Web Security - Testing Policies

Updated

This article describes how to test machine-level policies for the Mimecast Security Agent and is intended for use by administrators.

With the Mimecast Security Agent installed and running correctly, you can test that your configured machine-level policies correctly block or allow sites.
The following presumes you are using Mimecast Security Agent for Windows.

Machine Level Policies

Machine-level policy blocking occurs when:

  • The Mimecast Security Agent does not have an authenticated user logged in.
  • Configured policy definitions apply to Everyone.

You can test machine-level policies by using the following steps:

  1. Ensure you aren't logged into the Mimecast Security Agent.
  2. If blocking, confirm that a Mimecast block page is properly displayed by browsing to a domain where
    • The policy you're testing defines a block.
    • The policy you're testing applies to Everyone.
  3. Confirm otherwise normal functionality by navigating to a domain that should be allowed, ensuring that it's accessible and doesn't generate a block page.

Troubleshooting unexpected machine-level policy blocks

  • If a site you expect to be allowed is still blocked, review your Web Security Allow / Block policies to ensure there is no other policy with higher precedence (or equal specificity) that is blocking the request.

User Level Testing

User-level blocking occurs when:

  • The Mimecast Security Agent has an authenticated user logged in.
  • Configured policy definitions apply to Groups or Users.

You can test user-level blocking by using the following steps:

  1. Click on the Mimecast Security Agent Icon from the system tray.
  2. Click on the Log In button.
  3. Enter the Email Address of the user specified during the policy setup.
  4. Click on the Next button.

  5. Select BasicAd from the drop-down to enable authentication with the user's Active Directory credentials.

    Mimecast Security Agent login BasicAd

    BasicCloud is based on a user's Mimecast credentials.

    BasicAd is based on a user's local Active Directory credentials.

  6. Click on the Next button.
  7. Enter the User's Credentials.
  8. Click on the Log In button. Once authenticated, you're taken back to the Mimecast Security Agent home page.
  9. Confirm that the
  • Client ID displays the user's email.
    • Status is still Protected.
  1. Confirm that an entry for the associated user is displayed in the Mimecast Administration Console by navigating to Web Security | Protected Devices.

Troubleshooting user sign-in and access when testing

  • If sign-in to the Mimecast Security Agent fails, verify that the workstation can reach required authentication and Mimecast endpoints. As a test, you can:
  • Add https://*.mimecast.com and https://*.microsoftonline.com to Trusted sites in Internet Options.
  • Temporarily disable (for testing only) the following Internet Options settings:
    • Protected Mode for Internet, Local intranet, and Trusted sites zones.
    • Pop-up blocker.
    • Enhanced Protected Mode.
  • In Microsoft Edge, clear privacy data and ensure pop-ups are not being blocked while testing.
  • Shut down Windows (use Shut down, not Restart), then power on and retry the sign-in.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.