Connectors, Transport Rules, and Group for Inline Protection

The following table lists the connectors, transport rules, and Microsoft 365 groups created in your Exchange Online service to implement mail flow for inline protection of Exchange Online:

Protection

Category

Item

Description

Inbound protection

Transport rule

TMCAS Inline Incoming Domain Transport Rule

Routes inbound email messages intended for users in specified domains to Cloud App Security for security scanning.

TMCAS Inline Incoming User Transport Rule

Routes inbound email messages intended for specified users to Cloud App Security for security scanning.

All the specified users are added to the Microsoft 365 group TMCAS Inline Incoming O365 Virtual Group.

TMCAS Inline Incoming Skip Spam Filter Transport Rule

Skips the spam filter of Exchange Online. This prevents the Exchange Online mail server from mistakenly filter the inbound email messages returned by Cloud App Security as spam.

TMCAS Inline Incoming Move to Junk Folder Transport Rule

Moves an inbound email message to Junk Folder when the message is applied the "Move to Junk Folder" action by Cloud App Security.

Connector

TMCAS Inline Outbound Connector for Incoming Message

Routes inbound email messages to Cloud App Security.

TMCAS Inline Inbound Connector for Incoming Message

Receives inbound email messages from Cloud App Security.

Microsoft 365 group

TMCAS Inline Incoming O365 Virtual Group

User group created to implement the transport rule for user-based inbound protection.

Outbound protection

Transport rule

TMCAS Inline Outgoing Domain Transport Rule

Routes outbound email messages sent from users in specified domains to Cloud App Security for security scanning.

TMCAS Inline Outgoing User Transport Rule

Routes outbound email messages sent from specified users to Cloud App Security for security scanning.

All the specified users are added to the Microsoft 365 group TMCAS Inline Outgoing O365 Virtual Group.

Connector

TMCAS Inline Outbound Connector for Outgoing Message

Routes outbound email messages to Cloud App Security.

TMCAS Inline Inbound Connector for Outgoing Message

Receives outbound email messages from Cloud App Security.

Microsoft 365 group

TMCAS Inline Outgoing O365 Virtual Group

User group created to implement the transport rule for user-based outbound protection.

The IP address range in the transport rules is the address of the Cloud App Security server at your serving site.

Note:

To ensure that inline protection works properly and your email delivery functions as expected, do not modify the transport rules, connectors, and Microsoft 365 groups.