Secure Login Monitoring (Resolved) Investigating / Notice
12 days

We've extended the functionality of one of the ExchangeDefender functions as a thanks to one of our largest and oldest service providers - you can now password reset an entire org and email the users their new credentials. You can access this screen by logging in as the Service Provider and selecting your Accounts > Activities > Security Reset. 

Emailing of passwords around is a bad idea and a practice that's dated, so work is already underway to send the email via ExchangeDefender Encryption instead (but it being Monday morning we wanted to help quickly)

Update 05/23/2022 14:12 PM 20 days

Monday Morning Update (10AM EST):

It was a relatively quiet weekend at ExchangeDefender, we haven't received reports of any new issues and everyone that reported a problem has already had the issue addressed. We're very pleased with the rollout and thank our partners that have been instrumental in getting their clients onboard with OAuth and MFA to help lock things down.

The biggest issue in the rollout so far has been with users that have never logged into ExchangeDefender and don't know their passwords. Here is what you can do to help them:

1) If you'd rather handle it for them remember there is a Service Provider function in place that allows you to mass reset login credentials for everyone in the org. You can pick your own password for them all (for emergency use only, not recommended) or create a randomized one to send to whoever manages the location (See https://www.exchangedefender.com/docs/sp for documentation; under SP login click on Accounts > Actions > Security Reset)

2) For DIYers: point them to the documentation on how to reset their password https://www.exchangedefender.com/docs/oauth or just a link straight to the password reset https://login.exchangedefender.com/ssp/reset-password

3) For power users: Deploy SPAM Manager and MFA with an oAuth app:

Mac OS X: admin.exchangedefender.com 

https://admin.exchangedefender.com/apps/SpamManager/darwin/SpamManager.dmg

Windows: admin.exchangedefender.com 

https://admin.exchangedefender.com/apps/SpamManager/win32/SpamManager.exe

Thank you for helping us with a successful rollout that will keep our clients and their data more secure. 

Update 05/20/2022 18:25 PM 23 days

Issue Reported:

ExchangeDefender users with Domain Administrator privileges are having issues logging in or unable to escalate privileges from the avatar dropdown.

Bug fixed at 2 PM EST / 18:00 PM GMT

The problem has been resolved. As usual, reboot or restart your browser session, confirm the issue isn't with local browser cookies/sessions/saved passwords by attempting your action in Incognito mode or a different browser.

Update 05/19/2022 20:05 PM 24 days

Issue Reported:

When clicking on the "Click Here" link in the ExchangeDefender Quarantine Report, I get a "403 Forbidden":

Oops! An Error Occurred

The server returned a "403 Forbidden".

Something is broken. Please let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused.


Bug Fixed @ 4PM:

The bug that caused this issue has been fixed.

If you experience this problem after 4 PM EST / 2:00 GMT please first check if you can replicate the issue in incognito mode or with a different browser on your PC. 

Update 05/19/2022 19:07 PM 24 days

Issue Reported:

Domain Admin / Service Provider login doesn't work at https://admin.exchangedefender.com. It redirects me and gives me an error.

Bug fixed at 3PM EST:

When you go to https://admin.exchangedefender.com you will be presented with a User login screen. To login as the Service Provider or Domain Administrator please click on the "Domain / Service Provider" button. If you still try to type in a domain name or service provider ID in the user login form you will be presented with the error "Invalid email address. If you are an admin please click on "Domain / Service Provider" button.

Update 05/19/2022 19:02 PM 24 days

As of May 19, 2022 ExchangeDefender has completed implementation of OAuth authorization which will make logins and credential management more secure.

We will keep this post active to track any issues our clients experience. We don't anticipate many issues as the system has been running in production for over a year.

If you experience an issue, please first attempt to resolve it by opening your browser in an incognito mode and/or rebooting your device. Clear the cache. If the problem persists please open a ticket at https://support.exchangedefender.com with the following details:

1) Screenshot of the error

2) Login credentials

3) Any supporting info that may be relevant (is it an issue you get from SPAM report? attach .msg of it or provide the URL you clicked; browser errors? provide info from https://whoami.exchangedefender.com)