Views:
The following table lists all the actions that Cloud App Security performs in the Microsoft 365 environment and other changes made by Cloud App Security.
Stage
Cloud App Security Changes to Microsoft 365
Other Changes
Microsoft 365 Admin Center
Exchange Online
Granting access
  • Adds the Trend Micro Cloud App Security app in Azure AD.
  • Creates Microsoft 365 virtual groups.
  • Creates mail flow connectors and transport rules.
  • Uses OAuth 2.0 to obtain Exchange Online's access token.
  • Adds a domain pair for Cloud App Security to the allow entries for spoofed senders in the Tenant Allow/Block List.
  • Adds the IP addresses of Cloud App Security to the IP Allow List in connection filtering.
None
Service running
  • Updates the Microsoft 365 virtual groups when the policy target changes.
  • Synchronizes with Microsoft 365 daily to obtain information about new users, groups, verified domains, and MX records.
    Note
    Note
    Cloud App Security synchronizes with Microsoft 365 at 00:15 a.m. UTC for both the EU and UK sites, 05:15 a.m. UTC for the Canada site, 08:15 a.m. UTC for the US site, 04:15 p.m. UTC for both the Japan and the Australia and New Zealand sites, 05:15 p.m. UTC for the Singapore site, and 00:15 p.m. UTC for the India site.
Updates mail flow transport rules.
Refreshes the access token every hour.
Revoking access
  • Stops daily synchronization with Microsoft 365.
  • Stops generating scheduled reports.
  • Removes the Microsoft 365 virtual groups.
Removes the mail flow connectors for outbound protection and the transport rules for rerouting messages.
Note
Note
Cloud App Security recommends that you check quarantined items before revoking access.
None.
Manual cleanup
  • Removes the Trend Micro Cloud App Security from Azure AD.
  • Removes the domain pair for Cloud App Security from the allow entries for spoofed senders in the Tenant Allow/Block List.
  • Removes the IP addresses of Cloud App Security from the IP Allow List in connection filtering.
None.
Deletes the following transport rules and connectors:
  • TMCAS Inline Incoming Skip Spam Filter Transport Rule
  • TMCAS Inline Incoming Move to Junk Folder Transport Rule
  • TMCAS Inline Inbound Connector for Incoming Message
  • TMCAS Inline Inbound Connector for Outgoing Message
The following table lists all the actions that Cloud App Security performs in the Gmail environment and other changes made by Cloud App Security.
Stage
Cloud App Security Changes to Gmail
Other Changes
Granting access
Uses OAuth 2.0 to obtain Gmail's access token.
Adds the user group TMCAS Inline Incoming Gmail Virtual Group.
Saves user and group information to the Cloud App Security database.
Service running
  • Synchronizes with Gmail daily to obtain information about new users and groups.
    Note
    Note
    Cloud App Security synchronizes with Gmail at 00:15 a.m. UTC for both the EU and UK sites, 05:15 a.m. UTC for the Canada site, 08:15 a.m. UTC for the US site, 04:15 p.m. UTC for both the Japan and the Australia and New Zealand sites, 05:15 p.m. UTC for the Singapore site, and 00:15 p.m. UTC for the India site.
  • If an email message violates a policy that specifies the "Label email" action: Creates a label called "Risky (by Trend Micro)" and labels the message.
  • Updates the access or operation logs for the service account during scanning.
  • Refreshes the access token every hour.
  • Cloud App Security refreshes the subscription to all mailboxes' event notifications during scheduled synchronization every day.
Revoking access
  • Stops daily synchronization with Gmail.
  • Stops generating scheduled reports.
  • Removes administrator-set policies.
  • Removes user and group information.
  • Removes the access token obtained.
Manual cleanup
  • Removes the Cloud App Security application from the Google Workspace admin console and from the admin's Google Account.
    Note
    Note
    You can ignore this if you need to use the Google Drive or Gmail service account for protection.
  • Removes the content compliance rule TMCAS Content Compliance Rule for Incoming Messages.
  • Removes the mail route for routing emails to Cloud App Security.
  • Removes the inbound gateway for receiving emails delivered from Cloud App Security.
    Important
    Important
    To ensure that all emails scanned by Cloud App Security are successfully delivered to Gmail, remove the inbound gateway 24 hours after revoking access.
None.