We wanted to swap a new SAN for a customer and our distributor wanted us to run the Nimble Space Savings Estimator , to find out how big the device needed to be. Unlike Dell with LiveOptics tool , you have to run this across EVERY virtual machine, and run it across all drives for it to scan. I wrote a tool we could use inside BatchPatch to run this .exe from a share across all VM’s
This needs to be run out of hours due to heavy scanning of disk
- Remove text on stationary ( HTML and plain text ) before sending emails via Mimecast
- Disable Office 365 Spam Filter
- Enabled Digest Sets every Hour ( not every 4 hour )
- Disable Device Enrollment
- Log on to the Administration Console.
- Click on the Administration menu item.
- Select the Account | Account Settings menu item.
- Expand the User Access and Permissions section.
- Select the Targeted Threat Protection Authentication option.
- SAML for Authentication SSO via a provider like Office 365 for 2fa and Brute Force protection. If not Fall back to LDAPS ( EWS basic Auth is not Secure )
- Disable Cloud Auth ( Or enable only for Continuity , and expire logins after 30 days )
- Service Monitoring Setup
- Acknowledge Disabled Users ( Make sure Receipt Validation is set to Known
- Setup impersonation protection for VIP
- Restrict Administration Console to IP
- Continuity Test
- Confirm you have an account as Super Admin
- Enable Outbond DKIM\SPF\DMARC
- Inbound ( this we recommend a “Reject” setting. Out of the box we set it to ignore/managed permitted sender entries as some customers didn’t like that it was too aggressive. )
When users try and use the Mimecast for Outlook Add-in they login and get Application Disabled
- Make sure this is ticked
- Restart Outlook then try again
- Sometimes Mimecast caches Authentication Profiles locally in C:\Users\%username%\AppData\Roaming\Mimecast\msw.s3db , Delete this file with Outlook closed and try again
Mimecast has a method to be able to replay emails to OnPremise Exchange which is neat
We had a case needing to do this recently for a customer in 365. Mimecast tout their own product “Sync & Recover” for this however it was a one off thing and the extra cost couldn’t be justified
Thought of a way to do this without this , however you need to export the PST of individual users
- Export Mail to PST of each user missing mail
- Reimport to PST to the office365 in the background for each user ( User the RootFolder in the CSV File as /Inbox
Both Mailguard and Mimecast have a list of allowed emails for users. When migrating from one platform to another you will need to copy these over.
Mailguard does not have an export function for its “Active Whitelist” so you will need to copy the Table produced in the Admin Panel into Excel and remove all but your two columns of emails.
These two columns will need some more manipulation as they mix up Senders and Receivers in the lists and Mimecast needs one Column for Each. But the First Column in A in Excel and he Second in B
In C1 add the following ( If A1 does has @domain.com in it list it , if B1 has @domain.com in it list it )
In D1 add the following ( If A1 does not have @domain.com in it list B1 , if B1 has @domain.com in it list A1)
Once one , create a .xls file with columns
Add the domain.com to #Address
Add the other domain field to either trusted_senders ( Allow Spam and Attachments ) or Approved Senders ( Allow Spam )
Import into Mangaed Senders using the PostIni Option
Symptoms – staff unable to login to Outlook for Desktop
Error found in event log on patched Domain controller
The Netlogon service denied a vulnerable Netlogon secure channel connection from a machine account.
Deploy GPO to allow insecure connections (this should be done only until machines are patched)
Trying to setup a Mimecast Sync Engine Application on Prem out the Box comes up with
“validation failed: invalid mimecast user or insufficient permissions”
This is because by default 2fa is enabled on all Accounts created in Mimecast , you need create a new Authentication Profile and Disable 2fa on this , then assign it to that user group and bind it all together with a Profile