This article provides information on integrating Mimecast with Microsoft Defender for Office 365 to enhance Human Risk scoring by analyzing phishing behaviors, configuring the integration, required permissions, and navigating the Human Risk Command Center (HRCC).
Overview
To enhance the robustness of Human Risk scoring, Mimecast has integrated signals related to user interactions with phishing on devices.
The integration periodically reads email-related events, such as URL clicks and blocked delivery, from Microsoft via API. These are then forwarded to the Human Risk Platform, which associates each event with a user and updates the actual phishing behavior score and/or attack factor for that user as appropriate.
The integration is configured in the Integrations Hub.
- Historical events will not be pulled from Microsoft, only events from the point of integration onward.
- This integration can be accessed from the Human Risk Command Center, which is available to all Mimecast Email Security Cloud Gateway customers.
Prerequisites
- Mimecast Administrator account.
- Mimecast Human Risk Command Center (HRCC) access. The HRCC is included for customers with Engage and Email Security Gateway (CG).
-
Microsoft Licensing: This Human Risk Management (HRM) integration requires access to Threat Explorer, a feature of Microsoft Defender for Office Plan 2. This is included with the following licenses:
- Microsoft 365 A5/E5/F5/G5.
- Microsoft 365 E3 with Microsoft Defender for Office Plan 2 add-on.
-
Microsoft 365 Small Business Premium with Defender Suite add-on.
Please see the Microsoft Defender for Office 365 service description for more information.
Permissions
In order to add, edit, or delete the configuration, the user must have one of the following roles:
- Global Sys Admin.
- Sys Admin - SD Full.
- Super Administrator.
- Full Administrator.
- Basic Administrator.
- Partner Administrator.
- Custom Role with Integrations Marketplace (Read/Write permissions must be enabled).
Configuration
You can configure the integration with Microsoft Defender for Office 365, by using the following steps:
- Log in to the Mimecast Administration Console.
- Navigate to Integrations | Integrations Hub.
- Click Configure New on Microsoft Defender for Office 365.
- Enter the Application Name and Description, then click on Authorize:
-
The authorization flow starts, for Microsoft Defender for Office 365:
- Log in to your Microsoft account, when prompted.
- Accept the required permissions when prompted.
- A pop-up message is displayed, showing that the integration has been added successfully.
- Ensure that the Status reflects as Connected.
You can also click on the ellipsis "...", to View/Edit or Delete an integration.
- Navigate to Human Risk Command Center | Dashboard. The integration is successful and you should now be able to receive the data from Microsoft Defender for Office 365.
- Click View Details in the right-hand corner of the Actual Phishing, or other appropriate section for additional information on the Human Risk score.
You can also click on a user under Highest Risks, to see data for that user:
- Clicking on Actual Phishing displays the Individual Risk Profile for the user, where you can click on Events, and view Additional Details for a user action:
Comments
Please sign in to leave a comment.