Verifying Related Security Settings in Microsoft

After scanned by Inline Protection of Trend Micro Cloud App Security, emails are delivered to Microsoft's mail server for your Exchange Online service, where they go through some security checking. Since the sending IP addresses and hostnames of the emails change to those of Cloud App Security, the emails may fail Microsoft's security checks. To prevent such failure, make sure you perform the following verification before provisioning for Exchange Online (Inline Mode).

Note:

During the provisioning, Cloud App Security will also automatically update the allow entries for spoofed senders in the Tenant Allow/Block List and IP Allow List in connection filtering in your Exchange Online service to ensure that emails get delivered as expected. For details, see Connectors, Transport Rules, Groups, and Allow Lists for Inline Protection.

  1. Make sure that "SPF check: hard fail" is disabled.
    1. In the Microsoft 365 Defender portal, go to Email & Collaboration > Policies & Rules > Threat policies > Anti-spam in the Policies section.
    2. On the Anti-spam policies screen, click Anti-spam inbound policy (Default).
    3. In the policy details panel that appears, check whether SPF record: hard fail is set to Off.

      If no, click Edit spam threshold and properties, set SPF record: hard fail to Off, and click Save.

  2. If you have a transport rule that accepts traffic only from specific IP addresses, add the IP addresses of Cloud App Security to the list.

    To check the transport rules, log on to the Exchange admin center and go to Mail flow > Rules.

    The IP addresses of Cloud App Security for inbound protection are as follows:

    • US site: 20.245.215.64/28, 104.42.189.70, 104.210.58.247, 20.72.147.113, 20.72.140.32

    • EU site: 20.4.48.48/28, 20.107.69.176, 20.126.6.52, 20.54.65.186, 20.54.68.116

    • Japan site: 13.78.70.144/28, 20.222.63.30, 20.222.57.14, 104.46.234.4, 138.91.24.196

    • Australia and New Zealand site: 20.70.30.192/28, 20.213.240.47, 20.227.136.26, 20.39.98.128, 20.39.97.72

    • Canada site: 52.228.5.240/28, 52.228.125.192, 52.139.13.199, 52.229.100.53, 20.104.170.121

    • Singapore site: 52.163.102.112/28, 20.43.148.81, 20.195.17.218

    • UK site: 20.254.97.192/28, 20.68.25.194, 20.68.210.42, 52.142.171.1, 52.142.170.52

    • India site: 20.204.179.112/28, 20.204.44.59, 20.204.113.71, 20.219.110.223, 13.71.71.12

    The IP addresses of Cloud App Security for outbound protection are as follows:

    • US site: 20.66.85.0/28, 104.210.59.109, 104.42.190.154, 20.72.147.115, 20.72.140.41

    • EU site: 20.160.56.80/28, 20.126.64.109, 20.126.70.251, 20.54.65.179, 20.54.68.120

    • Japan site: 20.78.49.240/28, 20.222.60.8, 52.140.200.104, 104.46.227.238, 104.46.237.93

    • Australia and New Zealand site: 20.227.209.48/28, 20.227.165.104, 20.213.244.63, 20.39.98.131, 20.39.97.73

    • Canada site: 20.220.229.208/28, 52.228.125.196, 52.139.13.202, 20.104.170.106, 20.104.172.35

    • Singapore site: 52.163.216.240/28, 20.43.148.85, 20.195.17.222

    • UK site: 20.0.233.224/28, 20.68.214.138, 20.68.212.120, 52.142.171.6, 52.142.170.53

    • India site: 20.235.86.144/28, 4.213.51.121, 4.213.51.126, 104.211.202.104, 52.172.7.14

Parent topic: Provisioning an Exchange Online (Inline Mode) Authorized Account