This guide describes how to manage device enrollment of end-user devices with Mimecast's Targeted Threat Protect.
Applies To:
- Administrators who are responsible for managing device enrollment on end-user devices.
- Administrators trying to understand whether to enable, disable, or revoke device enrollment.
Enabling / Disabling Device Enrollment
To enable Targeted Threat Protection device enrollment:
- Log in to the Mimecast Administration Console.
- Navigate to Account | Account Settings menu item.
- Expand the User Access and Permissions section.
- Select the Targeted Threat Protection Authentication option.
-
Set the Authentication Duration (Days) option to 1 and 365.
This controls the expiration date of the device's cookie, but as the cookie is renewed with each Targeted Threat Protection service interaction, the end user only enrolls once unless they don't access the service again before the cookie expires.
-
Click on the Save and Exit button.
If device enrollment is disabled, a warning message is displayed when the "Targeted Threat Protection Authentication" option is deselected, informing you of the risks to your security. Similarly, if Targeted Threat Protection - URL Protect's user awareness feature is enabled and Targeted Threat Protection authentication is disabled, a warning message is displayed informing you of the risks of not using authentication. We've provided an email template to inform users about how device enrollment affects them. See User Awareness & Device Enrollment Templates.
Using Device Enrollment with Microsoft 365
The device enrollment message from Mimecast to the end user may be rejected by Microsoft 365 with the error displayed. This error is caused by the message coming from the null address <>. Microsoft 365 rejects messages coming from null addresses.
To prevent this error:
- Log in to the Mimecast Administration Console.
- Navigate to Account | Account Settings.
- Open the System Notification Options section.
- Specify a default email address in the Notification Postmaster Address option. This is used to send system notifications and delivery reports to users.
Revoking a User's Devices
You can revoke a user's device, forcing them to enroll again. This is useful if a device is lost or stolen or a user leaves the company.
To revoke a user's devices:
- Log in to the Mimecast Administration Console.
- Navigate to the Users & Groups | Internal Directories menu item. A list of domains is displayed.
- Click on the required Domain. A list of users is displayed.
- Select the User whose device enrollment is to be revoked.
- Click on the Revoke Authentication button in the Targeted Threat Protection Authentication section.
- Click the Save and Exit button.
Enrolling Device
Please ensure that your browser allows third-party cookies. If you are experiencing re-enrollment issues, please try the following:
Google Chrome
Allow third-party cookies in Google Chrome
- Open Google Chrome.
- Navigate to Settings | Privacy and Security | Site settings.
- Go to Third-party cookies.
- Under Customized behaviors, in the Allowed to use third-party cookies section, select Add.
- Add the following entry and save it:
[*.]mimecastprotect.com
On-device site data in Google Chrome
- Open Google Chrome.
- Navigate to Settings | Privacy and Security | Site settings.
- Select On-device site data.
- Under Customized behaviors, add a record for Allowed to save data on your device by pressing the Add button.
- Add the following entry and save it:
[*.]mimecastprotect.com
Microsoft
Microsoft Edge
Check if "Clear on exit" is disabled
- Open Microsoft Edge.
- Navigate to Settings | Cookies and Site Permissions | Manage and Delete Cookies and Site Data.
- Check the Clear on exit setting to see if Mimecast cookies have been added (they should not have been added).
- Navigate to Settings | Privacy, search, and services | Choose what to clear every time you close the browser.
- Make sure the Cookies and other site data setting is disabled.
Microsoft Edge on iOS
- Open Microsoft Edge on your iOS device.
- Click on the three-dot menu icon in the bottom-right corner of the screen.
- Navigate to Settings | Privacy and Security.
- Select Cookies.
- Select Don't block cookies.
Safari
How to disable cross-site tracking prevention for iPhone & iPad
On your iOS device
- Navigate to Go to Settings | Safari.
- Under Privacy & Security, DISABLE the option called Prevent Cross-Site Tracking.
Disabling cross-site tracking prevention for Mac Operating Systems
In the Safari app on your Mac
- Open Safari
- Navigate to Preferences | Privacy.
- Uncheck the Prevent cross-site tracking option.
Firefox
- Open Firefox
- Navigate to Go to Settings | Privacy & Security.
- Under Cookies and Site Data click on Manage Exceptions.
- Add the following entry:
[*.]mimecastprotect.comand select Allow . - Click on Save Changes.
Troubleshooting Cookie Issues
If you experience issues with device enrollment, check the following:
- For device enrollment to work, cookies must be enabled in the end user's browser.
- Each device must be authenticated if a user accesses Targeted Threat Protect services on different devices.
- Users who change web browsers will be prompted to enroll in the new browser to generate a new cookie.
- Turning device enrollment on or off for a specific group of users or device types is impossible.
- Ensure the end user's browser is supported. See the Mimecast Customer Care - Browser Support Matrix page for full details.
- The end user's primary Mimecast address is being used to log in.
- Private browsing must be turned off. For iPhone users, see the Apple Support guide on how to disable Private Browsing mode here.
Comments
Please sign in to leave a comment.