Connectors, transport rules, groups, and allow lists for inline protection

Views:

The following table lists the connectors, transport rules, and Microsoft 365 groups created in your Exchange Online service to implement mail flow for Inline Protection of Exchange Online:

Protection

Note

This transport rule prevents a double anti-spam check but may generate security alerts for the emails.

TMCAS Inline Incoming Move to Junk Folder Transport Rule

Moves an inbound email message to Junk Folder when the message is applied the "Move to Junk Folder" action by Cloud App Security.

Connector

TMCAS Inline Outbound Connector for Incoming Message

Routes inbound email messages to Cloud App Security.

TMCAS Inline Inbound Connector for Incoming Message

Receives inbound email messages from Cloud App Security.

Microsoft 365 group

TMCAS Inline Incoming O365 Virtual Group

User group created to implement the transport rule for user-based inbound protection.

Outbound protection

Transport rule

TMCAS Inline Outgoing Domain Transport Rule

Routes outbound email messages sent from users in specified domains to Cloud App Security for security scanning.

TMCAS Inline Outgoing User Transport Rule

Routes outbound email messages sent from specified users to Cloud App Security for security scanning.

All the specified users are added to the Microsoft 365 group TMCAS Inline Outgoing O365 Virtual Group.

Connector

TMCAS Inline Outbound Connector for Outgoing Message

Routes outbound email messages to Cloud App Security.

TMCAS Inline Inbound Connector for Outgoing Message

Receives outbound email messages from Cloud App Security.

Microsoft 365 group

TMCAS Inline Outgoing O365 Virtual Group

User group created to implement the transport rule for user-based outbound protection.

The IP address range in the transport rules is the address of the Cloud App Security server at your serving site. For details, see the following table "Changes to Allow Lists".

Note

To ensure that Inline Protection works properly and your email delivery functions as expected, do not modify the transport rules, connectors, and Microsoft 365 groups.

The following table lists the changes made by Cloud App Security to the allow lists in your Exchange Online service in order for emails to get delivered as expected after they are scanned by Inline Protection.

Changes to Allow Lists

Allow List	Change by Cloud App Security
Allow entries for spoofed senders in the Tenant Allow/Block List For more information, see Microsoft documentation.	Adds a domain pair based on your serving site: US site: , inpost.tmcas.trendmicro.com EU site: , inpost-eu.tmcas.trendmicro.com Japan site: , inpost.tmcas.trendmicro.co.jp Australia and New Zealand site: , inpost-au.tmcas.trendmicro.com Canada site: , inpost-ca.tmcas.trendmicro.com Singapore site: , inpost.tmcas.trendmicro.com.sg UK site: , inpost.tmcas.trendmicro.co.uk India site: , inpost-in.tmcas.trendmicro.com Middle East (UAE) site: *, inpost-mea.tmcas.trendmicro.com
IP Allow List in connection filtering For more information, see Microsoft documentation.	Adds the IP addresses of Cloud App Security MTAs for Inline Protection based on your serving site. The IP addresses of Cloud App Security for inbound protection are as follows: US site: 20.245.215.64/28, 104.42.189.70, 104.210.58.247, 20.72.147.113, 20.72.140.32 EU site: 20.4.48.48/28, 20.107.69.176, 20.126.6.52, 20.54.65.186, 20.54.68.116 Japan site: 13.78.70.144/28, 20.222.63.30, 20.222.57.14, 104.46.234.4, 138.91.24.196 Australia and New Zealand site: 20.70.30.192/28, 20.213.240.47, 20.227.136.26, 20.39.98.128, 20.39.97.72 Canada site: 52.228.5.240/28, 52.228.125.192, 52.139.13.199, 52.229.100.53, 20.104.170.121 Singapore site: 52.163.102.112/28, 20.43.148.81, 20.195.17.218 UK site: 20.254.97.192/28, 20.68.25.194, 20.68.210.42, 52.142.171.1, 52.142.170.52 India site: 20.204.179.112/28, 20.204.44.59, 20.204.113.71, 20.219.110.223, 13.71.71.12 Middle East (UAE) site: 20.233.170.224/28, 20.216.24.7, 20.216.9.36, 20.21.106.199, 20.21.252.69 The IP addresses of Cloud App Security for outbound protection are as follows: US site: 20.66.85.0/28, 104.210.59.109, 104.42.190.154, 20.72.147.115, 20.72.140.41 EU site: 20.160.56.80/28, 20.126.64.109, 20.126.70.251, 20.54.65.179, 20.54.68.120 Japan site: 20.78.49.240/28, 20.222.60.8, 52.140.200.104, 104.46.227.238, 104.46.237.93 Australia and New Zealand site: 20.227.209.48/28, 20.227.165.104, 20.213.244.63, 20.39.98.131, 20.39.97.73 Canada site: 20.220.229.208/28, 52.228.125.196, 52.139.13.202, 20.104.170.106, 20.104.172.35 Singapore site: 52.163.216.240/28, 20.43.148.85, 20.195.17.222 UK site: 20.0.233.224/28, 20.68.214.138, 20.68.212.120, 52.142.171.6, 52.142.170.53 India site: 20.235.86.144/28, 4.213.51.121, 4.213.51.126, 104.211.202.104, 52.172.7.14 Middle East (UAE) site: 20.233.170.240/28, 20.74.137.84, 20.74.179.106, 20.21.106.164, 20.21.108.130

Allow List

Change by Cloud App Security

Allow entries for spoofed senders in the Tenant Allow/Block List

For more information, see Microsoft documentation.

Adds a domain pair based on your serving site:

US site: *, inpost.tmcas.trendmicro.com
EU site: *, inpost-eu.tmcas.trendmicro.com
Japan site: *, inpost.tmcas.trendmicro.co.jp
Australia and New Zealand site: *, inpost-au.tmcas.trendmicro.com
Canada site: *, inpost-ca.tmcas.trendmicro.com
Singapore site: *, inpost.tmcas.trendmicro.com.sg
UK site: *, inpost.tmcas.trendmicro.co.uk
India site: *, inpost-in.tmcas.trendmicro.com
Middle East (UAE) site: *, inpost-mea.tmcas.trendmicro.com

IP Allow List in connection filtering

For more information, see Microsoft documentation.

Adds the IP addresses of Cloud App Security MTAs for Inline Protection based on your serving site.

The IP addresses of Cloud App Security for inbound protection are as follows:

US site: 20.245.215.64/28, 104.42.189.70, 104.210.58.247, 20.72.147.113, 20.72.140.32
EU site: 20.4.48.48/28, 20.107.69.176, 20.126.6.52, 20.54.65.186, 20.54.68.116
Japan site: 13.78.70.144/28, 20.222.63.30, 20.222.57.14, 104.46.234.4, 138.91.24.196
Australia and New Zealand site: 20.70.30.192/28, 20.213.240.47, 20.227.136.26, 20.39.98.128, 20.39.97.72
Canada site: 52.228.5.240/28, 52.228.125.192, 52.139.13.199, 52.229.100.53, 20.104.170.121
Singapore site: 52.163.102.112/28, 20.43.148.81, 20.195.17.218
UK site: 20.254.97.192/28, 20.68.25.194, 20.68.210.42, 52.142.171.1, 52.142.170.52
India site: 20.204.179.112/28, 20.204.44.59, 20.204.113.71, 20.219.110.223, 13.71.71.12
Middle East (UAE) site: 20.233.170.224/28, 20.216.24.7, 20.216.9.36, 20.21.106.199, 20.21.252.69

The IP addresses of Cloud App Security for outbound protection are as follows:

US site: 20.66.85.0/28, 104.210.59.109, 104.42.190.154, 20.72.147.115, 20.72.140.41
EU site: 20.160.56.80/28, 20.126.64.109, 20.126.70.251, 20.54.65.179, 20.54.68.120
Japan site: 20.78.49.240/28, 20.222.60.8, 52.140.200.104, 104.46.227.238, 104.46.237.93
Australia and New Zealand site: 20.227.209.48/28, 20.227.165.104, 20.213.244.63, 20.39.98.131, 20.39.97.73
Canada site: 20.220.229.208/28, 52.228.125.196, 52.139.13.202, 20.104.170.106, 20.104.172.35
Singapore site: 52.163.216.240/28, 20.43.148.85, 20.195.17.222
UK site: 20.0.233.224/28, 20.68.214.138, 20.68.212.120, 52.142.171.6, 52.142.170.53
India site: 20.235.86.144/28, 4.213.51.121, 4.213.51.126, 104.211.202.104, 52.172.7.14
Middle East (UAE) site: 20.233.170.240/28, 20.74.137.84, 20.74.179.106, 20.21.106.164, 20.21.108.130