Jump to main content
Avanan
Administration Guide
Index
Avanan Administration Guide
Search
Important Information
Related Documents
Introduction to
Avanan
Getting Started
Accessing the
Avanan
Administrator Portal
Portal Identifier of
Avanan
Tenant
Licensing the Product
Add-ons
Managing Licenses
Limiting license consumption and security inspection to a specific group
Manual changes to license assignment
Trial
Activating
SaaS
Applications
Minimum License Requirements to Activate
SaaS
Applications
Workflow
Activating
Office 365
Mail
Office 365
Mail - Required Roles and Permissions
Reducing the Assigned Permissions
Required Application Roles
Reducing the Assigned Microsoft Application Role
Microsoft 365
Mail - Approving User
Automatic Mode Onboarding -
Microsoft 365
Footprint
Mail Flow Rules (Transport Rules)
Avanan
- Protect Outgoing Rule
Avanan
- Protect Internal Rule
Avanan
- Protect Rule
Avanan
- Whitelist Rule
Avanan
- Junk Filter Low Rule
Avanan
- Junk Filter Rule
Avanan
- Encryption
Connectors
Avanan
Inbound
Connector
Avanan
DLP
Inbound
Connector
Avanan
Internal Inbound
Connector
Avanan
Outbound
Connector
Avanan
DLP
Outbound
Connector
Avanan
Journaling Outbound
Connector
Connection Filters
Journal Rules
Groups
Distribution Lists
Spoofed Senders Allow List
Trusted ARC Sealers
Reported Phishing Emails
Delegated Token
PowerShell Scripts
Connecting Multiple Portals to the Same
Microsoft 365
Account
Connecting Multiple
Avanan
Tenants
Connecting Multiple Tenants to the same
Microsoft 365
Account -
Microsoft 365
Footprint
Deactivating
Office 365
Mail
Activating Microsoft Teams
Activating
Office 365
OneDrive
Activating
Office 365
SharePoint
Activating
Google Workspace
(Gmail and Google Drive)
Gmail and Google Drive - Required Permissions
Activating Gmail
Activating Google Drive
Google Workspace
Footprint
Super Admin
Changing the Google Application Role
Performing Actions on Behalf of Users
User Groups
Host
Inbound
Gateway
SMTP Relay Service
Content Compliance Rules
Google Drive Permissions Changes
Activating Slack
Onboarding Next Steps
Live Scanning
Migrating from an
Avanan
Portal to a
Check Point Portal
Migration Steps
Accessing the
Check Point Portal
User Management and Access to the
Avanan
Portal
Frequently Asked Questions (FAQs)
Configuring Security Engines
Anti-Phishing
(Smart-Phish)
Anti-Malware
(
Check Point
SandBlast
)
Data Loss Prevention
(SmartDLP)
DLP
Policies
DLP Categories
DLP
Data Types
Creating Custom
DLP
Data Types
Validating Regular Expression
Dictionary
DLP
Data Types
Compound
DLP
Data Types
Creating a Compound
DLP
Data Type
Other Custom
Data Types
Configuring Advanced
Data Type
Parameters
Configuring
DLP
Engine Settings
Storage of Detected Strings
Minimal Likelihood
DLP Exceptions
DLP - Supported File Types
DLP Inspection - File Size Limit
Forensics
Click-Time Protection
Interaction with Microsoft ATP
Configuring Click-Time Protection Engine
Rewritten
Avanan
URL
Hiding Original URL Full Path
Re-written URL Containing an Obfuscated Original URL
Validity of Rewritten URL
Replacing Links Inside Attachments - Supported File Types
Protection Against Malicious Files Behind Links
Click-Time Protection - End-User Experience
Clicks on Malicious Websites
- User Experience
Clicks on Direct Download Links - User Experience
Google Drive Preview Links
Forensics
Viewing Emails with the Replaced Links
Viewing Replaced Links and User Clicks
Determining which User Clicked a Link
URL Reputation
Email Protection
Office 365
Mail
Office 365
Mail Security Settings
Available configurable templates
Protecting
Microsoft 365
Groups
Adding a New Domain to
Microsoft 365
Overriding Microsoft's False Positive Detections
Emails Falsely Quarantined by Microsoft
Emails Falsely Sent to Junk by Microsoft
Viewing
Office 365
Mail Security Events
Viewing Security Events for Microsoft Quarantined Emails
Visibility into Microsoft Defender Verdict and Enforcement
Spam confidence level (SCL)
Bulk complaint level (BCL)
Phishing confidence level (PCL)
Enforcement Flow
Google Gmail
Required Permissions
Activating Gmail
Gmail Security Settings
Available Configurable Templates
Viewing Gmail Security Events
Configuring Email Policy
Threat Detection Policy
Avanan
Mode Comparison
Threat Detection Policy for Incoming Emails
Excluding Members of
Microsoft 365
Groups from a Prevent (Inline) Policy
Manually Controlling IP Exceptions in
Microsoft 365
Mail Flow Rules
When are my changes overridden
Threat Detection Policy for Outgoing Emails
Supported Workflow Actions
Prerequisites to Avoid Failing SPF Checks
Threat Detection Policy for Internal Emails
Inline Protection for Internal Emails (Office 365 Mail) - Manual Configuration Required
Fallback Workflows for Internal Traffic
Threat Detection Policy Workflows
Malware Protection
Suspected Malware Workflow
Phishing Protection
Suspected Phishing Workflow
Customizing the Subject Prefix for Phishing Warning Emails
Configure the Subject Prefix
Password Protected Attachments Protection
Supported File Types
Requesting Passwords from End Users - End-User Experience
Quarantine. User is alerted and allowed to restore the email
workflow
Password Protected Attachments -
Administrator
Experience
Attachment Cleaning (
Threat Extraction
)
File Sanitization Modes
Configuring Attachment Cleaning (
Threat Extraction
)
Clean Attachments
Attachment Cleaning (
Threat Extraction
) Workflows
Threat Extraction Exceptions
Adding a
Threat Extraction
Allow-List Exception
Deleting a
Threat Extraction
Allow-List Exceptions
Supported file types for Attachment Cleaning (
Threat Extraction
)
Original Attachments vs Cleaned Attachments
Viewing Emails with Cleaned Attachments
Sending the Unmodified Emails to End Users
Attachment Cleaning (
Threat Extraction
) - End-User Experience
Smart Banners for Non-Clean Emails
Supported Workflows for Smart Banners
Spam Protection
Trusted Senders
Automatic Trusted Sender Management
Automatic End User Block-List Management
Trusting Senders - End User Experience
Graymail Workflows
Graymail Dedicated Folder
Deliver to Dedicated Folder in Google Gmail
Deliver to Dedicated Folder - End User Footprint
Quarantined Emails - End-User Experience
Customizing End-User Experience
Customizing Attachment Cleaning (
Threat Extraction
) Message
Data Loss Prevention
(
DLP
) Policy
Sync Times with Microsoft
Enhanced
DLP
Policy using Microsoft Purview Sensitivity Labels
Configure
DLP
Policy with File Type Criteria
Configuring Misdirected Email Prevention
Misdirected Emails Categories
Configuring the Maximum Alerts shown to the End Users
DLP Policy for Outgoing Emails
Subject Regular Expression (Regex)
Add a regular expression condition to a DLP policy
Subject Regular Expressions Syntax
Unsupported Regex Patterns in
DLP
DLP
Workflows for Outgoing Emails
DLP
Alerts for Outgoing Emails
Prerequisites to Avoid Failing SPF Checks
Outgoing Email Protection -
Office 365
Footprint for
DLP
DLP
Policy Sensitivity Level
DLP
Policy for Incoming Emails
DLP
Workflows for Incoming Emails
DLP
Alerts for Incoming Emails
Encrypting Outgoing Emails
Selecting between
Avanan
Email Encryption and
Microsoft 365
Email Encryption
Microsoft Encryption for Outgoing Emails
Required License for Encrypting Outgoing Emails
Encrypting Outgoing Emails
Outgoing Emails via Microsoft - Footprint
Encrypting Outgoing Emails using
Avanan
Email Encryption
Activating
Avanan
Email Encryption
Accessing
Avanan
Email Encryption Encrypted Emails
External Recipients Interacting with Emails Vaulted by
Avanan
Email Encryption
Storage of Emails by
Avanan
Email Encryption
Configuring
Avanan
Email Encryption Parameters
Emails Encrypted by
Avanan
Email Encryption - End User (External Recipient) Experience
To view the secured email, the external recipient must do these
Click-Time Protection Policy
Click-Time Protection Exceptions
Notifications and Banners
Sending Email Notifications to End Users
Customizing the From address for Email Notifications
Warning Banners
To configure warning banners
Warning banner samples
Smart Banners
Attaching Smart Banners to Emails
Customizing Smart Banners
Enabling/Disabling Specific Smart Banners
Automatically Enabling New Smart Banners
Excluding Specific Sender Domains from Smart Banner
Adding Smart Banners to Allow-Listed Emails
Supported Smart Banners
Notification and Banner Templates - Placeholders
Email Archiving
Activating Email Archiving
Deactivating Email Archiving
Archived Emails
Customizing the Retention Period of Archived Emails
Viewing Archived Emails
Importing Emails to Archive
Exporting Emails from Archive
Auditing
Support for S/MIME-Signed Emails
Messaging Apps Protection
Microsoft Teams
Required Permissions
Activating Microsoft Teams
Deactivating Microsoft Teams
Microsoft Teams Security Settings
Configuring Microsoft Teams Policy
DLP
Policy
Secured Microsoft Teams Messages
Handling Partially Secured Messages
Secured Users
Unblocking Messages
Viewing Microsoft Teams Security Events
Slack
How it works
Activating Slack
Deactivating Slack
Stack Security Settings
Configuring Slack Policy
Configuring Malware Policy
DLP
Policy
Supported Actions
Configuring
DLP
Policy for Slack
Viewing Slack Security Events
File Storage Protection
Office 365
OneDrive
Required Permissions
How to Activate
Office 365
OneDrive
How to Deactivate
Office 365
OneDrive
Office 365
OneDrive Security Settings
What is the Quarantine Folder
What is the Vault Folder
How to Configure
Office 365
OneDrive Policy
DLP
Policy
How to View OneDrive Security Events
File Cleaning (
Threat Extraction
) for
Office 365
OneDrive and
Office 365
SharePoint
Configuring File Cleaning (Threat Extraction) for
Office 365
OneDrive or
Office 365
SharePoint
Cleaned
Office 365
OneDrive /
Office 365
SharePoint Files
Restoring the Original File
Restoring Files that are Cleaned Multiple Times
Viewing Cleaned Files for
Office 365
OneDrive and
Office 365
SharePoint
Office 365
SharePoint
Required Permissions
Activating Office 365 SharePoint
Deactivating Office 365 SharePoint
Office 365
SharePoint Security Settings
Configuring Microsoft Teams File Scanning for E1/E3 Tenants
Configuring
Office 365
SharePoint Policy
DLP
Policy
Viewing SharePoint Security Events
File Cleaning for OneDrive and SharePoint
Configuring File Cleaning (Threat Extraction) for
Office 365
OneDrive or
Office 365
SharePoint
Cleaned
Office 365
OneDrive /
Office 365
SharePoint Files
Restoring the Original File
Restoring Files that are Cleaned Multiple Times
Viewing Cleaned Files for
Office 365
OneDrive and
Office 365
SharePoint
Configuring Microsoft Teams File Scanning for E1/E3 Tenants
Supported Protection Policies
Enabling Microsoft Teams File Scanning through OneDrive
Enabling Microsoft Teams File Scanning through SharePoint
Google Drive
Required Permissions
Activating Google Drive
Deactivating Google Drive
Google Drive Security Settings
Configuring Google Drive Policy
DLP
Policy
Viewing Google Drive Security Events
Action on Files Placed in Vault
Vault Action in Externally Shared Drives
Handling
DLP
Detections on Externally Shared Drives
Compromised Account (Anomaly) Detection
Compromised Accounts (Anomaly) Workflows
Supported Anomalies
Suspected Anomalies
Configuring Anomaly Detection Workflows
Automatically Blocking All Outgoing Emails
Configuring Settings for Specific Anomalies
Anomaly Exceptions
Partner Risk Assessment (Compromised Partners)
Identifying a Partner
Reviewing the Partners
Risk Indicators
Stop Considering a Partner as Compromised
Removing a Partner from the List
Acting on Compromised Partners
Anti-Phishing
Higher Sensitivity
Investigating Emails from Compromised Partners
Impersonation of Partners
Cloud SMTP Relay
SMTP Relay Configuration Flow
Access the
Domains
Section
Domains Table
Configure a
Domain
Configure DNS Records
Configure the SPF Record
Configure the DKIM Record
Re-checking DNS Records
Access the Relay Sources Section
Relay Sources Table
Configure a Relay Source
Activate Cloud Email Relay
Managing Domains and Relay Sources
Deleting a
Domain
Disabling a Relay Source
Deliverability Reporting
Sender Domain Selection and DNS Requirements
Sender Domain Evaluation
Managing Security Exceptions
Security Engine Exceptions
Anti-Phishing
Exceptions
Viewing
Anti-Phishing
Exceptions
Adding
Anti-Phishing
Exceptions (Allow-List or Block-List Rule)
Interaction between
Avanan
Allow-List and
Microsoft 365
Allow-List
Overriding Microsoft / Google sending emails to Junk folder
Applying Microsoft Allow-List also to
Avanan
Importing Allow-List or Block-List from External Sources
Deleting
Anti-Phishing
Exceptions
Anti-Malware Exceptions
Anti-Malware
Block-List
Password-Protected Attachments Allow-List
DLP
Exceptions
Adding
DLP
Allow-List
Click-Time Protection Exceptions
Configure Click-Time Protection exceptions
Link Shorteners and Re-Directions
URL Reputation Exceptions
From the URL Reputation Exceptions page
From the Microsoft Teams / Slack message profile page
Threat Extraction
Exceptions
Adding a
Threat Extraction
Allow-List Exception
Deleting a
Threat Extraction
Allow-List Exceptions
Trusted Senders - End-User Allow-List
Adding Trusted Senders
To upload a CSV file with trusted senders:
To edit the trusted senders
Global
IoC
Block List (IOC Management)
Accessing Global
IoC
Block List
Managing
IoCs
and
IoC
Feeds
Managing Security Events
Dashboards, Reports and Charts
Overview Dashboard
Security Widgets
Business Email Compromise (BEC)
Compromised Users
Malware
DLP
User Interaction
Shadow IT
Security Events
Application Protection Health
Login Events Map
Avanan
Flow Charts
Detection Flow Chart
Malicious Detections Chart
Analytics Dashboard
To view analytics for a
SaaS
application
Customizing the Analytics Dashboard using
AI Copilot
Customize the Analytics dashboard using Infinity AI Copilot
Office 365 Email and Gmail
Office 365 OneDrive
Google Drive
Shadow IT
Avanan
's Approach to Shadow IT in
Avanan
Shadow IT Dashboard and Events
Shadow IT severity classification
Shadow IT event actions
User Interaction
Dashboard
User Interaction Dashboard Widgets
Extending the Time Frame of the Analytics
Security Checkup Report
Security Checkup Report Recipients
Generating a Security Checkup Report
Last 30 Days Security Checkup Report
Scheduling the Security Checkup Report
Configuring a Report Schedule
Default Weekly Report
Sending a Scheduled Report Immediately
Editing a Report Schedule
Deleting a Report Schedule
Reviewing Security Events
Events
Accessing the Events
Events Table
Filtering the Events
Acting on Events
Dismissing Events
Managing Views
Adding a Note to a Security Event
Previewing Email Attachments
Reviewing Phishing Events
Acting on Phishing Events
Post-delivery Email Recheck
Reviewing Malicious Links
Reviewing Malware Events
Acting on Malware Events
Automatic Ingestion of End User Reports
Retention of Security Events
Searching for Emails
Mail Explorer
Searching for Emails in Mail Explorer
Contains vs Match
Searching for Emails with Email Subject
Searching for Emails with Sender Email
Searching for Emails with Recipient Address
Searching for Emails with Links in the Email Body
Searching for Emails Based on Detection
Filtering Emails Based on Security Awareness Training
Searching for Emails Based on Quarantine State
Including Restored Emails in Quarantine State Searches
Acting on Filtered Results
Restore quarantined emails
Quarantine delivered emails
Creating Allow-List and Block-List Rule
Export Results to CSV
Getting the Exported CSV File
Custom Queries
Managing Custom Queries
Query Table
Acting on Queries
Creating and Saving a New Query
Updating the Query Details
Exporting a Query Results
Scheduling an Export of Query Results
Modifying the Query Columns
Bulk Actions on Query Results
Quarantining a Query
Restoring a Query from Quarantine
Sending a Query Alerts and Reports to Users
Manually Sending Items to Quarantine
Bulk Manual Quarantine Process
Query based Quarantine Process
Remediating Compromised Accounts
Blocking a User Account
Resetting a User Account Password
Unblocking a Blocked User Account
Resetting Password and Unblocking a Blocked User Account
Monitoring and Auditing Actions on Users
System Settings
System Tasks
System Logs
Service Status
SIEM / SOAR Integration
Source IP Address
Configuring SIEM Integration
Extending Formats to Include Additional Information
Forwarding Logs in Syslog Format
Forwarding Audit Logs to SIEM
Supported Security Events for SIEM
SIEM Integration Field Mapping Reference
Forwarding Events to
AWS
S3
Configuring
AWS
S3 to Send
Avanan
Logs to Splunk
Recommended Configuration for known SIEM Platforms
Configuring Integration with Cortex XSOAR by Palo Alto Networks
CrowdStrike Integration
Step 1 - Create a CrowdStrike Data Connection
Step 2 - Configure CrowdStrike SIEM Integration
Managing Quarantine
All Quarantined Emails (Admin View)
Emails with Modified Attachments
Sending the Unmodified Emails to End Users
Dedicated Quarantine Mailbox / Folder
End-User Daily Quarantine Report (Digest)
Enabling the End-User Quarantine Digest
Emails Included in the Quarantine Digest
Configuring Recipients for the End‐User Quarantine Digest
Restricting End Users from Receiving the Digest
Configuring the Available End User Actions in the Daily Quarantine Digest
Scheduling and Coverage Timeframe for the Quarantine Digest
Allowing End Users to Manually Request a Quarantine Digest on Demand
Configuring a Custom Sender for the Quarantine Digest
Customizing the Text of the Quarantine Digest
Customizing Action Labels
End-User Portal (
Avanan
Portal)
To enable the Harmony Email Collaboration portal for end users
Accessing the
Avanan
Portal
Enable or disable an authentication method
Authorizing Login Access for the Organization
Accessing the
Avanan
Portal from Outlook
Accessing the
Avanan
Portal from Outlook - End-User Experience
To access the
Avanan
Portal from Outlook:
Required Permissions for Microsoft/Google Login Authorization
Limiting End User Portal Access to Specific Users
Including Blocklisted Emails in the End User Portal
Read and Unread Status of Emails in the End User Portal
Filtering Emails by their State
Acting on Emails
To manually mark emails as read
Managing Restore Requests
Quarantine Restore Requests
Automatic Handling of Quarantined Restore Requests
Re-evaluated Verdict of Quarantined Restore Requests-
Administrator
Experience
Requesting a Restore from Quarantine - End-User Experience
To request a restore from quarantine:
Restore Requests for Emails Sent to Groups - End-User Experience
Restoring Emails Without Administrator Approval - End-User Experience
Admin Quarantine Release Process
Cleaned Attachments Restore Requests
Restoring Quarantined Emails - End-User Experience
Who Receives the Emails Restored from Quarantine
Notifying End Users about Rejected Restore Requests
Restore Requests - Notifications and Approvers
Office 365
Email
Gmail
Authentication for Email Notifications
Customization
Custom Logo
Adding a branded header to admin email notifications
Customize Time Zone
Customize End User Browser Pages Language
Customizing Retention Period of Emails
Auditing
SmartConfig Recommendations
Use Cases
Supported Capabilities
SmartConfig Permissions
Accessing the SmartConfig Recommendations
SmartConfig Recommendations Scores
Security and Productivity Score Levels
Recommendation Severity Levels
Security and Productivity Score Criteria
Reviewing Recommendations
Recommendations List
Managing Recommendations
Viewing Recommendation Details
Dismissing a Recommendation
Consulting
Avanan
Experts
Incident Response as a Service (IRaaS)
Activating IRaaS
Acting on End User Reports
Automatically Quarantining Entire Phishing Campaigns
Feedback to End Users
Feedback to
Administrators
Finding Reports Handled by
Avanan
Analysts
Phishing Simulation Solutions
Handling Issues with IRaaS
DMARC Management
DMARC
Benefits
DMARC Enforcement Policy Guidance
Prerequisites
RUA Mailbox Hosted by
Avanan
Discovering Domains from RUA Reports
Virtual RUF Reports
External Reporting Authorization Record
Adding a New Domain
DMARC Widgets
Reviewing the DMARC Status of your Domains
Changing View to Top Level Domains
Annotating / Tagging Domains and Sending Sources
Investigating Domains and Sending Sources
Investigating a Specific Sending Source
Investigating a Single Sending IP Address
Viewing Specific RUA Reports
Improving your Domains' DMARC Enforcement
Monitoring SPF and DMARC Changes
Annotating / Commenting on SPF and DMARC Changes
SPF Management
High-Level Procedure
Reviewing the SPF Status of your Domains
Activating SPF Management
Adding New Source to SPF Records
Configuring the SPF Record
Defining the SPF Record
Managing Sending Sources
DKIM Management
High-Level Procedure
Reviewing the DKIM Status of your Domains
Activating DKIM Management
Adding New DKIM Selector to your Domain
Managing Selectors
Selector Field Descriptions
Alerts and Reports
Managing Alerts
Adding a New Alert
Leaked Credentials
Activating Leaked Credentials
Leaked Credential Collection Sources
Reviewing Leaked Credentials Security Events
Extending the Time Frame of the Security Events
ERM Leaked Credentials Table
Resetting Passwords for a Compromised User Account
Blocking a Compromised User Account
Security Awareness Training
Supported Browsers and Network Requirements
Creating Security Awareness Training Policy
Customizing Security Awareness Training Policy
Daily Sending Frequency
Customizing the Sender of Security Awareness Training Notifications
Custom Phishing Simulation Templates
Creating a Custom Phishing Simulation Template
Custom Phishing Simulation Templates – Placeholders
Importing Template Email Details from an EML
Assigning Custom Phishing Simulation Templates to Users
Adding a Banner to Phishing Simulation Emails
Authorizing Training Module Access for the Organization
Security Awareness Training Email Headers
Required Permissions for Microsoft Login Authorization
Training and Reminder Emails - Supported Placeholders
Branding the Security Awareness Training Web Page
Security Awareness Training Domains
Monitoring User Interactions with Phishing Simulations
Monitoring User Training Progress
Monitoring Phishing Simulations
Monitoring User Awareness Training Progress
Searching for Security Awareness Training Related Emails in Mail Explorer
Security Awareness Training - End User Experience
Supported Languages for Phishing Simulations
Supported Languages for Training Modules
Phishing Simulation Email - End User Experience
Available Training Modules
User Management
Viewing User Information
User Management Table
Adding a New User
Updating User Information
Deleting a User
Configuration
SAML
SAML
Configuration for
Azure
SAML Configuration for Duo
SAML Configuration for Idaptive
SAML Configuration for JumpCloud
SAML
Configuration for
Okta
Multi-Factor Authentication
using Google Authenticator
Prerequisites
High-Level Procedure
Enforcing MFA for the User
Enabling MFA by a User
Logging in via Google Authenticator - End User Experience
Video Tutorials
How to Onboard Office 365 Mail with
Avanan
How to Onboard Microsoft Teams with
Avanan
How to Onboard Office 365 OneDrive
Avanan
How to Onboard Office 365 SharePoint with
Avanan
How to Onboard Gmail with
Avanan
How to Onboard Google Drive with
Avanan
How to Contact
Check Point
Support and Incident Response Team from the
Avanan
Administrator Portal
Phishing Email End-User Experience with
Avanan
Password-Protected Attachments End-User Experience with
Avanan
Check Point
Email Encryption End-User (External Recipient) Experience with
Avanan
How to Enable Smart Banners to Emails with
Avanan
How to Configure Daily Quarantine Report (Digest) in
Avanan
and Allow End Users to Generate a Report on Demand
How to Configure Security Awareness Training Policy in
Avanan
Email Security
How to Configure Outlook Add-In with
Avanan
User Interaction Administrator Experience with
Avanan
Email Security
How to Request to Restore Quarantined Phishing Emails End User Experience with
Avanan
How to Respond to Misdirected Email Warnings in Outlook
How to Report a Phishing Email in Outlook
How to Access the
Avanan
Portal from Outlook
Smart Banners and Trusted Senders End-User Experience with
Avanan
Appendix
Appendix A:
Avanan
Manual Integration with
Office 365
Manual Integration with
Office 365
Mail - Required Permissions
Policy Modes
Step 1 - Authorize the Manual Integration Application
Step 2 - On-boarding (Monitor only and Detect and Remediate)
Step 3 -
Avanan
Contact
Step 4 - Journal Rule
Step 5 - Connectors
Step 6 - Connection Filter (All Modes)
Step 7 - Protect (Inline) Protection Mode Policy Configuration on
Avanan
Step 8 - Connectors (Protect (Inline) Mode)
Step 9 - Transport Rules (Protect (Inline) Mode)
Avanan
- Protect External
Avanan
- Protect Internal
Avanan
- Protect
Avanan
- Allow-List
Avanan
- Junk Filter
Avanan
- Encryption
Transport Rules
Step 10 - Sending User Reported Phishing Emails to an Internal Mailbox
Reverting Manual Onboarding / Switching to Automatic Onboarding
Unified Quarantine for Manual Mode of Onboarding
Appendix B:
Avanan
Manual Integration with Google Gmail
Step 1: Add Groups
Step 2: Adding a Host
Step 3: Updating Inbound
Gateway
Step 4: Adding SMTP Relay Host
Step 5: Create a Compliance Rule
IP Addresses Supported Per Region
Appendix C: Manual Steps for Enabling Gmail Prevent (Inline)
DLP
Policy
Step 1: Adding a Host
Step 2: Updating Inbound
Gateway
Step 3: Adding SMTP Relay Host
Step 4: Add Groups
Step 5: Create a Compliance Rule
IP Addresses Supported Per Region
Appendix E:
DLP
Built-in
Data Types
and Categories
Country Specific
Data Types
Argentina
Argentina
Australia
Belgium
Brazil
Canada
Chile
China
Colombia
Denmark
Finland
France
Germany
Hong Kong
India
Indonesia
Ireland
Israel
Italy
Japan
Korea
Mexico
The Netherlands
Norway
Paraguay
Peru
Poland
Portugal
Singapore
Spain
Sweden
Taiwan
Thailand
Turkey
United Kingdom
United States
Uruguay
Venezuela
DLP
Categories
Appendix F: Supported Languages for
Anti-Phishing
Appendix G: Data Retention Policy
Available Actions on Emails During and After the Retention Period
Data Retention Policy for Non-email Applications
Appendix H: Activating
Office 365
Mail in Hybrid Environments
Mail Flow in Hybrid Environments
Modern Hybrid Architecture - MX Points to
Microsoft 365
.
Modern Hybrid Architecture - Licensing Considerations
Avanan
Support for Hybrid Environments
Limitations for On-premises Mailboxes
Enabling
Office 365
Mail Protection in Hybrid Environments
Connecting
Avanan
to
Microsoft 365
Appendix I: Permitted IP Addresses to access the
Avanan
Azure Application
Data Regions and Public IP Addresses
Appendix J: Supported File Types for
DLP
Appendix K: Troubleshooting
Appendix L: Outlook Add-In
Outlook Add-In Permissions
Required Permissions
Permissions Not Required
Configuring the Outlook Add-In
Generating the Add-In XML
Deploying the Outlook Add-In through
Microsoft 365
Admin Center
Outlook Add-In - Supported Outlook Types and Platform
Automatic Localization of the Outlook Add-In Experience
Appendix M: Configuring Postfix as an Internal SMTP Relay for Non‐TLS Senders to
Avanan
Cloud SMTP Relay
Postfix Configuration
Identity and Host Configuration
Network and Trust Boundary
Relay Restrictions
Inbound SMTP
Outbound SMTP (to relay)
TLS Enforcement
No SMTP Authentication
TLS Certificates (Inbound)
Local Delivery Settings
Aliases
Compatibility Level
Restart Postfix to Load the New Configuration
Postfix Configuration File
Testing and Debugging
Debugging Postfix
30 June 2026
© 2024 - 2026 Check Point Software Technologies Ltd.