Targeted Threat Protection: Managing Device Enrollment

Document created by user.Yo2IBgvWqr Employee on Mar 9, 2018Last modified by user.oxriBaJeN4 on Aug 3, 2018
Version 4Show Document
  • View in full screen mode

This guide describes how to manage device enrollment of end user devices with Mimecast's Targeted Threat Protection.

 

Applies To...

 

  • Administrators responsible for managing device enrollment on end user devices.
  • Administrators trying to understand whether to enable, disable, or revoke device enrollment.

 

Enabling / Disabling Device Enrollment

 

To enable Targeted Threat Protection device enrollment:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Account | Account Settings menu item.
  4. Expand the User Access and Permissions section.
  5. Select the Targeted Threat Protection Authentication option.
  6. Set the Authentication Duration (Days) option to a value between 1 and 365.
    This controls the expiration date of the device's cookie, but as the cookie is renewed with each Targeted Threat Protection service interaction, the end user only enrolls once unless they don't access the service again before the cookie expires.
  7. Click on the Save and Exit button.

If device enrollment is disabled, a warning message is displayed when the "Targeted Threat Protection Authentication" option is deselected, informing you of the risks to your security. Similarly, if Targeted Threat Protection - URL Protect's user awareness feature is enabled, and Targeted Threat Protection authentication is disabled, a warning message is displayed informing you of the risks of not using authentication.

We've provided an email template you can use to inform your users about how device enrollment affects them.

Using Device Enrollment with Office 365

 

o365error.pngThe device enrollment message from Mimecast to the end user may be rejected by Office 365 with the error displayed. This error is caused by the message coming from the null address <>. Office 365 rejects messages coming from null addresses.

 

To prevent this error:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Account | Account Settings menu item.
  4. Open the System Notification Options section.
  5. Specify a default email address in the Notification Postmaster Address option. This is used to send system notifications and delivery reports to users.

 

Revoking a User's Devices

 

You can revoke all of a user's devices, forcing them to enroll again. This is useful if a device is lost or stolen, or a user leaves the company.

 

To revoke a user's devices:

  1. Log on to the Administration Console.

  2. Click on the Administration menu item.
  3. Click on the Directories | Internal Directories menu item. A list of domains is displayed.
  4. Click on the required Domain. A list of users is displayed.
  5. Click on the User whose device enrollment is to be revoked.
  6. Click on the Revoke Authentication button in the Targeted Threat Protection Authentication section.
  7. Click on the Save and Exit button.

 

Troubleshooting Cookie Issues

 

If you experience issues with device enrollment, check the following:

  • For device enrollment to work, cookies must be enabled in the end user's device browser.
  • If a user accesses Targeted Threat Protection services on different devices, each device must be authenticated.
  • It is not possible to turn device enrollment on / off for a specific group of users or device types.
  • Private browsing must be turned off.
  • Ensure the end user's browser is supported. See the Mimecast Browser Support Matrix page for full details.
  • The end user's primary Mimecast address is being used to log in.

 

See Also...

 

2 people found this helpful

Attachments

    Outcomes