This article guides you on your account settings, including details like your archive retention period, licensed users, and purchased Mimecast services. Some settings can be configured by you, while others can only be changed by Mimecast Support during account setup.
Accessing Your Account Settings
To access your account settings:
- Log in to the Mimecast Administration Console.
- Navigate to Account | Account Settings menu item.
The Account Settings dialog is separated into groups of options using a collapsible/expandable menu. As you click on one of the menu items, it expands and collapses the current menu. The menu groups are:
- Account Settings: License and retention details regarding your Mimecast account. The menu is displayed by default.
- Directory Options: Determines if LDAP integration is enabled.
- User Access and Permissions: Configure global access for users and timeout for Administration Console sessions.
- System Notification Options: Specify certain notification addresses.
- Account Contact: Account contact details.
- Password Complexity and Expiration: Control password complexity, expiration, and account lockout for Mimecast Cloud passwords.
- Enhanced Logging: For use with APIs.
Account Settings
This section displays settings specific to your Mimecast account. They are grayed out, as they are configured when the account is initially created by Mimecast Support. The options are detailed below:
Additional fields/options are available if you've enabled Advanced Account Administration. See the Email Security Cloud Gateway - Administration Differences page for further details.
| Menu Group | Description |
|---|---|
| Account Name | The name of your Mimecast account. This is usually your organization's name. |
| Mimecast ID | The ID of your Mimecast account. This is to be used for interactions with Mimecast Service Delivery. |
| Account Code | A unique identifier for your Mimecast account. |
| Database Code | A reference for the database instances of your Mimecast account. |
| Account Status | Displays if the account is enabled or disabled. Accounts will only be disabled if your service has been terminated. Contact your Mimecast Account Manager if this is the case. |
| DNS Authorization Code | Use this code to verify permissions for sending through the Mimecast SPF IP addresses using a domain external to your account. To add verification, copy the text in the DNS Authorization Code and provide it to the external domain owner. The domain owner must enter this text into the external domain's DNS as a TXT record in the form: <DNS_AUTH_CODE>._mime.<EXTERNAL_DOMAIN>. 300 IN TXT "v=MIMEv1;" |
| Minimum Retention (Compliance Protect) | Enabling this option allows you to set a minimum retention value and ensures that the archive is compliant with industry rules. When you tick this box, the field Minimum Retention (Days) will appear. |
| Minimum Retention (Days) |
Specifies the minimum number of days messages will be retained in the archive. This setting can only be configured by "Sys Admin - SD Full" cluster admins. This field is only displayed if you enable the Minimum Retention (Compliance Protect) option. |
| Maximum Retention (Days) | Specifies the maximum number of days messages will be retained in the archive. This setting cannot be increased by administrators, but it can be reduced to retain specific messages. |
| Maximum Retention Validated | Specifies that the Maximum Retention (Days) value has been approved by a user with Super Administrator, Full Administrator, or Partner Administrator permissions. |
| Maximum Retention (Days) for Instant Message | Specifies the maximum number of days that instant message data is kept within the Mimecast Account. |
| Number of Users | Shows the number of licensed users within the selected Mimecast account. |
| Pause Inbound Deliveries |
Enabling this option allows you to globally halt Mimecast from sending emails to your mail server(s). You may need this if your mail server(s) is temporarily unable to accept emails due to an unplanned outage, software updates, geographical events, or server relocation. Emails are still accessible through Mimecast User Services while they are paused.
Should only a specific region undergo a geographical event or outage, it may be better to pause the specific Delivery Route to that location. When this field is disabled, Mimecast will connect with your mail server(s) and send through all messages that have been queued.
Messages will not be sent through in one complete block but will be slowly filtered through to the mail server so as not to cause excessive load. When using this option, ensure that you can monitor your delivery queues. |
| Warning Message After (Attempts) | This allows customers to modify their email delivery warning notifications. By default, these notifications are delivered to senders after 60 minutes or six retry attempts, whichever comes first. |
| Bounce Message After (Attempts) | This allows customers to modify their message bounce notifications. By default, these soft bounce notifications are delivered to senders after 96 hours (four days) or 30 retry attempts, whichever comes first. |
| Ingestion Partner | Specify if there's a certified ingestion partner to perform end-to-end migrations using the Mimecast Simply Migrate client via the Ingestion API. |
| Ingestion Size Limit (TB) | Specifies the maximum amount of data that the account can ingest in Terabytes (TB), e.g. 10 for 10 TB, 0.1 for 100 GB, 0.01 for 10 GB. |
| Awareness Training Modules |
Specify the number of awareness training modules allowed on the account. The maximum number is 65. This option is only available to Mimecast Support. |
| Awareness Training Custom Modules |
Specify the number of awareness training custom modules allowed on the account. The maximum number is 20. This option is only available to Mimecast Support. |
| Login Free Awareness Training | Specify if awareness training users can access modules without logging on. If enabled, the following functionality is unavailable:
This option is only available to Mimecast Support. See the Awareness Training - Configuring Unauthenticated (Login Free) Access page for full details. |
Directory Options
| Menu Group | Description |
|---|---|
| Automatically Link Aliases |
When enabled, on the next Directory Synchronization, the Mimecast Service automatically links the alias addresses in your directory to their primary addresses. This ensures that when end users log onto the Mimecast Personal Portal using their primary address, they can view all messages sent to their primary and alias addresses.
If enabled, directory-synchronized user accounts are automatically disabled when the user profile is disabled or removed from the network directory. If disabled, the user account must be disabled manually. |
| Clear All Aliases | Use this option to remove all alias links that have been set on the account in the past. This includes alias links that have been manually created next to those that have been created automatically via the "Automatically Link Aliases" option. |
User Access and Permissions
| Menu Group | Description |
|---|---|
| Administration Console Timeout | Specify a timeout period, after which users are automatically logged off if they've been inactive for that period. |
| Allow Weak Ciphers for Secure Receipt | If selected, the use of weak ciphers is allowed for Secure Receipt (i.e., when the Mimecast MTA receives a connection request from a remote server) during the TLS handshake. |
| Send BCC to Mail Server | When sending email via Mimecast for Outlook, Mimecast Personal Portal, or Mimecast Mobile, the platform automatically adds the sender's email address into the BCC field. This ensures a copy of the message is routed back to your local infrastructure. By default, this option is enabled. |
| SMTP Submission Override |
Allows the use of SMTP email submission through any mail-enabled application. This option can only be enabled by Mimecast Support. |
| POP Services Override | Ability to receive email via POP3 through any mail-enabled application. |
| Force Mimecast Personal Portal v3 |
Directs all users to use Mimecast Personal Portal v3. This setting is unavailable to customers running Closed Circuit Messaging (CCM). |
| Display Sender Avatar to External Users | If you use Directory Synchronization, Mimecast can retrieve images associated with the user's email address. With this option enabled, these images can be displayed as user avatars in Mimecast solutions (e.g., Secure Messaging). |
| Admin IP Ranges |
You can restrict logging into the Administration Console to specific IP addresses and/or ranges. Anyone attempting to log on with an IP address not stipulated here or outside the specified range is refused access. The IP ranges are respected when logging directly into the account. These restrictions are not applied to external administrators logging into the account from the Managed Service Provider (MSP) Portal. The IP range restriction added in this section applies to all Mimecast Web applications, such as the Personal Portal, which an Administrator logs into. This also affects the Mimecast Synchronization Engine Admin role. |
| Content Administrators Default View | Select the default view for all Administrators with content permissions. This setting excludes items viewed via the Attachments and Held Messages sections. By default, these sections are available to all administrators with access to these sections. The options are:
|
| Targeted Threat Protection Authentication | Sets a period after which a user's device must be reauthenticated if there has been no user interaction with Targeted Threat Protection - URL Protection. |
| Authentication Duration (Days) | This option only displays when "Targeted Threat Protection Authentication" has been enabled. Specify the number of days after which a user's device must be re-authenticated if there has been no Targeted Threat Protection - URL Protection activity. |
| Security Passphrase | This option provides additional security options to confirm a caller’s identity. Once details have been confirmed, Mimecast will update Administrators accordingly. |
Mimecast provides several ways to assign user permissions:
- Configured for the entire organization using an Application Settings definition. See the Email Security Cloud Gateway - Configuring Application Settings page for further details.
- Configured manually at the individual email level. See the Email Security Cloud Gateway - Administrator Role Permissions page for further details.
- Imported in bulk using a spreadsheet import. See the Email Security Cloud Gateway - Spreadsheet Import page for further details.
System Notification
| Menu Group | Description |
|---|---|
| SMS Attribute | Specifies the Active Directory or Mimecast attribute that identifies the mobile phone number of users. When sending an SMS to a user, we use the number associated with this attribute. |
| Notification Postmaster Address | Specifies the email address from which all user notifications are sent. A postmaster address is created by default in the internal domains and is selected by default. Whilst this address cannot be deleted, a different email address can be used by clicking the "Lookup" button. |
| Privileged Access Notifications | Specifies the email address to which all notifications are sent when an archive search is performed by an administrator. A different email address can be used by clicking the "Lookup" button. |
| Enforce Archive Search Reason | If selected, administrators are required to provide a search reason when performing an archive search. The search reason entered is mentioned on the Privileged Access Notifications, as well as in the appropriate search logs. |
| Send Notifications When Export Block is Complete | Enables automatic email notifications when exports are requested. |
Account Contact
The Account Contact details are used by Mimecast to alert administrators about Mimecast services. For this reason, these details must be kept up to date.
| Menu Group | Description |
|---|---|
| Contact Name | Your name. |
| Telephone | Your telephone number. The number must start with "+" followed by the country code and the number minus the first "0" (e.g., +4412345678901). |
| Emergency SMS Numbers | Your mobile (cell) phone number. The number must start with "+" followed by the country code and the SMS number minus the first "0". Multiple entries are allowed by comma separating them (e.g., +441734567890, +11734567895). |
| Email Address | Your primary email address. |
| CC Email Addresses | Alternate email addresses. Multiple email addresses can be added, separated by a comma (e.g.usera@domain.com, userb@domain.com). This ensures that notifications are communicated to a wider group. |
Password Complexity and Expiration
These settings apply to Mimecast user accounts and only affect cloud passwords, not Active Directory accounts and passwords. These settings also apply to external CCM users.
Password Complexity
The strength of a password is a function of length and complexity. Mimecast enforces a minimum length of 8 characters for added security of Mimecast Cloud passwords. The settings can be configured in any combination to ensure users' passwords are as secure as possible.
Mimecast cloud passwords cannot contain the forbidden words "Mimecast" or "password". See the Email Security Cloud Gateway - Password Complexity and Expiration page for more information.
Password Expiry and Lock
The account lockout setting cannot be disabled. The Administrator can configure custom settings, or the Mimecast default system settings will be applied (e.g., after five consecutive unsuccessful log-on attempts, the account is locked for 15 minutes.
Enhanced Logging
If you are using a SIEM, Splunk, or any other data analytics platform, you can enable additional logging of email transactions on your account. These logs are available using the Mimecast Data Logging API. For more information on this feature, please see these guides:
These additional settings do not impact the current Reporting features available in the Administration Console and are only available using API integration.
Comments
Please sign in to leave a comment.