Changes Made Under Inline Protection

Provisioning

• Adds the Trend Micro Cloud App Security app in Azure AD.

• Creates Microsoft 365 virtual groups.

• Creates mail flow connectors and transport rules.

• Uses OAuth 2.0 to obtain Exchange Online's access token.

• Adds a domain pair for Cloud App Security to the allow entries for spoofed senders in the Tenant Allow/Block List.

• Adds the IP addresses of Cloud App Security to the IP Allow List in connection filtering.

None

Service running

• Updates the Microsoft 365 virtual groups when the policy target changes.

• Synchronizes with Office 365 daily to obtain information about new users, groups, verified domains, and MX records.

  Note:

  Cloud App Security synchronizes with Office 365 at 00:15 a.m. UTC for both the EU and UK sites, 05:15 a.m. UTC for the Canada site, 08:15 a.m. UTC for the US site, 04:15 p.m. UTC for both the Japan and the Australia and New Zealand sites, 05:15 p.m. UTC for the Singapore site, and 00:15 p.m. UTC for the India site.

Updates mail flow transport rules.

Refreshes the access token every hour.

Deprovisioning

• Stops daily synchronization with Office 365.

• Stops generating scheduled reports.

• Removes the Microsoft 365 virtual groups.

Removes the mail flow connectors for outbound protection and the transport rules for rerouting messages.

None.

Manual cleanup

• Removes the Trend Micro Cloud App Security from Azure AD.

• Removes the domain pair for Cloud App Security from the allow entries for spoofed senders in the Tenant Allow/Block List.

• Removes the IP addresses of Cloud App Security from the IP Allow List in connection filtering.

None.

Deletes the following transport rules and connectors:

• TMCAS Inline Incoming Skip Spam Filter Transport Rule

• TMCAS Inline Incoming Move to Junk Folder Transport Rule

• TMCAS Inline Inbound Connector for Incoming Message

• TMCAS Inline Inbound Connector for Outgoing Message