Targeted Threat Protection: Internal Email Protect

Document created by user.oxriBaJeN4 Employee on Jan 24, 2017Last modified by user.oxriBaJeN4 Employee on Apr 18, 2018
Version 17Show Document
  • View in full screen mode

Internal Email Protect is an optional add on, that expands the capabilities of Targeted Threat Protection. It provides a method to conduct additional security checks on journaled and outbound email traffic. This allows you to alert and / or remedy threats or suspicious traffic found in your email environment. If unsafe / undesirable content is found, you can either:

  • Remedy content from end user mailboxes.
  • Notify another user / administrator.
Internal Email Protection is currently only supported in Office 365 and On Premise exchange environments.



Internal Email Protect provides you with the ability to:

  • Send attachments in messages to the sandbox.
  • Identify key message data.
  • Remove malicious attachments.
  • Remove a message.




  • Cloud synchronization is used if you use end user mailbox actions to remove messages or attachments. This requires impersonation rights to your organization's mailboxes.
  • Server Connection to able end users to make use of the Internal Email Protect user mailbox actions. 
  • At least one of each of the following:
  • Journaling must be configured in order to add your organization's internal email communication to the Mimecast Archive. This is because Internal Email Protect scans journaled emails and matches configured policies based on the journaled mail.
    When configuring Journaling, it's important to select the correct journal type on your Journal connector, to match the type of traffic sent from your email environment and avoid unexpected errors. 
2 people found this helpful