Provisioning an Exchange Online (Inline Mode) Authorized Account

The steps outlined below detail how to provision an Exchange Online (Inline Mode) Authorized Account from Dashboard for Inline Protection over both inbound and outbound messages.

Before the provisioning, verify related security configuration in Microsoft to ensure that Inline Protection for Exchange Online works properly for your organization and emails get delivered as expected. For details, see Verifying Related Security Settings in Microsoft.

Note:

If you have already provisioned an Exchange Online (Inline Mode) service account for inbound protection, upgrade the service account to have Inline Protection in the outbound direction as well:

Go to Administration > Service Account, locate your Exchange Online (Inline Mode) service account, click Upgrade for Outbound Protection, and follow the onscreen instructions to complete the procedure.

  1. Log on to the Cloud App Security management console.
  2. Hover over Exchange Online (Inline Mode) and click Provision.

    The Provision Service Account for Exchange Online (Inline Mode) screen appears.

  3. Grant Cloud App Security the permission to configure the Exchange mail flow.
    1. Click Click here at the end of Step 1.
    2. On the Microsoft logon screen that appears, specify your Office 365 Global Administrator credentials and click Sign in.
    3. On the Exchange Online authorization screen that appears, click Accept to grant Cloud App Security the permission.

      During this process, Cloud App Security creates the Trend Micro Cloud App Security app on Exchange Online.

  4. Assign the Azure AD roles to the Trend Micro Cloud App Security app created in Azure AD.
    1. Go back to the Cloud App Security management console and copy the app ID shown in Step 2.
    2. Log on to the Azure Active Directory portal as an Exchange Online administrator.
    3. In the left-side area, click Azure Active Directory, and select Roles and administrators under Manage.
    4. In the list on the Roles and administrators screen, click Exchange administrator.
    5. On the Exchange administrator | Assignments screen, click +Add assignments.
    6. Assign the Exchange administrator role to the Trend Micro Cloud App Security app.

      • If you have not enabled Privileged Identity Management:

        1. In the search box on the Add assignments screen, paste the app ID copied earlier and press Enter.

        2. Locate and select the app Trend Micro Cloud App Security, and then click Add.

          The app appears on the Exchange administrator | Assignments screen.

      • If you have enabled Privileged Identity Management:

        1. On the Add assignments screen, click No member selected.

        2. On the Select a member screen, paste the app ID copied earlier, and press Enter.

        3. Locate and select the app Trend Micro Cloud App Security, and then click Select.

        4. On the Setting tab, retain the default settings, provide a justification for assigning the role under Enter justification, and click Assign.

          The app appears on the Active assignments tab of the Exchange administrator | Assignments screen.

  5. Grant Cloud App Security the permission to sync user and domain data from Azure AD.
    1. Go back to the Cloud App Security management console and click Click here after Step 3.
    2. On the Microsoft logon screen that appears, specify your Office 365 Global Administrator credentials and click Sign in.
    3. On the Exchange Online authorization screen that appears, click Accept to grant Cloud App Security the permission to sync user and domain data from Azure AD.
  6. Return to the Cloud App Security management console and click Verify and Submit under Step 4.
  7. Wait until the process is completed.
  8. Hover over the notification icon in the upper-right corner of the management console.

    If the message "Exchange Online protected in inline mode." appears on the Notifications screen, the provisioning is successful.

    The provisioning automatically adds transport rules, connectors, and Microsoft 365 groups, and updates the allow lists in your Exchange Online environment to implement mail flow for both inbound protection and outbound protection. For details, see Connectors, Transport Rules, Groups, and Allow Lists for Inline Protection.

Parent topic: Provisioning an Exchange Online Service Account