Service Update
| Availability | February 24th, 2026 |
| Product(s) | Web Security, Browser Isolation |
| Who's affected | Web Security, Browser Isolation Administrators |
Overview
Mimecast is excited to announce how Browser Isolation interacts with Web Security policies. These changes affect specific use cases while maintaining full functionality for others.
What's changing
-
TTP Rewritten URL Clicks by End Users:
- When end users click TTP Rewritten URLs in emails, the following changes apply:
- For Email and Web Security customers: Web Security policies previously applied within the Browser Isolation session will no longer be enforced. Your configured Web Security policies will not filter or block content during these Browser Isolation sessions.
- When end users click TTP Rewritten URLs in emails, the following changes apply:
-
For Email-only customers: Browser Isolation sessions previously blocked the following categories by default. This default blocking will no longer occur:
- Anonymizers.
- Malware.
- Botnets.
- Spam.
- Phishing.
- Compromised.
- Hacking.
- Attacker Controlled Infrastructure.
- Potentially Malicious.
- Hate.
- Porn.
- Violence.
- Weapons.
- Sex Education.
- Tasteless.
- Nudity.
- Alcohol.
- Antivirus scanning: The Antivirus Scan capability provided by Web Proxy for unknown categorized traffic within Browser Isolation sessions will no longer be available.
-
Admin Click Logs in Cloud Gateway:
- When Administrators click URLs in the Mimecast Administration Console click logs, the following changes apply:
- For Email and Web Security customers: Web Security policies previously applied when Administrators clicked these URLs within Browser Isolation sessions will no longer be enforced.
- For Email-only customers: The same default category blocking list that applied to end user clicks will no longer apply when Administrators click URLs from the Mimecast Administration Console. This includes the categories listed above (Anonymizers, Malware, Botnets, and others).
- When Administrators click URLs in the Mimecast Administration Console click logs, the following changes apply:
- Antivirus scanning: The Antivirus Scan capability provided by Web Proxy for unknown categorized traffic within admin Browser Isolation sessions will no longer be available.
What's not changing
-
Web Security End User Access
- No changes are being made to standard Web Security functionality. When end users access websites through Web Security, all Web Security policies continue to apply within Browser Isolation sessions exactly as they do today.
-
Cloud Integrated Scenarios
- Both end users and Administrators using Email Security Cloud Integrated will see no changes. All existing functionality and policy enforcement remains in place.
-
Analysis and Response Centre
- Administrators accessing URLs through the Analysis and Response Centre will experience no changes. All existing functionality continues to work as expected.
Who's impacted
These changes specifically affect how Browser Isolation handles Targeted Threat Protection (TTP) rewritten URLs and Mimecast Administration Console click logs. If your organization relies on Web Security policies to filter content in these specific scenarios, you should review your security posture and consider alternative controls where needed.
Standard Web Security functionality remains unchanged, meaning your primary Web Filtering and Security Policies continue to protect users accessing websites through normal Web Security channels.
Recommended actions
Review your current configuration to determine if these changes affect your environment. If you have questions about how these changes impact your specific deployment, contact Mimecast Support for guidance tailored to your use case.
Comments
Please sign in to leave a comment.