Email Security - API - Policies Overview

This article provides an overview of the threat family Policies available for Email Security - API, including information on policy list and evaluation order, default policies, and an outline of creation, deletion, and updating policies.

Considerations

• Every threat family policy will have a default policy defined and accessible. It is not possible to delete the default policy; however, there will be no restrictions on its configuration, e.g., it could be configured not to process any traffic. The default configuration of this policy is defined in the individual policy requirements.

Below is the list of Threat Protection policies for Email Security - API:

• Malware Protection Policies
• Phishing Protection Policies
• Spam Protection Policies

URL Scanning configuration will apply to all URLs scanned for the defined user/groups, whether that is for malware or phishing detection.

• URL Protection: This defines the scanning level to identify URLs in messages that are delivered to the users and within scope.

Policy List and Evaluation Order Page

Policy Page

This page provides a view of all the policies created, along with columns providing key information, shown and listed below.

Policy Page Details

Column	Description
Policy Name	Configurable Name for the Policy.
Order	The order in which the policies will be applied (1,2,3 etc.).
Status	Whether the policy is Activated or not.
Target	Who the policy applies to: Sender / Recipient.
Sensitivity	Relaxed; Moderate (Recommended); Aggressive; Do Not Scan For Spam policies, this is the sensitivity level for spam protection to be used. For Phishing policies, this is the level controlling how strictly phishing attempts are detected. For URL Scanning Configuration, this is the sensitivity level for URL categorization when the engine handles potentially dangerous categories.
Action	Hold / Quarantine: These actions will be taken on the discovery of a threat. Messages moved into a folder not visible to user Monitor: This will evaluate the policy and record the result for A&R. Take no action. Search for threats but don't do anything None: This action will bypass the policy and will not record results or take an action. Scan but nothing more
Modified	The time and date the policy was last Modified/Edited.

Evaluation Order

Policies are ordered in descending order of evaluation. The policy at the top of the list (Numbered 1) will be evaluated first (if relevant), and so on. If a policy is set to ‘No Action’, then that will allow a bypass for the defined sender/recipient.

Policies can be ordered based on the priority of users to be protected, for example: 

1. Policy 1: Executives and other high-risk individuals. 
2. Policy 2: Additional Departments.
3. Policy 3: Default Policy.

In addition to there being a policy evaluation order configurable per threat family, there is also a Mimecast-defined hierarchy based on the risk of the family. The order for the new policies will be:

1. Malware
2. Phishing 
3. Spam

Default Policies

Each of the API-Based Email Security policy and configuration pages contains a default policy/configuration at the bottom of the list, which acts as a ‘catch-all’ policy in the event that a recipient is not included in any of the policies above this policy.

These default policies are created when an account is provisioned, and the configuration is dependent on the type of policy. Each policy will be scoped from everyone to everyone and provide a default level of protection. For more information, see the individual policies articles listed below.

In the policy list view, it is not possible to delete or re-order the default policy. It will always be pinned at the bottom of the policy list. The ‘Order’ of the policy will always be set to the (number of customer policies in the list +1 ), and it will be evaluated last.

The names of the default policies are as follows:

• Default Malware Policy
• Default Phishing Policy
• Default Spam Policy
• Default URL Scanning Configuration

Policy Creation, Update, and Deletion

Creating a Policy

1. Log in to the Mimecast Administration Console.

2. Navigate to Policies.

3. Select the appropriate Policy Type

4. Select the Create New Policy button.
5. Complete and make the appropriate selections from the Policy Details page.
6. Select Create Policy. 

Once a policy has been created, you can use the three-dot menu icon on the policy list page to :

• Edit: Edit the selected policy.

• Delete: Delete the selected policy.

• Duplicate: Duplicate the selected policy

Editing a Policy

To edit an existing policy:

1. Log in to the Mimecast Administration Console.

2. Navigate to Policies | Spam/Phishing/Malware Protection Policies.

3. Click the appropriate three-dot icon next to the policy and select Edit:

4. Make any required changes and click Save.

The Duplicate option can be selected to create a duplicate version of the selected policy.

The Edit Order option can be used to reorder the Policy List.

Deleting a Policy

To edit an existing policy:

1. Log in to the Mimecast Administration Console.

2. Navigate to Policies | Spam/Phishing/Malware Protection Policies.

3. Click the appropriate three-dot icon next to the policy and select Delete:

4. Confirm by clicking Delete.

You will see a confirmation that the policy has been successfully deleted: