Your account's settings contain information about your account (e.g. your archive retention period, the number of licensed users, the Mimecast Service you've purchased). There are also some configurable settings. Some of these can only be amended by Mimecast Support, and are typically configured when your account is initially created.
Accessing Account Settings
To access your account settings:
- Log in to the Administration Console.
- Click on the Administration toolbar button. A menu drop down is displayed.
- Click on the Account | Account Settings menu item.
The Account Settings dialog is separated into groups of options using a collapsible / expandable menu. As you click on one of the menu items, it expands and collapses the current menu. The menu groups are:
|Account Settings||License and retention details regarding your Mimecast account. The menu is displayed by default.|
|Directory Options||Determines if LDAP integration is enabled.|
|User Access and Permissions||Configure global access for users and timeout for Administration Console sessions.|
|System Notification Options||Specify certain notification addresses.|
|Account Contact||Account contact details.|
|Password Complexity and Expiration||Control password complexity, expiration and account lockout for Mimecast Cloud passwords.|
This section displays settings specific to your Mimecast account. They are grayed out, as they are configured when the account is initially created by Mimecast Support. The options are detailed below:
|Account Name||The name for your Mimecast account. This is usually your organization's name.|
|Account Code||A unique identifier for your Mimecast account.|
|Account Status||Displays if the account is enabled or disabled. Accounts will only be disabled if your service has been terminated. Contact your Mimecast Account Manager if this is the case.|
|Maximum Retention (Days)|
Specifies the maximum number of days that messages will be retained in the archive. This setting cannot be increased by administrators, but it can be reduced for retention of specific messages.
|Maximum Retention Validated||Specifies that the Maximum Retention (Days) value has been approved by a user with Super Administrator, Full Administrator, or Partner Administrator permissions.|
|Number of Users||Displays the number of licenced users for the account, regardless on the number of email addresses used.|
|Mobile Continuity Poll Interval||Displays the polling interval set for the mobile continuity services (e.g. Mimecast Mobile). The specified unit value is in minutes.|
|Pause Inbound Deliveries|
Enabling this option allows you to globally halt Mimecast from sending emails to your mail server(s). You may need this if your mail server(s) is temporarily unable to accept emails due to unplanned outage, software updates, geographical event, or server relocation. Emails are still accessible through Mimecast User Services while they are paused.
Should only a specific region be undergoing a geographical event our outage, it may be better to pause only the specific Delivery Route to that location.
When this field is disabled, Mimecast will connect with your mail server(s), and send through all messages that have been queued. Messages will not be sent through in one complete block, but instead will be slowly filtered through to the mail server so as not to cause excessive load. When using this option, ensure that you are able to monitor your delivery queues.
|Warning Message After (Attempts)||This allows customers to modify their email delivery warning notifications. By default, these notifications are delivered to senders after 60 minutes or six retry attempts, whichever comes first.|
|Bounce Message After (Attempts)||This allows customers to customers to modify their message bounce notifications. By default, these soft bounce notifications are delivered to senders after 96 hours (four days) or 30 retry attempts, whichever comes first.|
|Automatically Link Aliases|
When enabled, on the next Directory Synchronization, the Mimecast Service automatically links the alias addresses found in your directory to their primary addresses. This ensures that when end users log onto the Mimecast Personal Portal using their primary address, they can view all messages sent to their primary and alias addresses.
If enabled, directory synchronized user accounts are automatically disabled when the user profile is disabled or removed from the network directory. If disabled, the user account must be disabled manually.
|Clear All Aliases||Use this option to remove all alias links that have been set on the account in the past. This includes alias links that have been manually created next to those ones that have been created automatically via the "Automatically Link Aliases" option.|
User Access and Permissions
|Administration Console Timeout||Specify a timeout period, after which users are automatically logged off if they've been inactive for that period of time.|
|Allow Weak Ciphers for Secure Receipt||If selected, the use of weak ciphers (e.g. RC4 ciphers) is allowed for Secure Receipt (i.e. when the Mimecast MTA receives a connection request from a remote server) during the TLS handshake.|
|Send BCC to Mail Server||When sending email via Mimecast for Outlook, Mimecast Personal Portal, or Mimecast Mobile, the platform automatically adds the sender's email address into the BCC field. This ensures a copy of the message is routed back to your local infrastructure. By default, this option is enabled.|
|SMTP Submission Override|
Allows the use of SMTP email submission through any mail enabled application.
This option can only be enabled by Mimecast Support.
|POP Services Override||Ability to receive email via POP3 through any mail enabled application.|
|Force Mimecast Personal Portal v3|
Directs all users to use Mimecast Personal Portal v3.
This setting is not available to customers running Closed Circuit Messaging (CCM).
|CCM Archive Search Limit (Days)||Limit the number of days that CCM messages are visible within the archive. A value of 0 shows that the setting is disabled (default)|
|Include Legacy CCM Messages||If enabled, CCM users are presented with their CCM messages as well as non-CCM items received prior to July 2013.|
|Display Sender Avatar||If you use Directory Synchronization, Mimecast can retrieve images associated with the user's email address. With this option enabled, these images can be displayed as user avatars in Mimecast solutions (e.g. Secure Messaging).|
|Admin IP Ranges|
Administrators can also restrict login to the Administration Console to specific IP addresses and/or ranges. Anyone attempting to login with an IP address not stipulated here, or outside of the range specified, will be refused access.
These IP ranges will be respected when logging directly in to the account. These restrictions will not be applied to External Administrators that log in to the account from the Managed Service Provider (MSP) Portal.
|Content Administrators Default View|
Select the default view for all Administrators with content permissions. This setting excludes items viewed via the Attachments, Held and Held Summary sections. By default these sections are available to all administrators with access to these sections. The options are:
|Targeted Threat Protection Authentication||Sets a period after which a user's device must be reauthenticated, if there has been no user interaction with Targeted Threat Protection - Attachment Protect.|
|Authentication Duration (Days)||This option only displays when "Targeted Threat Protection Authentication" has been enabled. Specify the number of days after which a user's device must be re-authenticated, if there has been no Targeted Threat Protection - Attachment Protect activity.|
|Security Passphrase||This option is used to provide additional security options to confirm a caller’s identity. Once details have been confirmed Mimecast will update Administrators accordingly.|
Mimecast provides several ways to assign user permissions:
- Configured for the entire organization using an Application Settings definition.
- Configured manually at the individual email level.
- Imported in bulk using a spreadsheet import.
|Notification Postmaster Address|
Specifies the email address to which all user notifications are sent. A postmaster address is created by default in the internal domains, and is selected by default. Whilst this address cannot be deleted, a different email address can be used by clicking the "Lookup" button.
|Privileged Access Notifications|
Specifies the email address to which all notifications are sent when an archive search is performed by an administrator. A different email address can be used by clicking the "Lookup" button.
|Enforce Archive Search Reason||If selected, administrators are required to provide a search reason when performing an archive search. The search reason entered is mentioned on the Privileged Access Notifications, as well as in the appropriate search logs.|
|Send Notifications When Export Block is Complete||Enables automatic email notifications when exports are requested.|
The Account Contact details are used by Mimecast to alert administrators about Mimecast services. For this reason it is important these details are kept up to date.
Your telephone number. The number must start with "+" followed by the country code and the number minus the first "0" (e.g. +4412345678901).
|Emergency SMS Numbers||Your mobile (cell) phone number. The number must start with "+" followed by the country code and the SMS number minus the first "0". Multiple entries are allowed by comma separating them (e.g. +441734567890, +11734567895).|
|Email Address||Your primary email address.|
|CC Email Addresses||Alternate email addresses. Multiple email addresses can be added separated by a comma (e.g. email@example.com, firstname.lastname@example.org). This ensures that notifications are communicated to a wider group.|
Password Complexity and Expiration
These settings apply to Mimecast user accounts, and therefore only affect cloud passwords, not Active Directory accounts and passwords.
The strength of a password is a function of length and complexity. Mimecast enforces a minimum length of 8 characters for added security of Mimecast Cloud passwords. The settings can be configured in any combination to ensure that users' passwords are as secure as possible.
Password Expiry and Lock
The account lockout setting cannot be disabled. The Administrator can configure custom settings, or the Mimecast default system settings will be applied (e.g. after five consecutive unsuccessful log on attempts, the account is locked for 15 minutes.
If you are using a SIEM, Splunk or any other data analytics platform, you can enable additional logging of email transactions on your account. These logs are available using the Mimecast Data Logging API. For more information on this feature please see these guides:
These additional settings do not impact the current Reporting features available in the Administration Console and are only available using an API integration.