Email Security Setup Wizard - Account Setup (Jersey)

Updated

This article contains information on selecting and configuring mail infrastructures like Microsoft 365, Google Workspace, On-Premises, Hybrid, or others, including domain validation and delivery routing setup for Mimecast's Email Security Setup Wizard.
Before starting the onboarding process, ensure you have read and acted upon items in the Email Security Setup Wizard Checklist.

This article is relevant to the Jersey region only.

Credentials 

You can enter your credentials, by using the following steps:

  1. You will receive an email from customerreply@mimecast.com containing your username and temporary password.
  2. Click on the Get Started button.
  3. Enter the Username and Password provided to you. 
  4. Click Next.
  5. Complete the Password and Confirm Password fields with a password of your choosing.
  6. Click Set Password.

Emergency Contact 

Designate an Emergency Contact for your Mimecast account. They will only be contacted in account-related instances, E.g., Spam Outbreaks, and Mail loops. We advise that the Emergency Contact details are the same as your Mimecast account's main administrator. 

You can enter your emergency contact, by using the following steps:

Emergency Contact

  1. Enter the Name of the Emergency Contact.
  2. Enter the Emergency Contact's Email address.
  3. Enter the Emergency Contact's Mobile number.
  4. Click Next.

Mail Infrastructure

Administrators can use the dropdown menu item to select the suitable mail infrastructure. Supported infrastructures include Microsoft 365, On-Premises, Hybrid, Google Workspace, or None of the Above, such as Hosted Exchange, Exchange 2003, or Lotus Domino.

Microsoft 365

If Microsoft 365 is selected, this means that Microsoft hosts the email server for the domain. Outbound mail will only route to Mimecast from Microsoft 365.

You can configure settings for Microsoft 365, by using the following steps:

  1. Select Microsoft 365 in the Select your infrastructure drop-down and click Next to continue.

    Mail Infrastructure

  2. Enter the tenant domain, then click Update.

    Validate Domain
  3. You will get a TXT hostname and Target displayed.
  4. Enter the TXT entry in the Microsoft 365 portal.
  5. Once entered in the Microsoft 365 portal, click Validate.

  6. Once successfully validated, the status will show a Green tick next to the domain.

    TXT record
  7. Click Next to continue validating the domains.

Administrators must validate the Tenant Domain using the Microsoft 365 Administrator Portal. Please refer to the Validate your Microsoft 365 Tenant Domain KB article for more details.

Google Workspace

If Google Workspace is selected, this means that the organization is using Google Workspace.

You can configure settings for Google Workspace, by using the following steps:

  1. Select Google Workspace in the Select your infrastructure drop-down.
  2. Click Next to continue validating the domains.

On-Premises

If On-Premises is selected, this means that the organization is using an On-Premises exchange

You can configure settings for On-Premises, by using the following steps:

  1. Select On-Premises in the Select your infrastructure drop-down.
  2. Click Next to continue validating the domains.

Hybrid

If Hybrid is selected, this means that the organization is using a combination of On-Premises and hosted infrastructure. The administrator will select the hosting provider - Microsoft 365 or Google Workspace

You can configure settings for Hybrid, by using the following steps:

  1. Select Hybrid in the Select your infrastructure drop-down.
  2. Select either Microsoft 365 or Google Workspace from the Hosting Provider radio button options.
  3. Click Next to continue.  
  •  
    • If Microsoft 365 is selected: Mimecast will first request the Tenant Domain for Microsoft 365. 
      • Enter the tenant domain, then click Update.
      • You will get a TXT hostname and Target displayed.
      • Enter the TXT entry in the Microsoft 365 portal.
      • Once entered in the Microsoft 365 portal, click Validate.
      • Once successfully validated, the status will show a Green tick next to the domain.
      • Click Next to continue validating the domains.
    • If Google Workspace is selected: Click Next to continue validating the domains.
  • If the hosting provider for the domain is not listed, please contact Mimecast Professional Services by responding to the initial implementation email or by ringing your local Mimecast support number.
  • Administrators must validate the Tenant Domain using the Microsoft 365 Administrator Portal. Please refer to Validate your Microsoft 365 Tenant Domain for more details.

None of the Above

If None of the Above is selected, please contact Mimecast Professional Services to continue the onboarding via the Email Security Setup Wizard.

Validating Domains

Set up your Mimecast account using your internal domains. When migrating to a new email solution provider, verifying and adjusting the DNS TTL on the records that will change in advance is essential. Having the shortest TTL interval allows for a smooth cut-over or fall-back when encountering problems. We recommend having your TTL set to 600 seconds before changing the record. 

You can validate your domains, by using the following steps:

Validate Your Domain
  1. Depending on your DNS configuration, select either TXT or CNAME.
  2. Enter your domain.
  3. Click Update.
  4. Copy and paste the generated target into your DNS provider. For the required steps of common registrars, see the Add TXT Records for Internal Domain Verification article.
  5. Click Validate.
  6. Verification can take between 5 minutes and 72 hours. You do not need to keep the Email Security Setup Wizard application open for this duration. 

  7. To validate more domains, click Add Additional Domain. 

    Add Additional Domain-2-s.jpg
  8. Once all your domains are validated, click Next. 

Delivery Routing

Mimecast supports hybrid environments. As such, we can deliver emails for one or multiple domains to the following Exchanges:

  • Microsoft 365.
  • Google Workspace.
  • On-Premises.
  • Hybrid.

Microsoft 365

Bypassing Spam Checks

To ensure messages delivered from Mimecast to Microsoft 365 are not incorrectly identified as spam, resulting in delayed or failed email delivery, our service IP Ranges must be added to the allowed list in Microsoft 365's Connection Filtering Policy.

You can do this, by using the following steps:

  1. Log on to the Microsoft 365 Admin Center.
  2. Click on the Security menu item.
  3. Click on the Policies & Rules menu item.
  4. Select Threat Policies.
  5. Select Anti-spam.
  6. Select Connection Filter Policy.
  7. Click on Edit Description
  8. Give the filter a Description.
  9. Click on Edit connection filter policy.
  10. On the Always allow messages from the following IP addresses or address range, Add the Inbound Mimecast IP Ranges. See the Data Centers & URLs page for further details.
  11. Click on Save.

To configure a delivery route in the Email Security Setup Wizard

Mimecast delivery routes are configured to deliver all inbound messages to a specified hostname, which in this case, is the MX record for the Microsoft 365 account.

To deliver messages from Mimecast to your Microsoft 365 service, you must determine your hostname:

You can obtain your Hostname in Microsoft 365, by using the following steps:

  1. Log on to the Microsoft 365 Admin Center.
  2. Navigate to Settings | Domains.
  3. Select the Domain you want to configure inbound delivery for.
  4. Note the MX value. This will be your hostname used at the time of Delivery route validation.

You can configure a delivery route in the Email Security Setup Wizard, by using the following steps:

Delivery Routing Host or IP
  1. Enter the Hostname or IP of your environment in the Wizard.
  2. Specify a Port Number. Usually, this is port 25 (SMTP) unless there are other specific requirements. 
  3. Click Check.
  4. If the delivery route is invalid, verify that you have entered the correct information and that any firewalls are configured to allow traffic from Mimecast.

  5. If the delivery route is valid, click Next.

    Delivery Route Validated
  6. Select the next task to complete and click Next

Google Workspace

Bypassing Spam Checks

To ensure messages delivered from Mimecast Google Workspace aren't incorrectly identified as spam, resulting in delayed or failed email delivery, our service IP Ranges must be added to the allowed list in Microsoft 365's Connection Filtering Policy.

You can do this, by using the following steps:

  1. Log in to the Google Admin Console.
  2. Navigate to Apps | Google Workspace | Gmail.
  3. Select Spam, Phishing, and Malware.
  4. Select the pencil icon for the Email allowlist.
  5. Add the Mimecast Data Center IPs for your account region, separating the entries with commas. See the Mimecast Data Centers and URLs page for full details.
  6. Click on the Save button.
Connect Process Setting Up Your Inbound Email

Adding Mimecast IP Ranges to your Inbound Gateway

You can add Mimecast IP Ranges to your Inbound Gateway, by using the following steps:

  1. Navigate to Inbound Gateway.
  2. Click on the Configure button.
  •  
    • Enter Mimecast Gateway in the Short description.
    • Use the Add button to enter the Mimecast Data Center IPs for your account region. See the Mimecast Data Centers and URLs page for full details.
    • Ensure the Require TLS for Connections From the Email Gateways Listed Above option is selected.
    • The other two options should be left unchecked.
  1.   Click on the Add Setting button to save the change.
Connect Process Setting Up Your Inbound Email_1

Google Workspace will not sanitize input from IP ranges added to the Inbound Gateway settings. Check entries for leading and trailing spaces.

To configure a delivery route in the Email Security Setup Wizard

Mimecast delivery routes are configured to deliver all inbound messages to a specified hostname.

You can deliver messages from Mimecast to your configured Delivery Route, by using the following steps:

  1. Enter the Hostname or IP of your environment as "ASPMX.L.GOOGLE.COM"

Refer to these Google Workspace MX record values.

  1. Specify a Port number. Usually, this is port 25 (SMTP) unless there are other specific requirements. 
  2. Click Check.
  3. If the delivery route is invalid, verify that you have entered the correct information and that any firewalls are configured to allow traffic from Mimecast.
  4. If the delivery route is valid, click Next.
  5. Select the next task to complete and click Next

On-Premises

  1. Enter the Hostname or IP of your environment within Email Security Setup Wizard. This IP address/hostname must be accessible from the internet for us to use it as a delivery route.
  2. Specify a Port Number. Usually, this is port 25 (SMTP) unless there are other specific requirements. 
  3. Click Check.
  4. If the Delivery Route is invalid, verify that you have entered the correct information and that any firewalls are configured to allow traffic from Mimecast.
  5. If the delivery route is valid, click Next.
  6. Select the next task to complete and click Next

Hybrid

If Hybrid is selected, this means that the organization is using a combination of On-Premises and hosted infrastructure. The Email Security Setup Wizard allows you to configure only one delivery route. To configure the delivery route in the Wizard, follow the steps above based on your choice of infrastructure.

You can configure multiple delivery routes within Mimecast Administrator Console. This can be useful to have email flow spread across single or multiple destination email servers. Configure a Delivery Routing Definitions and Policy to specify the destination email server details.

Directory Integration

Integrate your directory so that Mimecast can learn about your users and groups. Various Directory Synchronization types are supported.

Configure Directory Integration

The directory information can later be used for account configuration and policy application. When configured now, the Wizard will offer enhanced protection by updating the Recipient Validation check of your validated domains to “Known Recipients Only”.

Depending on your selected next task, use the following relevant documentation: 

Account Setup Complete

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.