Service Update
| Availability | From February 12th, 2024 |
| Product(s) | Email Security Cloud Gateway (CG), Targeted Threat Protection |
| Who's affected | Targeted Threat Protection, Administrators and Users. |
Overview
Mimecast is pleased to announce the domain change for Targeted Threat Protection links.
Currently, our Targeted Threat Protection links are the same as the Mimecast organizational domain. We are updating our Targeted Threat Protection links to the mimecastprotect.com domain to reduce confusion when searching for Mimecast online.
What's changing
New domains below for Email Security Cloud Gateway and Email Security Cloud Integrated:
New mimecastprotect.com domains for Email Security Cloud Gateway
- url.uk.m.mimecastprotect.com
- url.us.m.mimecastprotect.com
- url.usb.m.mimecastprotect.com
- url.za.m.mimecastprotect.com
- url.ca.m.mimecastprotect.com
- url.au.m.mimecastprotect.com
- url.de.m.mimecastprotect.com
- url.jer.m.mimecastprotect.com
New mimecastprotect.com domains for Email Security Cloud Integrated
- url.uk.a.mimecastprotect.com
- url.us.a.mimecastprotect.com
- url.usb.a.mimecastprotect.com
- url.za.a.mimecastprotect.com
- url.ca.a.mimecastprotect.com
- url.au.a.mimecastprotect.com
- url.de.a.mimecastprotect.com
- url.jer.a.mimecastprotect.com
Deployment Schedule
Please refer to the table below for the current release schedule of these changes based on customer account region.
| Date | Region (Grid) | Comments |
| February 12th, 2024 | Jersey (JER) | Completed Successfully |
| February 14th, 2024 | Canada (CA) | Completed Successfully |
| February 19th, 2024 | South Africa (ZA) | Completed Successfully |
| February 21st, 2024 | Australia (AU) | Completed Successfully |
| February 26th, 2024 | Germany (DE) | Completed Successfully |
| February 28th, 2024 | United Kingdom (UK) | Completed Successfully |
| March 4th, 2024 | United States (US-B) | Completed Successfully |
| March 6th, 2024 | United States (US-A) | Completed Successfully |
| March 18th, 2024 | Germany (DE) | Completed Successfully |
Recommended actions
Any integrations parsing messages for Mimecast-rewritten URLs or decoding Mimecast-rewritten URLs will need to be updated for both the old and new URL patterns. Relevant integration types include SOAR, XDR, and custom scripts using the Get Message Part or Decode URL API endpoints.
We have already made our Technology Alliance Partners aware of this change, where their integrations are performing parsing of these URLs.
You may also want to update any firewall, web filters, and link scanning services, such as Microsoft Safe Links and Proxies, to reflect and allow the new Mimecast TTP domain schema. To allow more time for customers to make these changes, we will complete a staggered rollout of these domains per regional grid. We will post an updated schedule, including a rollout plan for each regional grid.
Please alert your end users and/or administrators of this change and also note that they will be prompted to re-enroll their devices for TTP authentication as their browser hasn't stored cookies yet for the new domain.
Update February 27th, 2024
Optional Workaround (in case of Microsoft False Positives)
In the unlikely event that Microsoft AI Machine learning automatically detects Mimecast TTP re-written links as dangerous or malicious, customers are advised to contact Microsoft and report them for analysis as False Positive or consider Microsoft safe links.
The steps outlined below are specific to the Office 365 license you have:
- For customers using Office 365 Premium or E5 (including Defender)
- For customers using Office 365 Basic
Microsoft 365 Premium or E5 (including Defender)
This change is not permanent and, by default, will expire after 30 days. It can be removed sooner if required.
To apply the domain change for Targeted Threat Protection links, carry out the following:
- Log in to the Microsoft Defender Portal. https://security.microsoft.com/ (external link), this can be accessed by Microsoft 365 admin (security admin center).
- Navigate to Policies & Rules | Threat Policies | Safe Links.
- Click on the + Create button.
- The New Safe Links policy wizard opens.
- Provide a policy Name and suitable Description, and click Next.
- On the Users and Domains page that appears, identify the internal recipients to whom the policy applies. For example: Domains: All recipients in the specified accepted domains in your organization, then click Next.
- Click on the Manage URLs link below the text 'Do not rewrite the following URLs in email.'
- Click + Add URLs.
- Paste in the rewritten domain for your Mimecast account region. For example: url.au.m.mimecastprotect.com. (This example uses au for Australia; use your correct product and region-specific URL from the list above)
- Click Done to return to the URL & Click Protection Settings screen, and click Next.
- Click Next on the Notification screen.
- Click Submit.
Microsoft 365 Basic (Defender not included)
To apply the domain change for Targeted Threat Protection links, carry out the following:
- Navigate to the Actions & submissions section: https://security.microsoft.com/reportsubmission (external link), on the Microsoft Defender center (Security).
- Select the URLs tab on the Submissions page.
- Click the + Submit to Microsoft for analysis button, which opens a flyout panel to the right.
- On the Submit to Microsoft for analysis panel, select URL from the drop-down options under Select the submission type.
- Paste in the rewritten domain for your Mimecast account region. For example: url.au.m.mimecastprotect.com. (This example uses au for Australia; use your correct product and region-specific URL from the list above)
- Select one of the following reasons on Why are you submitting this URL to Microsoft.
7. Tick the box for Allow this URL and select Remove allow entry after (default will be 30 days)
8. Click Submit.
Quarantined email messages in EOP & Defender for Microsoft 365
During this change, we would advise customers to monitor the quarantine queues for the next 24 hours to ensure Microsoft correctly classifies emails.
Quarantined email messages (external link)
Once submitted, it can take a while for the policy to apply (it took around half an hour during testing, and the Microsoft KB states it can take up to 6 hours to apply).
Comments
Please sign in to leave a comment.