Connectors, Transport Rules, and Group for Inbound Protection

The following table lists the connectors, transport rules, and group created to implement mail flow for inbound protection of Exchange Online:

Category

Item

Description

Transport rule

TMCAS Domain-Based Inbound Protection

Routes email messages intended for users in specified domains to Cloud App Security for security scanning.

TMCAS User-Based Inbound Protection

Routes email messages intended for specified users to Cloud App Security for security scanning.

All the specified users are added to the Microsoft 365 group

TMCAS Inbound Protection.

TMCAS Inbound Protection - Skip Spam Filter

Skips the spam filter of Exchange Online. This prevents the Exchange Online mail server from mistakenly filter the email messages returned by Cloud App Security as spam.

TMCAS Inbound Protection - Move to Junk Folder

Moves an email message to Junk Folder when the message is applied the "Move to Junk Folder" action by Cloud App Security.

Connector

TMCAS Inbound Protection - Route to CAS

Routes email messages to Cloud App Security.

TMCAS Inbound Protection - Receive from CAS

Receives email messages from Cloud App Security.

Microsoft 365 group

TMCAS Inbound Protection

User group created to implement the transport rule for user-based inbound protection.

The IP address range in the transport rules is the address of the Cloud App Security server at your serving site.

Note:

To ensure that inbound protection works properly and your email delivery functions as expected, do not modify the transport rules, connectors, and group.