Mimecast Email Security

User Guide
Contents
E-mail Security Solution Set-Up | Mimecast 2
How to Access the Mimecast Web Portal 2
Accessing Mimecast with 2-Step Authentication 6
How will my email change? 8
Mimecast Plug-in (for Outlook users only) 9
Installing the Mimecast Plugin 9
Authenticating the Mimecast Plugin 10
Navigating the Mimecast Ribbon 10
Your Online Inbox 11
What is Mimecast.com (web portal) for? 12
Other Mimecast Features 13
Device Registration 13
URL Testing and Training 13
How to Send an Encrypted/Secure Email 14
What if I have questions? 15
V20200612 15

[email protected] support.corvidcd.com 800.349.2549 Page 1 of 15

E-mail Security Solution Set-Up | Mimecast
The Haven E-mail Security Solution is powered by Mimecast. Mimecast provides email security controls
designed to protect end users from advanced threats and attacks. Mimecast provides:

• Enhanced security with spam and phishing detection

• Analysis of URLs and attachments for vulnerabilities or threats
• Ability to easily send encrypted emails containing sensitive information
• Employee training and awareness

How to Access the Mimecast Web Portal

The following process can be used for a user to activate her/his Mimecast account:

1. Go to https://login.mimecast.com. This is the Mimecast Personal Portal. We recommend bookmarking

this webpage in your browser.

2. Enter your email address and select “Next.”

3. Below the “Log In” button, select the option “Reset Cloud Password.”

NOTE: Ensure the dropdown box reads “Cloud” and not “Domain” and login with your password. After a
successful login, you will be taken to your Mimecast Online Mailbox. Further down, this guide will
explain how to use this mailbox.

[email protected] support.corvidcd.com 800.349.2549 Page 2 of 15

4. Enter the Captcha text for security purposes and select “Reset Password.”

5. Select the password reset link delivery method. Generally, “Email” should be the only option available
and the default selection. Select “Next” to continue.

[email protected] support.corvidcd.com 800.349.2549 Page 3 of 15

6. An email from sender “Mimecast Domain Postmaster” will be delivered to the user mailbox with a one-
time password reset code.

7. Enter the one-time passcode from the email into the empty field in your browser.

[email protected] support.corvidcd.com 800.349.2549 Page 4 of 15

8. Create your new unique password by following the instructions. Select “Confirm” once all password
criteria are check-marked green.

[email protected] support.corvidcd.com 800.349.2549 Page 5 of 15

 9. You will be redirected back to the login page. Ensure the dropdown box reads “Cloud” and not
“Domain” and login with your new password. After a successful login, you will be taken to your
Mimecast Online Mailbox. Further down, this guide will explain how to use this mailbox.

Accessing Mimecast with 2-Step Authentication

If 2-Step Authentication is enabled, logging in to Mimecast requires an additional step. You'll enter your email
address, choose between a Mimecast cloud or domain password, and enter your password as normal. However,
once that is completed successfully, you'll be asked for a verification code.

Mobile Number Registered

If you're configured to receive the verification code via SMS, and your mobile number is already registered, you
will see a screen as below once you have successfully entered your password:

[email protected] support.corvidcd.com 800.349.2549 Page 6 of 15

 Note: The last 2 digits of your cell phone number are displayed as the delivery destination.

1. Enter the Verification Code you receive to your mobile.

2. Click on the Verify button.

Mobile Number Not Registered

If you're configured to receive the verification code via SMS, and your mobile number is not yet registered, you
can self-register during the 2-Step Authentication login process. You will see a screen as below after you have
successfully entered your password:

[email protected] support.corvidcd.com 800.349.2549 Page 7 of 15

 1. Select your country code by clicking the down arrow next to the flag icon. The default value is taken
from your browser's location.
2. Enter your mobile number, with no leading zeroes.
3. Click on the Next button.
4. Enter the Verification Code you receive to your mobile.
5. Click on the Verify button.

Lost / Stolen Devices

If the device you've used to set up an authenticator application with Mimecast is lost or stolen, contact your IT
department as soon as possible. They'll be able to force a re-registration for you.

How will my email change?

Throughout the day, you will receive digest emails from “Domain Postmaster Address” with the subject line
“[Postmaster] Messages on Hold” listing emails that were quarantined from your inbox. For each quarantined
email, you have the option to Release, Block, or Permit.

[email protected] support.corvidcd.com 800.349.2549 Page 8 of 15

Release: Releases the email from the quarantine queue and send it to your Inbox; future emails from this sender
may still be placed On Hold.

Block: Rejects the email and adds the sender's address to your personal block list to prevent receiving future
emails from the sender.

Permit: Permits or delivers the email to your inbox and adds the sender's address to your personal permit list to
allow future emails from this sender. See the “Note” below regarding permitted senders that continue to be
quarantined.

Note: Spam Filter policies implemented for your organization may cause emails to be quarantined. In some
cases, permitting a sender will still result in their emails being quarantined. If this occurs, there are likely other
Policy Rules blocking the email based on matching characteristics. Please contact Corvid Cyberdefense Support
for assistance.

If you do not select one of the above options, the email will remain in your “on hold” inbox. You can access
emails in your “on hold” inbox by either logging into the Mimecast web portal through your browser (at
https://login.mimecast.com), the Mimecast smartphone application (available for iOS and Android), or the
Mimecast Outlook Plugin.

Mimecast Plug-in (for Outlook users only)

Note: The Mimecast Plugin is currently only available for Outlook users. If your organization does not use
Outlook, skip to the section “What is Mimecast.com for?”

The Mimecast Plugin for Outlook allows you to access your online inbox and hold queue, manage your blocked
senders list, report spam and phishing emails, and more, all from the Outlook application.

Installing the Mimecast Plugin

Your organization may have the ability to remotely push this plugin to users. Alternately, your organization may
have security controls in place requiring credentials to download plugins such as Mimecast for Outlook. If your
IT administrator gives you the ability to download the plugin, follow these steps.

1. Close Microsoft Outlook.

2. Go to: https://community.mimecast.com/community/knowledge-base/application-
downloads/pages/mimecast-for-outlook and then select whether to download the 32-bit or 64-bit client
(most users on Windows 7 or above will need the 64-bit client).

[email protected] support.corvidcd.com 800.349.2549 Page 9 of 15

 3. Run the Mimecast for Outlook installer.
4. When the welcome window is displayed, click the Next button to start the installation.
5. Read and accept the End User License Agreement.
6. Click the Next button. Next the installer will check your system to ensure all technical prerequisites are
met and that Outlook is closed.
7. Once all prerequisite checks have been performed, click the Next button to continue with the
installation.
8. Specify the Installation Directory (typically this is the default folder location suggested unless specified
otherwise by your administrator).
9. Click the Install button to begin the installation.
10. Once complete, click the Finish button. Microsoft Outlook should start automatically when exiting the
installation wizard.
11. As with any Windows application installation, we recommend restarting your computer to ensure
installation was successful.

Authenticating the Mimecast Plugin

After installing the Outlook plugin, Outlook should start automatically. To authenticate your Mimecast account
and enable the Mimecast ribbon function, follow these steps.

1. Navigate to the Mimecast ribbon in Outlook.

2. Under the “General Selection” select “Account Settings”.
3. You will be taken to the Authentication dialogue box. Select “Fix” and enter your credentials.

Note: If you do not have your Mimecast credentials, please contact your IT administrator or follow the
password reset process outlined in the “Mimecast Activation” section.

Navigating the Mimecast Ribbon

Below is a sample of what the ribbon in your Outlook application may look like:

In the “Archive” section of the ribbon, you can:

• Search for archived files and documents.

• Export search results back into Outlook.

In the “Email Gateway” section of the ribbon, you can:

• Report suspected spam emails, sending them to a blocked spam folder.

• Report suspected phishing emails to your Mimecast administrator for further investigation.

[email protected] support.corvidcd.com 800.349.2549 Page 10 of 15

 • Manage your blocked senders list (add or remove blocked senders).
• View your email hold/quarantine queue – if you do not take action on an email through the daily digest
emails, you can access that email through this ribbon menu option (detailed below).

In the “Email Continuity” section of the ribbon, you can:

• Check your online inbox (useful if your Outlook is having trouble connecting to your Exchange server).

In the “Account Settings” section of the ribbon, you can:

• Select “help” to take you to the Mimecast Knowledge Base.

• Select “About Mimecast” to verify you are running the most up-to-date version of the plugin.
• Send Feedback. Note that this feedback only goes to Mimecast, not to your IT team or Corvid
Cyberdefense.

Your Online Inbox

Selecting “Online Inbox” in the Mimecast ribbon, your online inbox will pop open in another window. This
allows you to access your inbox and send and receive mail as usual in the event Outlook is unable to connect to
your mail server. You can also use your Online Inbox to access your hold queue and view messages that have
been blocked or bounced due to the Mimecast policies implemented by your organization.

To see emails in quarantine before your next digest email, select “On Hold Messages” in the left column. This
will display all of your messages currently on hold. You can view why the message was quarantined and choose
to release the email, permit the sender, permit the domain, reject the sender, reject the domain, or mark the
email as suspected spam or phishing for further investigation.

[email protected] support.corvidcd.com 800.349.2549 Page 11 of 15

What is Mimecast.com (web portal) for?
The online Mimecast user interface (accessed at https://login.mimecast.com) is a secure web-based portal
offering the following features:

• Manage user account information

• Update user preferences.
• Create and manage trusted and
blocked sender lists.
• Search email logs.
• Access to inbox and send/receive
emails similar to a typical email
client.

If your organization uses Microsoft

Outlook, almost all Mimecast features will
be available to you through the Mimecast
ribbon in Outlook, so you will rarely need
to log into the Mimecast.com website. For
users not using Microsoft Outlook, we
recommend bookmarking the
https://login.mimecast.com website. This will
be your primary destination for managing your hold/quarantine queues, sender lists, and more.

[email protected] support.corvidcd.com 800.349.2549 Page 12 of 15

Other Mimecast Features
The following features may not be enabled for all users at all organizations. Please speak with your
organization’s primary IT contact for additional information.

Device Registration

A feature of Mimecast’s Targeted Threat Protection is user device registration. The first time you click an email
link on a new device, use a new browser, or clear your browser cache, you will be redirected to a registration
page to register the new device or browser to your Mimecast account. Through this cookie-based system,
Mimecast tracks who opens links, the device the link was opened on, and what links have been opened; this is
useful in the event someone clicks a malicious link, intentionally or otherwise, as it allows administrators to
identify “Patient Zero” and create a remediation strategy. Depending on your organization’s security settings,
you may have to periodically re-enroll your device (typically every 90 days).

URL Testing and Training

To enhance employee education and awareness, at least 5% of all URLs opened (your organization can opt to
make this percentage higher), Mimecast will redirect the user to a training page where they will be shown
information about the link opened and asked to re-affirm that the link is safe.

What happens next depends on:

• The settings configured in the organization’s URL protection policies.
• Whether the URL is considered safe or harmful.
• What action the user chooses when presented with the user awareness prompts.

If the website is identified to be safe and the user chooses to continue to the website, they will be redirected as
normal. If the website is determined to be harmful they will be notified, and an alert will be generated for the
SOC to review. The URL Testing and Training feature serves to increase user awareness and train users to be

[email protected] support.corvidcd.com 800.349.2549 Page 13 of 15

diligent in examining emails and links for authenticity to prevent successful phishing attacks against your
organization.

How to Send an Encrypted/Secure Email

Encrypting an email is a way to securely send an email to ensure that only the intended recipient is able to open
the email and read its contents. While it is a good habit to secure all emails, it is particularly important to
encrypt any emails that are sent over unsecure networks, such as public Wi-fi or emails that contain sensitive
information such as personally identifiable information (PII), banking info, proprietary or trade secrets, or
sensitive client data, etc.

Mimecast makes it simple and easy to send encrypted emails.

1. By adding “<e>”, “<encrypt>”, or “<encryption>” at the beginning or end of the email subject line,
Mimecast will send the message securely. Note: Please test this before sending an email with sensitive
information.
2. By going to Mimecast.com, logging into your personal portal, clicking the “Compose” button, and
clicking on the Send Security icon which is a small envelope on the top right of the screen. Select the
Secure Messaging Option. You should see “Message will be sent using Secure Messaging” under the
subject line of your email.
3. Using the Mimecast Outlook Plugin (for those with Outlook email).

Once sent, the sender will receive a confirmation email from Mimecast confirming email encryption was
successful.

While it may be easy to send an encrypted email using Mimecast, it is important that the sender communicates
with the recipient(s), informing them that they will receive an encrypted email and that they will need to access
it through the Mimecast Secure Mail inbox rather than opening it as a normal email. The following section
provides an overview of what the recipient will see.

The recipient will receive an email from “Domain postmaster address” instead of the senders name and email
address.

If this is the recipient’s first time receiving a secure email from someone at your organization, they will receive
both the Secure Message Notification as well as a temporary password for accessing the Mimecast Secure
Portal.

[email protected] support.corvidcd.com 800.349.2549 Page 14 of 15

Selecting “View the message by clicking
here” opens up a browser window to
the Mimecast Secure portal. Here the
recipient will be asked to login using
either the temporarily created
credentials or their normal login
information, if they previously
registered. Once logged in, the user
will be taken to their Secure Mail inbox
to view the message, download
attachments, and reply with another
encrypted email.

What if I have questions?

Please reach out to your network or IT
administrator if you have any questions. If they are unable to help you, he or she can work with the Corvid
Cyberdefense Email Administration team to resolve your issue. You can also check Mimecast resources and
troubleshooting guides at https://community.mimecast.com/docs/DOC-1526.

V20200612

[email protected] support.corvidcd.com 800.349.2549 Page 15 of 15