Mimecast Launches API‑Based Email Security for Microsoft 365 & Google Workspace
What Happened — Mimecast announced a new API‑driven email protection service that integrates with Microsoft 365 and Google Workspace via the Microsoft Graph API. The solution adds 40+ inspection layers—including URL analysis, sandboxing, and multilingual behavioral modeling—to block spam, commodity malware, AI‑generated phishing, and business‑email‑compromise (BEC) without requiring MX‑record changes.
Why It Matters for TPRM —
- AI‑generated phishing and BEC are increasingly bypassing native cloud‑mail controls, expanding third‑party risk.
- Vendors that expose email gateways via APIs create a new attack surface that must be evaluated in supplier risk assessments.
- Rapid, non‑disruptive deployment enables organizations to harden a critical communication channel while maintaining business continuity.
Who Is Affected — enterprises using Microsoft 365 or Google Workspace, especially those in finance, healthcare, legal, and other regulated sectors that rely on email for confidential communications.
Recommended Actions —
- Review your current email security controls and identify gaps relative to Mimecast’s coverage.
- Validate that any third‑party email security API complies with your organization’s data‑handling and incident‑response policies.
- Conduct a proof‑of‑concept integration to assess performance, false‑positive rates, and logging capabilities.
Technical Notes — The service connects through the Microsoft Graph API in minutes, avoiding MX‑record changes or mail‑flow interruption. It inspects inbound and outbound messages across 40+ detection layers, leveraging sandbox environments, URL reputation engines, and behavioral models in more than 20 languages. Coverage spans Microsoft 365 E3/E5 licensing tiers. Source: Help Net Security