Frequently Asked Questions (FAQs)
Question
|
Answer
|
||
How does Cloud App Security ensure high availability?
|
All Cloud App Security service components maintain a
stateless design. As such, they freely scale when volume increases. By default, all
customer-facing services are set up redundantly behind the Windows Azure Load
Balancer to ensure high availability.
|
||
How does Cloud App Security guarantee data privacy in a
multi-tenant environment?
|
Cloud App Security does not store original content (email
messages and files). Cloud App Security gets access to email
and file content in cloud applications and processes it in memory, without storing
it upon completion.
|
||
Will Cloud App Security impede access speed to messages and
files?
|
Cloud App Security has no impact on performance when
customers receive email messages, upload files to, or download files from cloud
applications and services.
|
||
How can a customer with a trial license migrate the configurations on the trial Cloud App Security management console to the production
management console after they purchase Smart Protection Complete with a full
license?
|
You need to attach the CLP account you created with the Cloud App Security trial license to your Smart Protection
Complete full license first.
After you re-log on to the Cloud App Security production
management console, all the configurations are migrated and your license is
updated.
|
||
How do employees log on to Cloud App Security using Internet
Explorer on Windows Server?
|
Internet Explorer has different default settings on Windows Server and other
Windows versions. Enable active scripts for the
Internetzone to log on to Cloud App Security through Internet Explorer on Windows Server.
|
||
Is a customer who purchased Trend Micro Smart Protection Complete able to use Cloud App Security in a different site from the one dictated by
the customer's registration key or activation code?
|
No, Cloud App Security serves a customer in the site based
on the region or country dictated by the customer's registration key or activation
code. To use Cloud App Security in a different site, the
customer needs to apply for a new Customer Licensing Portal account with a new
registration key corresponding to the site they want to use.
|
||
Why cannot I restore or delete an email message that has been quarantined by Cloud App Security?
|
When an email message is quarantined, it is stored in the quarantine folder created
by Cloud App Security for further processing. Upon receiving
a request to restore or delete the message, Cloud App Security fails to do so if it cannot locate the message in the quarantine folder. When the
issue occurs, check whether this message was moved out of the quarantine folder to
somewhere else. You can go to Quarantine and view the
Mail Location column to find the quarantine folder of the
message.
|
||
When and how does Cloud App Security remove a service account for the Microsoft 365 services if the customer's license
expires?
|
If your license has reached the end of the grace period, Cloud App Security disables your CLP account. This means that
the Cloud App Security management console is no longer
accessible and Cloud App Security does not protect your
services any more.
After 30 days of the grace period, Cloud App Security
automatically removes your CLP account.
Microsoft removes the SharePoint user profiles 30 days after service account
removal. There is still remaining data created for Cloud App Security that requires manual cleanup. For details,
see Changes made by Cloud App Security.
|
||
How can a customer enable multi-factor authentication (MFA) on the Exchange Online
and SharePoint Online Delegate Accounts after automatic access grant?
|
On August 2, 2019, Microsoft implemented a mandatory Multi-Factor Authentication (MFA)
policy for all partners re-selling Microsoft 365 licenses to end users. The policy
requires all administrator accounts in the Cloud Solution Provider (CSP) tenant to
have Multi-Factor Authentication.
|
||
How can a customer specify a name and location when downloading quarantined items,
instead of using the default name?
|
When you download quarantined items through a web browser, Cloud App Security automatically generates a file name in a
default format: <timestamp>_<email subject or file name>_<affected
user's name>.
To customize the file name and location, configure the Downloads settings of your
browser to always ask where to save each file before downloading.
|
||
Why does Cloud App Security still quarantine or delete email
messages even when all policies are in the Monitor Only mode?
|
In Cloud App Security, the default Monitor Only policy takes
effect only at the policy level. When requested to quarantine or delete an email
message by integrated products or the Cloud App Security
Threat Mitigation APIs, Cloud App Security quarantines or
deletes the email message even if the default Monitor Only policy is enabled.
To ensure that Cloud App Security does not take any actions
other than "Pass" when the default Monitor Only policy is enabled, perform the
following:
|
||
For internal messages that are scanned by Cloud App Security
Inline Protection, how can I prevent the messages from being marked as internal
email spoofing by Microsoft Exchange Online Protection (EOP)?
|
Solution: Add the record of Cloud App Security Inline
Protection MTAs for inbound messages to the SPF record for your domains.
The record of Cloud App Security for inbound
protection are as follows:
|
||
Is it necessary to add the IP addresses of Cloud App Security Inline Protection MTAs for outbound messages to the SPF record for my
domains?
|
As recommended by Microsoft, you can add the record of Cloud App Security Inline Protection MTAs for outbound messages
to the SPF record for your domains.
The record of Cloud App Security for outbound
protection are as follows:
|
||
What is the session timeout period for the Cloud App Security management console?
|
The session timeout period for the Cloud App Security
management console is 1 hour. If you perform no operation in the management console
within 1 hour, you are automatically logged out of the console.
|
||
Why my users cannot receive emails when I use both Cloud App Security Inline Protection and Trend Micro Email
Security?
|
If you have added the transport rule Restrict messages by sender or recipient... to accept emails only from Trend Micro Email Security, the mail server of Microsoft
365 will reject emails from Cloud App Security MTAs for Inline Protection. For Inline Protection to work properly, you need to add
the IP addresses of Cloud App Security MTAs for your serving site to the exception list of the rule Restrict messages by sender or recipient...:
The IP addresses of Cloud App Security for
inbound protection are as follows:
The IP addresses of Cloud App Security for
outbound protection are as follows:
|
||
Does Cloud App Security use Smart Scan? Do I need to
configure anything to use Smart Scan?
|
Yes, Cloud App Security uses Smart Scan, a cloud-based
scanning solution with dynamically updated patterns. Cloud App Security leverage this Trend Micro-developed solution to provide
up-to-date protection against malware.
After enabling Malware Scanning in Cloud App Security, you
do not need to make any configuration for Smart Scan to work.
|