Internal Email Protect is part of Targeted Threat Protection. It provides a method to conduct additional security checks on journaled and outbound email traffic. This allows you to alert and / or remedy threats or suspicious traffic found in your email environment. If unsafe / undesirable content is found, you can either:
- Remedy content from end user mailboxes.
- Notify another user / administrator.
Internal Email Protect provides you with the ability to:
- Send attachments in messages to the sandbox.
- Identify key message data.
- Remove malicious attachments.
- Remove a message.
- Cloud synchronization is used if you use end user mailbox actions to remove messages or attachments. This requires impersonation rights to your organization's mailboxes.
- If you are using Exchange On Premises, follow the Configuring Application Impersonation guide for your version of Exchange. You'll need to provide Mimecast with the credentials of the mailbox you choose to grant this permission to.
- If you are using Office 365, follow the Creating an Office 365 Association guide.
- A Server Connection to able end users to make use of the Internal Email Protect user mailbox actions.
- At least one of each of the following:
When configuring Journaling, it's important to select the correct journal type on your Journal connector, to match the type of traffic sent from your email environment. Incorrectly configured journal types can cause unexpected issues to occur. See the Journaling page for further details.
- Attachment Protection Definitions and Policies
- URL Protection Definitions and Policies
- Content Examination Definitions and Policies