Following our review of Quantum WMS's current email infrastructure, we have identified significant security deficiencies in your existing Intermedia hosted Exchange setup.
We are recommending a migration to Microsoft 365 Business Premium with Mailprotector as a managed email security frontend. This solution is technically superior, more cost-effective, and fully satisfies your regulatory compliance requirements under FINRA Rule 4511 and SEC Rule 17a-4.
Before we finalize the migration plan, we need one item from Sheila (detailed at the end of this document).
Your email is currently hosted by Intermedia on their Exchange Server cluster. This is an important distinction: Intermedia is not running Microsoft's cloud. They run Exchange Server software in their own data center, the same software that runs on an on-premises server. This has major security implications.
Our DNS assessment revealed the following active security risks:
Because Intermedia runs Exchange Server — not Exchange Online — your infrastructure is subject to the same critical vulnerabilities that have affected on-premises Exchange servers globally:
| Vulnerability | Disclosed | Impact |
|---|---|---|
| ProxyLogon (CVE-2021-26855) | March 2021 | Full server compromise, mass-exploited worldwide |
| ProxyShell (CVE-2021-34473) | August 2021 | Remote code execution without authentication |
| ProxyNotShell (CVE-2022-41040) | October 2022 | Actively exploited before patch availability |
| OWASSRF (CVE-2022-41080) | December 2022 | Used in the Rackspace hosted Exchange breach |
Microsoft patches Exchange Online the same day vulnerabilities are disclosed. Intermedia patches their hosted clusters on their own schedule. The gap between disclosure and deployment is precisely when attacks occur.
A complete cloud-native productivity and security platform that replaces Intermedia entirely:
| Service | What It Provides |
|---|---|
| Exchange Online | Cloud email, Microsoft-managed, same-day security patching |
| Office Apps (Desktop) | Word, Excel, Outlook, PowerPoint on up to 5 devices per user |
| Microsoft Teams | Chat, video conferencing, file collaboration |
| OneDrive / SharePoint | 1 TB cloud file storage per user |
| Microsoft Purview | FINRA/SEC 17a-4 compliant email archiving (WORM storage) — included |
| Defender for Office 365 | Safe Links, Safe Attachments, advanced anti-phishing |
| Microsoft Entra ID P1 | Conditional Access, MFA enforcement, sign-in risk detection |
| Microsoft Intune | Mobile device and PC management |
Mailprotector sits in front of Exchange Online as an additional filtering layer: inbound spam and malware are blocked before mail reaches your inbox. ACG configures and monitors it; you do not need to manage it.
| Capability | Intermedia (Current) | M365 + Mailprotector |
|---|---|---|
| Exchange CVE Exposure | Yes — Server CVEs | No — Exchange Online |
| Same-Day Security Patching | No | Yes |
| Inbound Threat Filtering | Basic | Mailprotector + Defender |
| Safe Links / Safe Attachments | No | Yes |
| MFA Enforcement Policy | Manual, per-user | Conditional Access (Entra P1) |
| DMARC / DKIM / SPF | Not managed | ACG-configured |
| FINRA/SEC 17a-4 Archiving | Extra-cost add-on | Included (Purview) |
| Desktop Office Apps | No | Yes |
| Mobile Device Management | No | Yes (Intune) |
| Sign-In Risk Detection | No | Yes (Entra P1) |
You have indicated that your Broker/Dealer may require Intermedia for compliance purposes. We want to address this directly.
Please locate and provide the written policy from your Broker/Dealer that specifies your email and security compliance requirements.
We are looking for any document that defines which platforms are approved or required, specifies archiving or retention standards, or names Intermedia as a required provider.
Please have this document — or confirmation that no such document exists — ready for our meeting on Tuesday, May 27 at 2:00 PM.