{"id":4805,"date":"2020-09-10T23:39:14","date_gmt":"2020-09-10T23:39:14","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=4805"},"modified":"2025-02-25T08:47:21","modified_gmt":"2025-02-25T08:47:21","slug":"mimecast-best-practice","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/mimecast-best-practice","title":{"rendered":"Mimecast Best Practice"},"content":{"rendered":"\n

Anti-Spoofing<\/strong><\/p>\n\n\n\n

*Are these policies working for the organization?<\/p>\n\n\n\n

Please look toward the following link for better insight on the policy:
https:\/\/community.mimecast.com\/s\/article\/email-security-cloud-gateway-configuring-anti-spoofing<\/p>\n\n\n\n

Auto Allow<\/strong><\/p>\n\n\n\n

Please consider the following for a better security posture:<\/p>\n\n\n\n

    \n
  1. Auto allow policy set to ” Apply auto allow strict” this will enforce a 1 to 1 relationship in case of any third party outbreaks.
    2.Set the addresses based on to “Both”<\/li>\n<\/ol>\n\n\n\n

    Please look toward the following link for better insight on the policy:
    https:\/\/community.mimecast.com\/s\/article\/email-security-cloud-gateway-configuring-auto-allow-policies<\/p>\n\n\n\n

    Permitted Senders<\/strong><\/p>\n\n\n\n

    *Consider adding some entries to the profile group.<\/p>\n\n\n\n

    Please look toward the following link for better insight on the policy:https:\/\/community.mimecast.com\/s\/article\/email-security-gateway-permitted-senders-policy-configuration<\/p>\n\n\n\n

    Spam Scanning<\/strong><\/p>\n\n\n\n

    *Auto allow actions should be set on the definitions.
    *Questions around the multiple policies.<\/p>\n\n\n\n

    Please look toward the following link for better insight on the policy:https:\/\/community.mimecast.com\/s\/article\/email-security-cloud-gateway-spam-scanning-policy-configurations<\/p>\n\n\n\n

    Attachment Protection<\/strong><\/p>\n\n\n\n

    Additionally please note that the UI in the definition of attachment protection has changed please look toward the following links for further insights:<\/p>\n\n\n\n

    Impersonation Protection<\/strong><\/p>\n\n\n\n

    *Consider creating a VIP policy instead of having multiple policies.<\/p>\n\n\n\n

    Please note that if you find that your VIP personal are being attacked or impersonated often please look to making a VIP policy where it is set to one hit with the customer display names enabled and filled in accordingly please look toward the following link for better insight.
    https:\/\/community.mimecast.com\/s\/article\/email-security-cloud-gateway-impersonation-protection-guide<\/p>\n\n\n\n

    URL Protection<\/strong><\/p>\n\n\n\n

    *Configured correctly.<\/p>\n\n\n\n

    Please look toward the following link for better insight on the policy:https:\/\/community.mimecast.com\/s\/article\/email-security-cloud-gateway-configuring-url-protection<\/p>\n\n\n\n

    Internal Email Protection<\/strong><\/p>\n\n\n\n

    https:\/\/community.mimecast.com\/s\/article\/api-integrations-journaling-overview?r=1030&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1<\/a><\/p>\n\n\n\n

    Setup<\/h2>\n\n\n\n
      \n
    • Remove text on stationary ( HTML and plain text ) before sending emails via Mimecast<\/li>\n\n\n\n
    • Disable Office 365 Spam Filter\u00a0\"\"<\/li>\n<\/ul>\n\n\n\n

      Maintenance<\/h2>\n\n\n\n
        \n
      • Enabled Digest Sets every Hour ( not every 4 hour )<\/li>\n\n\n\n
      • Disable Device Enrollment\n
          \n
        1. Log on to the\u00a0Administration Console<\/strong><\/em>.<\/li>\n\n\n\n
        2. Click on the\u00a0Administration<\/strong><\/em>\u00a0menu item.<\/li>\n\n\n\n
        3. Select the\u00a0Account | Account Settings<\/strong><\/em>\u00a0menu item.<\/li>\n\n\n\n
        4. Expand the\u00a0User Access and Permissions<\/strong><\/em>\u00a0section.<\/li>\n\n\n\n
        5. Select the\u00a0Targeted Threat Protection Authentication<\/strong><\/em>\u00a0option.<\/li>\n<\/ol>\n<\/li>\n\n\n\n
        6. SAML for Authentication SSO via a provider like Office 365 for 2fa and Brute Force protection. If not Fall back to LDAPS ( EWS basic Auth is not Secure )\u00a0<\/li>\n\n\n\n
        7. Disable Cloud Auth ( Or enable only for Continuity , and expire logins after 30 days )\u00a0<\/li>\n\n\n\n
        8. Service Monitoring Setup<\/li>\n\n\n\n
        9. Acknowledge Disabled Users ( Make sure Receipt Validation is set to Known\u00a0<\/li>\n\n\n\n
        10. Setup impersonation protection for VIP<\/li>\n\n\n\n
        11. Restrict Administration Console to IP<\/li>\n\n\n\n
        12. Continuity Test<\/li>\n\n\n\n
        13. Confirm you have an account as Super Admin<\/li>\n\n\n\n
        14. Enable Outbond DKIM\\SPF\\DMARC<\/li>\n\n\n\n
        15. Inbound ( \u00a0this we recommend a \u201cReject\u201d setting. Out of the box we set it to ignore\/managed permitted sender entries as some customers didn\u2019t like that it was too aggressive. )\u00a0\"\"<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

          Anti-Spoofing *Are these policies working for the organization? Please look toward the following link for better insight on the policy:https:\/\/community.mimecast.com\/s\/article\/email-security-cloud-gateway-configuring-anti-spoofing Auto Allow Please consider the following for […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[3345],"class_list":["post-4805","post","type-post","status-publish","format-standard","hentry","category-research","tag-mimecast-best-practice"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t