@stacksofplates said in Experience with NDR Solutions:

Why is Sally accessing this service from a non work computer at 3 am her time with a chinese IP address? Sure this request has the password but that doesn't sound valid.

Which means you can automatically perform additional validation with MFA, or straight up deny access.

There's a lot of options really. You can only allow access to certain systems and/or services via company devices enrolled in MDM, with up to date OS, encryption, and endpoint protection. You can verify endpoints and users with passwordless auth via Beyond Identity and in certain cases use additional MFA via Duo or whatever you want to set up.

Sally is trying to log in to her company email. She's authenticated via passwordless auth via Beyond Identity on her work computer. Her work computer passes the health check seamlessly through BYID and allows her to access her email. Maybe she's also prompted for MFA always, or maybe only if she's logging in outside her normal geographic area on her work computer. Maybe (e.g. email) access is denied totally if from a non-company device. Options...

@wrx7m said in Exchange 2016 - NDR:

@scottalanmiller said in Exchange 2016 - NDR:

@Natchos said in Exchange 2016 - NDR:

@JasGot Awesome, thanks for the input. I'll look into SPF.

SPF is considered a requirement these days. And DKIM is heavily recommended.

People are starting to come around. I have been using DKIM for a few years for all services sending email outside our org. With O365, SPF and DKIM are part of the setup.

Same with Zoho.