Default Automatic Device Enrollment is (Not) Coming

Blog Post created by user.v1YcBgOpe0 Employee on Jan 18, 2018

Matthew Gardiner is a Senior Product Marketing Manager at Mimecast, currently focused on email security, phishing, malware, and cloud security.


The plan is the plan, until it isn't!  As you can see in the updated Services Update, Mimecast has decided to go back to "opt-in" for device enrollment versus requiring "opt-out" as the original Services Update explained. As a diligent security service provider we feel very passionately about our role in improving your organization's email security.  We constantly debate internally how best to inform and enable our customers to improve their security posture. In some cases we can do it for you, for example, by making Attachment Protect smarter at detecting and blocking malware. Safe to say no one wants email-borne malware delivered! But in other cases security policy and user experience choices need to be made and ideally our customers' Mimecast admins continuously assess and make the right decision for their organizations. We still feel that for the vast majority of our customers, device enrollment is a feature that should be enabled for the reasons discussed below and in the Services Update.  But clearly it isn't for everyone either as you can see in the associated discussion threads. My bottom line ask is if you have admin responsibilities for Mimecast that you look closely at device enrollment and make up your own mind. We aren't going to do it for you!



In an effort to improve the usability and security of our URL-dependent security services (Attachment Protect & URL Protect), there are important new changes coming to Device Enrollment that might change your users' experience if you aren't already using it. Check out this newly posted Services Update for details.


It is very important that the Mimecast service keeps track of who clicks Mimecast links as part of the URL Protect and Attachment Protect services. And thus, the ability to associate a device to a specific user is key.


So this is why instead of requiring organizations to opt-in to Device Enrollment, it will instead be the default experience in the near future, unless your Mimecast administrator opts-out on behalf of your organization.


Feel free to open a dialog in the comments below if you want to discuss further.