Changes Made Under Inline Protection

The following table lists all the actions that Cloud App Security performs in the Office 365 environment and other changes made by Cloud App Security.


Cloud App Security Changes to Office 365

Other Changes

Office 365 Admin Center

Exchange Online


  • Adds the Trend Micro Cloud App Security app in Azure AD.

  • Creates Microsoft 365 virtual groups.

  • Creates mail flow connectors and transport rules.

  • Uses OAuth 2.0 to obtain Exchange Online's access token.


Service running

  • Updates the Microsoft 365 virtual groups when the policy target changes.

  • Synchronizes with Office 365 daily to obtain information about new users, groups, verified domains, and MX records.


    Cloud App Security synchronizes with Office 365 at 00:15 a.m. UTC for both the EU and UK sites, 05:15 a.m. UTC for the Canada site, 08:15 a.m. UTC for the US site, 04:15 p.m. UTC for both the Japan and the Australia and New Zealand sites, 05:15 p.m. UTC for the Singapore site, and 00:15 p.m. UTC for the India site.

Updates mail flow transport rules.

Refreshes the access token every hour.


  • Stops daily synchronization with Office 365.

  • Stops generating scheduled reports.

  • Removes the Microsoft 365 virtual groups.

Removes the mail flow connectors for outbound protection and the transport rules for rerouting messages.


Cloud App Security recommends that you check quarantined items before deprovisioning.


Manual cleanup

Removes the Trend Micro Cloud App Security from Azure AD.


Deletes the following transport rules and connectors:

  • TMCAS Inline Incoming Skip Spam Filter Transport Rule

  • TMCAS Inline Incoming Move to Junk Folder Transport Rule

  • TMCAS Inline Inbound Connector for Incoming Message

  • TMCAS Inline Inbound Connector for Outgoing Message