Directories - Cloud Password Reset Notification

This article contains information on securing compromised user accounts, including resetting passwords, disabling accounts, enabling Two-Step Authentication, and enforcing login IP restrictions in Mimecast.

Information for Administrators

If one of your users has contacted you after receiving a password reset notification and the change was not expected, you should assume that the user's account has been compromised. In this scenario, you should take action to protect the account as soon as possible. Mimecast offers a number of functions to help with this. Consider:

Resetting the User's Password Yourself

1. Log in to the Mimecast Administration Console
2. Navigate to the user settings page for the user (Users & Groups | Internal Directories | yourdomain.com | auser@yourdomain.com)
3. Set a new password. Consider using the force change at the logon setting so the user can change the password the next time they log in.
4. Select Save and Exit to apply the change.

Changing the password will revoke all active sessions for the user, effectively removing access from any unwanted malicious users. 

Disabling the User

1. Log in to the Mimecast Administration Console
2. Navigate to the user settings page for the user (Directories | Domains | yourdomain.com | auser@yourdomain.com)
3. Select the account disabled option.
4. Select Save and Exit to apply the change.

Enabling Two-Step Authentication

Two-Step Authentication adds an additional layer of protection to your users' Mimecast accounts by requiring a password and a one-time access code to log in. Learn more in the Two-Step Authentication Overview.

Enforcing Permitted Login IP Ranges

Mimecast offers granular options to secure all authentication attempts using the source IP address of the connecting user. When this feature is enabled, Mimecast only accepts authentication attempts from administrator-defined IP addresses. All other attempts are blocked.