After scanned by Inline Protection of Trend Micro Cloud App Security, emails are delivered to Microsoft's mail server for your Exchange Online service, where they go through some security checking. Since the sending IP addresses and hostnames of the emails change to those of Cloud App Security, the emails may fail Microsoft's security checks. To prevent such failure, make sure you perform the following verification before provisioning for Exchange Online (Inline Mode).
During the provisioning, Cloud App Security will also automatically update the allow entries for spoofed senders in the Tenant Allow/Block List and IP Allow List in connection filtering in your Exchange Online service to ensure that emails get delivered as expected. For details, see Connectors, Transport Rules, Groups, and Allow Lists for Inline Protection.
If no, click Edit spam threshold and properties, set SPF record: hard fail to Off, and click Save.
To check the transport rules, log on to the Exchange admin center and go to Mail flow > Rules.
The IP addresses of Cloud App Security for inbound protection are as follows:
US site: 20.245.215.64/28
EU site: 20.4.48.48/28
Japan site: 13.78.70.144/28
Australia and New Zealand site: 20.70.30.192/28
Canada site: 52.228.5.240/28
Singapore site: 52.163.102.112/28
UK site: 20.254.97.192/28
India site: 20.204.179.112/28
The IP addresses of Cloud App Security for outbound protection are as follows:
US site: 20.66.85.0/28
EU site: 20.160.56.80/28
Japan site: 20.78.49.240/28
Australia and New Zealand site: 20.227.209.48/28
Canada site: 20.220.229.208/28
Singapore site: 52.163.216.240/28
UK site: 20.0.233.224/28
India site: 20.235.86.144/28