Mimecast Attachment Protection Review Under Monitoring > Attachments   Adding Email Sender or Email Domain to Block Senders To add a sender or a domain to the block list ( under the current configuration which is under Admin Console -> Gateway -> Policies )     Admin Console -> Directories -> Profile Groups   Select Blocked Senders from the Profile Tree under Root Then select the Build drop down menu item from there select either Email Address or Email Domains when adding the items, its best to at least add the date in the note section so it can be seen as a group and or when it was entered easily in case of roll back.   Adding Email Sender as Trusted or Unstrusted ( under the current configuration which is under Admin Console -> Gateway -> Managed Senders ) This is useful if a known sender is getting email trapped in a policy (not a list) from a particular known user or domain In this section a individual email address can be trusted or untrusted and permit or block These rules apply from sender to receiver as specified example - blocking an single email address from a trusted domain example - allowing emails from an email address that fails a mail rule ending in the rejected list   Action - Specify the action you would like to be applied to the specified communication pair. Trust Sender - Adds the sender to the Managed Senders trusted list. This overrides Attachment Protect Safe File Mode. Instead of creating a new safe file, the original attachment is security checked and delivered.   Awareness Training - MDE Configuration Required for Phishing Campaigns We currently use Mimecast Awareness Training for Phishing Campaigns and User Awareness Training MDE Configuration Required for Phishing Campaigns  In the MDE portal  (Email & Collaboration / Policies & Rules / Threat Policies / Advanced Delivery Phishing Simulation)  Domains included are  as below (this list was provide by Mimecast) account-renewals . com payroll-updates . com accountsecuritynotices . com relaysvc . com benefits-bulletin . com salary-info . com ceo-update . com secure-corporate-communications . com company-updates . com secure-corporate-news . com corp-accounts . com secure-corporate-updates . com corp-news . com secure.ataata . com corp-update . com secureceocommunications . com corporate-payroll . com securesecuritysolutions . com corporate-updates . com security-bulletin . com cy-se . com subscriptionrenewalnotices . com employee-news . com subscriptionrenewalservices . com hookedlikeaphish . com sysgen-cash . com info-needed . com sysgen-payroll . com employee-news . com worldwidenewsupdates . com payroll-news . com instant-promos . com IP's Included - as per below (also provided by Mimecast) We were advised that we didn't need to include 124.47.189.0/24 Impersonation Protection & External Email Banners Policy for email banners for Suspicious and External messages is done under the Mimecast Impersonation Protection policies.    Below are current HTML code for the banners. They are all using PBR Standard font found within our Brand Style Guide Warning banner   Warning: This message has been identified as suspicious and originated outside Puffing Billy Railway. Ensure you verify the sender and take extreme care if opening links or attachments.  
Warning: This message has been identified as suspicious and originated outside Puffing Billy Railway. Ensure you verify the sender and take extreme care if opening links or attachments.
External Banner   Caution: This email originated from outside of Puffing Billy Railway. Do not click links or open attachments unless you recognise the sender and know the content is safe
Caution: This email originated from outside of Puffing Billy Railway. Do not click links or open attachments unless you recognise the sender and know the content is safe
  Awareness Training - Setup Targeted Training for new users This is a similar process to to adding modules to target training which is described in this bookstack Here   Concept here is to provide all new users with 5 modules of Mimecast Awareness Training when they start Log into Mimecast Navigate to Awareness Training Expand Training Queues Go to Targeted Training Select the module you wish to send to new user Click on Add to Campaign  Give it a name like 'New User Campaign - David Diamond' Provide a date you want to send the module Select the user group for Group_Awareness_New_User You will need to do this for all 5 modules you want to assign to the new user At this stage you should also be considering which Awareness Training  Groups they need to be allocated to once they have completed the New User Training Group_Awareness_Casual  Group_Awareness_Regular Group_Awareness_HighRisk Refer to   this bookstack  for details of the groups and ascertaining who should be assigned Mimecast Awareness Training - Setup & Configuration Awareness Training is sent to users based on AD Group membership - Group_Awareness_Casual This group is for Team Members with casual/irregular interactions w/ Computers. This group is primarily made up of all users who are are part of SG_DUO_M365MFA with a few manual addittions These team members get sent 1 module every 6 weeks (8-9 per year) Basic Training modules are sent to this group using the Company Wide Training queue Group_Awareness_Regular This group is for Regular users of Computers  This group is manually managed by IT These team members get sent the same modules as those in  Group_Awareness_Casual  plus an additional 3 modules per year (in total 12 per year) More involved training modules are sent to this group using the Targeted Training Queue Group_Awareness_HighRisk This group is for High Risk users, HR, IT, Executive, Managers This group is manually managed by IT These team members get sent the same modules as those in  Group_Awareness_Casual  and  Group_Awareness_Regular plus an additional 12 modules per year (in total 24 per year) More advanced and executive training modules are sent to this group using the Targeted Training Queue There are 2 types of training queue - Company Wide Training This training is sent to all users who are a member of Group_Awareness_Casual and is the main way training is distributed from Mimecast. The idea with this queue is to provide 1 module every 6 weeks.. Targeted Training This training is the way extra modules are sent to members of Group_Awareness_Regular Group_Awareness_HighRisk   Adding Modules to Company Wide Training - Log into Mimecast Go to Awareness Training Expand 'Training Queues' Select Content Library Choose the module you want to add to Company Wide Training Queue . (You can watch the video's of the modules in this section in order for you to decide if they are suitable) Hover over the module and click on add to Company Queue Select the release date Select 'Don't Assign to new users' and click confirm the module is now added to the Company Wide training Queue. The queue is in date order    Adding Modules to Targeted Training - This is the same as for company wide training, except when you hover over the module you want to assign to targeted training in the content library you select Add to Targeted Queue you are then prompted for Name of the training launch date Group (make sure to change to the Active Directory tab, and then navigate to the appropriate group)  the module is now added to the Targeted Training Queue. The queue appears not to be in date order    Notes: Be careful deleting modules that have been completed as can delete the data (completion rate etc ) associated with that module Once a module has been scheduled for Company Wide Training or Targeted Training you cannot assign from within the content library. Instead you need to find it in the Company Wide Training or Targeted Training Queue and select from there Awareness training has been scheduled until end of 2025, Link To Schedule