- Remove text on stationary ( HTML and plain text ) before sending emails via Mimecast
- Disable Office 365 Spam Filter
- Enabled Digest Sets every Hour ( not every 4 hour )
- Disable Device Enrollment
- Log on to the Administration Console.
- Click on the Administration menu item.
- Select the Account | Account Settings menu item.
- Expand the User Access and Permissions section.
- Select the Targeted Threat Protection Authentication option.
- SAML for Authentication SSO via a provider like Office 365 for 2fa and Brute Force protection. If not Fall back to LDAPS ( EWS basic Auth is not Secure )
- Disable Cloud Auth ( Or enable only for Continuity , and expire logins after 30 days )
- Service Monitoring Setup
- Acknowledge Disabled Users ( Make sure Receipt Validation is set to Known
- Setup impersonation protection for VIP
- Restrict Administration Console to IP
- Continuity Test
- Confirm you have an account as Super Admin
- Enable Outbond DKIM\SPF\DMARC
- Inbound ( this we recommend a “Reject” setting. Out of the box we set it to ignore/managed permitted sender entries as some customers didn’t like that it was too aggressive. )
Tags: mimecast best practice
Trackback from your site.