Email Security, Cloud Gateway:

Administration Console Basics

Student Guide
 TABLE OF CONTENTS

INTRODUCTION 6

HOW MIMECAST WORKS 6

LESSON 1: LOGGING IN 6

LESSON 2: THE DASHBOARD 7

NAVIGATION 7
MIMECAST STATUS PAGE 8
NOTIFICATION FEED 9
DIRECTORY CONNECTORS, JOURNAL CONNECTORS AND EXCHANGE SERVICE 10
ACTIVITY OVER 24 HOURS 10
TOTAL EMAIL TRAFFIC 10
REJECTIONS 11
ACCOUNT SUMMARY 11

LESSON 3: ACCOUNT SETTINGS 11

ACCOUNT SETTINGS 12
DIRECTORY OPTIONS 13
USER ACCESS AND PERMISSIONS 13
SYSTEM NOTIFICATION 14
ACCOUNT CONTACT 14
PASSWORD COMPLEXITY AND EXPIRATION 15
ENHANCED LOGGING 15

LESSON 4: AUDIT LOGS 16

WORKING WITH THE AUDIT LOGS 16

COMMON EXAMPLES 16

LESSON 5: ROLES 17

SECURITY PERMISSIONS 17
ROLE EDITOR 18
ELEVATE BASIC ADMINISTRATOR ROLE 20
CUSTOM ROLES 20
PARTNER (EXTERNAL) ADMINISTRATOR ROLES 21

LESSON 6: REPORTING 23

©2023 Mimecast. All Rights Reserved |2

 ACCESS REPORTING 23
ACCOUNT ASSESSMENT REPORT 23
PDF REPORTS 24
CSV DATA 25
OVERVIEW REPORTS 26
CUSTOM REPORT DEFINITIONS 26

©2023 Mimecast. All Rights Reserved |3

 Prerequisites
• N/A

Course Objectives
• Navigate and understand the functionality in the Administration Console.
• Understand the relevancy of the Mimecast Status page.
• Explain the Account Settings menu item and its subsections.
• Access and export Audit Logs as needed.
• Explain the differences between various Roles and Security Permissions
• Schedule and read the reports Mimecast provides.

©2023 Mimecast. All Rights Reserved |4

 How this Guide Works
This guide has been designed to follow the structure of the instructor-led training session. Here you
will find the use cases, walkthroughs and scenarios discussed during the session, as well as useful
configuration and troubleshooting tips. In addition, where we can provide you will find some
frequently asked questions.

Scenario
These will highlight real-life use cases that will be covered with students in class.
Those targets without a green background are for students to have as added take-
aways from the session.

Troubleshooting / Knowledge Tips

These are intended to provide important points or facts that you should be aware of,
as well as helpful troubleshooting tip.

Discussion
There may be times in the course where the instructor asks participants to take part
in a discussion about a particular topic (e.g., to discuss something where there may be
more than one solution to a problem).

Warning or Alert
This is meant to provide you with a warning about something.

Disclaimer: During an instructor-led class, an instructor will demonstrate configuring certain policies,
profiles, etc., in the Administration Console. This is being done in an environment that is safe for
demonstration purposes.
If you wish to follow along in your own environment, we advise as follows:
1. Follow along with the configuration steps and cancel instead of saving.
2. In an instance where you follow along configuring a policy, we advise you to set the “To” and
“From” address fields to reference pilot profile groups that have been configured
beforehand. Navigate to Directories | Profile Groups in the Administration Console and add
the email addresses you want in the pilot groups. This will ensure you are testing policies on
a small subset of your user population and not your whole organization.
Please Note: Instructors will use Prefixes for some profile groups, definitions, and policies. This is for
training purposes only. As an administrator, you would choose the naming conventions that work for
you in your environment.

©2023 Mimecast. All Rights Reserved |5

 Introduction
Welcome to Mimecast Services. This session will introduce you to the basic functionalities of using
the Mimecast Administration Console. As someone with administration permissions, you will be
given control over some or all parts of your organization’s Mimecast account. With certain
permissions, you can manage users, create policies, review logs, track user activity, troubleshoot
email delivery, and much more.

How Mimecast Works

Mimecast acts as a middle person between you and your clients, and your clients and you. This
means that when you send emails to external parties, your emails will go through the Mimecast
cloud for inspection. This ensures that your employees are not inadvertently sending out sensitive
information. And when your clients send emails to you, Mimecast inspects those emails for
malicious links, attachments, and other potential threats. In order to do this, Mimecast uses various
policies, which you can learn more about in our Security Policies course.

In addition to Security, Mimecast also provides Archiving capabilities. Mimecast archives email data
and metadata according to your specified retention period. This data is captured through various
input mechanisms, including gateway-level capture, journal feeds, LAN and cloud information syncs,
and bulk ingestion of historical data. And regardless of which major mail platform you use, such as
Exchange, Office 365, or Google Workspace, you can count on Mimecast's support.

One of the benefits of Mimecast's archive is that it allows your employees to search for emails from
anywhere, and on most devices. It's always accessible, even when your primary mail systems are
down. And, administrators and legal staff can easily run comprehensive e-discovery searches,
manage cases, and export data. Finally, should the need arise, data can be recovered from the
archive and restored to your primary mail system.

These are just some of the things Mimecast can do for you.

Lesson 1: Logging In
If you need to log in to the Mimecast Administration Console or any other Mimecast applications,
just head to mimecast.com and click on the Login button located at the upper-right corner of the
page.
This will take you to a new page where you’ll choose what you’d like to log in to. The choices are:
• Access My Email
• My Applications
• Partner Portal
• DMARC Analyzer
• Cloud Integrated UK
• Cloud Integrated US

To access the Administration Console specifically, select the My Applications option, which will
prompt you to enter your email address. If your organization uses Single Sign-On (SSO), you will be
taken directly to your MyApps page. However, if SSO has not been configured, you will need to use
your Domain credentials (if a Directory Connector has been set up) or local Mimecast Cloud
credentials (if Cloud authentication has been configured).

©2023 Mimecast. All Rights Reserved |6

 Once logged into your "My Apps" page, you can view all the Mimecast applications that are included
in your subscription and that you have access to. This includes applications such as Awareness
Training, Case Review, and DMARC Analyzer.
To access the Administration Console, simply click on the Administration Console tile, which will
prompt you to enter your email address.

Lesson 2: The Dashboard

The first time you log on to the administration console you will be greeted with a Virtual Tour
popup. This can be revisited at any time. The dashboard provides multiple status updates and
notifications. Graphs will show your email traffic during certain time periods.

Navigation

The top bar will be the main means of navigating the Administration Console.
Selecting the Hamburger menu will hide or reveal the menu of items you have permissions to see.
Depending on your role you may be limited to what you have access to.
The Search Bar allows you to search for Menu Items or in Mimecaster Central, our knowledge base
of page breakdowns and best practices. When you type a search term, you can select which tab you
want to view.

Favorites - You can mark up to ten dialogs as favorites, using the stars next to each sub-
menu item in the Administration drop-down (use the X next to each to remove).

©2023 Mimecast. All Rights Reserved |7

 App Switcher - List of all the applications you have purchased from Mimecast as well as
things automatically given to you (e.g., Mimecaster Central, Threat Dashboard)

Bull Horn – Provides access to What’s New, Guides, Product Overview, Events and Feature
Request areas.

User Account Profile

Your Mimecast User Account Profile details are displayed in blue on the upper right-hand side of the
Administration Console and displays your:
• Email Address
• Mimecast Account Name
• Avatar
Clicking on your avatar will open a popup that
contains even more information.
• Account and Support Details. When clicked, this will
display your Mimecast ID, which is a numeric code that
you will need when raising telephone cases with
Support.
• Change Cloud Password
• Preferences (Enable/Disable Early Access feature)
• Contact Support
• Ask a Question
• Send Technical Information. Be aware that this option
has been deprecated due to changes with Mimecast
support systems. Technical Information should instead
be conveyed through Support Tickets that are opened
through Mimecaster Central.
• Log Out

Mimecast Status Page

Mimecast provides a status page of all services in all serviced regions at: status.mimecast.com.
You can also access it from the Administrative Console Dashboard in the upper right corner of the
Notification Feed.

©2023 Mimecast. All Rights Reserved |8

 This page is separate from Mimecast infrastructure to provide an accurate and independent status.
Use this page when troubleshooting any Mimecast related problems to keep yourself informed.

Status
A general status indicator at the top provides immediate overview of Mimecast’s services. Selecting
any of the regions provides the breakdown of the services Mimecast provides.

History
Here you can view any previous incidents as well as the timeline of actions Mimecast has taken to
investigate and resolve the situation.

Notification Feed
The Notification Feed displays different notification types that provide information related to your
account and other Mimecast services.
The notifications are presented in a
list format, with the most recent
notification appearing at the top of
the list. You have the option to filter
the notifications either by Product
or Service. If you select the Product
filter, you will only see notifications
related to new releases or product
updates. On the other hand, if you
select the Service filter, you will only see notifications about your Mimecast service. In certain cases,
such as during a service outage, you may only see Service notifications, which will be highlighted with
a color-coded title and icon. The icon and title will indicate the status of the service notification.

Email Queues
As an Administrator, you’ll have access to Email Queues, which provide a visual
representation of the number of incoming and outgoing messages in the last 48 hours. When you
hover over a data point on the graph, you can view the number of emails per category at a specific
time. To access the Delivery Queue, click on the "See More" link located at the upper right corner of

©2023 Mimecast. All Rights Reserved |9

 the Email Queues page. You can also find the Delivery Queue under the Monitoring | Delivery
sections. The Delivery Queue displays all inbound and outbound messages waiting to be delivered.
Usually, the Delivery Queue is empty if there are no issues with inbound or outbound mail flow.

Directory Connectors, Journal Connectors and Exchange

Service
The Directory Connectors, Journal Connectors, and Exchange Services sections show you your
Service status indicators.
• Green = good service
• Amber = partial disruption or errors/warnings
• Red = the service has been disrupted.
Each section has a “See more” link to bring you directly to the relevant area in the Administration
Console.
• Directory Connectors: Directory Connectors are added to allow Mimecast to Synchronize
with an organization’s Active Directory so that the users can be managed on the Mimecast
platform and assigned to certain policies and applications. There are different types of
directory connectors, depending upon the infrastructure you have - Active Directory (LDAP)
- Domino Directory (LDAP) - Office 365 / Windows Azure Active Directory - Google
Directory
• Journal Connectors – Journal Connectors are created to capture internal email between
users. In this way, internal email communications are added to your organization's Mimecast
Archive.
• Exchange Service– This replicates your Outlook folders into your archive, so you have
consistency in your views. This is for customers with an On-Premises environment who use
the Mimecast Synchronization Engine.

Activity over 24 Hours

The Activity over 24 hours section displays the total number of messages in each of the categories
displayed over the previous 24 hours.

Use the path next to each item to navigate to the areas identified below and act.
• Attachments Blocked - Monitoring | Attachments.
• Rejected Messages - Message Center | Rejected and Deferred Messages
• Bounced Messages - Message Center | Bounced Messages
• Policy Edits - Gateway | Policies.
• Held Messages - Message Center | Held Messages
• Attachments Linked - Monitoring | Attachments.

Total Email Traffic

©2023 Mimecast. All Rights Reserved | 10

 The Total Email Traffic section displays an hourly breakdown of your total internal, inbound, and
outbound email traffic over the previous seven days. You can hover over a graph's data point to
display the number of the emails per category at a given point in time.

Note: You can zoom in on the graph’s data to display the hourly breakdown by dragging over the
date range and releasing the mouse.

Rejections
Displays the top five rejection types for your account, in no specific order, over a 24-hour period.
You can hover over a graph's data point to display the date, time, and the number of rejections at a
given point in time.

Account Summary
This summary provides you with information about your account.
• Your account name.
• Your Mimecast ID.
• Your Account Code.
• Your security passphrase (if one has been configured with us)
• Your support codes. This must be quoted when calling Mimecast Support to log a call.
• Your account's maximum retention period for messages

Lesson 3: Account Settings

Your account's settings contain information about your account (e.g., your archive retention period,
the number of licensed users, the Mimecast Service you have purchased). There are also some
configurable settings. Some of these can only be amended by Mimecast Support and are typically
configured when your account is initially created.
To access Account Settings, navigate to Account | Account Settings.
The menu groups are as follows:
• Account Settings: License and retention details regarding your Mimecast account. The menu
is displayed by default.

©2023 Mimecast. All Rights Reserved | 11

 • Directory Options: Options to link or clear alias addresses.
• User Access and Permissions: Configure global access for users and timeout for Ad-
ministration Console sessions.
• System Notification Options: Specifies certain notification addresses.
• Account Contact: Account contact details.
• Cloud Password Complexity and Expiration: Controls password complexity, expiration and
account lockout for Mimecast Cloud passwords.
• Enhanced Logging: For use with APIs

Account Settings
The Account Settings sub-group provides license and retention details regarding your Mimecast
account. Much of what you see here cannot be edited even as a super administrator.

Account Settings
Account Name The name for your Mimecast account. This is usually your organization's
name.
Mimecast ID The ID of your Mimecast account. This is to be used for interactions with
Mimecast Service Delivery.
Account Code A unique identifier for your Mimecast account to log a support ticket.
Database Code A reference for the database instances of your Mimecast account.
Account Status Enabled by default. This is only disabled if your account has been
terminated.
DNS Authorization Used to verify permissions for sending through the Mimecast SPF IP
Code Addresses. Added during account implementation.
Maximum Retention Added during account implementation, this specifies the maximum
(Days) number of days messages will be retained in the archive. This setting
cannot be increased by administrators, but it can be reduced for retention
of specific messages.
Maximum Retention Specifies that the Maximum Retention (Days) value has been approved by
Validated a user with Super Administrator, Full Administrator, or Partner
Administrator permissions. Occasionally requested to verify account
retention setting is still accurate.
Number of Users The number of users licensed within this Mimecast account.
Pause Inbound If your email system is temporarily unable to accept messages, enabling
Deliveries this option will globally halt Mimecast from sending emails to that email
environment.
Warning Message Mimecast will send a warning notification to users in your organisation
After (Attempts) notifying them that Mimecast has an issue delivering mail to them. By
default, these notifications are delivered to senders after 60 minutes or
six retry attempts, whichever comes first.
Bounce Message After Mimecast will send a bounce notification to users in your organisation
(Attempts) notifying them that Mimecast has an issue delivering mail to them.
By default, these soft bounce notifications are delivered to senders after
96 hours (four days) or 30 retry attempts, whichever comes first.

©2023 Mimecast. All Rights Reserved | 12

 Ingestion Partner Certified Ingestion Partner to perform end-to-end migrations using
Mimecast Simply Migrate client via the Ingestion API.
Ingestion Size Limit Specify the maximum amount of data the account can ingest in Terabytes
(TB), e.g., 10 for 10 TB, 0.1 for 100 GB, 0.01 for 10 GB.
API Export (Case Enables ‘API Exports’ section in Case Review. Which will allow to
Review) download export data through Simply Migrate.
Awareness Training The value displayed here reflects the total number of Modules allowed
Modules within the Awareness Training platform. This value is automatically set
when an Administration Console is created during the implementation
phase and/or is updated automatically upon the Mimecast subscription
renewal date. This is a read-only field that can only be set by Mimecast
Support.
Awareness Training The value displayed here reflects the total number of Custom Modules
Custom Modules allowed within the Awareness Training platform This value is
automatically set when an Administration Console is created during the
implementation phase and/or is updated automatically upon the
Mimecast subscription renewal date. This is a read-only field that can only
be set by Mimecast Support.

Directory Options
This grouping deals with either linking or not, the Aliases within your environment.
Automatically Link Uses the mailbox information from Active Directory to link alias addresses
Aliases to primary mailbox addresses in Mimecast. This allows users to login using
their primary address, and access emails for the aliases.
Clear All Aliases Removes the alias links to the primary addresses in Mimecast Directory.

User Access and Permissions

There are various settings here to control user access and permissions for your Mimecast account.
Administration If an administrator is inactive for the selected time the session will expire
Console Timeout and they will have to log back in.
Send BCC to Mail When sending mail using Mimecast for Outlook or Mimecast Personal
Server Portal during a Continuity Event, or the Mobile application, the platform
automatically adds the sender’s email address in the BCC field. This
ensures that a copy of the message is routed back to your infrastructure
by default.
SMTP Submission SMTP Submission Override allows all Internal users to use the Mimecast
Override Platform as an alternative outgoing mail server using SMTP
Authentication. This option should only be used with care and therefore
only Mimecast Service Delivery can enable/disable it for you.
Display Sender If you use Directory Synchronization, Mimecast can retrieve images
Avatar to External associated with the user's email address. With this option enabled, these
Users images can be displayed as user avatars in Mimecast solutions (e.g.,
Secure Messaging).
Admin IP Ranges You can restrict those who can log on to the Administration Console to
(CIDR n.n.n.n/x specific IP addresses and / or ranges.

©2023 Mimecast. All Rights Reserved | 13

 Content When set to "Content" an administrator with content permissions will by
Administrators default be presented with the content of the items they open after which
Default View they can toggle to the metadata. When set to "Metadata" an
administrator with content permissions will by default be presented with
the metadata of the items they open after which they can toggle to the
content.
Targeted Threat A user’s device cannot be authenticated perpetually. Set a period after
Protection which a user's device must be reauthenticated, if there has been no user
Authentication interaction with Targeted Threat Protection.
Authentication Enter the number of days that need to pass before a user will have to re-
Duration (Days) authenticate.

System Notification
Systems notifications control who gets notified by SMS, the postmaster address, and who is alerted
for specific events such as archive searches or when export blocks are finished.
SMS Attribute Specifies the Active Directory or Mimecast attribute that identifies the
mobile phone number of users. When sending an SMS to a user, we use
the number associated with this attribute.
Notification Specifies the email address from which all user notifications are sent. A
Postmaster Address postmaster address is created by default in the internal domains and is
selected by default. The address cannot be deleted but a different email
address can be used by clicking the "Lookup" button.
Privileged Access This email address will be notified when an archive search is performed
Notifications by an administrator.
Enforce Archive When selected, Administrators will be required to provide a reason when
Search Reason searching for emails under Archive | Archive Search or Message Center |
Message Tracking. The reason provided will be reflected within Archive |
Search Logs under the “Reason” column as well as within the Privileged
Access Notifications email that is sent to the email address listed within
the “Privileged Access Notifications” field under Account | Account
Settings | System Notification Options.
Send Notification This option enables automatic email notifications when exports are
When Export Block is requested.
Complete

Account Contact
The contact information here provides Mimecast the point of contact to alert regarding Mimecast
services. Keep this information up to date as frequently as possible.
Contact Name This is the contact that Mimecast Support uses to contact customers
regarding your Mimecast Account. When updating these fields, please do
so by contacting Support via phone or by opening a Support ticket via
Mimecaster Central.
Telephone Number for the Contact.

©2023 Mimecast. All Rights Reserved | 14

 Emergency SMS The contact’s mobile phone number.
Number
CC Email Addresses Alternate email addresses. Multiple email addresses can be added
separated by a comma. Ensures that notifications can be communicated
to a wider group.

Password Complexity and Expiration

As a Mimecast customer you can login to the Administration Console either by a Domain Password
or a Cloud password. The settings in this section only effect cloud passwords. Active Directory
accounts and passwords are not controlled by this.
Mimecast provides options for administrators to enforce user account password complexity and
expiration settings. This feature enhances Mimecast cloud account security by reducing the risk of a
security breach through end users setting weak passwords and brute force attacks. These settings
include defining the password length and complexity (e.g., enforcing numeric, non-alphanumeric
characters and uppercase letters), the expiration period, and the account lockout policy. More info
here.
Minimum Password 8
Length
Include at least one Select the complexity, must have at least 3 of the items selected that
lowercase alpha make up complexity.
character (a-z)
Include at least one Select the complexity, must have at least 3 of the items selected that
lowercase numeric make up complexity.
character
Password Expiry The account lockout setting cannot be disabled. Administrator can
configure custom settings, or the Mimecast default system settings will be
applied (e.g., after five consecutive unsuccessful log on attempts, the
account is locked for 15 minutes.)

More detail can be found here.

Enhanced Logging
If you are using a SIEM or any other data analytics platform, you can enable additional logging of
email transactions on your account. These logs are available using the SIEM Logs API.
For more information, see the Mimecast Documentation site and SIEM Logs API here.
These additional settings do not impact the current Reporting features available in the
Administration Console and are only available using an API integration.

©2023 Mimecast. All Rights Reserved | 15

 Lesson 4: Audit Logs
Audit Logs are system related logs that help administrators monitor changes
and events in their Mimecast platform. They act as a security measure and a
troubleshooting tool. The logs monitor the activity of both admins and users,
whether they were performed manually or automatically. Some events
captured are:
• Account changes
• User account changes
• Policies and definition altering
• Directory syncs
• Journal failures
• Folders created, updated.
• Login attempts, failures

Working with the Audit Logs

To access Account Settings, navigate to Account | Audit Logs.
Filter and Search
You can filter on the types of logs you wish to see using the filter in the top right, as well as search
using the tools available in the top left to enter specific criteria and choose a date range.

Common Examples
Some common examples of logs are as follows:
Event Description Information Provided
Logon A user attempted to log on to • User’s login
Authentication the Administration Console, but • Date and time
Failed their authentication failed • IP address
• Application used to access Mimecast
New Policy A policy was created • Administrator
• Date and time
• Policy type
• Full policy details

On the Audit Logs page, select a log to display its information. The log displays details about each
event.
• User: Email address of who triggered the event

©2023 Mimecast. All Rights Reserved | 16

 • Category: Category of the event that generated the log file (e.g., Policy Logs, Account Logs)
• Type: Displays the type of event (e.g., New Policy, Completed Directory Sync)
• Details: Displays brief details about the event or changes
made. The details displayed depends on the type of event.
• Date / Time

Exporting
When exporting, you can select which columns of the log you want
included. Click the Export button in the top left corner to see the
panel shown here.

Lesson 5: Roles
The Mimecast administrator roles are a collection of permissions that control access to
Administration Console functionality and certain Mimecast Applications (e.g., Awareness Training,
Case Review, DMARC Analyzer, Brand Exploit Protect, CyberGraph, etc.). Each role determines the
depth of access and can be used to control the tasks performed.

Default Roles
Protected Roles have a padlock next to them (see items 1-5 below).
1. Super Administrator: Can manage application roles and has full privileges to all account
options, including the content view of all email, delegate mailbox access, and the
assignment of protected permissions (for example, the assignment of content view).
2. Full Administrator: Can manage application roles and has high-level administrator
privileges, including the content view of all messages, delegate mailbox access, message
exports, and the creation and approval of retention adjustments.
3. Partner Administrator: Can manage application roles and has full privileges for Partner
Administrators, including delegate mailbox access, but excludes protected permissions.
4. Discovery Officer: Cannot manage roles but has access to common eDiscovery features
such as archive search with content view, messages exports, and the creation or
approval of retention adjustments.
5. Reviewer: Cannot manage roles but has access to the Case Review application as a
reviewer, where discovery cases can be reviewed for relevance and privilege.
6. Gateway Administrator: Has read access to common gateway functionality (e.g., policy
management, message tracking, service connections, and user settings) and rights to
create other administrator accounts without protected permissions.
7. Basic Administrator: A primary administrator account with rights to create other Basic
Administrator accounts, but with no access to protected permissions. You can do basic
things such as create policies, but you cannot read email for example.
8. Help Desk Administrator: Has access to common help desk tasks (e.g., message tracking,
read-only access to policy management, service connections, and user settings).
Read Administrator Role Permissions for a detailed list of permissions.

Security Permissions
Your account comes with a list of default roles. Each role has a security permission assigned. The
security permissions are as follows:

©2023 Mimecast. All Rights Reserved | 17

 • Cannot Manage Roles: Access to the Roles tab is disabled.
• Manage Application Roles: The Application Role also allows Administrators the ability to
control the Administration Console menu items that other administrators can access. The
exception is if the application areas are marked as protected with the "Protected Roles"
permission.
• Manage Protected Roles: A Protected Role is one that allows an Administrator to control
the Administration Console menu items that other administrators can access, including
functionality with protected content (e.g., viewing email content, archiving email content,
exporting messages, managing retention and smart tag assignment). Protected roles have a
padlock icon located to the left of the "View Role" button.
The default roles, their respective security permissions, and the types of permissions they have are
listed in the table below.
Default Role Security Permission

Super Administrator Manage Application & Protected Roles

Partner Administrator Manage Application Roles

Full Administrator Manage Application Roles

Discovery Officer Cannot Manage Roles

Reviewer Cannot Manage Roles
Basic Administrator Manage Application Roles
Help Desk Cannot Manage Roles
Gateway Administrator Manage Application Roles
Synchronization Engine Administrator Cannot Manage Roles

Synchronization Engine Administrator

This is a unique role in that it cannot be used to login/manage Mimecast Administration
console rather it’s only used for MSE Site binding purpose.

Role Editor
Administrator roles are managed using the Role Editor. This allows administrators to:
• Control the users assigned to roles.
• Create custom roles in addition to the default roles provided.
To access the Role Editor, the administrator must have the correct Security Permissions. Without
these permissions, the Roles tab is not displayed in the Administration Console.
To display the Role Editor:
1. Navigate to Account | Roles.
Within the Role Editor, you will see the following.
• Default Roles: Default roles are listed and indicated by a View Role button next to them.
These can only be viewed and not edited.

©2023 Mimecast. All Rights Reserved | 18

 • View Role and Edit Role Buttons: In the list of roles you will notice, some have a View Role
button and others have an Edit Role button. Those with the ability to edit are Custom Roles
(names and description displayed in italics. These are a copy of an existing role. The roles
with the View Role button are roles that you cannot edit.
• Right-Click options: Right-clicking on a role will allow you to do things such as Add Users to a
Role, Manage Users for a Role, Copy a Role, and Remove a Role for those Administrators
with the proper permissions.
• Padlock: Roles with a Padlock have access to the Role Editor and have Protected
Permissions, meaning they can modify access to protected application areas (e.g., archive
email content, exporting messages, managing message retention).
• Custom Roles: Custom roles can be changed / deleted and are displayed in italics.
• Members Column: This column shows the number of members added to a particular role.
• Description Column: This column provides detail on what each Administrator has
permissions to do.

Default Roles can

only be viewed.

Right-click a role to
display a pop-up
menu.

Roles with the padlock Number of users

icon have access to assigned to a Description of the
the Roles Editor and particular role. level of permissions
have protected for a particular role
permissions.
Custom Roles can be
changed / deleted
and are displayed in
italics.

View a Role
To view what permissions a particular role
has in detail:
1. Click View Role next to any of the
roles.
2. Once opened, you will see
Properties and Security
Permissions sections.
3. Under Security Permissions you
will see what type of security
permissions that role has.
4. Under the Application
Permissions area you will see all
the menus in the Administration
Console that role has access to and what type of access [e.g., Read, Edit, etc.]

©2023 Mimecast. All Rights Reserved | 19

 Elevate Basic Administrator Role
The first Administrative Role assigned is Basic Administrator during your implementation. Since you
may want more permissions within the console, you will need to upgrade to a Super Administrator
or another protected role. To do this, you must contact Mimecast Support.

Mimecast Support Case

If a user requires a Super Administrator, Full Administrator, or Discovery Officer role, the following
steps must be followed:
1. Create a Mimecast Support Case. This request must:
• Be written on your company letterhead.
• Be signed & dated by a director or higher in your organization.
Note: The signatory and assigned person cannot be the one and the same person. If a
director is the designated superuser, another director of the company needs to sign
accordingly.
• Specify their name and position.
• Clearly state the email address that needs to be added / removed, and / or the password
to be reset.
Note: Click here and under the Managing Administrators section, you’ll see a clink to
download a template that can be used for this purpose.
2. Once the request has been received, we perform a series of checks to confirm the request.
3. When successfully confirm, a change request is issued to the Mimecast Security Team.
4. Once the new email address has been assigned to the role and / or the password has been
reset, a Mimecast Support representative will contact the Director to verify this request.

Custom Roles
You can only create a role with the permission level up to or lesser than the logged in administrator.
Depending on administrative permissions, you can only create an administrator with the same or
lesser permissions.
When creating a role, we suggest copying a role instead of creating new. The best practice is to
assign permissions less than what the user needs and then add permissions. Another
recommendation is to keep part of the name of the original role as part of the description.

Create Custom Roles

To create a custom role:
1. Inside the Role Editor right-click on
an existing role close to the
permissions of the role you wish to
create and choose Copy Role.
2. A role is created and placed at the
end of the list and italicized. Click
the Edit Role button next to it.
3. Complete the Properties section
with a name and description.

©2023 Mimecast. All Rights Reserved | 20

 Note: When creating a custom role, be sure to be very specific with the name and description so
that you and any other administrators know what the custom role entails when assigning it to
others.

4. Select the desired Security Permission

5. Select / Deselect Application Permissions for
the role [Read, Edit, Protected Areas]
6. Save and Exit
Note: Use the Edit Role button next to the copy you just made and add / remove permissions.

Custom Role Actions

Action Steps
Changing Click Edit Role, make changes, Save and Exit
Copying Right-click on a role and choose Copy Role
Adding Users Right-click on a role and Add Selected Users
Removing Users Right-click and select Manage Users for Role, right-click on the user and
choose Remove User from Role
Deleting a Role Remove all users from the role then right-click and choose Remove Role

Partner (External) Administrator Roles

At the top of the Roles Editor, you will see a button labeled Manage External Administrators.

• This is the area where you will see any 3rd party administrators who have access to your
Administration Console.
• As a Managed Service Provider (MSP), this is the area where you will see who you have at
your organization set up to manage that customer’s account.

MSPs should be encouraged as a part of best practice to link their External Address to
any Customer they are supporting, ensuring they have both access to the
Administration Console and can Raise Support tickets for that account.

©2023 Mimecast. All Rights Reserved | 21

 Customer Use
• As a customer, if you are logged on as a Super or Full Administrator, you can see the
Manage External Administrator button.
• When you click the button, you can see a list of the 3rd party administrators that have access
to your Administration Console.

Partner Use
Managed Service Providers (MSPs) are added to this area by the original MSP that Mimecast
connected to this customer account. Mimecast does this so that MSPs can have SSO access to
customers through the Partner Portal. Mimecast will have given them special credentials for
accessing the customer account through the Partner Portal (e.g.,
msp_clientname@clientdomain.com)
If you are an MSP, you should know that when you log into the Partner Portal, there is a place where
you can see all the customers whose Administration Console you have access to. It is here where you
will click an Administration Console button next to their company name and be logged in with SSO.
Adding External Administrators
After logging into the customer Administration Console, MSPs will navigate to Account | Roles if
they wish to add any other partners from their organization to manage their customer account.
Note: They can also do this through the Portal.

1. To do this in the Administration Console, click the Manage External Administrators button.
2. Click the Add External Admin button.
3. Enter the External Admin Email Address of the partner you want to manage this account
and use the Select Role drop-down menu to assign them the Partner Administrator role.
4. Click Save and Exit.
Things to be aware of:

• If you click on the Partner Admin Role at the home page of the Role Editor, you
will see the external admin you added is located here and listed as a member.
• If you click on any of the users listed as an External Administrator, you will notice
an External Admin Account Code. This is auto generated when you create a new
External Admin and Save.
• If adding multiple email addresses, you will add them one by one here or they
can be added via the MSP Portal. See article below.

More information on delegating access here. See also the Managed Service Providers (MSPs) Portal.

©2023 Mimecast. All Rights Reserved | 22

 Lesson 6: Reporting
Mimecast Reporting provides Administrators with a view of what is happening in their email
environment. This includes detailed statistics on:
• How many messages are being sent or rejected.
• The data volumes being transmitted.
• These reports can assist with infrastructure planning through data load analysis, show spam,
virus trends, and supply usage reports on a per user basis.
• Administrators can also schedule reports to be emailed out or download the reports from
the Administration Console. These reports can then be analyzed, and any necessary changes
made.

Access Reporting
To access the reporting functionality, navigate to Reporting:
The following menu items are displayed:
• Account Assessment: A report created for your account by Mimecast at the end of each
reporting period. The report is available for one week from Monday to Sunday, and over
each calendar month. See the Account Assessment Report Overview page for more details.
• PDF Reports: Schedule weekly or monthly reports to be emailed to specific recipients or
made available for download. See the Reporting: PDF Reports page for more details.
• CSV Data: Download and view the daily CSV data for certain account logs, including
rejections. See the Reporting: CSV Data page for more details.
• Overview: Provides graphs that show email volumes, bandwidth, and statistics for your
account. This includes outbound, inbound, and internal emails, and rejected email traffic.
See the Reporting Overview page for more details.

Account Assessment Report

The Account Assessment Report is created for your account by Mimecast at the end of each
reporting period. The report is available for one week from Monday to Sunday, and over each
calendar month. It provides a full report of every facet of your Mimecast services.

Download the Report

To download the Account Assessment Report:
1. Navigate to Reporting | Account Assessment
2. Click Download Account Assessment PDF Reports
3. Download the required report (e.g., weekly, or monthly)
The report includes data on the following if you use the service:
• Secure Email Gateway
• Large File Send
• Secure Messaging
• Attachment Protect
• URL Protect
• Impersonation Protect
• User Activity
• Web Security

©2023 Mimecast. All Rights Reserved | 23

 For more information, review the Accessing the Mimecast Account Assessment article in our
knowledgebase. You will find articles at the bottom that pertain to all the items above.

Scheduling a Report
If you wish certain individuals to have weekly or monthly reports
delivered to their mailbox, follow the steps below.
1. Navigate to Reporting | Account Assessment
2. Select the Weekly Report or Monthly Report heading.
3. Expand the Email Schedule Section: Choose Send Report.
When you select Send Report, the ‘Report Recipients’ section
displays (send up to 5 recipients).
4. Use the Lookup buttons to look up the recipients you wish to
receive the weekly report.
5. Click Save.

PDF Reports
The PDF Reports function allows you to schedule
reports to be run on either a weekly or monthly
schedule and save the output to a PDF file. You
can also download reports directly.
Administrators with read only access to the
Reporting module will not have access to edit
Reporting Schedules.
You can select:
• Whether the report should be emailed
or saved locally on Mimecast.
• Whether you want a PDF of a standard
report or a custom report of your choice
of data.
• Which graphs should be saved / sent.
• How often these graphs should be run (weekly or monthly.)
• The email addresses where the PDFs should be sent (up to 5 individuals.)

Administrators with read only access to the Reporting module will not have access to
edit Reporting Schedules.

Scheduling the PDF Reports

1. Navigate to Reporting | PDF Reports
2. Select Weekly Report or Monthly Report
3. Select Report Type:

Standard: If Standard is chosen the graphs selected under the Select Graphs area will be

©2023 Mimecast. All Rights Reserved | 24

 greyed out and those items checked by default will be in your report.

Custom: If you select Custom Selection of Graphs, the Select Graphs area is open for
changing what you will see in the exported report.
4. Expand the Email Schedule Sections:
Options here are Do Not Send Report
and Send Report. When you select
Send Report, the ‘Report Recipients’
section displays (send up to 5
recipients).
5. Use the Lookup buttons to look up
the recipients you wish to get the
weekly report.
6. Click Save.

The PDF and Overview reports are focused on email traffic data, while the Account
Assessment provides a full report of every facet of your Mimecast services.

Download PDF Reports

If you wish to download a report, click the Download PDF
Reports button at the top.
Choose View PDF Reports and select either Show Weekly or
Show Monthly at the top, depending on what you are looking
for and then click the Download PDF button next to the desired report.

CSV Data
The CSV reports consist of daily rejection data. Administrators can download the report data in a
comma separated (.CSV) format. This has many uses, including sharing it with colleagues who do not
have access to the Mimecast Administration Console.
For data that is not retained on Mimecast eternally (e.g., Rejection Viewer logs) Administrators can
access this data, even after it is no longer visible in the Administration Console.
More information on this here.

©2023 Mimecast. All Rights Reserved | 25

 Accessing and Downloading CSV Data
To access the CSV Data:
1. Navigate to Administration |Reporting | CSV Data
Note: Information regarding the report start/end dates, generation date, and report interval
is displayed. By default, a month's worth of reports is available for download, however, you
can click on the calendar control to amend this.
2. Click Download CSV next to the date range desired.
3. Specify a Location for the download [change the name of the file as desired]
4. Click Save
For more information, read the Reporting: CSV Data article.

Overview Reports
These reports provide a graphical representation of email volumes and flows. These default reports
give Administrators a quick view of their environment, showing different aspects of their email data
volumes and bandwidth usage. Administrators can also determine which users in the company are
sending large volumes of emails and analyse what is causing inbound emails to be rejected.
To access, navigate to Reporting | Overview:
Reporting Overview shows groups of graphs as follows:
• Summary Graphs - display the volumes of email split into Outbound, Inbound, and Internal
messages, as well as Rejected volumes.
• Outbound Email - displays email communication from internal users to external users and
domains.
• Inbound Email - displays email communication from external users to internal users and
domains.
• Internal Email - displays email communication between internal users.
• Custom Reports - displays any Custom Report Definitions that have been configured.

View the Reporting Definitions page for a detailed breakdown of what each of the
different graph data types represent. Reporting data is available for a year, although
scheduled reports can be stored in PDF for a longer period.

Custom Report Definitions

Although Mimecast provides a default set of graphs and reports, Administrators may also be
interested in viewing the company's email usage with different filters. Custom Report Definitions
allow Administrators to specify the following:
• Report type
• Report filters such as domain, email address or groups
• How the data is displayed
• Number of results returned.
Reports can also be downloaded for review in CSV format or emailed out in PDF format. Custom
Report Definitions allow control over the report filters and how the data is displayed. By creating

©2023 Mimecast. All Rights Reserved | 26

 customized reports, Administrators can view data relevant to the email environment quickly and
easily.
Like other groups of graphs, Administrators are also able to schedule custom reports to be emailed
out or downloaded.

Using Custom Report Definitions

To create a custom report:
1. Navigate to Reporting | Overview.
2. Select Custom Report Definitions
3. Select New Custom Report
4. Enter a Report Title and Description
5. Select a Report Type (Email Volume, Email Bandwidth, Rejection, Email Statistics)
6. Group Totals By: Select how you want the data grouped (domain, email address, date,
rejection type for rejection reports only)
7. Limit results To (top 10, top 20, top 30 (default), top 40, top 50, show all)
8. Filter Results on (domains, profile / AD groups, email addresses, none)
9. Domain Name (select an internal domain, group, or email address – dependent on filter
selected above)
10. Save and Exit

View Custom Reports

To view the Custom Reports, find them listed in the menu group called Custom Reports on the
Reporting Overview page.
Click on the report and the updated results will be displayed in the right-hand pane. The results are
displayed in a table format and can be downloaded by clicking on the Download as csv button.

Delete a Custom Report

To delete a custom report, click on the Custom Report Definitions button in the upper left corner of
the Overview page shown in image above, select the report definition you wish to delete and click
the Remove Definition button.

©2023 Mimecast. All Rights Reserved | 27

 © 2023 by Mimecast Services Ltd. The information posted in this guide is for use by
Mimecast customers only. Use of the guide is governed by the terms contained in the
user’s agreement with Mimecast. Information in this guide is subject to change
without notice. The Mimecast name and logo are owned by Mimecast Services Ltd
and its affiliates. All other names and marks are the property of their respective
owners.

©2023 Mimecast. All Rights Reserved | 28