This article contains information on setting up Mimecast Email Security Cloud Integrated, including prerequisites, protection modes, Microsoft 365 integration, threat scanning, and upgrading to Monitor or Protect modes for enhanced email security.
Considerations
- Mimecast Email Security Cloud Integrated cannot be utilized on Microsoft Trials versions due to Microsoft limitations on Connector utilization.
Prerequisites
Ensure you have checked the items listed below against your environment, and accounted for any potential disruption to your mail service that these may incur before proceeding further:
- Ensure you are a Microsoft 365 global administrator of your environment.
- Ensure you have configured SPF Includes for Cloud Integrated Outbound Delivery
- If you are upgrading to Monitor & Protect:
- Ensure your DMARC record is configured and published correctly to prevent mail delivery issues.
-
Ensure that your Third-Party Systems & Transport Rules have been set up correctly.
Before signing up for Mimecast Email Security Cloud Integrated, you should identify any Transport Rules that may be affected by implementing Mimecast in your environment.
- When configuring Monitor or Protect Mode in Mimecast Email Security Cloud Integrated, Mimecast transport rules get automatically installed in Exchange Online on the your Microsoft 365 tenant, and added to the top of the list, above any existing rules.
- It's important that you check the priority order of your transport rules after the install, so that those that need to be at the top (like rules for disclaimer management tools for example) get moved back up. Otherwise the Mimecast rules will cause issues and potential loss of mail.
- Ensure you have configured SPF Includes for Mimecast Email Security Cloud Integrated Outbound Delivery.
Cloud Integrated Outbound Delivery SPF Includes
To ensure a successful implementation of SPF with Mimecast, include a comprehensive list of our outbound IP addresses in your DNS SPF record. This is a long list (24 distinct IP4 ranges at the time of writing), and new ranges may be added without notice. You must administer this via your DNS provider. To determine your region, refer to the table below:
| Region | Record |
|---|---|
| United States of America | v=spf1 include:spf.us-1.a.mimecastprotect.com |
| United Kingdom | v=spf1 include:spf.uk-1.a.mimecastprotect.com |
| Germany | v=spf1 include:spf.de-1.a.mimecastprotect.com |
| Canada | v=spf1 include:spf.ca-1.a.mimecastprotect.com |
| Australia | v=spf1 include:spf.au-1.a.mimecastprotect.com |
| South Africa | v=spf1 include:spf.za-1.a.mimecastprotect.com |
Hard / Soft Fail Examples
| Simple Case | Relaxed configuration for customers who only send external mail for a given domain via Mimecast. | "v=spf1 include:spf.us-1.a.mimecastprotect.com ~all" |
| Strict Case | We strongly recommend testing with the relaxed syntax for customers wishing to implement a strict SPF reject for unmatched requests. | "v=spf1 include:spf.us-1.a.mimecastprotect.com –all" |
Signing Up (New Users)
STEP 1 - The Sign-Up Email
When signing up for the Mimecast Email Security Cloud Integrated service, you will receive an email with a link to Set Your Password.
After setting your password, you will continue to choose your desired protection mode and connect to your Microsoft 365 environment; for this, you must ensure you use a Global Administrator account to connect to your Microsoft 365 environment.
STEP 2 - Setting Your Password
When prompted, set your password for the account creation process, ensuring it meets the outlined criteria indicated on-screen.
STEP 3 - Granting Single Sign-On Application Consent
You will receive an email once you have entered your password, containing account details and a URL that you can click to log in to the Email Security Cloud Integrated console and begin your setup.
You will need to click Continue to Microsoft to grant access to Single Sign On before you can continue with the setup.
You will be redirected to Microsoft, where you will be presented with a list of permissions that need to be granted. Read the list of Permissions requested and click Accept.
A confirmation message will appear stating SSO consent has been granted. Click Continue to proceed to Step 4.
For additional information on Granting SSO Consent, see Application Consent for Single Sign-On Authentication.
STEP 4- Choosing Protection Mode
Every Mimecast Email Security Cloud Integrated installation performs a Threat Scan by default, and this begins when you create your account and connect Mimecast Email Security Cloud Integrated to your environment. You can choose from the following Protection modes:
|
Threat Scan Only (Recommended)
|
|
All customers should begin their trial with Threat Scan Only as the default recommended option.
|
|
Monitor
|
|
Customers should consider moving to Monitor mode only when comfortable with Threat Scan Only mode.
|
|
Protect
|
|
Customers should consider moving to Protect mode only when comfortable with Monitor mode.
|
Monitor or Protect modes allow administrators to use the Targeted To feature to apply these modes to specific users or groups. Leave as Everyone for domain-wide protection.
The Protection mode can also be updated anytime after setup. To complete each change, you must re-confirm and accept Microsoft user permissions.
Click Save & Continue to Microsoft to reconfirm permissions using your Microsoft login credentials.
STEP 5 - Connecting with Microsoft 365
You will be redirected to Microsoft to sign in to your Microsoft account using your Global Administrator account and grant consent for the permissions required for Mimecast to protect your environment effectively.
Mimecast will also be configured as a Trusted ARC Sealer in your Microsoft 365 environment to preserve SPF, DKIM, and DMARC message authentication results.
Mimecast will create a new internal domain within your Microsoft 365 tenant. This domain will be used by the “from mimecast” Connector, to secure the connection between Microsoft 365 and Mimecast, using Certificate Authentication. No email messages will be sent using this domain.
If you discontinue your Mimecast Email Security Cloud Integrated trial or service, you must manually remove Trusted Arc sealers. For more details on Trusted ARC sealers, please refer to Microsoft Trusted ARC Sealers.
STEP 6 - End Scan Progress Bar
The End Scan button allows administrators to end the Threat Scan early.
Once this option is selected, the Threat Scan report will be sent to the administrator and will only include information on the mailboxes scanned at that point.
- The administrator will receive the threat scan report once the end scan option is selected.
- The threat scan report will include information on all mailboxes scanned at the point of selecting this option.
- The threat scan cannot be restarted.
STEP 7 - Threat Scan & Threat Remediation
During your initial sign-up and implementation, Mimecast Email Security Cloud Integrated will perform a Threat Scan on all emails delivered to your environment in the last 30 days.
Once your initial Threat Scan has been completed, the results will be displayed in a notification bar, allowing you to either Remove or View Threats. You can also manually do this later by searching the Detections page for threat results. For full details, see the article Message Removal and Release.
To continue to remediate detected threats using the Threat Scan notification, click the Remove Threats button in the Threat Scan Complete notification bar on the Home page.
Alternatively, click the Review and Remove Threats button in the email notification sent to the administrator's email.
Confirm the action by clicking Remove.
STEP 8 - Threat Remediation Progress
After you confirm that you wish to remove any identified threats, Mimecast Email Security Cloud Integrated will display the progress on the Home screen.
This may take a few minutes to complete.
STEP 9 - Threat Remediation Complete
Once the threats have been remediated, you will receive a notification on the home page advising you of the results.
STEP 10 - Administrator Email Notifications
Administrators will also receive emails advising them of threat remediation results.
This completes your setup and initial threat scan walkthrough.
Upgrading to Monitor & Protect Modes
Deciding to Upgrade
During your trial period, you can upgrade to Monitor & Protect modes to try out new features and enhanced protection. Before doing so, familiarize yourself with this article's Prerequisites section.
- Ensure SPF records have the necessary includes.
- Ensure DMARC records are correctly published to avoid any mail delivery issues.
- Correctly identify any third-party systems that may be sensitive to the changing of mail transport rules.
STEP 1 - The Upgrade Banner
To Upgrade:
Click the Upgrade Now button in the Install Advanced Protection notification banner
STEP 2 - Install Advanced Protection (Warning)
Please read and confirm that you understand the changes to your environment outlined in the preceding pop-up dialogue box. Click Confirm when you are confident you can proceed.
STEP 3 - Choose your Protection Mode
You can choose from the following Protection Modes:
|
Monitor (Recommended)
|
|
Customers should consider moving to Monitor mode only when comfortable with Threat Scan Only mode.
|
|
Protect
|
|
Customers should consider moving to Protect mode only when comfortable with Monitor mode.
|
Monitor or Protect modes allow administrators to use the Targeted To feature to apply these modes to specific users or groups. Leave as Everyone for domain-wide protection.
Click Save & Continue to Microsoft to reconfirm permissions using your Microsoft login credentials.
STEP 4 - Confirm Microsoft Permissions
Accept the permissions request and sign in to your Microsoft account to authorize the upgrade and confirm that changes will be made in your environment.
STEP 5 - The Upgrade Begins
Once permissions have been reconfirmed, an automated process will be initiated, where Cloud Integrated configures the Azure Enterprise App and the necessary Mail Transport Rules and Send Connectors. You will then receive a Congratulations! The email configuration is complete, message and a button to link you back to the Home Page.
STEP 6 - Configuring Email Flow
The upgrade process requires making changes to your Microsoft 365 environment, which can take a few minutes to complete fully.
Mimecast Email Security Cloud Integrated will display a notification banner on the home page displaying the progress of configuring your email flow, Importing Users and Groups, and the currently selected Protection Mode.
This completes your upgrade to Monitor & Protect modes. You will notice that the Home page has additional widgets and features.
Managing Policies & Protection Modes
Every installation includes an out-of-the-box Default Policy. The configuration of this Default Policy will change depending on the capabilities of your subscribed Mimecast services. As you upgrade, additional functionality can be utilized to protect you better, and the Default Policy will change to reflect this increased functionality.
Target
You cannot configure Targets using the default policy; instead, you must create and configure a new policy that fits your needs.
To avoid any conflict of settings, user-created policies will take priority and override the Default policy wherever a conflict may arise.
You can configure Mimecast Email Security Cloud Integrated to only operate against specific Senders or Recipients, which can be useful for testing. You cab do this by using the following steps:
- Navigate to Policies | Email | Target
- Modify your custom policies Sender, Recipient, Exceptions, and Address Matched On fields as required.
- Click Save
Mode
Your Protection Mode can be managed easily within Mimecast Email Security Cloud Integrated, by using the following steps:
- Navigate to Policies | Email | Mode
- Choose between:
-
- Protect.
- Monitor.
- Disabled.
- Click Save
For full details on configuring Policies, see the article: Per Policy Detection Engines.
The Notification Area
The Notification area is located toward the top right of the screen; here, you can track the remainder of your trial period in days, view any unread notifications from Mimecast, access your account information, and sign out of the Mimecast Email Security Cloud Integrated platform.
- Product trial tracker.
- Unread Notifications are represented by a counter over the '?' symbol.
- The Account Settings/Profile menu and Logout.
Comments
Please sign in to leave a comment.