CyberGraph 2.0 - Trusted Sites

This guide describes how you can include CyberGraph 2.0 banners in messages your email client receives by adding its trusted sites to your organization's security settings.

Adding Trusted Sites

If using Windows OS, It may be necessary to add the trusted sites below so that banners display in Outlook by default.

You can update your trusted sites, by using the following steps:

1. Open the Group Policy Management Editor.
2. Navigate to the User Configuration | Policies | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel | Security page.
3. Select the Site to Zone Assignment List.
4. Select the Enabled option.
5. Click on the Show button to edit the list. The zone values are:

•  
  •  
    •  
      1. Intranet.
      2. Trusted sites.
      3. Internet zone.
      4. Restricted sites

6. Add the following Trusted Site URLs (Zone Value 2):

•  
  •  
    •  
      • https://*.mimecastcybergraph.com
      • https://login-*.mimecast.com/ (This is required if you are using SSO).

7. Below the Security Page subcategory, enable the Site to Zone Assignment List template or Site to Zone Assignment List (user) template.
8. Click on the OK button.
9. Click on the Apply button.
10. Click on the OK button.
11. Open an email and see if the banner warnings now display as a test.

Alternative Method for Adding Trusted Sites

If your organization uses Microsoft InTune for Windows administration, the following procedure is suggested instead of the Group Policy Management method above.
See this Microsoft article.

These instructions presume the steps will be executed by an experienced Microsoft Windows administrator.

1. Access InTune from your Windows Administration Console or Microsoft Intune admin center:
2. Navigate to Devices | Windows | Configuration.
3. Select Windows Configuration and create a new profile (policy) for Windows 10 and later. For profile type select Settings Catalog.
4. Give it a name and description.
5. Then select add settings. On the right panel, select Administrative Templates, Windows Components and Internet Explorer, then Internet Control Panel and select Security Page (do not select Trusted Site Zones at this point).
6. Under the Security Page subcategory, select the Site to Zone Assignment List option.
7. At the point where your left panel reads: Internet Explorer/Internet Control Panel/Security, you will be given a zone information entry area. You need to provide a name and value.
8. For the name – use the URL https://*.mimecastcybergraph.com.
9. Use "2" as the value – this indicates Trusted Sites.
10. At this point, follow your normal procedures to save and apply the new policy to all your CyberGraph users.

11. Per GPE directions above, if you also plan to use CyberGraph SSO for end-user message reporting, repeat this process for the SSO URL indicated in the section above.

    If you already have an InTune-based policy for zone settings, you may alternatively modify the existing policy to add the above Mimecast CyberGraph site to the Trusted Site Zones.

12. Navigate to Windows Device Configuration:

    

13. Create New Policy:

    

14. Select the Administration Templates category for the newly named policy:

    

15. Once selected for Security Page and Trusted Sites to Zone assignment list, the boxes on the left should be completed per instructions – the name is our trusted site URL and the value is "2" for Trusted.