Granting Access to Gmail (Inline Mode)

Procedure

1. Go to Dashboard → Service Status.
2. Click Grant Access in the Action column for Gmail (Inline Mode).
   The Grant Access to Gmail (Inline Mode) screen appears.
3. Install the Trend Micro Cloud App Security app by clicking Click here in Step 1.
   The Trend Micro Cloud App Security application screen in the Google Workspace Marketplace appears.

   Condition	Steps
   The Cloud Email and Collaboration Protection application is not installed.	Click Admin install. A new window appears for you to sign in to Google. Specify your Google Super Admin credentials, and click Next and then CONTINUE. An authorization screen appears. Choose who to install the app for. Everyone at your organization (recommended) Certain groups or organizational units Note If you select this option, make sure the selected groups or organizational units include the Google Super Admin account to be used for access grant in step 5. Select I agree to the application's Terms of Service, Privacy Policy, and Google Workspace Marketplace's Terms of Service and click Finish to start installation. The application is successfully installed.
   The Cloud Email and Collaboration Protection application is already installed.	Log on to https://admin.google.com as a Google Super Admin. Go to Apps → Google Workspace Marketplace apps → Apps list and click Trend Micro Cloud App Security. Click Grant access in the Data Access section. The "Status: Granted" message appears on the screen. Note If you change the application scope for Trend Micro Cloud App Security in the User Access section, make sure the selected groups or organizational units include the Google Super Admin account to be used for access grant in step 5.

4. Go back to the Cloud Email and Collaboration Protection management console as instructed and grant Cloud Email and Collaboration Protection the permission on required APIs by clicking Click here in Step 2.
5. In the new browser tab that appears, click your Google Super Admin account.
6. Go back to the Cloud Email and Collaboration Protection management console as instructed and create user groups for routing inbound and outbound emails to Cloud Email and Collaboration Protection by clicking Click here in Step 3.
   The groups named TMCAS Inline Incoming Gmail Virtual Group and TMCAS Inline Outgoing Gmail Virtual Group are created in Directory → Groups in the Google Workspace Admin console.
7. Configure settings in the Google Workspace Admin console for routing inbound and outbound emails to Cloud Email and Collaboration Protection for Inline Protection.
   For details, see Configuring Email Routing for Inline Protection.
8. Wait until the process is completed.
   If the message "Successfully created a service account and synced data." appears on the screen, the access grant is successful.

   Important After the access grant is completed, enable the default Advanced Threat Protection policy and Data Loss Prevention policy or create custom policies for Gmail (Inline Mode). After you enable the policies, make sure you enable the rules TMCAS Content Compliance Rule for Incoming Message and TMCAS Content Compliance Rule for Outgoing Message in the Google Workspace Admin console.

   If for some reason the access token becomes invalid, a notification appears on Dashboard. Cloud Email and Collaboration Protection also sends an email message to notify the administrator of this event. To continue using the service account, go to Administration → Service Account to create a new access token. For more information, see Service Account.