Connect Application - Setting Up Your Outbound Email

Updated

Customers currently using the Connect Application are advised to complete their onboarding setup as soon as possible, as the Connect Application is scheduled to be discontinued on the 31st of January, 2024.

This article contains information on configuring recipient validation methods for email systems, including synchronization with network directories, Azure Active Directory, and importing users via spreadsheets, to ensure secure and authorized email communication.For us to accept your inbound email, recipient validation must be configured. This enables us to only accept messages from the email addresses you have authorized. To do this, we must have a complete list of all internal users.

Recipient validation can be completed by one of the following methods:

Method Applicable To Advantages Disadvantages
Synchronization with your Network Directory (e.g. LDAP)

This is the recommended method.
  • Microsoft 365
  • On Premises
  • Hybrid
  • A message destined to be delivered to a mailbox that is not present in your Exchange is rejected.
  • Can also be used to authenticate user access to Mimecast and their level of access.
  • It requires some configuration inside your Active Directory.
Mimecast Synchronization Engine: Active Directory
  • Microsoft 365
  • On Premises
  • Hybrid
  • Automatically synchronizes users, groups, and group membership.
  • Can be used to synchronize user status or user attributes.
  • Automatically links user alias addresses to their primary address.
  • Requires a separate installation on Mimecast Synchronization Engine.
  • Authentication using Active Directory/Domain passwords is not supported.
  • Authentication is made against the Active Directory server in real-time.
Enabling Azure Active Directory Synchronization for Microsoft 365
  • Microsoft 365
  • Automatically synchronizes with Windows Azure to add and manage all of your user, group, group membership and user attributes.
  • Passwords are not synchronized using this feature.
Automatically by email flow as users send emails through Mimecast
  • Microsoft 365
  • On Premises
  • Hybrid
  • Google Workspace
  • Does not require any configuration inside your environment.
  • Users are unable to authenticate without additional configuration.
  • It can take time to monitor outbound email and identify internal users.
  • Can result in rejected messages for internal users who rarely send emails.
Importing Users via a Spreadsheet
  • Microsoft 365
  • On Premises
  • Hybrid
  • Google Workspace
  • Can add multiple user accounts.
  • Sets user permissions, user attribute data, and alias associations.
  • The recommended method for importing users in bulk.
  • The list of validated recipients is only accurate at the time the import is performed.
  • Changes made in your Exchange (e.g., deleted users) are not automatically reflected in Mimecast.
Creating / Editing Mimecast Users
  • Microsoft 365
  • On Premises
  • Hybrid
  • Google Workspace
  • Have more control.
  • Recommended for adding single users.
  • Can be more time-consuming.

Microsoft 365

Microsoft 365 does not support Active Directory integration. User management is controlled manually through:

For environments that use a separate domain controller, Active Directory synchronization can be configured.

On Premises / Hosted Exchange (HEX)

To enable directory synchronization:

  1. Open the LDAP port on your firewall to the Mimecast Data Center IP ranges. By default, this will be:
      • Port 389 for LDAP.
      • Port 636 for LDAPS.
  1.  Ensure the correct routing has been setup from the firewall through to the selected domain controller. 
  2. Create a user account in the directory for Mimecast to use for authentication purposes. This enables the extraction of all valid email addresses, group structures, and any attributes that have been setup in Mimecast to be synchronized.

    See the User Account Requirements section below for further details.

  3. Review and complete the configuration steps outlined in the Directory Connections article for each connector.

See the Enabling LDAP Directory Synchronization for Active Directory page for further details.

Ensure the domain controller has a publicly routable IP address configured that Mimecast can access. If LDAPS is used, ensure that the certificate is registered to the Fully Qualified Domain Name (FQDN) of the server. This means that LDAPS will not work unless the certificate name is based on the FQDN of the server.

User Account Requirements

The user account created in point 3 above requires:

      • Permissions to read Active Directory users and attributes. By default, a member of the Domain Users group has these permissions.
      • A password that does not need to be changed at first logon and does not expire.

The user account created in point 3 above does not require:

      • Special permissions.
      • A local mailbox.

Google Workspace

In order for your users to send and receive emails, they must be added to your Mimecast account. This can best be achieved by Recipient Validation which ensures a Mimecast user record is created when an outbound message is sent.

You can also:

      • Import users via a spreadsheet. This is recommended when importing users in bulk. See Importing Users via a Spreadsheet for further details.
      • Add users manually. See Creating / Editing Mimecast Users for further details.

        Include a cloud password for the above two methods if you want to allow users access to Mimecast end-user applications.

Related to

Was this article helpful?
0 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.