Description
How to create a protection policy
Requirements
An admin login to the MPmail Avanan portal.
The Process
Login to the customer portal of the MPmail Avanan account that you want to add a policy.
In the left menu, click Policy. Click into Office 365 Mail.
At the top of the right pane, click Create New Policy Rule.
Choose the SaaS (Office 365 Mail in this example), and the Security (Threat Detection)
Click Next
Choose the Mode, with reference to the Protection Modes article.
Note : If adding Protect (Inline) to an account that has the MPmail lock down rules in the Microsoft 365 tenancy, you will need to add the MPmail Avanan IP address to the allowed IP's in the rule.
35.174.145.124 (US)
15.222.110.90 (CA)
52.212.19.177 (EU)
13.211.69.231 (AUS)
You can then choose the workflows as required, not that workflows are only available in Protect (Inline) and Detect and Prevent Modes.
Click Save and Apply.
Note that you can have as many policies as you like, they can be applied to different users and groups as required.
Important:
If you are using an incoming mail rule to filter emails by sending IP address (eg a gateway mail filter), you will need to add the Avanan IP addresses to the list of exceptions to allow emails to come in
35.174.145.124 (US)
15.222.110.90 (CA)
52.212.19.177 (EU)
13.211.69.231 (AUS)
If you use a Message Transfer Agent (MTA) that your MX records deliver to, and then email is forwarded to Microsoft 365, you will need to add the IP addresses of the SMTP host to Avanan.
If you are using MPmail, this entry will be
52.62.125.178,52.62.114.130,antispameurope.com,hornetsec
This is done from in the tenant portal, under Configuration, Security Engine, Smart Phish, Configure