Inline Protection


This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release Disclaimer before using the feature.

In addition to the existing protection mechanism, Cloud App Security launches inline protection that detects and remediates threats before they can reach your protected services. In this mode, traffic needs to pass through Cloud App Security on the way to its destination, allowing Cloud App Security to scan for and take action on threats in real time.

Cloud App Security supports inline protection for Exchange Online in both inbound and outbound directions.

  • Inbound protection: Scan messages sent from outside your organization before they reach the protected mailboxes in your organization.

  • Outbound protection: Scan messages sent from protected mailboxes in your organization before they are delivered to their destinations outside your organization.

The following describes how to use inline protection for Exchange Online.


The functions not available currently in the following table will be supported in future releases.




See Provisioning an Exchange Online (Inline Mode) Authorized Account.

Configure policies

You can separately configure policies for inbound protection and outbound protection.

For details, see Adding Advanced Threat Protection Policies and Adding Data Loss Prevention Policies.

Manage quarantine

In the Quarantine screen, select the service type Exchange Online (Inline Mode).


For inline protection, Cloud App Security quarantines messages in its storage.

Query logs

See Logs and Reports.

Configure global settings

To turn off inline protection, see Turning Off Inline Protection.

To configure sender address match, see Configuring Sender Address Match.


See Deprovisioning Office 365 Services.