This article contains information on configuring and managing Direct Message Injection (DMI) for Phishing Campaigns in Engage.
Overview
The integration of Engage with Mimecast's Direct Message Injection (DMI), for both Microsoft and Google email environments allows Phishing simulation emails to be delivered directly into users' inboxes via secure API connections, bypassing traditional email security controls. This provides a more seamless, realistic, and effective Phishing training experience for your end users, while giving you control and visibility over Campaign delivery.
Automated Error Handling and Logging provides robust logging for injection attempts, with campaign metrics updated in real time.
The mechanism is designed for large-scale deployments, supporting thousands of users simultaneously.
Considerations
- This feature is only available for Email Security Cloud Gateway customers.
Prerequisites
- Mimecast Engage subscription.
- You must have one of the following roles:
- Global Sys Admin.
- Sys Admin - SD Full.
- Super Administrator.
- Full Administrator.
- Basic Administrator.
- Partner Administrator.
- Custom Role with Integrations Marketplace (Read/Write permissions must be enabled).
- You are a Microsoft 365 or Google Administrator.
- You have successfully completed set up of the Direct Message Injection integration.
Enabling Direct Message Injection
The toggle in the Add Campaign fly-out will allow you to enable/disable DMI without severing the email provider integration on a per Campaign basis.
You can enable Direct Message Injection for a new Campaign, by using the following steps:
- Log in to Engage.
- Navigate to Phishing Training | Campaigns.
- Click on Add Campaign.
-
Toggle the Send Using Direct Message Injection field to On.
-
Fill in the other details for the Campaign as required:
- Name: Enter a name for the Campaign.
- Templates: Select a Phishing template
When DMI is enabled, the From Email field in the Phishing template editor becomes a text box, permitting full domain customization.
- Launch Date: Select a launch date for the Campaign.
- From Email: Enter the required From Email address.
- Display Name: Enter the Display Name.
- Campaign Tracking Duration (In Days): Enter the Campaign's tracking duration.
- Local Groups / Active Directory Groups: Select the Group(s) you wish to send the Campaign to.
- Click on Create.
- In the Campaigns screen, click on the Send Now icon next to the new Campaign, and Confirm to send when prompted.
Amending the status of Direct Message Injection
You can amend the status of Direct Message Injection for a Campaign by using the following steps:
You can only edit Campaigns that have not been launched yet, and show a status of Pending.
- Log in to Engage.
- Navigate to Phishing Training | Campaigns.
- Locate the Campaign for amendment, and click on the ellipsis "...", then Edit.
- Toggle the Send Using Direct Message Injection field to the required status.
- Click on Update.
Campaign Statistics
You can view Campaign Statistics, by using the following steps:
- Log in to Engage.
- Navigate to Phishing Training | Campaigns.
- Click on a Campaign to view Statistics for it.
-
The Status column shows Sent after launching a Campaign, and changes to Clicked when users click the link in the simulation email.
- There is robust logging for injection attempts, with Campaign metrics updated in real time.
- Failed injections (e.g. blocked mailboxes, invalid addresses) will be logged in Campaign metrics, supporting troubleshooting and auditing.
End User Experience
When DMI has been enabled for a Campaign, your end users see simulation emails as if they were delivered via normal channels, increasing training realism.
Comments
Please sign in to leave a comment.