Description


How to setup initial workflows in a MPmail Avanan customer account.


Requirements


  • Admin access to the Avanan customer dashboard. This can be via drill down from the Avanan MSP Dashboard


The Process


If not specified, we recommend settings to be left as they are.


In the left menu of the customer portal, click Policy.

Click into Office 365 Mail.


If this is a new customer, there will be a single policy running, called 'Office 365 Mail Threat Detection'.


Click into this policy.


We recommend the Protect (Inline) mode. For more details, see Protection Modes



Important if using protect (Inline):


You will need to add the Avanan IP addresses to the customer SPF record, as emails are routed out of the tenancy and back in again.


If you are using an incoming mail rule in your server to filter emails by sending IP address (eg a gateway mail filter), you will need to add the Avanan IP address to the list of exceptions to allow emails to come in. You will need to do this in your Microsoft 365 or GSuite service.


Avanan IP addresses are (depending on the country you selected on initial setup - only 1 will be required)


35.174.145.124 (US)

15.222.110.90 (CA)

52.212.19.177 (EU)


We recommend protecting all users.



Recommended Workflows are as follows:



Alerts are for individual detections. We recommend to leave these off.


We recommend to leave the Advanced options off.


Click Save and Apply.


In the Left menu, click User Interaction and Configuration


We recommend to step sending immediate quarantine notification emails, and only have the daily quarantine report. This is sent daily mid morning (AEST).



Click Save and Apply.


Other special settings:


If you use a Message Transfer Agent (MTA) that your MX records deliver to, and then email is forwarded to your mail server, you will need to add the IP addresses of the SMTP host to Avanan.


When using MPmail with MPmail Avavan, you would add


52.62.125.178,52.62.114.130,antispameurope.com


This is done from in the MPmail Avanan tenant portal, under Configuration, Security Engine, Smart Phish, Configure