This article contains information on configuring, creating, changing, and deleting Browser Isolation policies in Mimecast, including prerequisites, policy settings, and steps to manage user and group-specific isolation rules. This is achieved through policies that allow you to create rules:
-
For the websites considered suspicious.
This only applies when a site is Uncategorized.
- Regulate what users can do (e.g., view in read-only mode).
Policies covered:
- Configuring browser isolation
- Creating a browser isolation policy
- Changing a browser isolation policy
- Deleting a browser isolation policy
Configuring Browser Isolation
Browser isolation works in conjunction with your Targeted Threat Protection - URL Protection and Web Security policies. To use the browser isolation functionality, you must have:
- Configured either:
- Targeted Threat Protection - URL Protect policy with the configuration below. For more information, see Configuring URL Protection Definitions.
| Field / Option | Value |
|---|---|
| Action | Block |
| Disable Browser Isolation | Disabled |
- Advanced Security Web Security policy with the configuration below. For more information, see Configuring an Advanced Security Policy.
| Field / Option | Value |
|---|---|
| Web Proxy | Enabled |
| Antivirus Scanning | Enabled |
| Browser Isolation | Enabled |
- Configured a Browser Isolation policy.
A default policy is added when the Browser Isolation Add-on is enabled on your account. This can be amended as required, or additional policies can be created. See below for full details.
Creating a Browser Isolation Policy
To create a Browser Isolation policy:
- Log in to the Mimecast Administration Console.
- Select the Policies | Browser Isolation menu item.
- Click on the Create New Policy button.
- Complete the Details dialog as follows:
| Field / Option | Description |
|---|---|
| Name | Provide a name to identify the policy (e.g. Finance Dept Spoofing). This is a mandatory field. |
| Description | Enter a description for the policy (e.g. "This policy protects members of the Finance Department from accessing spoofed websites.") |
- Click on the Next button.
- Configure the Settings dialog as required:
| Field / Option | Description |
|---|---|
| Enter Text | If enabled users can enter text into fields displayed on the website. |
| Paste Text In | If enabled users can paste text into browser fields from their device's clipboard. |
| Copy Text Out | If enabled users can copy text from the browser fields to their device's clipboard. |
- Click on the Next button.
- Complete the Applies To dialog as follows:
| Field / Option | Description |
|---|---|
| Location |
Click on the Select Location button to select one or more locations. This field is only displayed if you've Mimecast Web Security enabled on your account. See Web Security - Configuring Locations. |
| Groups | Click on the Select Groups button to select one or more Active Directory or local group. |
| Users | Click on the Select Users button to select one or more user. |
Click on the icon to remove a location, group, or user from the list.
- Click on the Next button. A summary of the policy is displayed
- Click on the Create Policy button.
Changing a Browser Isolation Policy
To change a Browser Isolation policy, including the default policy:
- Log in to the Mimecast Administration Console.
- Select the Policies | Browser Isolation menu item.
- Click on the Policy to be changed.
- Click on the Edit button.
- Change the policy as required.
- Click on the Save and Close button.
Deleting a Browser Isolation Policy
You cannot delete the default browser isolation policy.
To delete a Browser Isolation policy:
- Log in to the Mimecast Administration Console.
- Select the Policies | Browser Isolation menu item.
- Click on the Policy to be deleted.
- Click on the Delete button.
- Click on the Delete button in the confirmation dialog.
Comments
This page as well should change where it states “suspicious” as it's only engaged when a site is “uncategorized”. Stating suspicious is confusing when coming from the URL Protection definitions as “suspicious” means any of the actual categorized URLs are found.
(I made mention of the above on the Browser-Isolation-Overview page)
Unless I'm mistaken, or it could be part of the Advanced Security Web Security to which I don't currently subscribe to. If it is, it should be more clear on the use of suspicious, if it's just only uncategorized URLs.
Thank you for your feedback. We have reviewed the article and updated it.
Please sign in to leave a comment.