After scanned by Inline Protection of Trend Micro Cloud App Security, emails are delivered to Microsoft's mail
server for your Exchange Online service, where they go through some security
checking. Since the sending IP addresses and hostnames of the emails change to those
of Cloud App Security, the emails may fail Microsoft's
security checks. To prevent such failure, make sure you perform the following
verification before granting access to Exchange Online (Inline Mode).
NoteDuring the access grant, Cloud App Security will also
automatically update the allow entries for spoofed senders in the Tenant
Allow/Block List and IP Allow List in connection filtering in your Exchange
Online service to ensure that emails get delivered as expected. For details, see
Connectors, transport rules, groups, and allow lists for inline protection.
|
Procedure
- Make sure that "SPF check: hard fail" is disabled.
- In the Microsoft 365 Defender portal, go to in the Policies section.
- On the Anti-spam policies screen, click Anti-spam inbound policy (Default).
- In the policy details panel that appears, check whether SPF
record: hard fail is set to
Off.If no, click Edit spam threshold and properties, set SPF record: hard fail to Off, and click Save.
- If you have a transport rule that accepts traffic only from specific IP
addresses, add the IP addresses of Cloud App Security
to the list.To check the transport rules, log on to the Exchange admin center and go to.The IP addresses of Cloud App Security for inbound protection are as follows:
-
US site: 20.245.215.64/28, 104.42.189.70, 104.210.58.247, 20.72.147.113, 20.72.140.32
-
EU site: 20.4.48.48/28, 20.107.69.176, 20.126.6.52, 20.54.65.186, 20.54.68.116
-
Japan site: 13.78.70.144/28, 20.222.63.30, 20.222.57.14, 104.46.234.4, 138.91.24.196
-
Australia and New Zealand site: 20.70.30.192/28, 20.213.240.47, 20.227.136.26, 20.39.98.128, 20.39.97.72
-
Canada site: 52.228.5.240/28, 52.228.125.192, 52.139.13.199, 52.229.100.53, 20.104.170.121
-
Singapore site: 52.163.102.112/28, 20.43.148.81, 20.195.17.218
-
UK site: 20.254.97.192/28, 20.68.25.194, 20.68.210.42, 52.142.171.1, 52.142.170.52
-
India site: 20.204.179.112/28, 20.204.44.59, 20.204.113.71, 20.219.110.223, 13.71.71.12
-
Middle East (UAE) site: 20.233.170.224/28, 20.216.24.7, 20.216.9.36, 20.21.106.199, 20.21.252.69
The IP addresses of Cloud App Security for outbound protection are as follows:-
US site: 20.66.85.0/28, 104.210.59.109, 104.42.190.154, 20.72.147.115, 20.72.140.41
-
EU site: 20.160.56.80/28, 20.126.64.109, 20.126.70.251, 20.54.65.179, 20.54.68.120
-
Japan site: 20.78.49.240/28, 20.222.60.8, 52.140.200.104, 104.46.227.238, 104.46.237.93
-
Australia and New Zealand site: 20.227.209.48/28, 20.227.165.104, 20.213.244.63, 20.39.98.131, 20.39.97.73
-
Canada site: 20.220.229.208/28, 52.228.125.196, 52.139.13.202, 20.104.170.106, 20.104.172.35
-
Singapore site: 52.163.216.240/28, 20.43.148.85, 20.195.17.222
-
UK site: 20.0.233.224/28, 20.68.214.138, 20.68.212.120, 52.142.171.6, 52.142.170.53
-
India site: 20.235.86.144/28, 4.213.51.121, 4.213.51.126, 104.211.202.104, 52.172.7.14
-
Middle East (UAE) site: 20.233.170.240/28, 20.74.137.84, 20.74.179.106, 20.21.106.164, 20.21.108.130
-