FAQs - Customer Environment

How can a customer with a trial license migrate the configurations on the trial Cloud App Security management console to the production management console after they purchase Smart Protection Complete with a full license?

You need to attach the CLP account you created with the Cloud App Security trial license to your Smart Protection Complete full license first.

  1. Log on to the Trend Micro Customer Licensing Portal (CLP) https://clp.trendmicro.com using your CLP account credentials.

  2. Go to My Products/Services, and then click Provide Key.

  3. On the License Key screen, type your registration key, not the activation code, in the Provide your Activation Code or product key text box, and then click Continue.

  4. Select the check box and then click Continue to finish the process.

After you re-log on to the Cloud App Security production management console, all the configurations are migrated and your license is updated.

How do employees log on to Cloud App Security using Internet Explorer on Windows Server?

Internet Explorer has different default settings on Windows Server and other Windows versions. Enable active scripts for the "Internet" zone to log on to Cloud App Security through Internet Explorer on Windows Server.

  1. Open Internet Explorer.

  2. Go to Tools > Internet options > Security.

  3. Select the Internet zone.

  4. Click Customer Level. The Security Settings – Internet Zone window appears.

  5. Under the Scripting section, enable Active scripting.

  6. Click OK to close the Security Settings – Internet Zone window.

  7. Click OK to close Internet Options window.

Will Cloud App Security impede access speed to messages and files?

Cloud App Security has no impact on performance when customers receive email messages, upload files to, or download files from cloud applications.

Is a customer who purchased Trend Micro Smart Protection Complete able to use Cloud App Security in a different site from the one dictated by the customer's registration key or activation code?

No, Cloud App Security serves a customer in the site (that is, the U.S., EU, Japan, or Australia and New Zealand site) based on the region or country dictated by the customer's registration key or activation code. To use Cloud App Security in a different site, the customer needs to apply for a new Customer Licensing Portal account with a new registration key corresponding to the site they want to use.

Why cannot I restore or delete an email message that has been quarantined by Cloud App Security?

When an email message is quarantined, it is stored in the quarantine folder created by Cloud App Security for further processing. Upon receiving a request to restore or delete the message, Cloud App Security fails to do so if it cannot locate the message in the quarantine folder. When the issue occurs, check whether this message was moved out of the quarantine folder to somewhere else. You can go to Quarantine and view the Mail Location column to find the current location of the message.

When and how does Cloud App Security deprovision a service account for the Office 365 services if the customer's license expires?

If your license has reached the end of the grace period, Cloud App Security disables your CLP account. This means that the Cloud App Security management console is no longer accessible and Cloud App Security does not protect your services any more.

After 30 days of the grace period, Cloud App Security automatically de-provisions your CLP account:

  • For Exchange Online: Removes the quarantine folder.

  • For SharePoint Online / OneDrive for Business:

    • Removes the remote event receiver from each site collection.

    • Removes the service account from each site collection's administrator group.

      Note:

      This applies only when the service account has been promoted Global Administrator privileges during the provisioning. If you did not select this option during provisioning, you can sign in to the Office 365 admin center with your Global Administrator account at a later time and remove the service account manually.

    • Removes the quarantine document library.

Note:

Cloud App Security recommends that you delete quarantine logs before deprovisioning.

After the automatic deprovisioning, Microsoft removes the SharePoint user profiles 30 days after service account removal. There is still remaining data created for Cloud App Security that requires the following manual cleanup:

  • You need to manually remove service account users from the SharePoint/OneDrive user list.

  • You need to manually remove the Cloud App Security notification files.