This article contains information on configuring delegate mailboxes in Mimecast, including steps for manual setup, importing/exporting delegate access, removing delegate mailboxes, and considerations for accessing multiple email archives. For example:
- A user gets married and their email address changes when their name changes. Once a delegate mailbox has been configured, the end user will be able to search for all the messages associated with their new and old account.
- If using a generic address (e.g. info@domain.com) users can have this generic address added as a delegate mailbox. They are able to view emails that are not emailed for/to themselves.
Users can access delegated mailboxes from Mimecast's end-user applications. Delegate mailbox access doesn't include messages that have not been archived yet (e.g. accepted emails).
Prerequisites
You must have Full Administrator, or Super Administrator access to delegate permission to mailboxes. See the Understanding Administrator Roles or Roles - Administrator Role Permissions for more information.
Examples
When adding delegate mailboxes, the following terminology is used:
- Primary Address: This is the email address of the primary user who wants delegate access to another user's (the delegate's) mailbox, in addition to their own mailbox.
- Delegate Address: This is the email address of the user, whose mailbox the primary address the user will have delegate access to.
Delegate mailbox configuration will appear in the Mimecast Administration Console, as shown below:
This is then viewed in Mimecast end-user applications as below:
Excluded Messages
End users can change message sensitivity levels to email in Microsoft Outlook. If the sensitivity is changed from the normal status (i.e. to personal or private) and the message is submitted to Mimecast, the Sender Privacy Policy applies. This policy doesn't display in the Mimecast Administration Console, and is enabled by default for all messages. You can verify if this policy has been applied using the Email Receipt / Delivery View.
If this policy has been applied to a message, the following occurs:
- The message is not displayed in delegate mailboxes.
- The policy is not applied retrospectively. It only takes effect when the message is sent through Mimecast (or uploaded through journaling or ingestion).
- The message isn't replicated to Mimecast through mailbox folder replication.
- The message is still accessible to the original user in their mailbox archive search, and to administrators through the Mimecast Administration Console archive search, or eDiscovery Cases.
Manually Adding Delegate Mailboxes
Multiple delegate mailboxes can be added by repeating the steps listed below for individual addresses, or by following the instructions in Importing Delegate Mailbox Access.
When delegating access, perform the following on the mailbox that needs to view the delegated mailbox and add the "delegated mailbox" to this user's account.
You can add a delegate mailbox, by using the following steps:
- Log in to the Mimecast Administration Console.
- Navigate to Users & Groups | Internal Directories.
- Click on the Internal Domain of the primary address.
- Click on the Domain of the primary address. The domain's email addresses are listed.
- Click on the Email Address of the primary address. This displays the Address Settings.
- Click on Add Delegate Mailboxes, from the top toolbar. Any current delegates for the primary address are listed.
- Click on Add Delegate Mailbox, to select the delegate mailbox address.
- Click on Lookup, to the right of the "Delegate Mailbox" field.
- Type the Name or Email Address of the delegated address in the Search field.
- Click on Search.
- Select the Email Address from the list of results.
- Click on Save and Exit.
Importing Delegate Mailbox Access
You can import access settings for delegate mailboxes by using:
- The Mimecast Synchronization Engine. See Mimecast Synchronization Engine - Mailbox Permissions Sync.
- A formatted spreadsheet in .XLS format (see below).
If using a formatted spreadsheet, the file's layout is critical for data to import correctly. For guidelines on the spreadsheet import format, read Importing Users via a Spreadsheet.
In the example shown, two primary addresses (user1@company.com, user2@company.com) and three delegate addresses are defined. Two delegate addresses have been assigned to the same primary address (i.e. user2@company.com has two delegates of delegate2@company.com and delegate3@company.com).
The key points to note when creating the spreadsheet are:
- The spreadsheet must include two key fields for the correct configuration, namely "primaryaddress" and "delegateaddress".
- Both the primary address and delegate address must already exist in the internal domains of your account.
- You can configure multiple delegates to the same primary address. Each delegate must appear as a separate entry in the spreadsheet (as shown in the example above).
A primary address cannot be a delegate address to itself.
To perform the import, prepare the spreadsheet and associated data before starting the import process. The column headings listed below should be used:
| Column Heading | Title | Description | Example |
|---|---|---|---|
| primaryaddress | Email Address | This must be a valid email address, and must not contain spaces, surrounding quotes. etc. | user@company.com |
| delegateaddress | Name | A valid internal email address (formatted as above) for the delegate mail- box. If you wish to assign more than one delegate to the same primary address, create a separate line in the spreadsheet for each new delegate. | delegate1@company.com |
You can import import access settings for delegate mailboxes, by using the following steps:
- Log in to the Mimecast Administration Console.
- Navigate to Users & Groups | Internal Directories.
- Select the Internal Domain of the primary address.
The import can be performed for one primary domain at a time.
- Select Import Delegate Mailboxes button from the toolbar.
- Click on the Choose File button to select the required spreadsheet file.
- Click on the Preview Changes button on the toolbar to validate the entries in the Excel file. The results are displayed.
- If there are no errors, click on Accept Import to start the import process.
The import may take several minutes to complete, depending on the volume of data being imported. Once the import has completed, the delegate address will be added to the Delegate Mailbox listing for the primary address.
Exporting Delegated Mailboxes
A list of all the delegated mailboxes can be exported from the Mimecast Administration Console.
You can export the delegated mailboxes, by using the following steps
- Log in to the Mimecast Administration Console.
-
Navigate to Users & Groups| Internal Directories.
-
Click on View.
-
Select Delegate Mailbox Access.
-
Click on Export Data.
-
On the Column Section, check the checkbox to include in the export.
-
On the Format section, select the file format for the export.
-
On the Export section, select the delivery method for the file.
-
Click Export.
Manually Removing Delegate Mailboxes
You can remove a delegated mailbox, by using the following steps:
- Log in to the Mimecast Administration Console.
- Click on the Users & Groups | Internal Directories menu item.
- Select the Internal Domain.
- Select the User whose delegate mailboxes you want to remove.
- Click on the Add Delegate Mailbox button on the toolbar.
- Right click on the delegate mailbox to be removed.
- Click on the Delete Delegate Mailbox menu item from the popup menu.
It can take up to 24 hours for these changes to be reflected in the Mimecast end-user applications.
Log Files
Following a successful import, the delegate and primary account details can be viewed:
- Log in to the Mimecast Administration Console.
- Navigate to Account | Audit Logs.
This information is also sent via email notification to the super and full administrators.
Comments
How long should it take from when delegate access is removed to it being removed from the users Mimecast End User application?
When we added delegate access its added straightaway, but upon removing it has take way over 20mins to remove itself from the Mimecast EUA.
Would be much better if this was quicker.
Thank you for the comment! I have updated the article, to include a Note under “Manually Removing Delegate Mailboxes”, to assist you.
If you still have a question about how long this process takes, would you please post it into our Community? Not only will it be addressed by Cybersecurity peers, but the Mimecast team as well. Once you receive a solution, it can be bookmarked for easy retrieval.
If your issue is more urgent and/or you wish to open a new Support case, please do so here.”
FYI The link at the bottom for the article “Mimecast Personal Portal - Accessing a Delegated Mailbox” is returning a dead link “The page you were looking for doesn't exist”
Hi @Rob Betts
We sincerely appreciate your feedback. Please be informed that our team has updated the link accordingly. Thank you for bringing this to our attention.
Hi
It would be nice to know exactly what exact permissions are required to do this, I am trying to create a custom role that will contain the ability to manage delegates, this article just says use the "Full Administrator.
I've had a look and the options that I have tried haven't worked.
Thanks
Hi Justin
Thank you for your comment.
I recommend reviewing the following article for clarity on the permissions of each Administrator role.
I hope this response is helpful.
The importing delegate access section is vague - it refers to spreadsheet above but nothing there - if you use the link it goes to importing accounts (which is totally different arrangement). My question is simple - I am assuming that if a primary user has multiple delegates I just populate spreadsheet with the primary user duplicated down the sheet for each delegate - is that correct?
Hi Adam,
Thank you for your feedback. Kindly review step 3 below “Importing Delegate Mailbox Access”: “You can configure multiple delegates to the same primary address. Each delegate must appear as a separate entry in the spreadsheet (as shown in the example above).”
I hope this is helpful.
Please sign in to leave a comment.