Views:
After scanned by Inline Protection of Trend Micro Cloud App Security, emails are delivered to Microsoft's mail server for your Exchange Online service, where they go through some security checking. Since the sending IP addresses and hostnames of the emails change to those of Cloud App Security, the emails may fail Microsoft's security checks. To prevent such failure, make sure you perform the following verification before granting access to Exchange Online (Inline Mode).
Note
Note
During the access grant, Cloud App Security will also automatically update the allow entries for spoofed senders in the Tenant Allow/Block List and IP Allow List in connection filtering in your Exchange Online service to ensure that emails get delivered as expected. For details, see Connectors, transport rules, groups, and allow lists for inline protection.

Procedure

  1. Make sure that "SPF check: hard fail" is disabled.
    1. In the Microsoft 365 Defender portal, go to Email & CollaborationPolicies & RulesThreat policiesAnti-spam in the Policies section.
    2. On the Anti-spam policies screen, click Anti-spam inbound policy (Default).
    3. In the policy details panel that appears, check whether SPF record: hard fail is set to Off.
      If no, click Edit spam threshold and properties, set SPF record: hard fail to Off, and click Save.
  2. If you have a transport rule that accepts traffic only from specific IP addresses, add the IP addresses of Cloud App Security to the list.
    To check the transport rules, log on to the Exchange admin center and go to Mail flowRules.
    The IP addresses of Cloud App Security for inbound protection are as follows:
    • US site: 20.245.215.64/28, 104.42.189.70, 104.210.58.247, 20.72.147.113, 20.72.140.32
    • EU site: 20.4.48.48/28, 20.107.69.176, 20.126.6.52, 20.54.65.186, 20.54.68.116
    • Japan site: 13.78.70.144/28, 20.222.63.30, 20.222.57.14, 104.46.234.4, 138.91.24.196
    • Australia and New Zealand site: 20.70.30.192/28, 20.213.240.47, 20.227.136.26, 20.39.98.128, 20.39.97.72
    • Canada site: 52.228.5.240/28, 52.228.125.192, 52.139.13.199, 52.229.100.53, 20.104.170.121
    • Singapore site: 52.163.102.112/28, 20.43.148.81, 20.195.17.218
    • UK site: 20.254.97.192/28, 20.68.25.194, 20.68.210.42, 52.142.171.1, 52.142.170.52
    • India site: 20.204.179.112/28, 20.204.44.59, 20.204.113.71, 20.219.110.223, 13.71.71.12
    • Middle East (UAE) site: 20.233.170.224/28, 20.216.24.7, 20.216.9.36, 20.21.106.199, 20.21.252.69
    The IP addresses of Cloud App Security for outbound protection are as follows:
    • US site: 20.66.85.0/28, 104.210.59.109, 104.42.190.154, 20.72.147.115, 20.72.140.41
    • EU site: 20.160.56.80/28, 20.126.64.109, 20.126.70.251, 20.54.65.179, 20.54.68.120
    • Japan site: 20.78.49.240/28, 20.222.60.8, 52.140.200.104, 104.46.227.238, 104.46.237.93
    • Australia and New Zealand site: 20.227.209.48/28, 20.227.165.104, 20.213.244.63, 20.39.98.131, 20.39.97.73
    • Canada site: 20.220.229.208/28, 52.228.125.196, 52.139.13.202, 20.104.170.106, 20.104.172.35
    • Singapore site: 52.163.216.240/28, 20.43.148.85, 20.195.17.222
    • UK site: 20.0.233.224/28, 20.68.214.138, 20.68.212.120, 52.142.171.6, 52.142.170.53
    • India site: 20.235.86.144/28, 4.213.51.121, 4.213.51.126, 104.211.202.104, 52.172.7.14
    • Middle East (UAE) site: 20.233.170.240/28, 20.74.137.84, 20.74.179.106, 20.21.106.164, 20.21.108.130