ExchangeDefender has been SMB friendly – to a fault, but the era of terrible passwords and plain text passwords is finally over. Not a single piece of ExchangeDefender stores (or offers) user credentials in plain text anymore. We’ve made the transition exceptionally smooth as well, requiring no changes or IT intervention at all.
But we cannot encourage it enough. And over the next year you will see us introduce several features meant to help you lock down ExchangeDefender and use it to lock down your overall IT security strategy. We’re happy to introduce password age configuration that allows you to force users to reset their passwords automatically.
This setting can be accessed from the Domain Administrator > Policies > Features section of admin.exchangedefender.com
If you set the password expiration to 0 days you will turn this feature off entirely but we cannot discourage it more. The feature is there to help your users avoid having their accounts compromised.
If you implement some of these stronger security features we’ve also got you when it comes to minimizing account management – users can reset their password at any time if they have their PIN on them. So even if their mail server is down, having their PIN handy will let them reset the password without additional authentication. Forgot your pin? No problem, we can email you a reset link to a known email address.
As you can tell, ExchangeDefender will go the extra step of helping your users configure a strong password. It will also keep memory of recent passwords so that they can’t just rotate it back and forth between the same two passwords they use elsewhere.
As you’ve seen with mass password resets , access to advanced access logging , known trusted devices and IP restrictions , we are adding more, and more, of our enterprise features to the ExchangeDefender Pro product.
To hear about all these new security features in more detail please check out the webinar that covers our current security portfolio and how these features make sense.
ExchangeDefender IP and Device Restrictions
ExchangeDefender is continuing it’s march to becoming your central point of secure communications by bringing even more of our custom Enterprise features down to the SMB/MSP space. As of today, you will start seeing another section added to the Service Provider screen specifically to house our advanced security settings.
Restrict ExchangeDefender access to your IP range
All large organizations that depend on ExchangeDefender have static IP addresses and IP ranges assigned to them by the ISP. ExchangeDefender has the power to restrict access to your organization (all domain and user logins) and only allow access from your offices.
Add Trusted/Known Devices For Easier Access
People love the notion of security until that security gets in a way by prompting them. We only want our security infrastructure to get in a way of hackers and to slow down and annoy people that want to do us harm. Good news is, now you can add devices you know to known and trusted device list.
Doing so will minimize some of the additional checks and verification (such as 2FA/OTP one time password checks when you first log in from an unknown address). As an additional bonus, ExchangeDefender will start to deliver notifications and alerts whenever the system is accessed (successfully, meaning they know your password) from an unknown/untrusted device, giving you the first alert that there is a security issue to address.
As you’ve seen with mass password resets, access to advanced access logging, we are adding more, and more, of our enterprise features to the ExchangeDefender Pro product. To find out what else is on our road map, and how ExchangeDefender will evolve in 2019 to serve your other security needs, please tune into our webinar:
ExchangeDefender has always been a great friend to the SMB community where folks hate passwords and password complexity right until the moment their password gets compromised. Once that happens, it’s up to the MSP or poor IT guy to sit around and reset all the passwords in the organization.
As mentioned previously, a number of ExchangeDefender Enterprise features is being delivered to ExchangeDefender Pro so now you’ll have the ability to reset every single users password quickly.
Under the domain login you will now see a “Security Reset” link that will allow you to either randomly assign a strong password (smart) and send your users a reset link or pick the same password for all users (outright idiotic but “business requirements”).
If you are an MSP assisting a client during an outage and this is the first time you’re making your users aware of ExchangeDefender LiveArchive for business continuity, you can also print out the passwords and/or email them to your users in plain text. This is a horrible, terrible, idiotic, really bad idea that virtually guarantees you’re going to get hacked but we are here to serve and Howard is a really good friend so here it is:
Just a word of warning: If you select to send your users a new password in clear text, and show the roster with the plain text password on the next page, for whatever ungodly reason, please add a note to come back later and lock your users down. Most MSPs keep the same password for ExchangeDefender and Exchange, and these services also affect ExchangeDefender Encryption, LiveArchive, WebFileShare, Compliance Archive, eDiscovery, FailPOP, mobile, etc and leave you open for collateral damage. Unless you’re using 2FA/OTP, restricting IP address ranges, rotating passwords frequently, I can guarantee that your passwords will be compromised. Please, please, please don’t do this, we are only making it available as the feature of last resort.
As we add these advanced security controls into ExchangeDefender Pro (and some even for Essentials) we will be tightening the security of the platform around. To hear more about our plan for 2019, please sign up for the webinar on February 6th at noon EST. Click the banner below to reserve your seat.