Description


How to setup initial workflows in a MPmail Avanan customer account.


Requirements


  • Admin access to the Avanan customer dashboard. This can be via drill down from the Avanan MSP Dashboard


The Process


If not specified, we recommend settings to be left as they are.


In the left menu of the customer portal, click Policy.

Click into Office 365 Mail.


If this is a new customer, there will be a single policy running, called 'Office 365 Mail Threat Detection'.


Click into this policy.


We recommend the Protect (Inline) mode. For more details, see Protection Modes




If you are using an incoming mail rule in your server to filter emails by sending IP address (eg a gateway mail filter), you will need to add the Avanan IP address to the list of exceptions to allow emails to come in. You will need to do this in your Microsoft 365 or GSuite service.


Avanan IP addresses are (depending on the country you selected on initial setup - only 1 will be required)


35.174.145.124 (US)

15.222.110.90 (CA)

52.212.19.177 (EU)

13.211.69.231 (AUS)



We recommend protecting all users.



Recommended Workflows are as follows:


Alerts are for individual detections. We recommend to leave these off.


We recommend to leave the Advanced options off.



Important note if using Protect (Inline) Outgoing Traffic:


When enabling inline protection for outgoing emails – DLP or phishing/malware – emails are sent out to the external party from the Microsoft 365 IP addresses, that need to be included in your SPF record.

However, since Avanan inspects those emails inline, if the external recipient's email security policy is very strict, it may require the Avanan IP addresses to be included in the SPF record as well.

To achieve that you now need to add one entry to your SPF record, utilizing the Include mechanism:

Include:spfa.cpmails.com


Click Save and Apply.


In the Left menu, click User Interaction, Quarantined Items, then Settings at the top of the right pane.



We recommend to step sending immediate quarantine notification emails, and only have the daily quarantine report. This is sent daily mid morning (AEST).

We also recommend that the quarantine reports should include emails quarantined by Microsoft, to save having to use the Microsoft 365 quarantine as well as the Avanan quarantine.


Click Save and Apply.


Other special settings:


If you use a Message Transfer Agent (MTA) that your MX records deliver to, and then email is forwarded to your mail server, you will need to add the IP addresses of the SMTP host to Avanan.


When using MPmail with MPmail Avavan, you would add


52.62.125.178,52.62.114.130,antispameurope.com,hornetsecurity.com


This is done from in the MPmail Avanan tenant portal, under Configuration, Security Engine, Smart Phish, Configure