Provisioning an Exchange Online (Inline Mode) Authorized Account

The steps outlined below detail how to provision an Exchange Online (Inline Mode) Authorized Account from Dashboard for inline protection over both inbound and outbound messages.

Note:

If you have already provisioned a service account for outbound or inbound protection, proceed as follows to have inline protection in both directions.

Provisioned Service Account

Action

Exchange mail flow service account for outbound protection

Deprovision the service account before proceeding with the steps in this topic.

Exchange Online (Inline Mode) service account for inbound protection

Upgrade the service account to support outbound protection:

Go to Administration > Service Account, locate your Exchange Online (Inline Mode) service account, click Upgrade for Outbound Protection, and follow the onscreen instructions to complete the procedure.

Exchange mail flow service account for outbound protection

Exchange Online (Inline Mode) service account for inbound protection

Migrate outbound protection to the Exchange Online (Inline Mode) service account. For details, see Migrating Outbound Protection to Exchange Online (Inline Mode).

  1. Log on to the Cloud App Security management console.
  2. Hover over Exchange Online (Inline Mode) and click Provision.

    The Provision Service Account for Exchange Online (Inline Mode) screen appears.

  3. Grant Cloud App Security the permission to configure the Exchange mail flow.
    1. Click Click here at the end of Step 1.
    2. On the Microsoft logon screen that appears, specify your Office 365 Global Administrator credentials and click Sign in.
    3. On the Exchange Online authorization screen that appears, click Accept to grant Cloud App Security the permission.

      During this process, Cloud App Security creates the Trend Micro Cloud App Security app on Exchange Online.

  4. Assign the Azure AD roles to the Trend Micro Cloud App Security app created in Azure AD.
    1. Go back to the Cloud App Security management console and copy the app ID shown in Step 2.
    2. Log on to the Azure Active Directory portal as an Exchange Online administrator.
    3. In the left-side area, click Azure Active Directory, and select Roles and administrators under Manage.
    4. In the list on the Roles and administrators screen, click Exchange administrator.
    5. On the Exchange administrator | Assignments screen, click +Add assignments.
    6. Assign the Exchange administrator role to the Trend Micro Cloud App Security app
    • If you have not enabled Privileged Identity Management:
      1. In the search box on the Add assignments screen, paste the app ID copied earlier and press Enter.

      2. Locate and select the app Trend Micro Cloud App Security, and then click Add.

        The app appears on the Exchange administrator | Assignments screen.

    • If you have enabled Privileged Identity Management:
      1. On the Add assignments screen, click No member selected.

      2. On the Select a member screen, paste the app ID copied earlier, and press Enter.

      3. Locate and select the app Trend Micro Cloud App Security, and then click Select.

      4. On the Setting tab, retain the default settings, provide a justification for assigning the role under Enter justification, and click Assign.

        The app appears on the Active assignments tab of the Exchange administrator | Assignments screen.

  5. Grant Cloud App Security the permission to sync user and domain data from Azure AD.
    1. Go back to the Cloud App Security management console and click Click here after Step 3.
    2. On the Microsoft logon screen that appears, specify your Office 365 Global Administrator credentials and click Sign in.
    3. On the Exchange Online authorization screen that appears, click Accept to grant Cloud App Security the permission to sync user and domain data from Azure AD.
  6. Return to the Cloud App Security management console and click Verify and Submit under Step 4.
  7. Wait until the process is completed.
  8. Hover over the ring icon in the upper-right corner of the management console.

    If the message "Exchange Online protected in inline mode." appears on the Notifications screen, the provisioning is successful.

    The provisioning automatically creates transport rules, connectors, and Microsoft 365 groups on Exchange Online to implement mail flow for both inbound protection and outbound protection. For details, see Connectors, Transport Rules, and Group for Inline Protection.