Exchange Emails Face Blocking

Microsoft have announced plans to throttle, and eventually block, emails sent from on-premises and hybrid Microsoft Exchange Servers that remain unpatched.

“Persistently vulnerable” servers will receive incrementally stricter controls, beginning with throttling (delayed delivery) up to and including a complete block beyond 90-days, preventing onward delivery to other Microsoft-based email accounts such as those in Microsoft 365/Exchange Online and Outlook.com.

The dramatic move puts yet another large question mark over organisations relying on on-premises Exchange server hardware. While Exchange 2003, 2007, and 2010 are now rare, Exchange 2016 still remains in surprisingly widespread use, and many copies of Exchange 2019 are not regularly patched against known vulnerabilities.

Extra controls will apply to servers that run on outdated or unsupported software or haven’t been patched against known security bugs – to help Exchange admins identify unpatched or unsupported on-premises Exchange servers, and allowing them a chance to upgrade or patch before they become security risks.

Recent times have seen a string of major vulnerabilities against Exchange server – including by the Chinese hacking group Hafnium.

Even in 2023, A simple Shodan search still shows thousands of Internet-exposed Exchange servers, with many still waiting to be secured against attacks targeting them with ProxyLogon and ProxyShell exploits, two of the most exploited vulnerabilities from 2021.

 

For cyber security advice and expertise, please contact our team today.


Introducing Device Management

If your staff’s company-issued devices are now everywhere, how can you keep track – and what are the benefits?

Device Management technology has really come into its own in the last few years, particularly as companies have embraced hybrid working during Covid. 

Maintaining a large digital estate of company devices far beyond the reach of your travel distance or office network sounds like a logistical headache – but it simply requires a shift in approach. Here’s why your organisation should consider rolling out device management:

 

The Basics

First and foremost, device management means protecting access to data and your hardware investment.

Tracking a device’s specifications and physical location remotely have long been a cornerstone of device management – but modern hardware-loss protections go a step further by adding the ability for IT admins to remotely lock or even wipe a device in the event of a suspected theft. On the best solutions, MDM software can also look out for suspicious warning signs like a mobile device being jailbroken – and conditionally deny access to company apps or data.

In 2022 that safeguarding can now apply across desktop, mobile and tablet devices – right across Windows, Mac, iOS, Android & ChromeOS. Now that staff work anywhere from their homes to airports, that lockdown ability is a powerful tool.

 

 

Stress-Free Maintenance

With modern device management it’s easier for your IT administrators to manage devices, apps and the updates that apply to them.

In the old days (well, the early 2000s), remote administration meant a device had to be domain controlled, connected via VPN or similar, or within physical travelling distance of the technician.

No longer. Modern device management means device profiles, Windows updates, access to company-approved apps, patches, firewall rules and more can all be created and pushed out centrally via content-distribution ‘over the air’. Device management means even the hardware specifications of company devices can be remotely managed, potentially saving thousands of hours of IT support hours.

 

The ‘Out-of-the-Box’ Experience

Don’t forget the users! Device Management isn’t just to make life easier for the IT admins, but also helps make sure the end-user gets a great experience.

With remote device onboarding, the preparation of new or re-issued devices can be done in advance, allowing the user a complete profile of settings and apps to launch right ‘out of the box’. That flexibility allows organisations to enroll staff that never visit a central hub to collect the device, supporting distributed organisations with personnel (potentially) all over the world.

If your MDM solution also supports single-sign-on, that sign in can be the user’s passport to the full ecosystem of company apps and IT resources, right from day 1.

 

For IT support and systems expertise, please contact our team today.