Targeted Threat Protection: Internal Email Protect

Document created by user.oxriBaJeN4 Employee on Jan 24, 2017Last modified by user.oxriBaJeN4 Employee on May 8, 2019
Version 19Show Document
  • View in full screen mode

Internal Email Protect extends the capabilities of Targeted Threat Protection, by conducting additional security checks on both internal journaled and outbound email. Benefits include:

  • Detecting malicious attachments and links.
  • Applying Data Loss Prevention (DLP) policies to control information sharing.
  • If unsafe / suspicious content is found, either:
    • Removing malicious attachments or messages from a user's mailbox.
    • Notifying another user / administrator.
  • Provides protection across all devices, including smartphones and tablets, whether they're provided directly by the employer or not.
Full Internal Email Protection functionality is only supported in Office 365 and On Premise Exchange environments. In other environments (e.g. G Suite) the notification capability is supported, but not the ability to remove content from end user mailboxes.



To use Internal Email Protect, perform the following tasks in the following order:

  1. Configure cloud synchronization.
  2. Create a server connection.
  3. Create your policies
  4. Configure your journaling


Configuring Cloud Synchronization


Configure cloud synchronization, by creating impersonation rights to your organization's mailbox. Impersonation rights are used where a single email account needs to access many mailboxes. With Internal Email Protect, it allows end user mailbox actions to remove messages or attachments. The configuration process differs according to your Exchange type.


Creating a Server Connection


Create a server connection between Mimecast and your mailbox server. This enables end users to make use of Internal Email Protect user mailbox actions (e.g. removing messages from their mailbox that are found to be unsafe). See the Managing Server Connections page for full details.


Creating Your Policies


Ensure you're protecting all incoming, outbound, and internal messages, by creating at least one of each of the following policies:

URL Protection Definition / PoliciesThese provide protection from messages being sent or received, that contain URLs to targeted attacks and spear phishing attempts. They also protect you from good websites turning bad and delayed exploits. URL Protect is managed centrally, allowing rapid deployment without using any additional infrastructure, and allows administrators to monitor / report on user activity.
Attachment Protection Definition / PoliciesThese provide protection from messages being sent or received with attachments containing malware, malicious macros, and other exploits. It also detects and removes potentially malicious attachments from inbound messages (e.g. PDF, Microsoft Office files) using static file analysis and sandboxing.
Content Examination Definition / PoliciesThese analyze the content of messages, looking for matches you provide. It sets the conditions under which a message is considered safe, and what action should be taken if it isn't.


Configuring Your Journaling


Configure your Journaling to add your organization's internal email communication to the Mimecast Archive. This is required because Internal Email Protect scans journaled emails and matches configured policies based on the journaled mail.

When configuring journaling, it's important to select the correct journal type on your journal connector. This must match the type of traffic sent from your email environment to avoid unexpected errors.

See Also...


2 people found this helpful