Brian Reid – Microsoft 365 Subject Matter Expert

Integrating Microsoft 365 SafeLinks and Mimecast Targeted Threat Protection

If your email protection filter is provided by Mimecast, then you might also have enabled Mimecast Targeted Threat Protection (TTP). TTP, like Microsoft Defender for Office SafeLinks will rewrite the URLs in email messages, but unlike SafeLinks will not rewrite or redirect them in Office documents or Teams chat, channel and meetings. Therefore as both products are not a 100% match for each other you will be configuring either only SafeLinks or both TTP and SafeLinks.

If you have both TTP and SafeLinks turned on you will get SafeLinks rewriting the TTP rewritten links – that is, Mimecast TTP rewrites the URL and sends the email into Microsoft 365, which rewrites the already rewritten URL again.

To avoid this, you need to exempt the TTP URL from SafeLinks. In February 2024 Mimecast changed the URL for the rewriting, and so you might need to update your SafeLinks configuration as well. Here is what you need to know:

  • Before March 2024 – the URL is only protect-xx.mimecast.com (where xx is specific to the Mimecast datacentre, for example protect-eu.mimecast.com for the UK datacentre.
  • After March 2024 for a small period of time – both the old URL above and the new URL below need to be included on your SafeList configuration
  • Later in 2024 – only the new URL will be needed in your SafeList configuration. The new URL is url.xx.y.mimecastprotect.com where xx is the datacentre location and y is the product name – for example url.uk.m.mimecastprotect.com for Email Cloud Security Gateway (m) from the UK datacentre.

For “Email Cloud Security Gateway” the value for “y” in the above URL is “m”! For “Email Cloud Security Integrated” the value for “y” in the URL above is “a”. In the picture below, both have been added for the UK datacentre.

So, for a time you will have a configuration the looks like this:

SafeLinks URL Rewrite Bypass for Mimecast (and conferencing apps)

The above configuration shows that you are not SafeLinks rewriting the Mimecast URLs for the old and new domains for TTP, but SafeLinks is enabled for Teams and Office. The email rewrite is enabled for scenarios that do not include Mimecast such as internal emails. And see this article for why you should bypass conference apps such as Microsoft Teams and Zoom).

Photo by Mike Bird: https://www.pexels.com/photo/silver-chain-145683/

Posted

in

, , , , , , ,

by

Brian Reid

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.