In a previous post, I started looking into a way to get a Global Signature on all users within the organization, Global Signatures VS Office 365
Unfortunately, the Legacy way of doing Signatures (with the Signature would be between the email received and the new email sent) was not possible from Office 365. Although there is a workaround this is not ideal to what I am trying to achieve. The one thing that has to be given to Office 365 is that they do apply disclaimers to internal emails between users.
With Mimecast, we have a slightly different scenario we can successfully attach the signature between the received mail and the new mail being sent. Only when sending to external domains. Mimecast does not support the signatures within the same domain. For more detail, you can read : Stationery: Creating Branding for Internal Emails
Start by logging onto your Mimecast Cloud Service and browse too: Administrator → Gateway → Policies.
Once there search for Stationery and click on Definitions. This is where you set up how the signature is going to look.
I opted for the images to get pulled from a hosted resource managed by me. This makes it a bit easier than to re-upload the images to Mimecast but both options can be used.
You can decide if you want to create a separate folder for the signature or just click on “New Item” to create the template.
The Description and Shortcode are very important as this allows you to identify which Signature to use when assigning it to the necessary users.
When done click on Edit HTML and paste your tested HTML signature. Then at the beginning the code just after <Body> Paste the code: <mc type=”Comment”> and at the end just before </body> Paste the code: <mc type=”
The Next thing you would need to do is to change the Attributes you require into Mimecast Attributes. A Directory Synchronization between Office 365 and Mimecast is required to pull all the required information.
The Sync I had set up was from the On-Premise Active Directory to the Azure Active Directory. This pulls through User Attributes and Group Memberships. Intern, then there is a Sync from Azure Active Directory to Mimecast.
This allows me as admin to control the local users and groups onsite whilst these groups work with the Share Point Online Access and then pull through the variable to Mimecast to create the Signatures. As well as the Company Directory that pulls through from the Local AD. All while the users get a Single Sign-On experience.
When the Sync Setup is done, you need to set up Custom Attributes in Mimecast. Use the link attributes to see what information gets pulled by default.
To Setup, the Custom Attribute check in the AD the attribute you want to pull through. On the Domain-controller open the Active Directory User and Computers console. Click View and make sure the Advance Features is Ticked. Then open the properties of one of the users and open tab Attribute Editor. Each of these attributes can be synced through all the Services to Mimecast for use.
In Mimecast then open Directories and Attributes. Add a new Attribute.
The Name of the attribute must be the same as the attribute in the Local Directory See screenshot above. The Type must be Directory Linked Attribute.
Remember to Choose the Custom Attribute to sync in Azure AD Connect.
Lastly, this is Very Important, you have to run a Synchronize directory at least once. Otherwise, your attributes will show empty until the next automated synchronizations. You can do this by going to Administration → Services → Directory Synchronization and click on Sync Directory Data.
Making sure it Worked
Make sure the Sync through the services was successful by opening Mimecast then browse to Directories and Internal directories. Open the Domain you are Syncing with. Search for a user you want to check. At the bottom, you will see the General attributes and all the attributes that pulled through successfully.
Replacing the Attributes
Once done you can replace the text in your HTML file with the Mimecast Attribute. Example:
DisplayName : <mc type=”variable” source=”from” attribute=”DisplayName”>
Mobile : <mc type=”variable” source=”from” attribute=”Mobile”>
When done you can save and view the Signature on how it will appear, you will have to do the same in the Edit Text, basically, copy and paste the HTML code but remove all the HTML References.
Assigning the Policy
With the Signature Saved, browse back to Gateway → Policies and Select Stationery and then “New Policy”.
Choose a Policy Narrative so a descriptive name, click lookup and choose the signature you created.
Set the From Details so that all emails being sent from the domain gets the signature and the Email to so that it applies to all emails. Mimecast does not work internally so it will automatically bypass the policy for internal mail address.
And there you go. It is done, your signature is set up!
What happens when you have different users that need different signatures, I created a specific set of groups and added the users in the various groups when you set the rule you then set the Emails from to look at the specific groups. So your Client Facing users can have a different signature compared to your supplier facing users. Just bear in mind that if you have a user in multiple groups they will have multiple Signatures.
The group I created was done on the local Active Directory and synced through all the services. Thus any new user Created or user being edited can simply be added to the group locally and as soon as the sync pulls through they will get the Signature as per the Group they are in.