While onboarding, if you choose to activate Office 365 Mail using the Automatic mode of operation, Avanan makes these changes to your Microsoft 365 environment.

• Mail Flow Rules
• Connectors
• Connection Filters
• Journal Rules
• Groups
• Distribution Lists
• PowerShell Script

Mail Flow Rules

To support Protect (Inline) protection mode for policies, Avanan creates Mail Flow rules. These rules allow Avanan to scan and perform remediation before the email is delivered to the recipient’s mailbox.

Avanan creates these Mail Flow rules.

• Avanan - Protect Outgoing Rule
• Avanan - Protect Rule
• Avanan - Whitelist Rule
• Avanan - Junk Filter Low Rule
• Avanan- Junk Filter Rule

Avanan - Protect Outgoing Rule

Note - [portal] refers to the unique identifier of your Avanan Portal tenant.

IP Addresses for Avanan - Protect Outgoing Rule

Avanan tenants residing in the United States:

• 35.174.145.124
• 3.214.204.181
• 44.211.178.96/28
• 3.101.216.128/28
• 3.101.216.144/28
• 44.211.178.112/28

Avanan tenants residing in Europe

• 52.17.62.50
• 52.212.19.177
• 3.252.108.160/28
• 13.39.103.0/28
• 13.39.103.16/28
• 3.252.108.176/28

Avanan tenants residing in Canada

• 15.222.110.90 
• 52.60.189.48 
• 3.101.216.128/28 
• 3.99.253.64/28 
• 3.99.253.80/28
• 3.101.216.144/28

Avanan - Protect Rule

Notes - [portal] refers to the unique identifier of your Avanan Portal tenant.

IP Addresses for Avanan - Protect Rule

Avanan tenants residing in the United States

• 35.174.145.124
• 44.211.178.96/28
• 3.101.216.128/28

Avanan tenants residing in Europe

• 52.212.19.177
• 3.252.108.160/28
• 13.39.103.0/28

Avanan tenants residing in Canada

• 15.222.110.90
• 3.101.216.128/28
• 3.99.253.64/28 

Avanan - Whitelist Rule

IP Addresses for Avanan - Whitelist Rule

Avanan tenants residing in the United States

• 35.174.145.124
• 44.211.178.96/28
• 3.101.216.128/28

Avanan tenants residing in Europe

• 52.212.19.177
• 3.252.108.160/28
• 13.39.103.0/28

Avanan tenants residing in Canada

• 15.222.110.90 
• 3.101.216.128/28 
• 3.99.253.64/28

Avanan - Junk Filter Low Rule

IP Addresses for Avanan - Junk Filter Low Rule

Avanan tenants residing in the United States

• 35.174.145.124
• 44.211.178.96/28
• 3.101.216.128/28

Avanan tenants residing in Europe

• 52.212.19.177
• 3.252.108.160/28
• 13.39.103.0/28

Avanan tenants residing in Canada

• 15.222.110.90 
• 3.101.216.128/28 
• 3.99.253.64/28

Avanan- Junk Filter Rule

IP Addresses for Avanan - Junk Filter Rule

Avanan Portal tenants residing in the United States

• 35.174.145.124
• 44.211.178.96/28
• 3.101.216.128/28

Avanan Portal tenants residing in Europe

• 52.212.19.177
• 3.252.108.160/28
• 13.39.103.0/28

Avanan Portal tenants residing in Canada

• 15.222.110.90 
• 3.101.216.128/28 
• 3.99.253.64/28

Connectors

To support Protect (Inline) protection mode for policies, Avanan creates connectors. These connectors allow Avanan to scan and perform remediation before the email is delivered to the recipient’s mailbox.

Avanan creates these connectors.

• Avanan Inbound Connector
• Avanan DLP Inbound Connector
• Avanan Outbound Connector
• Avanan DLP Outbound Connector
• Avanan Journaling Outbound Connector

Avanan Inbound Connector

Mail flow scenario:

• From: Partner organization
• To: Office 365

Identify your partner organization by:

Identify the partner organization by verifying that the messages are coming from one of the relevant IP addresses for Avanan Inbound Connector. See IP Addresses for Avanan Inbound Connector.

Security restrictions:

• Reject messages if they aren't encrypted using Transport Layer Security (TLS).

IP Addresses for Avanan Inbound Connector

Avanan Portal tenants residing in the United States

• 35.174.145.124
• 44.211.178.96/28
• 3.101.216.128/28

Avanan Portal tenants residing in Europe

• 52.212.19.177
• 3.252.108.160/28
• 13.39.103.0/28

Avanan Portal tenants residing in Canada

• 15.222.110.90 
• 3.101.216.128/28 
• 3.99.253.64/28

Avanan DLP Inbound Connector

Mail flow scenario:

• From: Your organization's email server
• To: Office 365

Identify incoming emails are sent from your email by:

• Identify the incoming messages from your email server by verifying that the sender's IP address is one of the relevant IP addresses for Avanan DLP Inbound Connector. See IP Addresses for Avanan DLP Inbound Connector.
• Sender's email address is an accepted domain for your organization.

IP Addresses for Avanan DLP Inbound Connector

Avanan portal tenants residing in the United States

• 3.101.216.144/28
• 44.211.178.112/28
• 3.214.204.181

Avanan Portal tenants residing in Europe

• 52.17.62.50
• 3.252.108.176/28
• 13.39.103.16/28

Avanan Portal tenants residing in Canada

• 52.60.189.48 
• 3.99.253.80/28 
• 3.101.216.144/28

Avanan Outbound Connector

Mail flow scenario:

• From: Office 365
• To: Partner organization

Use of connector:

Use only when I have a transport rule set up that redirects messages to this connector.

Routing:

Route email messages through these smart hosts: [portal]-host.avanan.net

Security restrictions:

• Always use Transport Layer Security (TLS) and connect only if the recipient’s email server has a digital certificate.

Avanan DLP Outbound Connector

Mail flow scenario:

• From: Office 365
• To: Your organization's email server

Use of connector:

• Use only when I have a transport rule set up that redirects messages to this connector.

Routing:

Route email messages through these smart hosts: [portal]-dlp.avanan.net

Security restrictions:

• Always use Transport Layer Security (TLS) and connect only if the recipient’s email server has a digital certificate.

Avanan Journaling Outbound Connector

Mail flow scenario:

• From: Office 365
• To: Your organization's email server

Use of connector:

Use only for email sent to these domains: [portal]-mail.avanan.net

Routing:

Route email messages through these smart hosts: [portal]-host.avanan.net

Security restrictions:

• Always use Transport Layer Security (TLS) and connect only if the recipient’s email server has a digital certificate.

Connection Filters

Avanan creates Connection Filters to prevent the blocking of emails sent to users.

Connection filter name: Connection filter policy (Default)

Avanan Portal tenants residing in the United States

• 35.174.145.124
• 3.214.204.181
• 44.211.178.96/28
• 3.101.216.128/28
• 3.101.216.144/28
• 44.211.178.112/28

Avanan Portal tenants residing in Europe

• 52.17.62.50
• 52.212.19.177
• 3.252.108.160/28
• 13.39.103.0/28
• 13.39.103.16/28
• 3.252.108.176/28

Avanan Portal tenants residing in Canada

• 15.222.110.90 
• 52.60.189.48 
• 3.101.216.128/28 
• 3.99.253.64/28 
• 3.99.253.80/28 
• 3.101.216.144/28

Journal Rules

Avanan creates a Journal rule that configures Microsoft 365 to send a copy of all scoped emails to the journaling mailbox used by Avanan for inspection.

Avanan uses this Journal rule only for policies in Detect and Detect and Remediate protection modes.

Journal rule name: Avanan - Monitor

Journal Reports

Avanan configures the Journal rule to send the Journal reports to [portal]@[portal]-mail.avanan.net

It also configures a mailbox for undeliverable journal reports, if the mailbox was not configured yet for the Avanan Portal tenant.

Avanan sends the undeliverable journal reports to these mailboxes when they are not deliverable to the email address specified in the journal rule:

• Avanan Portal tenants residing in United States: [portal name]@mt-prod-3-journal-error.avanan.net
• Avanan Portal tenants residing in Europe: [portal name]@mt-prod-av-1-journal-error.avanan.net
• Avanan Portal tenants residing in Canada: [portal name]@mt-prod-av-ca-2-journal-error.avanan.net

Groups

Avanan creates groups to protect the specific users and groups selected in the policies for Protect (Inline) protection mode.

When administrators configure Scope for a policy in Protect (Inline) protection mode, it gets updated to the relevant group so that only those specific users are protected inline.

Avanan creates these groups:

• avanan_inline_incoming

• avanan_inline_outgoing

Avanan Inline Incoming Group

This group allows Avanan to protect only the incoming emails sent to users protected by an incoming policy in Protect (Inline) protection mode.

Group name: avanan_inline_incoming

Group email address: avanan_inline_incoming@[portal domain]

Avanan Inline Outgoing Group

This group allows Avanan to protect only the outgoing emails sent by users protected by an outgoing policy in Protect (Inline) protection mode.

Group name: avanan_inline_outgoing

Group email address: avanan_inline_outgoing@[portal domain]

Distribution Lists

Avanan creates a distribution list to support the protection of group mailboxes for policies in Protect (Inline) protection mode.

Distribution list name: avanan_inline_groups

PowerShell Scripts

Avanan uses PowerShell scripts to perform various tasks in the Microsoft 365 environment, such as:

• Create / edit / delete Mail Flow rules, Connectors, Journal rules, Connection Filter, and Distribution List.
• Configuring a mailbox for undeliverable Journal Reports (if the mailbox was not configured yet for the tenant).
  This mailbox will be used to receive Journal Reports when they are not deliverable to the email address specified in the Journal rule.
• Reading the Hosted Content Filter Policy to get the tenant’s policy actions.
• Allowing Avanan domain, so emails will not be blocked when going through Avanan’s security engines.
• In case a policy that triggers Microsoft Encryption is created, a script will read the IRM Encryption to configure an Encryption rule.