Mimecast

• Attachment Protection Review
• Adding Email Sender or Email Domain to Block Senders
• Adding Email Sender as Trusted or Unstrusted
• Awareness Training - MDE Configuration Required for Phishing Campaigns
• Impersonation Protection & External Email Banners
• Awareness Training - Setup Targeted Training for new users
• Mimecast Awareness Training - Setup & Configuration

Attachment Protection Review

Under Monitoring > Attachments

 

Adding Email Sender or Email Domain to Block Senders

To add a sender or a domain to the block list

(under the current configuration which is under Admin Console -> Gateway -> Policies )

 

 

Admin Console -> Directories -> Profile Groups 

Select Blocked Senders from the Profile Tree under Root

Then select the Build drop down menu item

from there select either Email Address or Email Domains

when adding the items, its best to at least add the date in the note section so it can be seen as a group and or when it was entered easily in case of roll back.

 

Adding Email Sender as Trusted or Unstrusted

(under the current configuration which is under Admin Console -> Gateway -> Managed Senders)

This is useful if a known sender is getting email trapped in a policy (not a list) from a particular known user or domain

In this section a individual email address can be trusted or untrusted and permit or block

These rules apply from sender to receiver as specified

example - blocking an single email address from a trusted domain

example - allowing emails from an email address that fails a mail rule ending in the rejected list

 

Action - Specify the action you would like to be applied to the specified communication pair.

Trust Sender - Adds the sender to the Managed Senders trusted list. This overrides Attachment Protect Safe File Mode. Instead of creating a new safe file, the original attachment is security checked and delivered.

 

Awareness Training - MDE Configuration Required for Phishing Campaigns

We currently use Mimecast Awareness Training for Phishing Campaigns and User Awareness Training

MDE Configuration Required for Phishing Campaigns 

In the MDE portal  (Email & Collaboration / Policies & Rules / Threat Policies / Advanced Delivery Phishing Simulation) 

Domains included are  as below (this list was provide by Mimecast)

account-renewals.com	payroll-updates.com
accountsecuritynotices.com	relaysvc.com
benefits-bulletin.com	salary-info.com
ceo-update.com	secure-corporate-communications.com
company-updates.com	secure-corporate-news.com
corp-accounts.com	secure-corporate-updates.com
corp-news.com	secure.ataata.com
corp-update.com	secureceocommunications.com
corporate-payroll.com	securesecuritysolutions.com
corporate-updates.com	security-bulletin.com
cy-se.com	subscriptionrenewalnotices.com
employee-news.com	subscriptionrenewalservices.com
hookedlikeaphish.com	sysgen-cash.com
info-needed.com	sysgen-payroll.com
employee-news.com	worldwidenewsupdates.com
payroll-news.com	instant-promos.com

IP's Included - as per below (also provided by Mimecast)

We were advised that we didn't need to include 124.47.189.0/24

Impersonation Protection & External Email Banners

Policy for email banners for Suspicious and External messages is done under the Mimecast Impersonation Protection policies. 

 

Below are current HTML code for the banners.
They are all using PBR Standard font found within our Brand Style Guide

Warning banner

Warning: This message has been identified as suspicious and originated outside Puffing Billy Railway. Ensure you verify the sender and take extreme care if opening links or attachments.

 

<table border="0" cellspacing="0" cellpadding="0" align="left" width="100%">
  <tbody><tr>
    
    <td style="background:#ff0000;padding:5pt 2pt 5pt 2pt"></td>
    <td width="100%" cellpadding="4px 3px 4px 15px" style="background:#ffcccb;padding:4pt 3pt 4pt 8pt;word-wrap:break-word">
      <div style="color:#191919;">
        <span style="font-weight:bold; font-size:12pt;font-family:'Calibre Black'">Warning:</span>
        <span style="font-size:11pt;font-family:'Calibre'">This message has been identified as suspicious and originated outside Puffing Billy Railway. Ensure you verify the sender and take extreme care if opening links or attachments.</span>
      </div>
    </td>
  </tr>
</tbody>
</table>

External Banner

Caution: This email originated from outside of Puffing Billy Railway. Do not click links or open attachments unless you recognise the sender and know the content is safe

<table border="0" cellspacing="0" cellpadding="0" align="left" width="100%">
  <tbody><tr>
    
    <td style="background:#0037f1;padding:5pt 2pt 5pt 2pt"></td>
    <td width="100%" cellpadding="4px 3px 4px 15px" style="background:#aee1fe;padding:4pt 3pt 4pt 8pt;word-wrap:break-word">
      <div style="color:#191919;">
        <span style="font-weight:bold; font-size:12pt;font-family:'Calibre Black'">Caution:</span>
        <span style="font-size:11pt;font-family:'Calibre'">This email originated from outside of Puffing Billy Railway. <u>Do not</u> click links or open attachments unless you recognise the sender and know the content is safe</span>
      </div>
    </td>
  </tr>
</tbody>
</table>

 

Awareness Training - Setup Targeted Training for new users

This is a similar process to to adding modules to target training which is described in this bookstack Here

 

Concept here is to provide all new users with 5 modules of Mimecast Awareness Training when they start

Log into Mimecast

Navigate to Awareness Training

Expand Training Queues

Go to Targeted Training

Select the module you wish to send to new user

Click on Add to Campaign 

Give it a name like 'New User Campaign - David Diamond'

Provide a date you want to send the module

Select the user group for Group_Awareness_New_User

You will need to do this for all 5 modules you want to assign to the new user

At this stage you should also be considering which Awareness Training  Groups they need to be allocated to once they have completed the New User Training

• Group_Awareness_Casual 
• Group_Awareness_Regular
• Group_Awareness_HighRisk

Refer to  this bookstack for details of the groups and ascertaining who should be assigned

Mimecast Awareness Training - Setup & Configuration

Awareness Training is sent to users based on AD Group membership -

• Group_Awareness_Casual
  • This group is for Team Members with casual/irregular interactions w/ Computers.
  • This group is primarily made up of all users who are are part of SG_DUO_M365MFA with a few manual addittions
  • These team members get sent 1 module every 6 weeks (8-9 per year)
  • Basic Training modules are sent to this group using the Company Wide Training queue
• Group_Awareness_Regular
  • This group is for Regular users of Computers 
  • This group is manually managed by IT
  • These team members get sent the same modules as those in Group_Awareness_Casual plus an additional 3 modules per year (in total 12 per year)
  • More involved training modules are sent to this group using the Targeted Training Queue
• Group_Awareness_HighRisk
  • This group is for High Risk users, HR, IT, Executive, Managers
  • This group is manually managed by IT
  • These team members get sent the same modules as those in Group_Awareness_Casual and Group_Awareness_Regular  plus an additional 12 modules per year (in total 24 per year)
  • More advanced and executive training modules are sent to this group using the Targeted Training Queue

There are 2 types of training queue -

• Company Wide Training
  • This training is sent to all users who are a member of Group_Awareness_Casual and is the main way training is distributed from Mimecast. The idea with this queue is to provide 1 module every 6 weeks..  
• Targeted Training
  • • This training is the way extra modules are sent to members of
      • Group_Awareness_Regular
      • Group_Awareness_HighRisk

 

Adding Modules to Company Wide Training -

• Log into Mimecast
• Go to Awareness Training

• Expand 'Training Queues'
• Select Content Library
• Choose the module you want to add to Company Wide Training Queue. (You can watch the video's of the modules in this section in order for you to decide if they are suitable)
• Hover over the module and click on add to Company Queue
• Select the release date
• Select 'Don't Assign to new users' and click confirm
• the module is now added to the Company Wide training Queue. The queue is in date order 

 

Adding Modules to Targeted Training -

• This is the same as for company wide training, except when you hover over the module you want to assign to targeted training in the content library you select Add to Targeted Queue
• you are then prompted for Name of the training
• launch date
• Group (make sure to change to the Active Directory tab, and then navigate to the appropriate group) 

• the module is now added to the Targeted Training Queue. The queue appears not to be in date order 

 

Notes:

• Be careful deleting modules that have been completed as can delete the data (completion rate etc ) associated with that module
• Once a module has been scheduled for Company Wide Training or Targeted Training you cannot assign from within the content library. Instead you need to find it in the Company Wide Training or Targeted Training Queue and select from there
• Awareness training has been scheduled until end of 2025, Link To Schedule