Good day Kutloano
Thank you for contacting Mimecast support
My name is Thulani Mahlangu and I will be handling your case
Apologies for any inconvenience this issue might have caused, and delayed response, it is due to high call volumes
Please see if you can revoke the enrollment and try again, please follow the guide below
Please follow the below steps for reauthentication for the one user that is currently affected.
On the admin console
Admin/directories/internal directories/ select the domain the user falls under/ search and select user in question/ under the Targeted Threat Protection Authentication tab please select: revoke authentication.
This should resolve the issue at hand, as it will clear all cache and force re-authentication.
Additional information and checks that should be considered for device enrolment TTP
Device enrolment.
The device enrolment process works using cookies to store the authentication, when the device is first enrolled a cookie is stored on the users device, so in theory they shouldn't need to re-enrol.
For device enrolment to work, cookies must be enabled in the end user's device browser.
If a user accesses Targeted Threat Protection services on different devices, each device must be authenticated.
If a user has multiple laptops / desktops, or multiple mobile devices, only one device of each kind can be enrolled at a time.
If a user changes web browsers, they'll be prompted to enrol in the new browser in order to generate a new cookie.
It is not possible to turn device enrolment on / off for a specific group of users or device types.
Ensure the end user's browser is supported. See the Mimecast Browser Support Matrix
The end user's primary Mimecast address is being used to log in.
Private browsing must be turned off.
The re-enrolment request occurs when the cookie has not been found on the device.
What generally happens is that some users have their device in incognito or private browsing mode or have their device set to delete upon exit, this does not store the cookie and will always ask for enrolment.
If the enrolment is requested every time, then this suggests that the cookie is not saved at all.
TTP Device Enrolment comes down to above basic requirements:
Compatible Browser:
This article here will explain the requirements for all browsers. Take note that the Essential Settings for Internet Explorer section should not be limited to Internet Explorer
Mimecast Browser Support Matrix
Personal access to the Internet Browser folder within %APPDATA%
This allows the ability for the unique cookie to be stored and accessible.
In environments where they don’t have this you will find the enrolment repeat itself over and over
Mobile Devices:
Cookies enabled And Private browsing disabled whilst enrolling
The cookie named is x-mc-ea-93ec875d8e0d62b6647fd4991d46f781 you would find this within the Cookies of the browser.
Note that some environments will not be compatible due to configuration. Unfortunately the only option is to disable it.
Can you please confirm the below:
1. Browser version that is used during the enrolment.
2. Is there any Antivirus/Antimalware or any type of scanning that would prevent or delete the cookies of the browser?
3. Any GPO or browser/Windows configuration that would prevent/delete cookies.
Authentication Duration (Days): set to 30 days Get user to revoke and re-authenticate
For more on the above, please see the KB article below
https://community.mimecast.com/s/article/Targeted-Threat-Protection-Managing-Device-Enrollment-2140403008
I hope this answered your questions satisfactorily, if you need further assistance with this issue, just reply to this email and it will reopen the ticket, and we can proceed from there, or call the support line again and reference the case number.
Regards
Thulani Mahlangu