How to create a protection policy
An admin login to the MPmail Avanan portal.
Login to the customer portal of the MPmail Avanan account that you want to add a policy.
In the left menu, click Policy.
At the top of the right pane, click Add a New Policy Rule.
Choose the product (Office 365 Mail in this example), and the Security (Threat Detection)
Choose the Mode, with reference to the Protection Modes article.
Note : If adding Protect (Inline) to an account that has the MPmail lock down rules in the Microsoft 365 tenancy, you will need to add the MPmail Avanan IP address to the allowed IP's in the rule. See this article for a full list of required IP addresses.
You can then choose the workflows as required, not that workflows are only available in Protect (Inline) and Detect and Prevent Modes.
Click Save and Apply.
Note that you can have as many policies as you like, they can be applied to different users and groups as required.
If you are using an incoming mail rule to filter emails by sending IP address (eg a gateway mail filter), you will need to add the Avanan IP addresses to the list of exceptions to allow emails to come in
184.108.40.206 (US) 220.127.116.11 (CA) 18.104.22.168 (EU)
If you use a Message Transfer Agent (MTA) that your MX records deliver to, and then email is forwarded to Microsoft 365, you will need to add the IP addresses of the SMTP host to Avanan.
If you are using MPmail, this entry will be
This is done from in the tenant portal, under Configuration, Security Engine, Smart Phish, Configure