An internal domain is a domain owned or controlled by your organization. Cloud App Security uses internal domains to identify trusted email traffic from incoming email messages. Advanced Threat Protection policies will disregard email messages that transmit through your internal domains according to the policy configurations. That is, when Advanced Threat Protection policies apply to incoming email messages only, no policy violations will be triggered for the internal domains.
Internal domains apply to Exchange Online, SharePoint Online and OneDrive for Business policies, and these domains can be added to the approved URL list to exclude from Web Reputation scanning.
Internal domains also apply to Exchange Online policies as global settings for advanced message scanning and detection against BEC attacks.