This article provides guidance on the configuration of Internal Domains and Subdomains. An Internal Domain is a domain that belongs to or is controlled by your organization. As part of the Mimecast account setup, at least one internal domain was added. The subdomain can be added along with other internal domains you own (e.g., for journaling).
You can register xxxx.onmicrosoft.com domains, but xxxx.mail.onmicrosoft.com domains must be added on your behalf by Mimecast.
To add an internal domain:
- Log on to the Mimecast Administration Console.
- Navigate to Directories | Internal Directories.
- Click Register New Domain. A domain registration wizard is displayed to guide you through verifying the domain's ownership. This requires you to follow the steps below:
Entering the Domain
The Enter Domain step is the first step in the wizard. It requires you to enter the internal domain name and get a verification code.
To enter a domain:
- Type the domain in the Domain Name field.
The domain must not be registered in your, or any other Mimecast customer's, account.
- Click Get Validation Code. A verification code is displayed in the second step of the wizard.
Adding a DNS Record
The Add DNS Record step is the second step in the wizard. It requires you to select the DNS record type, create a DNS record in the control panel for the domain's DNS zone, and verify it.
To add a DNS record:
- Select either:
-
-
-
Configure TXT.
See the Add TXT Records for Internal Domain Verification page for guidance on some of the most common domain registrars.
-
Configure TXT.
-
-
-
- Configure CNAME:
- Configure CNAME:
-
- Log on to your DNS domain registrar's website or portal.
- Create either:
-
-
- DNS TXT Record:
- Create a DNS TXT Record on your domain registrar in the domain's zone.
- Type @ into the Host field.
- Paste the verification code into the DNS TXT record.
- Save the changes.
- DNS CNAME Record:
- Create a DNS CNAME Record on your domain registrar in the domain's zone.
- Paste the verification code into the Host field.
- Point the host to validate-domain.mimecast.com.
- Save the changes.
- DNS TXT Record:
-
- Return to Step Two of the Register New Domain wizard in the Mimecast Administration Console.
- Click Validate.
Validated Domains
The Validated Domain step is the last step in the wizard. It requires you to select which inbound checks are used for the domain. It also provides advice on entering subdomains, should these be required.
To validate the domain:
- Select the Automatically Create Anti-Spoofing Policy for this Domain option.
This isn't compulsory but is recommended to prevent spoofing messages from the domain.
- Click Finish.
Validation Issues
Your DNS system must be up-to-date before the validation can be successful. Typically this is an instant process but can take up to two hours. Should your domain validation fail, wait a few minutes and try the validation again. You can click on the Go Back button to continue working in the Administration Console while you wait.
To retry domain verification:
- Log on to the Mimecast Administration Console.
- Navigate to Directories | Internal Directories.
- Click View | Pending Domains.
- Click Validate for the pending domain.
Pending domains have an expiry date of 30 days. If the expiry date passes, you'll need to restart the verification process.
To remove a pending domain verification:
- Right-click on the domain.
- Click Remove Register Domain.
Deleting a Domain
Only users with a Super Administrator role can remove a domain.
To delete a domain or subdomain:
- Log on to the Mimecast Administration Console.
- Navigate to Directories | Internal Directories.
- Right-click on the Domain you want to remove.
- Click Move to External.
If there are active policies specific to the domain you wish to remove or email for the domain in the Held queue, the domain can't be deleted until they're resolved. If there are active Administrator roles linked to the specific domain you are deleting, access is removed along with the domain. Moving a Domain to External will take between thirty minutes to three hours to propagate.
Adding an Internal Subdomain
Once an internal domain has been validated, you can add one or more subdomains. You don't have to register or validate subdomains.
To add one or more subdomains:
- Log on to the Mimecast Administration Console.
- Navigate to Directories | Internal Directories.
- Click Add Subdomain.
- Complete the dialog as shown below. If creating a journaling subdomain, enter the value in the Journaling column:
Field / Option Description Journaling Domain Name(s) Enter up to 100 subdomains, with each subdomain on a separate line. journal.<yourdomain>.com Inbound Checks Select the inbound checks to be performed on all external messages directed to the subdomain(s). Accept all Inbounds for this Domain Add Anti-Spoofing Policy If selected, Anti-Spoofing Policies are applied to all messages directed to the subdomains. This prevents them from being spoofed from outside sources. Unselected - Click Save and Exit.
Purging a User
If you need to completely remove a user's access to Mimecast, you will need to remove their Active Directory account and then purge the address from your Mimecast account once the next directory synchronization is complete.
Users who are no longer presented during synchronization can be automatically purged from Mimecast using the Deleted Users option in your Directory Integration. For full details, see the Directory Synchronization Maximum Synchronization Deletions and Deleted Users article.
Should you need to remove a user's access prior to the next directory synchronization:
- Log on to the Mimecast Administration Console.
- Navigate to Directories | Internal Directories.
- Select the Domain to which the user belongs.
- Right-click on the User.
- Click Purge Address.
- Click OK to confirm the purge.
Comments
Please sign in to leave a comment.