This article contains information on Mimecast's User Awareness settings, including URL protection prompts, challenge frequency adjustments, monitoring via the URL Protect Dashboard, and customizing User Awareness messages and safety tips.
If User Awareness settings are enabled as part of a URL Protect Definition, users can be redirected to a page that provides information about the destination of the link they've clicked.
Here, the user can decide whether to proceed to the destination site or abort the request. What happens next depends on the following:
- The settings are configured in the URL Protect definition.
- Whether the URL is considered safe or harmful.
- What action the user chooses when presented with the user awareness prompts.
A URL Protect Dashboard is available in the administration console, which displays a graphical summary of all User Awareness activity. Here, you can monitor user awareness and take actions based on the data displayed. See the URL Protection Dashboard page for more information.
You can also customize the User Awareness Challenge messages to create a more personalized and interactive user experience. See the Configuring Custom Page Sets section below for further details.
User Awareness Check Frequency
The frequency that users are redirected to a user awareness prompt is controlled by the User Awareness Challenge Percentage setting in the Configuring URL Protection Definitions article. The default value is 5% but can be set to anywhere between 1% and 100%, with the percentage value controlling the number of times a user is shown a User Awareness Challenge message. For example, a value of 25% means the user is shown a challenge page every fourth URL click. If users choose incorrect responses to the prompts, the frequency at which the messages are shown will increase.
By default, User Awareness is a dynamic feature that becomes more or less frequent per-user basis as the user clicks more and more links. Incorrect responses to these prompts will increase the frequency at which the messages are shown to the user. Select the Disable User Awareness Dynamic Challenge Adjustment option to disable these dynamic challenge adjustments and keep to the chosen challenge percentage value.
If the dynamic setting is enabled, the expected behavior is as follows:
| User Action | Result |
|---|---|
| The user clicks Continue on an unsafe link from a user awareness page. | 25% is added to their personal challenge adjustment total. |
| The user clicks on a link blocked by URL Protection when no user awareness page is displayed. | 25% is added to their personal challenge adjustment total. |
| Automatically every Sunday | 5% is taken off each user's personal challenge adjustment total. |
| User clicks Exit on an unsafe link from a user awareness page. | 5% is removed from their personal challenge adjustment total. |
| User clicks Continue on a safe link from a user awareness page. | No change is made to the personal challenge adjustment total. |
| User clicks Exit on a safe link from a user awareness page. | No change is made to the personal challenge adjustment total. |
| User clicks on a link in a message that has expired in the Mimecast archive. | The user is not challenged on message links that have expired in the Mimecast archive. |
The challenge percentage value will not drop lower than the value set in the User Awareness Challenge Percentage field of a definition.
Customizing User Awareness Page Sets
You can create and manage sets of customized User Awareness messages and safety tips in the Mimecast Administration Console. The customized page set can then be activated in the User Awareness section of a URL Protect definition.
To configure and manage Custom Page Sets:
- Log in to the Mimecast Administration Console.
- Navigate to Email Security | URL Protect.
- Click User Awareness Page Sets. A list of any previously configured customized page sets will display, containing the following columns:
| Column | Description |
|---|---|
| Page Set Name | Displays the name given to a customized page set when it was configured. This is an internal reference only. |
| Custom Pages | If you have configured customized pages within a User Awareness Page Sets, a green tick will appear in this column. |
| Custom Tips | If you have configured any customized tips within a particular page set, a green tick will appear in this column. |
| Default Tips | If you have not configured any customized tips, a green tick will appear in this column, confirming default tips are active. |
- Click Create Page Set. A page will display listing the following User Awareness messages:
| New Page Set Titles | Function |
|---|---|
| Page Set Name | Enter a name in the New Page Set field to identify it when configuring the definition. This is an internal reference only. An alert will appear, and you will not be able to save the page set until a name has been entered in this field. An |
| User Challenge Page | This randomly selected page is used for training purposes and asks the user if they think a link is safe. The user can review the link information and click either the It's Safe or It's Harmful button. |
| Safe Link Identified Page | Confirms to the user that the link is safe after clicking the It's Safe button. The user can click on Continue to Page to visit the URL. |
| Safe Link Misidentified Page | Advises the user that even though they clicked on the It's Harmful button, the link is actually safe. The user can safely continue to the original web page by clicking the Continue to Page button. |
| Harmful Link Identified Page | Confirms to the user that the link is unsafe after correctly clicking the It's Harmful button. The link is blocked, and the user is prompted to close the page. |
| Harmful Link Misidentified Warning Page | The user is warned that the link is potentially harmful. The user can continue to the page by clicking the Accept Risk and Continue buttons. |
| Harmful Link Misidentified Block Page | Confirms to the user that the link they clicked on is unsafe. The link is blocked, and the user is prompted to close the page. |
- To customize the text of user challenge messages:
-
- Click on any of the page set titles to display a drop-down box.
- Enter your chosen text into the Title or Body Text fields.
- Preview your changes to the right of the page as you type, and make any adjustments as required.
To configure customized Safety Tips, click on the Safety Tips tab. A drop-down menu will display the following options:
| Safety Tips Options | Function | |||||
|---|---|---|---|---|---|---|
| Default tips | Select this option to use our default Safety Tips in User Awareness messages within a page set. You can preview each tip by clicking on anyone in the list. Select this option to add your customized tips. These will appear at random alongside the default tips in User Awareness messages. To do so:
|
|||||
| Default and custom tips |
Macros & Technology |
Password Requests |
Sender Checking |
Bulk Emails |
Links to Login Pages |
|
|
Panic Emails |
Money Requests |
Fake Links |
Unsolicited Requests |
Fake Identities |
||
|
||||||
| Custom tips | Select this option to configure your own customized tips. In this case, only customized tips will display in user awareness prompts. Follow steps 1-6 of the "Default and custom tips - Function" table section above. | |||||
Safety Tips will rotate at random throughout the different User Awareness Challenge messages. Users can click on the Previous or Next buttons within the Safety Tip message to view more tips.
- Click Save once you have finished customizing your page set.
Apply the customized page set to the Inbound - User Awareness settings of a URL Protect definition. See the Configuring URL Protection Definitions page for full details.
Comments
Please sign in to leave a comment.