Administrator Console Dashboard. 4
Directory Connectors, Journal Connectors, and Exchange Service 5
Accessing Your Recent History 6
Adding / Removing a Dialog to / from Your Favorites 7
To access your list of favorites: 8
Accessing with Gateway Policy Editor 8
Listing Configured Policies 10
Accessing a Policy Type's Definitions 10
Gateway Policies and Definition. 13
URL Protection Policies best practices. 21
Attachment Protection Definitions 22
Impersonation Protection Definitions 23
Managing Administrator Roles 27
To remove a user from a role: 31
Tracking and Tracing Email Delivery 34
Login to mimecast
- From any browser Go to https://www.mimecast.com/login/
- Select Administration Console
- Enter you administrator email
- Click Next
- Enter your password.
- Select Cloud
- Click Login
Administrator Console Dashboard.
The Administration Console dashboard gives you a birds eye view of your Mimecast system and services. It is displayed by default when you log in to the Administration Console.
Administrator | Account | Dashboard menu item.
Notification Feed
The Notification Feed displays notifications sent by Mimecast to you about your account. The notifications are displayed in a list with the latest at the top.
Notification Filter You can filter the notification feed by one of the filter types listed below. The current filter is displayed above the notification feed.
On the top Left corner Filter by either:
- Product
- Service
- All news
Additionally, service notifications have a color coded title and icon to help you identify their severity:
Email Queues
The Email Queues are a graphical display of the volume of your incoming and outgoing messages over the last 48 hours. Each display allows you to interact with it in the following ways:
- Hover over a graph's data point to display the number of the emails per category at a given point in time.
- Click the See More link in the top right hand corner to navigate directly to the Monitoring | Delivery dialog.
- Click the icon in the top right corner of the graph to display a popup menu that allows you to:
- Print the graph.
- Download the graph to a .PNG, .JPEG. .PDF, or .SVG file.
Directory Connectors, Journal Connectors, and Exchange Service
The Directory Connectors, Journal Connectors, and Exchange Services sections each display a color coded status as follows:
- Green = Status is good.
- Amber = There is a partial disruption.
- Red = There is an issue.
Activity Over 24 Hours
The Activity Over 24 Hours section displays the total number of messages in each of the categories displayed below over the previous 24 hour period.
Accessing Other Dashboards
- Click the icon in the top left hand corner of the Administration Dashboard. A pop menu is displayed.
- Select either the:
- Attachment Protect menu item to display the Targeted Threat Protection - Attachment Protect dashboard.
- URL Protect menu item to display the Targeted Threat Protection - URL Protect dashboard.
Accessing Your Recent History
The Administration Console keeps a record of the last ten dialogs you've visited. These are maintained even between your Administration Console sessions.
- To access your Administration Console dialog history:
- Click on the toolbar icon. A list of the last ten dialogs you opened is displayed.
- Select a dialog from the list. The dialog is opened.
If you wish, you can delete the record of our recently visited dialogs, leaving the Favorites icon list empty.
To clear your Administration Console dialog history:
- Click on the toolbar icon.
- Click the Clear link in the top right hand corner. The list is reset.
Managing Your Favorites
You can mark up to ten administration console dialogs as favorites. This allows you to quickly access a function from a toolbar icon, without having to navigate through the menus.
Adding / Removing a Dialog to / from Your Favorites
To add / remove a favorite from the menu item list:
- Click Administration toolbar menu item.
- Click star icon after the menu item name. This has one of the following states:
To access your list of favorites:
- Click on the toolbar icon. Your list of favorite dialogs is displayed.
- Select a dialog from the list. The dialog is opened.
Accessing with Gateway Policy Editor
To access the Gateway Policy Editor:
- Go to Administration | Gateway | Policies
Your available policy types are listed, with any that have policies configured displayed in bold. The list displays the following information:
Column | Description |
Definitions | Displays the number of configured definitions. If no definitions are required for a policy (e.g. an Anti-Spoofing policy) the column displays "N/A". You can display any configured definitions, or create a new one, by clicking on the Definitions button. |
Definitions | Indicates whether a Definition is required for the policy type. If "N/A" is displayed, no definition is required. If a number is displayed, that number of definitions have been configured. |
Description | Displays a description of the policy's purpose. |
Policies | Displays the number of configured policies. |
Policy Name | Displays the policy name. |
Tell Me More | Click on this button to access the Knowledge Base page for the relevant policy. |
Listing Configured Policies
To either display a list of configured policies for a policy type, or to create a new policy:
- Click on a Policy Type. The list of policies is displayed.
The icons displayed under the Policy and Narrative columns indicate the status of configured policies as follows:
- The policy is unidirectional and applies one way, either to inbound or outbound mail.
- The policy is bidirectional and applies to both inbound, and outbound mail.
- The policy is disabled and inactive.
- The policy is enabled and active.
Accessing a Policy Type's Definitions
wo buttons are displayed at the top of the Gateway Policy Editor:
- The Definitions button displays a list of definitions. Click on one to navigate directly to that definition's listing. The resulting page is the same as navigating to the specific policy type and clicking on the Definitions button.
- The Consolidated Policy Viewer button displays a list of all configured definitions for each policy type.
Targeted Threat Protection
Targeted Threat Protection includes
- URL Protection
- Attachment Protection
- Impersonation Protection
- Internal Email Protect
URL Protection
URL Protection provides:
- Your organization with protection from users clicking on malicious URLs, for every click and any user device.
- Both third-party and Mimecast proprietary threat intelligence.
- Rewriting of all URLs and real-time scanning on every click within incoming and archived emails.
- Dynamic user communication to helps improve your user's awareness of potential treats.
Attachment Protection
Attachment Protection provides:
- Multi anti-virus engine checks on initial email delivery to protect against known malware.
- Safely transcribed attachments are delivered immediately, maintaining employee productivity.
- Sandboxing of file attachments before being delivered, to protect against unknown malware.
- Protection from malware in attachments is provided both on and off the enterprise network.
Impersonation Protection
Impersonation Protection provides:
- Protection against malware less email attacks seeking to impersonate trusted senders.
- Real time scanning of all inbound emails to detect header anomalies, domain similarity, sender spoofing, and suspect email body content.
- Clear marking of suspicious delivered emails, in order to alert users.
- Centralized policy management and reporting, to assist in the early detection of attack campaigns.
Internal Email Protect
Internal Email Protect provides:
- A method to conduct additional security checks on journaled and outbound email traffic.
- A way of of alerting and / or remedying threats or suspicious traffic found in your email environment.
- The ability to:
- Send attachments in messages to the sandbox.
- Identify key message data.
- Remove malicious attachments.
- Remove a message.
Gateway Policies and Definition.
URL Protection
URL Protection Definitions
To configure a URL Protection definition:
- Log on to the Administration Console.
- Click on the Administration toolbar button. A menu drop down is displayed.
- Click on the Gateway | Policies menu item.
- Click on the Definitions button.
- Select URL Protection from the drop down menu. Any existing definitions are listed.
- Either click on the:
- New Definition button to create a definition.
- Definition to be changed.
- In the Definition Narrative field, provide a description of the definition. This is kept in the archive for messages that have this definition applied.
Field/ Option | Best Practise | Comments |
Enable Inbound / Outbound / Journal Checks | Selected | If selected, the fields / options listed below are displayed. When setting up inbound checks, use a policy with the correct routing to activate this definition. |
Rewrite Mode | Moderate | Aggressive: Rewrites anything that looks like a URL or contains similar formatting (e.g. http://, www., or .co.uk) Moderate: Rewrites strings that contain a valid URL or path (e.g. www.domain.com). Relaxed: Rewrites only URLs that contain valid URLs and Top Level Domain (e.g. http//:www.domain.co.uk). |
URL Category Scanning | Moderate | Aggressive: Checks anything that looks like a URL, or contains similar formatting (e.g. http://, www., or .co.uk). Moderate: Checks only when the URL contains a valid URL or path (e.g. www.domain.com). Relaxed: Checks only URLs that contain a valid scheme (i.e. http:// or https://). |
Action | Block | Specify the action taken when an unsafe URL is detected either in a message or attachment. All clicks are logged. Allow- Users can access the link.
Warn - A warning page is displayed, but users are able to continue to the original destination.
Block - A block page is displayed. Users are prevented from accessing the URL.
|
Message Subject Protection | Rewrite URLs | None: URLs in the message subject are ignored. URLs will not be scanned if clicked. Remove URLs: URLs are removed from the message's subject. Rewrite URLs: URLs in the message's subject are rewritten, so they are scanned |
Create Missing HTML Body | Selected | Specifies whether inbound plain text emails are re-formatted as HTML. Doing so allows URLs to be rewritten |
Force Secure Connection | Selected | This ensures all URL are rewritten with a "HTTPS://" prefix. |
Set to Default | Specifies this as the default definition. Any previously rewritten links that do not have a valid policy will use this definition. This option can only be set on one definition. | |
Ignore Signed Messages | If enabled, URL Protect is not applied to digitally signed messages. This ensures the message's signature remains intact but means the URLs are not rewritten. | |
Display URL Destination Domain | If enabled, the URL's destination domain is displayed at the end of the rewritten link. For example: | |
Strip External Source Mode | If set to "Aggressive", all external components are removed from the message. This includes CSS, SVG files, font-types, and HTML tags (e.g. <embed>, <iframe>, <frame>, <object>). | |
Rewrite URLs Found in Attachments | Each of these options looks for file attachments in the message of the same file type, and rewrites any URLs found in them. | |
Enable User Awareness | Check the Enable User Awareness box to display the additional fields below:
| |
Gateway Action
| Select the action (or fallback action) to take if a message containing an unsafe URL is detected. A fallback action is only applied if we are unable to check a URL.
| |
User Mailbox Action | Select the action (or fallback action) to take if a message containing an unsafe URL is detected. A fallback action is only applied if we are unable to check a URL.
| |
Enable Notifications | Check the Enable Notifications box to display the additional fields below: Notification Group : Use the Lookup button to select a group of users to be notified when a user clicks on an unsafe URL. Notification URL Format (Inbound Only):Controls the format of the rewritten URL notification sent to the group of users specified in the "Notification Group" option. The options are: Safe URL: URLs are scanned, and blocked if considered unsafe. Safe URL with Preview: URLs are displayed in a web page showing the original link. Internal Sender (Outbound and Journal Only):If selected, a notification is sent to the message's internal sender if there is an unsafe URL. Internal Recipient (Journal Only): If selected, a notification is sent to the message's internal recipient if there is an unsafe URL. |
URL Protect Best Practice
URL Protection Policies
- Log on to the Administration Console.
- Click on the Administration menu item. A menu drop down is displayed.
- Click on the Gateway | Policies menu item.
- Click on URL Protection. A list of policies is displayed.
- Either select the:
- Policy to be changed.
- New Policy button to create a policy.
- Complete the Options section as required:
Field/Option | Description |
Policy Narrative | Provide a description of the policy to allow you to easily identify it in the future. |
Select Option | Select a URL Protection definition from the drop down list. |
Addresses Based On | Specify the email address characteristics the policy is based on, available only in the "Emails From" section. The options are: The Return Address (Mail Envelope From):This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission). The Message From Address (Message Header From):Applies the policy based on the masked address used in the message's header. Both:Applies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match, the specified value the Message Header From will be used. |
Applies From / To | Specify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
|
Enable / Disable | Use this to enable (default) or disable a policy. Disabling the policy allows you to prevent it from being applied without having to delete or backdate it. Should the policy's configured date range be reached, then it is automatically disabled. |
Set Policy as Perpetual | Specifies that the policy's start and end dates are set to "Eternal", meaning the policy never expires. |
Date Range | Specify a start and end date for the policy. This automatically deselects the "Eternal" option. |
Policy Override | Select this to override the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type have also been configured with an override. |
Bi-Directional | If selected, the policy also applies when the policy's recipient is the sender and the sender is the recipient. |
Source IP Ranges (n.n.n.n/x) | Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation. |
URL Protection Policies best practices.
Attachment Protection
Attachment Protection Definitions
To configure an Attachment Protection policy:
To configure an attachment protection definition:
- Log in to the Administration Console.
- Click on the Administration toolbar button. A menu drop down is displayed.
- Click on the Gateway | Policies menu item.
- Hover over the Definitions button.
- Select Attachment Protection from the drop down menu. Any existing definitions are listed.
- Either click the:
- New Definition button to create a definition.
- Definition to be changed.
- In the Definition Narrative field, provide a description of the definition. This is kept in the archive for messages that have this definition applied.
- Complete the following sections as required:
- Inbound Settings: See the Inbound Settings section below for full details.
- Outbound Settings: See the Outbound Settings section below for full details.
- Journal Settings: See the Journal Settings section below for full details.
- Click on the Save and Exit button.
Field / Option | Best Practise | Comments |
Enable Inbound Check/ Enable Outbound | Selected | When setting up inbound checks, use a policy with the correct routing to activate this definition. |
Attachment Protect Delivery Options | Dynamic Configuration | This gives control to the end user to decide whether individual users are added to a trusted list. By default, Safe File With On-Demand Sandbox is used, but for users on the trusted list, Pre-Emptive Sandbox is used. |
Ignore Signed Messages | Disabled | |
Sandbox Fallback Action | Hold for Administrator Review | If selected, messages and attachments are placed in the held queue. |
Release Forwarded Internal Attachment | Selected | This ensures internally forwarded messages containing the attachment release instructions, can be used by another user to release the attachment. |
Enable Notifications | Selected | Together with the "Administrator Group" field, this ensures a group of Administrators are notified when a message with malicious content is received. |
Administrator Group | This field is displayed if the "Administrator Notification" filed is selected. It allows you to select a group of users, via the "Lookup" button, who'll be notified when a message with malicious content is received. | |
Default Transcribed Document Format | This provides a read only PDF view of the document attachment for end users. | |
Default Transcribed Spreadsheet Format | HTML | This provides a HTML file of the spreadsheet attachment for end users. |
Impersonation Protection
Impersonation Protection Definitions
To configure an Impersonation Protection definition:
- Log on to the Administration Console.
- Select the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select the Impersonation Protection option in the Definitions drop down. Any existing definitions are displayed.
- Either select the:
- New Definition button.
- Definition to be changed.
- Complete the Identifier Settings dialog section:
- Specify the Identifier Actions to take when the Number of Hits threshold has been reached.
- Complete the General Actions section as required.
- Complete the Notifications section as required.
- Select the Save and Exit button.
In the initial phase, the following settings should be used to configure an Impersonation Protection definition.
Field / Option | Best Practise | Comments |
Similar Internal Domain | Selected | This provides protection for inbound messages, where the sender's domain is similar to any of your internal domains. This option is used in conjunction with the "Similarity Difference" option. |
Similarity Difference | 2 | This indicates how many characters must be different from your internal domain for the "Similar Internal Domain" check to be triggered. Less or equal to logic is used for this check. For example with a value of 2, this check will trigger on any external domain that has a two or one character difference. |
Newly Observed Domain | Selected | This identifies whether the sender's domain has only been used to send traffic in the last week. This ensures domains that have only started to be active recently, possibly indicating suspicious activity, are detected. |
Internal User Name | Selected | This identifies if the sender's display name (usually the first and last name), is the same as one of your internal user display names, excluding the recipient’s internal username. This ensures any threats that spoof an internal user are detected. |
Reply-to Address Mismatch | Unselected | Enable this option to identify if a mismatch has occurred between the sender’s email address (in either or both of the Header and Envelope) and the Reply-To email address. |
Targeted Threat Dictionary | Selected | This compares characteristics in the message's header, subject, and body against a dictionary of suspicious content. This ensures attackers that focus on financial gain or access to sensitive information are detected. |
Number of Hits | 2 | This ensures two or more of the four checks listed above, must be triggered for any action to take place. One check by itself could cause false positive results. Exceptions to this rule can include high profile targets (e.g. senior executives). |
Action | Hold for review | This ensures the message is not delivered directly to the recipient, but sent to the held queue instead. |
Hold type | User | If the "Notify (Internal) Recipient" option is selected a user (recommended) this ensures a notification is sent to the message's recipient. It allows them to release the message if it is a false positive. |
Tag Message Body | Selected | This adds the following message into the message's body: “This message contains suspicious characteristics and has originated from outside your organization”. |
Tag Subject | Selected | This adds "[SUSPICIOUS MESSAGE]" into the message's subject. |
Tag Header | Selected | This adds “X-Mimecast-Gateway-Protect: suspicious; Similar Domain = true/false; Newly Observed Domain = true/false; Internal User Name = true/false; Targeted Threat Dictionary = true/false” into the message's header. |
Notify Group | Selected | This ensures a group of users (e.g. Administrators) are notified when a malicious message is received. Use the Lookup button to select a group |
Notify (Internal) Recipient | Selected | This ensures the message recipient is notified that a message destined for them, has been detected as suspicious. This enables them to take any necessary action. |
Managing Administrator Roles
Accessing the Role Editor
To access the Role Editor, the administrator must have the correct Security Permissions. Without these permissions, the Roles tab is not displayed in the Administration console.
To display the Role Editor:
- Log in to the Administration Console.
- Click on the Administration toolbar button. A menu drop down is displayed.
- Click on the Account | Roles menu item.
- NOTE:
- Default roles can only be viewed
- Roles with a padlock icon have access to the admin roles editor
- Custom roles are displayed in italics and can be viewed edited and deleted
Creating a Custom Role
- Click on the New Role button inside the Role Editor.
- Complete the Properties section as follows:
Field /Options | Description |
Role Name | Enter a name to uniquely identify the role. |
Description | Enter a description for the role to help you identify it's purpose. |
Security Permissions | |
Cannot Manage Roles | Users added to the role can't access the Roles Editor. |
Manage Application Roles | Users added to the role can access the Roles Editor and manage access to individual Administration Console menu items. Protected areas of Mimecast cannot be modified. |
Manage Application and Protected Roles | Users added to the role can access the Roles Editor, manage access to individual Administration Console men u items,and protected areas of Mimecast. |
- Select / Deselect the Application Permissions for the role. These can be set at various levels as outlined below, with the three categories of access permissions being:
- Read: Users can access the menu item, but cannot make any modifications.
- Edit: Users can modify the elements contained in the menu item.
- Protected areas: Users have access to the content of email data.
- Click on the Save and Exit button.
Adding Users to a Role
To add users to a role:
- Right click on the role from inside the Role Editor. A popup menu is displayed.
- Click on the Add Users to Role menu item. A list of users is displayed.
- Click in the tick box to the left of the users to be added.
- Click on the Add Selected Users button. The users are added to the role
- NOTE: You can't allow alias addresses to be used as administrator accounts. If an existing administrator account becomes an alias, the account is removed from the administrator role.
- A user can only belong to one role at any given time. If a user is added to a second role, the entry in the first role is automatically removed
Removing Users from a Role
To remove a user from a role:
- Right click on the role from inside the Role Editor. A popup menu is displayed.
- Click on the Manage Users for Role menu item.
- Right click on the user to be removed.
- Click on the Remove User from Role menu item.
Deleting a Custom Role
To delete a custom role:
- Remove all users from the role. You'll be unable to delete the role unless you complete this step.
- Click on the role from inside the Role Editor. A popup menu is displayed.
- Click on the Remove Role menu item. The role is deleted.
Monitoring
This module provides viewers and queues that Administrators can use to monitor email flow, manage stripped attachments or troubleshoot email delivery. More specifically, Administrators have the ability to release stripped attachments, view all emails that Mimecast has rejected when performing security checks, and investigate why emails are in the delivery retry schedule (among others)
To access the monitoring functionality:
- Log in to the Administration Console.
- Click on the Administration toolbar button. A menu drop down is displayed.
- Click on the Monitoring menu item. The following menu items are displayed:
Menu Item | Description |
Attachments | Allows you to review and release attachments that have been stripped or blocked from incoming messages. |
Attachment Protection | Displays a log of attachments scanned by Targeted Threat Protection - Attachment Protect in the last 30 days. |
Bounces | Allows you to review and troubleshoot messages that we have accepted, but can't deliver to the recipient. This includes both inbound and outbound messages. |
Broadcasts | Allow you to view all broadcast messages awaiting delivery, and bounce or reject them. |
Bulk Delivery | Allows you to view and manage messages that are subject to a Bulk Sender Policy, but which are still in a queue awaiting delivery. |
Bulk Processing | Allows you to view and manage messages that are subject to a Bulk Sender Policy, and are awaiting processing. |
Connections | Displays all messages that made a connection to your account, but have been temporarily deferred or greylisted. If greylisted, subsequent attempts by the sending mail server to deliver the messages may be successful. |
Data Leak Prevention | Displays details of messages where actions have been applied by a Content Examination Policy. |
Delivery | Allows you to view and manage inbound and outbound messages waiting to be delivered by Mimecast. This includes messages that failed initially, but awaiting a retry. |
Held | Allows you to view and manage messages in the hold queue. These are messages placed there by policies on your account. You can release or reject messages, as well as add the sender to your permitted or blocked senders list. from this view. |
Held Summary | Allows you to view and manage messages in the hold queue, grouped by policy. You can release or reject messages, as well as add the sender to your permitted or blocked senders list. |
Impersonation Protection | Displays a log of messages scanned by Targeted Threat Protection - Impersonation Protect in the last 30 days. |
Processing | Allows you to view and manage messages that are temporarily queued while checks are being performed. |
Rejections | Allows you to view and manage messages that have been rejected by Mimecast's security systems. |
Secure Messaging | Displays the details of all incoming and outgoing messages that have been processed by Secure Messaging. |
System | Displays all notifications that are being processed by Mimecast. |
URL Protection | Displays a log of URLs scanned by Targeted Threat Protection - URL Protect in the last 30 days. |
Tracking and Tracing Email Delivery
Our Track and Trace functionality allows Administrators to search across multiple viewers and queues using specific message information. The results provide information on a message's processing, as well as its current state (e.g. if it was subjected to greylisting, but subsequently accepted and archived). This is useful when an end user either inquires why a message didn't arrive at its destination, or was delayed (either inbound or outbound). The following viewers and queues are searched:
- Connection Attempts
- Bounce Viewer
- Rejection Viewer
- Delivery Queue
- Hold Review Queue
- Active Messages
- Email Archive
Searching for a Message
- Log on to the Administration Console.
- Select the Administration toolbar menu item.
- Select the Gateway | Tracking menu item.
- Complete the dialog as required:
Field / Option | Description |
Message ID | Enter a message's message ID. This is useful when looking for messages that exist in accepted emails or the archive. |
From Address | Enter a sender's email address or domain. |
To Address | Enter a recipient's email address or domain. |
Search Subject Text | Enter text from a message's subject. Wild card characters (* and ?) can be used, but not at the start of the text). Wild card characters only apply to messages in the archive. |
Route Filter | Select whether to search inbound, outbound, internal, or all messages. |
Date Range | Specify a date range. Track and Trace can only search for messages in the last 30 days. Additionally rejections and connections only go back seven days. |
- Select the Search button.
Search Results
NOTE: Clicking on a result displays additional message details. This is the same as would be displayed if the message was found in the relevant queue.
Comments
0 comments
Please sign in to leave a comment.