally everything in your own Wrkoo portal.
Wrkoo and ExchangeDefender teams have been rolling out new features, listening to our partners needs, and you’re going to start seeing a lot of new features that result from that one-of-a-kind collaborative effort.
The best news though – as this is just a taste of what is coming – you’ll have to tune into our webinar on September 10th at NOON EDT. Trust us, you’re going to love what we’ve got coming!
ExchangeDefender discontinues free migrations for Office365 and Google GSuite
ExchangeDefender has assisted partners and clients with migrations from third party platforms onto our award winning platform. On July 31st 2019, we will schedule our last third party migration onto the ExchangeDefender network and will only support them under special projects going forward.
We’re sure this will disappoint some of our clients and partners that have hoped to bring their clients to our network, unfortunately this work is simply too expensive to deliver free of charge. Over the years we have given our prospects incentives – free licensing, free third party migration tools, free hosting, etc and we were able to do so on the back of deep expertise across other platforms.
But just as we continue to decommission our own older versions of Exchange clusters and third party email systems, the rest of the world is doing likewise. We feel like everyone that was truly interested in a smooth transition has made or scheduled that move already. Clients that have waited on 5+ year old infrastructure probably did so because of customized workflows, third party integrations, older versions of integrated software that doesn’t support Exchange 2016/19, etc. Keeping the immense staging, data transfer, and consulting resources on hand for legacy platforms is expensive and is needed as we roll out new features for ExchangeDefender. SplitMX, Multiroute and duplicate delivery will no longer be supported by ExchangeDefender, on our network or on Office365/Google/3rdparty.
We’ve been mentioning the sun-setting of this service since early 2018, and if we’ve missed anyone there are still 2-3 weeks during which we can swing almost anything over. Past that, we will offer migrations to ExchangeDefender as a part of our enterprise services contract.
Thank you for your business and we’ll continue working hard to keep you in love with ExchangeDefender. If you want to join the fun, let us know by August 1st, 2019.
Automated ExchangeDefender Provisioning
Keeping up with ExchangeDefender subscriptions used to be relatively easy back in the day when everyone had their own server.. and while we still proudly support XDSync, the new usage scenarios and new platforms are making user management a chore for IT people and those in charge of reconciling billing alike.
Starting with July 2019, ExchangeDefender will automate the provisioning, billing, and enrollment of new users automatically.
How will it work? How ExchangeDefender will be monitoring outbound flow of mail from the organizations that are protected by ExchangeDefender. Whenever we encounter a new email address sending email, we will check the existing users table and if we find someone new we’ll start the enrollment process. It will work as follows:
(1) ExchangeDefender finds a new email address on a protected domain.
(2) ExchangeDefender creates a new account and provisions default domain security policy.
(3) ExchangeDefeneder sends the user a welcome email with an enrollment link.
(4) ExchangeDefender sends the domain administrator and CIO (or service provider) a notification.
That’s it, we’re keeping it that simple. And since you never get billed for ExchangeDefender accounts added in the middle of the month you can always correct any mistakes and lock down mailboxes that get created as a result of a security breach for example.
Q: Will the bill for the new user be prorated?
A: We never bill during the partial month, so if you sign up a new user on the 14th, they will not be billed for the service for the part of the month.
Q: Will this automatically categorize printers, devices, etc?
A: Printers and smart devices are free if they are setup as an IoT device.
Q: What if this is just an alias on someone else’s account?
A: In ExchangeDefender, inbound aliases are free (terminated employees email addresses, vanity accounts, department or distribution groups, etc) as long as they are associated with another users account. If for some reason they both receive AND send mail, those accounts under our licensing model are indistinguishable from users and must be billed as such.
Q: Will I have the chance to review the new additions?
A: Yes, you will get an email from email@example.com when the account is added and remember, you will not be billed for it until the 1st of the month. So long as you delete the account more than 72 hours before the end of the month, it will not be billed.
Q: What will the user experience be like?
A: Identical to the way it is now. They will receive the same welcome email they would get if you manually added them at https://admin.exchangedefender.com
Q: So which address should they email to start the enrollment?
A: Any address you wish.
Q: How about automatically deleting accounts that aren’t being used? A: We are working on it. As we’re dealing with folks email (and compliance, encryption, archiving, contacts) automatic deletion is never a good idea but we realize that billing and account management is a pain. The way we’re currently designing it is with the expectation that the domain owner will set an inactive date in the portal. Any user that hasn’t sent email in the quarter or in a year (depending on policy) will automatically be removed from the active roster and you’ll be able to nuke them all through a review process.
New look for ExchangeDefender SPAM Release & Re-directions
It’s been about a decade since our last face-lift to the end-user facing part of ExchangeDefender – suffice to say, lot’s of cool new things are possible with the web technology that wasn’t possible in the past. So, allow me to introduce you to the ExchangeDefender Security Center!
As of Thursday, June 27th, when you attempt to release a SPAM message,
you will see our new security center:
Of course, yours will look a little different. If you have ExchangeDefender from a service provider, it may have their color scheme. You can still upload your own logo (at https://admin.exchangedefender.com).
The idea here is to help connect our self-service portals https://www.exchangedefender.com/ss, our chat, our alerts, and documentation into one spot so when an issue comes up we can help the end user right then and there.
Remember that all of this stuff is data driven, so if you’re one of our partners we encourage you to put up your own announcements, deploy the XD NOC for your organization so your branding is preserved, work with our account managers, etc.
Going forward, this will be the default view for unauthenticated connections – so WFS, Encryption Download, SPAM release, and the Phishing Firewall Redirect.
P.S. How do IP restrictions play into this? They don’t. If you have ExchangeDefender enabled only for Trusted Devices and admin portal locked down to the enterprise IP range, the site will still allow the user to release SPAM from the quarantine no matter where they are (think mobile device access). For other functionality, once they click on Login the same 2FA/OTP/Known Device/IP Restrictions are in play.
ExchangeDefender Phishing Firewall FAQ
ExchangeDefender Phishing Firewall officially launches tomorrow, June 12th, 2019.
Every service provider and every user will be contacted with the information about the new service. Since some users may see the redirection site, we wanted to assure everyone was aware of the service, how it works, what it looks like, and what it does to protect them.
Note from Vlad: We hate changing the user experience. We understand that every time we change anything there will be an issue, folks don’t like having their cheese moved, I get it. However, this isn’t a futile exercise in self-promotion, up-selling, cross-selling, or useless noise: we are doing this to eliminate the problem that 90% of security compromises are triggered by. This implementation comes down to ethics: If I know that something is 90% likely to hurt you, and I have the means to protect you, and I choose to let you get hurt anyhow… why would you ever do business with me or ExchangeDefender? I understand we may lose some business over this, and I am willing to make less money in order to do a better job for people that trust us with their business.
Here are the answers to some questions we’ve already received:
Q: Does ExchangeDefender PF work on every device I receive email on?
A: Yes, ExchangeDefender PF automatically encodes all links sent through our system in HTML messages and redirects them through ExchangeDefender PF. This means that the link will be secured no matter which device you use to access your ExchangeDefender-protected email.
Q: Does ExchangeDefender PF protect me from non-email links?
A: ExchangeDefender only protects you from email links in HTML messages sent to your email address through ExchangeDefender. If your mail client downloads mail from 3rd party external services (Yahoo,
AOL, Microsoft, Google) that are not protected by ExchangeDefender, you will not be protected.
Q: Is ExchangeDefender PF available in ExchangeDefender Essentials?
A: ExchangeDefender PF is only available in ExchangeDefender Pro and ExchangeDefender Enterprise.
Q: Is there any way to turn off URL encoding for specific domains or users?
A: ExchangeDefender encodes the URL at the edge, as the message is being scanned for malware and other phishing forgeries.
Q: I don’t want to see the ExchangeDefender PF warning/site, can I bypass it?
A: Yes, you can simply whitelist the domain and ExchangeDefender PF will not be displayed. Whitelisted domains are automatically displayed without ExchangeDefender PF. ExchangeDefender maintains a list of known good/legitimate domains so the likelihood that you will see a dangerous (or questionable) website is very low. Additionally, your IT department or IT Solution Provider has access to organization-wide whitelist and can bypass ExchangeDefender PF to any site you need to visit.
Q: Is it possible to still get hacked/compromised even with ExchangeDefender PF?
A: ExchangeDefender PF simply applies your organizational policies to traffic and gives you additional information about the link you have clicked on. If you ignore warnings, or if you proceed to a dangerous site as a part of your organizational policy, you can still be compromised.
Q: Is there anything special I need to do on my network in order to support the redirection?
A: No, you should not have to make any modifications to your clients network in order to support this. If you do something exceptionally unusual (we would have contacted you separately, DoD requirement) and only have an allow access policy while blacklisting the rest of the Internet, redirection happens through https://r.xdref.com domain that needs to be in the safe sites.
Q: Can I turn URL rewriting off?
A: The ExchangeDefender URL rewriting code is implemented at the edge without regard for domain/user policies. In order not to introduce delays in processing, this is a global rule. If you are concerned about your clients seeing the redirection screen, whitelist the domains they typically go through. If we get complaints about it, we will look at deploying this policy further down in the scanning path which will slow down processing times for domains that opt out of the service and that feature is already in the development queue.
Q: Can I see the copy of the messages you are sending users, so I know what to expect?
A: Here is a copy of the message in PDF and Outlook format.
Q: Will the links stay live for X number of years for compliance purposes?
Q: Can I get a list of good/bad sites for my compliance records?
A: Please contact our compliance officer at firstname.lastname@example.org with the letter from your regulatory body and we will do our best to provide this confidential information ASAP.
Compelling Reasons To Move To Exchange 2016
The time to move over to Exchange 2016 is NOW!
We previously blogged about our brand new SMB User Interface initiative around Exchange 2016 hosting – we aim to simplify the management of Microsoft Exchange so that any white collar employee can manage business email administration end to end.
But what about Exchange 2016, what is so great about it? Truthfully (and this will not make our MSP friends happy) bulk of the Exchange 2016 benefits are really centered around making our life easier as the service provider – we’ve never been able to say this about ANY Microsoft product in the two decade history: we’ve had 0 issues. You read that correctly, we’ve had absolutely no problems with Exchange 2016 so the primary benefit is the overall reliability and flexibility of the platform. It’s solid.
But if you want to sit with a client and walk them through a set of features that are new and compelling – and a good reason to upgrade to our Exchange 2016 if they are still on another provider or earlier version of Exchange – here are some talking points.
P.S. We recommend getting a demo account with our sales team and discussing how we often position these services to win business. You can talk about it till you’re blue in the face but just showing them the feature live might make them not want to live without it.
Exchange 2016 Notable Features
Expanding Archives – When an archive mailboxes reaches 50 GBs, the archive mailbox expands. Under the covers, once the mailbox reaches a size of 50 GBs, another archive mailbox is automatically created and linked together to form a chain of mailboxes that acts as one logical mailbox. As archive mailboxes are added, the content is distributed across the mailboxes to even out the load. Keep in mind that auto expanding archives still don’t auto expand your storage backend. Make sure you have adequate storage to accommodate such growth.
Calendar – Do Not Forward: This is similar to Information Rights Management (IRM) for calendar items without the IRM deployment requirements. Attendees can’t forward the invitation to other people, and only the organizer can invite additional attendees.
Calendar – Better Out of Office: Additional options when you won’t be in the office. Key options include: add an event to your calendar that shows you as Away/Out of Office, and a quick option to cancel/decline meetings that will happen while you’re away.
Calendar – Remove-CalendarEvents cmdlet: Enables administrators to cancel meetings that were organized by a user that has left the company. Previously, conference rooms or meeting attendees would have these defunct meetings permanently on their calendars.
Outlook on the Web (Formerly known as OWA)
When you use Outlook on the Web you have access to powerful collaboration tools that help to improve productivity. As an end user, you can easily engage in document collaboration, URL and video previews in email messages, and access advanced search functions. These capabilities have been especially enhanced for the most recent web browser versions including Microsoft Edge, Google Chrome, IE 11, Safari, and Mozilla Firefox. Additionally, there is now a productivity toolbar that appears in the top of your web browser for easy access to the functions you frequently use such as calendars, reading and composing email messages, searches, accessing files and documents, and more.
Pin: This function allows you to highlight a message and pin it to your inbox so you can easily locate important messages.
Undo: The Undo function helps you recover messages that were inadvertently deleted and undo actions you accidentally executed.
Sweep: This capability allows you to easily manage messages you frequently receive by configuring the settings for the messages. You can choose to keep messages for a specified number of days, automatically delete certain messages, keep the latest messages, and more.
Emoji’s: The Emoji’s provide enhancement to expressions in your email messages. Since contact is not face to face, you can use this function to display emotions.
Organised Archiving: Exchange 2016 allows you to easily organise old email messages into designated folders with one click of your mouse. This helps to reduce inbox clutter.
Personalisation: A series of new themes have been added to Exchange 2016 to provide a more personalized experience when working with email messages.
As mentioned earlier, Outlook 2016 offers enhanced features for collaboration in addition to a few other functions mention here.
Quick Access to Recent Files: This feature allows you to easily access recent files stored in OneDrive for Business, SharePoint
Online, and OneDrive using a convenient dropdown menu.
Improved Screen Resolution: The intuitive DPI support features provides you with enhanced screen rendering when using Outlook.
HTML Format for Appointments and Meetings: You can now use rich HTML for email messages and attachments.
TellMe: The TellMe feature prevents you from having to search the productivity ribbon for a function you want to use.
Smart Lookup: Helps you to locate information on the web related to content in an email message. This feature places the information in directly in your inbox from sources such as Wikipedia, Bing, and others.
Small Screen Support: Enhanced support for small screens allows you to automatically adjust Outlook to adapt to your device screen. A back button allows you to easily switch screens to easily work with your message list and reading window.
Enhanced Multilingual Support: Exchange 2016 offers more international characters to support messages and documents in different languages.
Better Storage: Exchange 2016 offers improved settings that allow you to specify how long you want to retain email on your device. Outlook is designed to monitor disk space. If your space has become reduced, it will automatically set a smaller timeframe for syncing.
More Office Themes: A new Colorful theme has been added to Outlook 2016 while maintaining the previous white and dark grey theme options.
Improved Email Performance: With Exchange 2016, the time it takes to download and display messages as well as wake after hibernation has been reduced.
Outlook for iOS and Android
Early last year, Microsoft introduced Outlook email for the iOS and Android operating systems. This move helped to expand Exchange capabilities to more devices and operating systems.
Some of the features include:
Quick File Access: This features allows you to easily separate important emails from less urgent ones by using the double tab feature.
Calendar Availability Notification: The Calendar feature allows you to easily send the times you are available to your colleagues, friends, and co-workers.
Schedule Emails: This function allows you to remove an inbox message and schedule to appear at a later time when it is more convenient.
Directory Search: The Directory Search function provides a way to quickly find people and their location.
Automatic Replies: Exchange 2016 allows you to set messages to let others know you are out of the office. An icon remains on the screen to remind you this function is activated.
(10/17) Webinar: ExchangeDefender launches New Features
A new webinar for October 17th at noon has been scheduled! We’ve been working around the clock to provide our partners, and their clients new features that make all of our work process easier, and more effective. Cool things that are happening as of today, October 1st :
Exchange 2016, Finally
The new exchange 2016 comes with a lot of new features. We’re particularly excited about the ability to create shared mailboxes, and manage password and lockout policies.
You can now reset your recipients accounts (PIN+Password) in Corporate Encryption.
New ExchangeDefender SPAM Email Reports are launching on October 1st 2018 and we’ve made several significant changes to the look and feel based on user feedback.
You’ve only been waiting 20 years for this feature and we’re happy to finally deliver it: ExchangeDefender will now show friendly display names and email addresses, giving you a better idea of who the email sender is.
Watch ExchangeDefender’s CEO, Vlad Mazek discuss newsworthy topics to be discussed during the upcoming webinar on the 17th at noon. Stay tuned as we share key advancements of our products and within the company. Reserve for the webinar now!
ExchangeDefender 9 Going Live! July 28th
ExchangeDefender is proud to announce that ExchangeDefender 9 will be exiting the beta stage next week and will be in production for all of our clients on Saturday, July 28th, 2018. We want to prepare our partners and clients for our rollout schedule so that everyone is ready to go for what we expect to be a very seamless and effortless transition. You can see the new version at https://admin8.exchangedefender.com and we have written about it extensively here.
ExchangeDefender 9 has been running with new infrastructure since August of 2017, new UI launched earlier in the Spring of 2018 and all the automation and functionality has been tested extensively.
To sum it up:
Brand new outbound network Brand new inbound network
All new infrastructure, network, switching and security workflows
Brand new user interface and user experience
Tons of new features
The best part of it all is that all the functionality that you already use is in the exact same place, behaving the exact same way, and yielding the exact same results. The magic is in everything around it – everything is faster, more accessible, more streamlined and has far more functionality and flexibility than before. Just as a minor example, the new user interface allows you to interact with ExchangeDefender the same way no matter whether you’re at your desktop or on your mobile phone – and you get the full feature set, not just limited mobile experience.
ExchangeDefender infrastructure is already running on the new code and has for months. This piece of our network is under constant maintenance and monitoring and we’re certain about it’s performance. You will not see any changes here.
On Saturday, July 28th, 2018 we will switch https://admin.exchangedefender.com to the new version of the UI/UX. Users will begin to see changes nearly immediately starting with 9AM EST. There may be a period of about an hour during which some users will experience the new UI and old UI – our support desk will be available via phone, chat, Facebook, twitter and support portal at https://support.ownwebnow.com the entire weekend to handle any issues that may come up. End users will also have a direct link to us to resolve any issues so if you’re one of our partners and don’t have a 24/7 support line – consider it covered.
On Sunday, July 29th, 2018 we will conduct a routine maintenance crash test – intentionally taking down random sections of our platform in order to determine resilience. This test will be conducted at random times during the day and we do not expect it to interfere with any operations.
New documention, marketing and collateral will become available the week of July 23rd but most of it is already available at www.exchangedefender.com right now.
Thank you for your business!