Mimecast Best Practice


  • Remove text on stationary ( HTML and plain text ) before sending emails via Mimecast
  • Disable Office 365 Spam Filter



  • Enabled Digest Sets every Hour ( not every 4 hour )
  • Disable Device Enrollment
    1. Log on to the Administration Console.
    2. Click on the Administration menu item.
    3. Select the Account | Account Settings menu item.
    4. Expand the User Access and Permissions section.
    5. Select the Targeted Threat Protection Authentication option.
  • SAML for Authentication SSO via a provider like Office 365 for 2fa and Brute Force protection. If not Fall back to LDAPS ( EWS basic Auth is not Secure ) 
  • Disable Cloud Auth ( Or enable only for Continuity , and expire logins after 30 days ) 
  • Service Monitoring Setup
  • Acknowledge Disabled Users ( Make sure Receipt Validation is set to Known 
  • Setup impersonation protection for VIP
  • Restrict Administration Console to IP
  • Continuity Test
  • Confirm you have an account as Super Admin
  • Enable Outbond DKIM\SPF\DMARC
  • Inbound (  this we recommend a “Reject” setting. Out of the box we set it to ignore/managed permitted sender entries as some customers didn’t like that it was too aggressive. ) 
GD Star Rating
GD Star Rating

Tags: mimecast best practice

Trackback from your site.