What's new

Four more predefined conditions available for detection signal customization in Correlated Intelligence

Cloud App Security supports four more predefined conditions for defining custom detection signals in Correlated Intelligence. The conditions check the Reply-To domain activity, the Reply-To address activity, the URL domain registration age in email, and the sender address for anomaly detection in the customer’s environment.

Enhanced Correlated Intelligence monitoring for existing ATP policies

Cloud App Security enhances the monitoring of Correlated Intelligence detections without disrupting your email flow. This update automatically enables the Correlated Intelligence filter for policies where this filter is currently disabled, allowing you to keep track of Correlated Intelligence detections seamlessly while maintaining smooth email operations. Specifically,

Automatic recovery of false positive emails marked for deletion in Exchange Online and Gmail

Cloud App Security extends its capabilities to identify false positive emails detected by Advanced Spam Protection, Web Reputation, and Correlated Intelligence, and then automatically restore false positive emails marked for deletion in end users’ “Recoverable Items > Deletions” folder in Exchange Online and the “Trash” folder in Gmail.

Access token re-creation for Dropbox and Google Drive service accounts

Cloud App Security provides an option for administrators to re-create access tokens for the Dropbox and Google Drive service accounts when the current tokens become invalid or you want to refresh the existing token.

Move to Junk Email folder action support in DLP policies for Exchange Online

Cloud App Security now adds the "Move to Junk Email folder" action to Data Loss Prevention (DLP) policies for Exchange Online. This enhances your email security by automatically moving emails that violate DLP policies to the Junk folder, helping to protect sensitive information and reduce the risk of data breaches.

Classic console link removal from the new console

Cloud App Security removes the link to the classic console from the new console. As a result, customers cannot access the classic console by clicking the Classic Console button in the new management console.

This update is not available for the Japan site.

Detection signal customization for Correlated Intelligence

In addition to predefined detection signals for Correlated Intelligence, Cloud App Security allows administrators to define custom signals by using predefined conditions to meet specific security needs. These custom signals can then be incorporated into correlation rules, enhancing the detection capabilities of Cloud App Security within their unique environment.

Dashboard configuration checks for Correlated Intelligence

The Configuration Health tab on the Cloud App Security Dashboard is updated to include checks related to Correlated Intelligence, providing administrators with a streamlined overview of their security configurations.

Automatic recovery of false positive emails for Exchange Online and Gmail

Cloud App Security utilizes detection and quarantine logs to identify false positive emails detected by Advanced Spam Protection, Web Reputation, and Correlated Intelligence. It then automatically reverses the Quarantine, Move to Junk Email folder, Move to Spam actions, delivering the emails directly to end users' inboxes. This feature functions without user intervention and is independent of whether Retro Scan & Auto Remediate is activated by administrators in Advanced Spam Protection and Web Reputation settings.

Custom data period by hours for one-time reports

Cloud App Security enhances flexibility of one-time report generation by extending custom data periods from daily and monthly to hourly intervals.

Automated anomaly detection with predefined correlation rules in Correlated Intelligence

When administrators enable Correlated Intelligence while creating a new ATP policy, Cloud App Security automatically applies all predefined correlation rules for anomaly detection. These rules are categorized into three levels of aggressiveness, allowing administrators to tailor the enforcement of these rules according to their organization's security needs and email service requirements.

For existing ATP policies, administrators need to manually configure whether to apply all or partial predefined rules.

Custom data period for one-time reports

Cloud App Security provides administrators with the flexibility to select custom time frames, ranging from days to months, for generating data in one-time reports, in addition to the fixed data periods.

Exchange Online protection enhancement with Microsoft 365 activity data

Cloud App Security enhances its protection capabilities for Exchange Online by integrating user behavior analysis. Organizations that permit access to their Exchange Online data can further enable Cloud App Security to read activity data through the Microsoft Graph API and Office 365 Management API.

Salesforce protection available in new console

Cloud App Security now offers configuration settings for Salesforce Sandbox and Salesforce Production directly in the new console, eliminating the need to use the classic console for these tasks.

Custom correlation rules for anomaly detection available in Correlated Intelligence

Besides the Trend Micro predefined correlation rules, administrators can add custom correlation rules based on predefined detection signals to accommodate anomaly detection requirements in their environment. Administrators can apply custom correlation rules into the Correlated Intelligence security filter of ATP policies for Exchange Online and view details about detected anomalies in the Operations screen.

Search by action available for URL click tracking logs

Cloud App Security adds a new search criterion (Action: Restricted) in URL click tracking logs. Using this criterion, administrators are able to filter out URLs with actions "Blocked", "Warned and accessed", and "Warned and stopped”.

Access grant enhancement

For OneDrive, SharePoint Online, and Microsoft Teams, Cloud App Security enhances the access grant process to remove dependency on Azure Communication Services, which is scheduled to retire in the future. When granting access to the above-mentioned services, administrators do not need to manually grant Cloud App Security permissions to receive notifications from Microsoft upon any change to the files on these services.

Anomaly detection by Correlated Intelligence

In addition to detecting security risks, Correlated Intelligence in Cloud App Security now supports detecting anomalies that deviate from normal behaviors and may require your attention. Cloud App Security also provides visibility of anomaly detections, which allows you to have a more comprehensive view of your security landscape.

Support for moving user-reported emails to Junk Email folder

To help automatically removing emails from end users' inboxes that they have reported as spam or phishing through the Cloud App Security add-in for Outlook, Cloud App Security now provides the option to move these emails to the end users' Junk Email folder.

Official release of Gmail (Inline Mode)

Cloud App Security officially launches Inline Protection for Gmail to scan inbound and outbound emails before they are delivered to their destinations, with no MX record change required. This protection mode blocks threats before they can reach your users' mailboxes and prevents data leakage before it actually takes place.

Role-based access control in new console

In the new management console, Cloud App Security provides the "Administrator and Role" screen for you to add administrator accounts and custom roles. Cloud App Security also supports more granular access control by allowing you to specify the organizations that an administrative role can manage.

Approved URL list for Time-of-Click Protection

To prevent URLs from being rewritten by Time-of-Click Protection in Web Reputation, Cloud App Security now supports defining a list of URLs that can bypass Time-of-Click Protection.

Classic scheduled reports accessible in new console

Instead of going to the classic console to view your scheduled reports created there, Cloud App Security now enables you to access these reports directly from the new console.

Single Sign-On screen available in new console

The new Cloud App Security management console now provides the Single Sign-On screen under Administration. You can use this screen to configure single sign-on settings for supported SAML identity providers to have seamless access to Cloud App Security.

Manual scan report enhancement for Exchange Online

For the mailboxes skipped in the manual scan report for Exchange Online, Cloud App Security shows you not only the mailboxes that you can rescan but also the mailboxes that cannot be scanned with related reasons.

Solution update available for customers with Delegate Accounts

For customers with a Delegate Account for Exchange Online, SharePoint Online, or OneDrive, you can now update your Cloud App Security to Cloud Email and Collaboration Protection in Trend Vision One.

Correlated Intelligence for email threat detection

In the new management console, Cloud App Security launches the Correlated Intelligence feature that can correlate the suspicious signals found across different engines (such as Advanced Spam Protection, Web Reputation) to enrich threat detection for email services. With Correlated Intelligence capabilities, Cloud App Security also provide the reasons why an email is detected as a threat.

Quishing detection widgets available

In the new management console, Cloud App Security displays quishing detection data in the Threat Detection dashboard for you to understand the QR code-based phishing email detections in your environment, including the quishing detections by email service, top 5 quishing email senders, top 5 quishing email recipients, and quishing detections by content type.

New console as the default console

Cloud App Security by default displays the new management console for you to access all features with a modern and improved experience. The classic console will be retired in the near future.

Suspicious URL detection for QR codes in PDF attachments

Cloud App Security supports scanning QR codes in PDF files attached to emails to detect suspicious URLs. QR code scanning already supports attachments in the format of WEBP, JPG, PNG, BMP, TIFF, or GIF.

Support for end users to report emails to administrator-specified mailboxes

Cloud App Security provides you the option to allow your end users to report emails through the Cloud App Security add-in to mailboxes you have specified. Administrators can easily access the reported emails to analyze, investigate, and take necessary actions.

Support for taking action based on email header fields

In addition to specifying blocked email senders, Cloud App Security allows you to define a list of blocked email header fields and specify the action to take on matching emails in Advanced Spam Protection.

Dynamic URL scanning for Teams Chat

Cloud App Security supports dynamic URL scanning for Teams Chat to further analyzes URLs posted in chats in real-time to detect phishing URLs.

Log retrieval API supporting quarantined email download

The log retrieval API provided by Cloud App Security now allows you to not only retrieve logs and quarantine events, but also download quarantined Exchange Online emails.

Predictive Machine Learning Exception List available in new console

The Cloud App Security new console allows you to define a list of SHA-1 hash values of files to exclude from scanning by Trend Micro Predictive Machine Learning.

Support for turning off computer vision

In the Web Reputation filter, Cloud App Security allows you to control whether to use the computer vision techniques for phishing detection. Computer vision clicks suspicious URLs in emails to access web pages and apply AI-based image analysis to detect threats. Previously, computer vision was enabled as long as you turned on Web Reputation.

Light mode available for new console

The new Cloud App Security management console now provides the light mode and allows you to switch between the dark and light modes for your preferred experience.

Update of Cloud App Security to Cloud Email and Collaboration Protection in Trend Vision One

To have centralized visibility and management of your email solutions in a single console, you are able to update your standalone Cloud App Security to Cloud Email and Collaboration Protection in Trend Vision One. Cloud Email and Collaboration Protection is part of the Trend Vision One Email and Collaboration Security solution. This solution allows you to have comprehensive email and collaboration protection without switching consoles, offering Email Sensor, Cloud Email and Collaboration Protection, and Cloud Email Gateway Protection in one package in Trend Vision One.

File blocking bypass based on domains

For email services, Cloud App Security allows you to specify domains in addition to email addresses in the Approved Sender List for the File Blocking filter. Emails from all the senders in the specified domains will skip the File Blocking checks.

Moreover, you can use the wildcard character (*) to represent any characters when specifying an email address or a domain in the approved list.

Official launch of new management console

Cloud App Security officially launches the new management console, design to provide you a modern and improved experience. The existing console is still available for you to access.

More file format supported for URL extraction from QR codes

For Exchange Online, Exchange Online (Inline Mode), Gmail, and Gmail (Inline Mode), Cloud App Security supports extracting URLs from QR codes in WEBP files in addition to QR codes in JPG, PNG, BMP, TIFF, and GIF files.

Approval of end user reported emails (preview)

In the new management console, Cloud App Security allows you to control whether the reported emails need approval before they can be sent to Trend Micro for analysis.

Quarantined email preview for Gmail

For Gmail and Gmail (Inline Mode), Cloud App Security allows you to preview quarantined emails in the management console. This helps administrators determine further actions to take without downloading the emails.

Web Reputation bypass based on domains

For email services, Cloud App Security allows you to specify domains in addition to email addresses in the Approved Sender List for the Web Reputation filter. Emails from all the senders in the specified domains will skip the Web Reputation checks.

Moreover, you can use the wildcard character (*) to represent any characters when specifying an email address or a domain in the approved list.

Visibility into end user reported emails (preview)

In the new management console, Cloud App Security allows you to view both a summary and the details of emails that are reported by your end users through the add-in for Outlook.

Access grant and policy configuration for storage services in new console (preview)

In the new management console, Cloud App Security supports granting access to and configuring policies for Box, Dropbox, and Google Drive.

Administration in new console (preview)

In the new management console, Cloud App Security supports performing administrative tasks. Currently available tasks are organization management, service account management, and Outlook add-in management.

Quarantined emails from Exchange Online (Inline Mode) to be managed by end users

In addition to the emails quarantined by API-based Protection for Exchange Online, Cloud App Security allows your end users to manage the emails quarantined by Inline Protection for Exchange Online.

Virtual Analyzer bypass based on domains

For email services, Cloud App Security allows you to specify domains in addition to email addresses in the Approved Sender List for the Virtual Analyzer filter. Emails from all the senders in the specified domains will skip the Virtual Analyzer checks.

Moreover, you can use the wildcard character (*) to represent any characters when specifying an email address or a domain in the approved list.

Protection for shared drives in Google Drive

Cloud App Security can protect the files in the shared drives of Google Drive in addition to files in users' My Drive.

URL extraction enhancement for Gmail

For incoming messages in Gmail and Gmail (Inline Mode), Cloud App Security expands the scope of URL extraction to get URLs from the following content for scanning:

Access grant and policy configuration for more services in new console

In addition to Exchange Online and Exchange Online (Inline Mode), the new management console of Cloud App Security supports granting access to and configuring policies for other Office 365 services including Microsoft Teams, Teams Chat, OneDrive, and SharePoint Online.

Moreover, you can now configure policies for Gmail (Inline Mode) in the new console.

Detection of emails with unusual signals

For Exchange Online, Cloud App Security provides you aggressive detection capabilities to identify and take action on emails that show any unusual signal indicating possible threats. Examples of unusual signals include anomalous brand behavior, URL similar to a known malicious link, and unfamiliar sender discussing payment related issue.

Easily accessible entry to the new console

Cloud App Security provides a “New Console” button at the upper right of the existing console for you to easily access the new console offering you a modern and improved experience.

Inline Protection for Gmail outbound messages (preview)

In addition to Gmail inbound messages, Cloud App Security provides Inline Protection for Gmail outbound messages. This protection mode scans outbound messages for threats and data leakage before they are delivered to external destinations.

Policy configuration for more services in new console (preview)

Besides Exchange Online, Cloud App Security allows you to configure and manage Advanced Threat Protection and Data Loss Prevention policies and global settings for Gmail and Exchange Online (Inline Mode) in the new management console. In addition, more global settings can be configured in the new console.

Granting access to services in new console (preview)

In the new management console, you can grant Cloud App Security accesss to Exchange Online, Exchange Online (Inline Mode), Gmail, and Gmail (Inline Mode).

Notification of invalid Microsoft Teams / Teams Chat tokens

Cloud App Security displays a banner and sends email notifications to you when your token for the Microsoft Teams or Teams Chat service account becomes invalid, allowing you to update the token in time to have continued protection.

Suspicious Object List supported for Teams Chat, Box, Dropbox, and Google Drive

Cloud App Security can leverage the Suspicious Object List to scan for suspicious files and URLs in Teams Chat, Box, Dropbox, and Google Drive and take actions accordingly.

URL extraction enhancement

For incoming messages in Exchange Online and Exchange Online (Inline Mode), Cloud App Security expands the scope of URL extraction to get URLs from the following content for scanning:

Quarantine management in new console (preview)

In its new management console, Cloud App Security allows you to manage quarantined items, including viewing, deleting, restoring, and downloading the items.

Policy configuration in new console (preview)

In its new management console, Cloud App Security allows you to configure and manage policies and related global settings for protecting your services.

In this release, you can only manage Advanced Threat Protection policies and global settings for Exchange Online.

Official release of quarantine management and email reporting by end users

Cloud App Security officially launches the Outlook add-in to allow your users to view and take action on their quarantined emails in Exchange Online. You can control the management scope and permissions that end users can have.

The add-in also enables your users to report Exchange Online emails to Trend Micro as false positives and false negatives to help improve threat detection.

MIP-encrypted file scanning for Teams Chat

Cloud App Security supports decrypting the files sent in Microsoft Teams chat messages that are encrypted by Microsoft Information Protection. With this feature enabled, Cloud App Security can detect possible security risks in MIP-encrypted files.

Enhanced wildcard support for specifying items to approve or block in policy filters

Cloud App Security supports more flexible usage of the wildcard character (*) for specifying the following items to approve or block in policy filters:

Notification of invalid SharePoint/OneDrive tokens

Cloud App Security displays a banner and sends email notifications to you when your token for the SharePoint or OneDrive service account becomes invalid, allowing you to update the token in time to have continued protection.

Suspicious sender detection based on newly observed email addresses

For Exchange Online, Cloud App Security supports detecting an external sender as suspicious when the sender has not sent any email in at least the past 30 days. Newly observed addresses might be a sign of a threat as they are often used by malicious actors to launch attacks.

Quarantined email preview

For Exchange Online and Exchange Online (Inline Mode), Cloud App Security allows administrators to preview quarantined emails in the management console and end users to preview their quarantined emails in the Cloud App Security add-in for Outlook. This helps administrators and end users determine further actions to take without downloading the emails.

Inline Protection for Gmail inbound messages (preview)

For Gmail, Cloud App Security provides Inline Protection to scan inbound emails before they reach their destinations, with no MX record change required. This protection mode blocks threats before they can reach your users' mailboxes.

"Risky User Detection" dashboard in new console (preview)

In the new management console, Cloud App Security provides a dashboard tab for a centralized view of risky users in your organization, including top users distributing or receiving malicious content, top users triggering high-risk events, and the overall user risk trends.

Additional File Blocking objectives for incoming messages

For Gmail or Exchange Online, instead of applying the same File Blocking objectives to all messages, Cloud App Security allows you to add blocking objectives specifically for incoming messages in addition to the objectives to block for all messages.

"Add disclaimer" action for emails from suspicious senders

For Exchange Online, Cloud App Security allows you to apply a disclaimer to emails that are sent from suspicious senders, who are external users but have display names matching High Profile Users in your organization.

Log enhancements in new console (preview)

In the new console, Cloud App Security allows you to download the Virtual Analyzer report from log records and adds more links in dashboard widgets to drill down to related log details.

Sensitivity label-based protection for Exchange Online

Cloud App Security allows you to apply Data Loss Prevention to your Exchange Online service based on the Microsoft Information Protection sensitivity labels on the emails.

File blocking bypass based on domains

For Gmail, Exchange Online, and Exchange Online (Inline Mode), Cloud App Security allows you to specify domains in addition to email addresses in the Approved Sender List for the File Blocking filter. Emails from all the senders in the specified domains skip the File Blocking checks.

Virtual Analyzer bypass for files in storage services

In addition to Gmail and Office 365 services, Cloud App Security allows you to specify a list of files to skip Virtual Analyzer checks for storage services including Box, Dropbox, and Google Drive.

Log volume visualization and query history in new console (preview)

In the new management console, Cloud App Security provides a chart showing the volume of logs over a chosen time period, enabling you to easily view the log volume trends and quickly identify spikes. Moreover, Cloud App Security allows you to view recent log query conditions and results.

Drill-down from the dashboard to logs in new console (preview)

In the new management console, Cloud App Security allows you to drill down from the statistics in dashboard widgets to related log details for further investigation.

PingOne supported for Single Sign-On

Cloud App Security allows you to use PingOne as the identity provider for single sign-on to the Cloud App Security management console.

Changing recipient supported under Inline Protection

For Exchange Online (Inline Mode), Cloud App Security provides you the option to change the recipient of emails matching DLP policies. This action redirects the emails to your specified email addresses instead of the original recipient.

MIP-encrypted outbound emails supported under Inline Protection

For Exchange Online (Inline Mode), Cloud App Security supports scanning and taking action on MIP-encrypted outbound emails before they are delivered to external destinations.

Enhancement on access grant for Inline Protection

To ensure that Inline Protection works properly for your organization, Cloud App Security automatically configures the allow entries for spoofed senders in the Tenant Allow/Block List and IP Allow List in connection filtering in your Exchange Online service during the access grant process. This saves you the trouble of manually configuring the addresses of Cloud App Security MTAs in these allow lists.

If you have already granted Cloud App Security access to Exchange Online (Inline Mode), Cloud App Security automatically adds the configurations to the allow lists.

Log query in new console (preview)

In the new console, Cloud App Security allows you to query log information to view threat detections, email tracking, activity auditing and more.

Google Workspace accounts for single sign-on

Cloud App Security allows you to use Google Workspace as the identity provider for single sign-on to the Cloud App Security management console.

Configuration for attachment password guessing

Instead of providing the attachment password guessing feature with zero configuration, Cloud App Security now gives you the flexibility to configure the feature to meet your requirements. Attachment password guessing attempts to find passwords in Exchange Online and Gmail email content to access password-protected attachments for scanning.

You can control whether to enable this feature. Moreover, in addition to the built-in rules, you can add custom rules that instruct Cloud App Security on how to extract passwords to access the files. Customized rules increase the chance of finding the correct passwords.

Sensitivity label-based data loss prevention

In addition to using compliance templates to prevent data leakage, Cloud App Security allows you to protect your organization's digital assets by using the sensitivity labels of Microsoft Information Protection.

File protection for the team folder in Dropbox team space

In addition to the files in users' folders, Cloud App Security provides advanced threat and data protection for files stored in the team folders of Dropbox team space.

Official release of Inline Protection for Exchange Online

Cloud App Security officially supports Inline Protection for Exchange Online. Inline Protection routes email traffic to Cloud App Security for security scanning and protective actions before the emails reach their destinations, without requiring you to change MX records. This solution enables you to block threats before they can reach your users' mailbox and prevent data leakage before it actually takes place.

To add the capabilities of Inline Protection, you need to purchase an add-on license. If you have already granted Cloud App Security access to Exchange Online (Inline Mode), Trend Micro extends Inline Protection for your Exchange Online service until March 31, 2023. After the specified date, an add-on license is required for continued Inline Protection.

Annual report in the new console (preview)

In the new management console, Cloud App Security allows you to generate an annual report for 2022 to have a summary of the threat detection in your services over the past year.

Quarantine management and email reporting by end users (preview)

For Exchange Online, Cloud App Security provides an Outlook add-in to allow your users to view and take action on their quarantined emails. You will be able to control the management scope and permissions that end users can have.

The add-in also enables your users to report Exchange Online emails to Trend Micro as false positives and false negatives to help improve threat detection.

Custom reporting with a new template in the new console (preview)

In the new management console, Cloud App Security allows you to generate customizable reports using a new template. This template summarizes threat detection in your services by threat type, with trend graphs and top lists provided.

When creating reports, you can specify the data to include, the reporting period, the schedule, and other settings. In addition to daily, weekly, and monthly reports already available, you will be able to generate an annual report after 2022.

Enhancements on Inline Protection for Exchange Online (preview)

Cloud App Security supports Trust Scan and the "Add disclaimer" action for Exchange Online (Inline Mode).

Trust Scan applies when you have granted Cloud App Security access to both Exchange Online and Exchange Online (Inline Mode), and provides you the option to skip rescanning the messages arriving at the mailboxes with a security filter if the messages have been scanned by the same filter of Inline Protection.

Feedback for dashboard and Inline Protection

In order to improve its features and provide your better services, the Cloud App Security management console provides the "Give Feedback" buttons and surveys for you to share how you think of the dashboard and the Inline Protection feature. Your feedback and suggestions are valued and appreciated.

Conditional access for risky users

Through integration with Conditional Access in Microsoft Entra ID, Cloud App Security allows you to control risky users' access to resources by configuring conditional access policies on the management console.

Simplified permission grant for SharePoint Online, OneDrive, and Exchange Online

During access grant, access toke recreation, and Authorized Account migration for SharePoint Online, OneDrive, and Exchange Online, Cloud App Security allows you to grant required permissions in one step instead of multiple steps.

Inline protection enhancement (preview)

Cloud App Security allows you to grant access only once to have inline protection for Exchange Online in both the inbound and outbound directions. If you have already granted access for inbound or outbound protection, Cloud App Security recommends that you optimize your access grant for protection in both directions.

Inbound protection now supports Time-of-Click Protection and Writing Style Analysis for BEC.

Outbound protection now supports not only DLP policies but also ATP policies.

Configuration health evaluation (preview)

In its new console, Cloud App Security assesses your policy configurations and provides you suggestions for optimum protection. This allows you to quickly identify missing configurations and leverage Cloud App Security protection to the maximum for different cloud services.

This release launches the Threat Protection widget to show whether you have enabled features for optimized protection against various types of threats.

Suspicious sender detection

Cloud App Security provides an aggressive mode of protection based on the High Profile Users list. This feature enables you to control whether to directly take action on Exchange Online messages from external senders when their display names match the High Profile Users list.

Teams Chat access grant with your own app

As Microsoft's licensing models for Teams APIs impose usage restrictions and licensing requirements on API calls, Cloud App Security provides a way to grant access to Teams Chat with your own app created in Microsoft Entra ID and select an applicable licensing model. Continued protection with your app may require that you pay Microsoft additional fees for API calls. Learn more

Quarantine and DLP policy for Exchange Online (Inline Mode)

Cloud App Security supports DLP policies for the inbound protection of Exchange Online in inline mode. The quarantine feature is available for both the ATP and DLP policies in inbound protection.

Manual scan scope down to minute for Google Drive and Gmail

Cloud App Security allows you to set a time range specific to minute when specifying the scope of Google Drive files or Gmail messages for manual scanning.

Access token revalidation for Teams Chat

Cloud App Security provides you an option to recreate an access token for the Teams Chat service account when the current access token becomes invalid.

Migration from RMS account to MIP account

Cloud App Security supports migrating from an RMS account to a MIP account. In addition to scanning encrypted files, a MIP account allows Cloud App Security to apply sensitivity labels on files and scan encrypted Exchange Online messages.

Simplified MIP Account Creation

During MIP account creation, Cloud App Security allows you to grant all required permissions in one step instead of multiple steps.

Access token revalidation for SharePoint Online and OneDrive

Cloud App Security provides you an option to recreate an access token for the SharePoint Online or OneDrive service account when the current access token becomes invalid.

Manual scan scope down to minute for Box and Dropbox

Cloud App Security allows you to set a time range specific to minute when specifying the scope of Box or Dropbox files for manual scanning.

Official release of protection over MIP-encrypted email messages

By integrating with Microsoft Information Protection (MIP), Cloud App Security can decrypt MIP-encrypted Exchange Online messages for scanning.

Inbound protection for Exchange Online in inline mode (preview)

In addition to outbound protection, Cloud App Security supports inbound protection for Exchange Online in inline mode. This enhancement allows Cloud App Security to scan email messages in real time for potential threats before they can reach the mailboxes of protected users.

New Internal User Risk Analytics widgets based on risk event data

Cloud App Security provides the following widgets that show risk information about Office 365 users: At-Risk User Trends, Top 5 Users with High Risk Events, and Top 5 High Risk Events. The new widgets allow administrators to gain insights into the risk trends and affected users in their organizations based on risk event data aggregated from Trend Vision One and Microsoft Identity Protection.

Retro scan supported in the Advanced Spam Protection filter

Cloud App Security provides an option to rescan historical email messages and take remediation actions using the latest pattern files and machine learning technologies. This helps administrators identify and stop previously unknown or undetected threats in messages, such as spam, phishing, and malware.

Box access token validity check

Cloud App Security monitors the access token of your Box service account and notifies the administrator when the access token becomes invalid.

Brazilian Portuguese supported by writing style analysis

In addition to the already supported nine languages, Cloud App Security leverages the further optimized Writing Style DNA technology to protect email messages written in or containing the following language: Brazilian Portuguese.

Manual scan scope specific to minute for Microsoft Teams/SharePoint Online/OneDrive

Cloud App Security allows administrators to set a time range down to minute when specifying the manual scanning scope for files in Microsoft Teams (Teams), SharePoint Online, and OneDrive.

Approved sender list for file blocking in the Gmail service

For the Gmail service, Cloud App Security allows administrators to configure the approved sender list to exclude specific senders from file blocking scanning in Advanced Threat Protection policy configuration.

Protection over MIP-encrypted email attachments (preview)

Cloud App Security can decrypt MIP-encrypted attachments in Exchange Online messages for scanning.

"Pass without logging" action supported for unscannable files in more services in the Malware Scanning filter

Cloud App Security allows specifying the "Pass without logging" action for unscannable files in SharePoint Online, OneDrive, Microsoft Teams (Teams and Chat), Box, Dropbox, Google Drive, and Salesforce in the Malware Scanning filter in ATP policies. This action does not record security scan logs in Cloud App Security.

Official release of the Gmail message quarantine feature

Cloud App Security officially supports the quarantine action for Gmail messages with dedicated quarantine mailboxes.

Official release of migration to Authorized Account for OneDrive and SharePoint Online

Cloud App Security officially supports users who are still using a Delegate Account to migrate to use an access token for protection of their OneDrive and SharePoint Online services.

MIP-encrypted email protection (preview)

By integrating with Microsoft Information Protection, Cloud App Security can decrypt MIP-encrypted Exchange Online email messages for scanning.

New console (preview)

Cloud App Security provides a revamped management console to enhance user experience. The initial release provides the Dashboard screen.

New widgets for Internal User Risk Analytics

Cloud App Security provides the Top 5 Malicious Email Recipients widget and Top 5 Spam Recipients widget for administrators to identify the most targeted users in the organization.

Manual scan scope down to minute for Exchange Online

Cloud App Security allows administrators to set a time range specific to minute when specifying the scope of Exchange Online emails for manual scanning.

Virtual Analyzer report retrieval through API

Cloud App Security enhances the Log Retrieval API to return a Virtual Analyzer report when the risk level detected by Virtual Analyzer is high, medium, or low.

Official release of MIP-encrypted file protection

Cloud App Security officially supports adding the Microsoft Information Protection service account and configuring related policy settings to protect MIP-encrypted files in the SharePoint Online, OneDrive, and Microsoft Teams services.

Outbound protection for Exchange Online (preview)

Cloud App Security supports scanning and taking actions on Exchange Online email messages before the messages are delivered to external domains.

Currently, this feature is available only for the EU, Japan, Australia and New Zealand, Singapore, and US serving sites.

Risk Analytics widgets

Cloud App Security provides the Top 5 Risky Users and Top 5 Suspicious Users widgets and related violation data on Dashboard for administrators to identify potential risks.

Access token revalidation for the Gmail service account

Cloud App Security provides an option for the administrator to recreate an access token for a Gmail service account when the current access token becomes invalid.

Secondary action for Salesforce files

Cloud App Security allows administrators to configure a secondary action on a Salesforce file when a quarantine action for the file fails.

Global approved header fields for Gmail

Cloud App Security supports specifying an approved header field list for Gmail in global settings to skip scanning matched Gmail messages.

Official release of Time-of-Click Protection

Cloud App Security officially supports the Time-of-Click Protection feature to protect Exchange Online users against potential risks when users click URLs in incoming email messages.

Quarantine Gmail messages (preview)

Cloud App Security supports the quarantine action for Gmail messages with dedicated quarantine mailboxes.

Support the "Apply sensitivity label" and "Remove sensitivity label" actions in Data Loss Prevention policies (preview)

Cloud App Security supports specifying the “Apply sensitivity label” and “Remove sensitivity label” actions in Data Loss Prevention policies for SharePoint Online, OneDrive, and Microsoft Teams after Office 365 admins complete adding Microsoft Information Protection (MIP) accounts in Cloud App Security.

Skip scanning Gmail messages in the Spam folder

Admins can set Cloud App Security to skip scanning Gmail messages in the Spam folder of users.

Support the "Pass without logging" action for unscannable files in Exchange Online and Gmail messages in the Malware Scanning filter

Cloud App Security allows specifying the "Pass without logging" action for unscannable files in Exchange Online and Gmail messages in the Malware Scanning filter in ATP policies. This action does not record the Security Scan log in Cloud App Security.

Options of scan targets in DLP policies for Exchange Online and Gmail

Cloud App Security allows specifying the scan targets, including the email subject, body, and attachment, in DLP policies for Exchange Online and Gmail.

Support the File Blocking filter for Salesforce

Cloud App Security allows setting the File Blocking filter in ATP policies for Salesforce.

Retrieve quarantine logs of Exchange Online and restore quarantined email messages through APIs

Cloud App Security allows getting quarantine logs of Exchange Online through the Log Retrieval API and restoring quarantined email messages through the Threat Mitigation API.

Migration from Delegate Account to Access Token Based Authentication for OneDrive and SharePoint Online (preview)

Cloud App Security helps users who are still using a Delegate Account migrate to use an access token for protection of their OneDrive and SharePoint Online services.

Support Suspicious Object lists for Gmail

Cloud App Security supports taking actions on Gmail messages based on the Suspicious Object lists, which include file SHA-1 values, file SHA-256 values, URLs, and email senders.

Time-of-Click Protection (preview)

Cloud App Security takes actions based on the risk level to protect Exchange Online users against potential risks when users click URLs in incoming email messages.

Approved sender list for file blocking in the Exchange Online service

Cloud App Security allows configuring the approved sender list to exclude specific senders from file blocking scanning in ATP policy configuration for Exchange Online.

Original URL extraction from rewritten URLs for the blocked URL list

The blocked URL list specified through the Threat Remediation API supports extracting original URLs from rewritten URLs, so that the list can be used to block not only rewritten URLs but also the original URLs.

Option of enabling or disabling the blocked lists for Exchange Online

Cloud App Security allows admins to enable or disable the blocked lists, including blocked senders, URLs, SHA-1 values, and SHA-256 values specified through the Threat Remediation API, for Exchange Online.

Dedicated actions for Salesforce files

Cloud App Security allows Salesforce admins to set actions separately for files in the Web Reputation and Data Loss Prevention security filters. In addition, Cloud App Security adds a new action "Tag file name" for file detections in all the supported security filters, which allows users to be aware of any risky file uploaded.

Blocked SHA-256 values list

Cloud App Security adds this list for Exchange Online to specify blocked SHA-256 hash values through the Threat Remediation API. Email messages with attachments that match any item in the list will be automatically quarantined by Cloud App Security.

Support for approved header fields with the same name but different values

Cloud App Security allows Exchange Online admins to add multiple approved header fields with the same name but different values in the Advanced Spam Protection and Web Reputation security filters and Global Settings.

SHA-256 values supported for suspicious objects

Cloud App Security can take actions on suspicious objects based on the specified SHA-256 hash value.

Official release of protection for Microsoft Teams Chat

Cloud App Security officially supports protection for Microsoft Teams Chat by providing real-time Advanced Threat Protection and Data Loss Prevention for files and sensitive data sent in Chat messages.

Manual scan is not applicable for Teams Chat.

One Trend Micro Account to manage multiple service provider tenants

Cloud App Security allows the admin to use one single Trend Micro Account (a CLP or LMP account) to secure your cloud services if you maintain multiple tenants assigned by a service provider, for example, Microsoft Microsoft Entra ID tenants or Salesforce orgs.

On the management console, a default organization will be automatically created for new and existing customers. You can use the default organization or create new organizations to grant access to services. This enables you to manage and visualize the security posture across all your tenants' services.

This feature is applicable to all the services that Cloud App Security currently supports, that is, Exchange Online, SharePoint Online, OneDrive, Microsoft Teams (Teams and Chat), Box, Dropbox, Google Workspace (Gmail and Google Drive), Salesforce, and Exchange Server.

Malware Scanning feedback collection enhancement

If the admin permits, Cloud App Security collects more suspicious file information in the Malware Scanning security filter to improve the detection capabilities of not only the Predictive Machine Learning engine (currently supported), but also the virus scan engine.

Protection for Microsoft Teams Chat (Preview)

Besides Teams in Microsoft Teams, Cloud App Security further supports Chat in Microsoft Teams and provides real-time Advanced Threat Protection and Data Loss Prevention for files and sensitive data sent in Chat messages.

Manual scan is not applicable for Teams Chat.

Cloud App Security Splunk Add-On for detection log collection

Cloud App Security posts an add-on in Splunkbase for the customer to install in their Splunk Enterprise. Besides using the existing Log Retrieval API, the customer can leverage the add-on to automatically retrieve security event logs from Cloud App Security and show them on the Splunk dashboard.

Email attachment sanitizing For Exchange Online

Cloud App Security enhances its Malware Scanning function by letting the admin choose whether to set actions specifically for emails that contain active content such as macros in the attachments. Cloud App Security can take actions on the entire email or sanitize the attachment by removing active content upon detection.

Global approved email header fields for Exchange Online

Besides the current approved header field list that applies only to a specific policy where the list is configured, Cloud App Security provides a global setting to let the administrator add approved email header fields for email messages to bypass scanning by all enabled ATP and DLP policies for Exchange Online.

Writing Style Analysis optimization for one more language

In addition to the already supported eight languages, Cloud App Security leverages the further optimized Writing Style DNA technology to protect email messages written in or containing the following language: Finnish.

Log report enhancements to the Top 10 by Scan Source section

Cloud App Security enriches the Top 10 by Scan Source section in log reports to add one column that displays the number of scanned items for each scan source, and add one row that shows the total number of detections and scanned items for all scan sources.

Manual scan support for Microsoft Teams

Cloud App Security extends its protection of Microsoft Teams by allowing the administrator to run manual scans, besides real-time scans, in Advanced Threat Protection and Data Loss Prevention.

Display name spoofing detection

Cloud App Security enhances its Advanced Spam Protection filter to let the administrator choose whether to inspect the email messages from external senders with a look-alike display name as used in your organization, to protect employees against email impersonation attacks. Cloud App Security also provides a global exception list to let the administrator add trusted email senders and exclude them from display name spoofing analysis.

URL Retro Scan & Auto Remediate in Web Reputation for Exchange Online and Gmail

Cloud App Security provides an option to rescan historical URLs in users' email metadata and perform continued remediation (automatically taking configured actions or restoring quarantined messages) using newer patterns updated by Web Reputation Services.

Users' email metadata may include undetected suspicious or dangerous URLs that have only recently been discovered. Examination of such metadata is an important part of forensic investigations to determine if your email service is affected by attacks.

One local admin account to manage multiple Cloud App Security tenants

Cloud App Security enables the administrator to associate a local admin account with multiple Cloud App Security tenants of your organization in the same serving site, so they can switch among and manage different tenants with one single account on the management console, instead of repeated logoff and logon using different admin accounts.

Official release of protection for Salesforce

Cloud App Security officially provides advanced protection for Salesforce Sandbox and Salesforce Production. The customer can purchase a separate license to configure real-time ATP and DLP scanning to safeguard confidential data in all objects and protect against malicious URLs and files posted to Chatter, Community, Cases, and Attachments in their Salesforce environment.

Quarantine and Delete actions added to ATP and DLP policies for Salesforce

Cloud App Security adds Quarantine and Delete as two more actions, besides Pass which is currently supported, in ATP and DLP policies for Salesforce.

Support for Cases and Attachments in ATP policies for Salesforce

Cloud App Security improves its Advanced Threat Protection capability to protect two more Apps Cases and Attachments against malicious files and URLs in your Salesforce environment, in addition to the already supported Chatter and Community.

Integration with Trend Micro Phish Insight for free phishing simulation

Cloud App Security integrates with Trend Micro Phish Insight to test and enhance the security awareness of your employees against social engineering, including phishing. The integration allows the administrator to open the Phish Insight home page from the Cloud App Security management console.

Phish Insight gives you the ability to launch a real-life phishing campaign with customizable phishing email templates that ask recipients to click links, enter data or download an attachment, so as to let you test what could happen to your organization before the hackers try.

Threat Investigation API to support file SHA-256 hash value

Besides the SHA-1 hash value, Cloud App Security extends its Threat Investigation API to sweep email messages in protected mailboxes for those containing attachment files with a specified SHA-256 hash value.

Serving site selection enhancement

Cloud App Security recommends a serving site on the Initial Configuration screen for new customers based on the site you are using for Trend Micro Apex One as a Service or Trend Vision One.

Quarantine management enhancement for Exchange Online

Cloud App Security adds a function for Exchange Online to redirect the administrator to the Quarantine screen for operations of an individual email message right from the Logs screen.

Password-protected compressed file analysis for Exchange Online and Gmail

Cloud App Security enhances its Malware Scanning security filter to protect Exchange Online and Gmail mailboxes from potential threats embedded in password-protected compressed files attached in email. It tries to do password guessing for the files by leveraging the email content and scans them to determine whether any action is required if the extraction succeeds.

India serving site launch

Besides the seven existing serving sites in the US, EU, UK, Japan, Australia and New Zealand, Canada, and Singapore, Cloud App Security opens a new one in India.

Multiple approved header fields in ATP policies for Exchange Online

Cloud App Security allows the administrator to add more than one approved header field in the Advanced Spam Protection and Web Reputation security filters. When an email message hits any of the configured fields, it will not be scanned for spam and suspicious URL detection.

Move to Junk Email Folder / Spam action added to Writing Style Analysis detection for email services

Cloud App Security adds Move to Junk Email Folder and Move to Spam as one more action in Writing Style Analysis for BEC in ATP policies for Exchange Online and for Gmail respectively.

Extra option to enable/disable dynamic URL scanning in Web Reputation

Cloud App Security provides an option in the Web Reputation security filter to let the administrator decide whether to use dynamic URL scanning (which now defaults to enabled in the back end). As a supplement to Web Reputation Services, dynamic URL scanning further analyzes URLs in real-time to detect phishing URLs in email messages and files in protected applications and services.

Log and email metadata retention extended to 180 days

Cloud App Security extends its log and email metadata retention from the current 90 days to 180 days. After this deployment, the administrator will be able to search security and audit logs of 30 more days every next month, and finally query logs of the previous 180 days in three months.

Clickable Overall Threat Detections statistics on Dashboard

Cloud App Security enhances the Overall Threat Detections widget, which lets the administrator hover over and click on each threat detection type to drill down to detailed logs related to the type within the selected time period.

High profile users and file extensions to support import/export

Cloud App Security supports the import and export functions in the High Profile Users in Global Settings and in the file extensions setting in File Blocking of ATP policies.

Downloaded Log reports to support table of contents

Cloud App Security improves the log reports by creating a Table of Contents in the downloaded .pdf file for the administrator to easily locate the required information.

In this version, Table of Contents applies to reports from Save > Report only.

Spam related header information added in Security Risk Scan logs

Cloud App Security displays headers of spam email messages detected by the Advanced Spam Protection security filter as a new column (named Spam Related Headers) of Security Risk Scan logs. The information can be used for further threat investigation.

More policy change events added in Audit Logs

Cloud App Security adds operations performed on ATP and DLP policies in Audit Logs, including enabling or disabling a policy or a security filter in a policy, and changing a configuration in a security filter.

Language support for Spanish

In addition to English, Japanese, Italian, German, and European Portuguese, the Cloud App Security management console adds language support for Spanish.

Token-based access grant for SharePoint Online and OneDrive (official release)

Cloud App Security officially supports token-based access grant for you to grant access to SharePoint Online and OneDrive with an Authorized Account using OAuth 2.0.

Singapore serving site launch

Besides the six existing serving sites in the U.S., EU, UK, Japan, Australia and New Zealand, and Canada, Cloud App Security opens a new one in Singapore.

Serving site selection

For the customers who log on to the Cloud App Security management console for the first time, Cloud App Security allows them to choose a serving site, instead of assigning one based on the location dictated by the customer’s CLP account.

Vendor fraud prevention by cousin domain detection

Cloud App Security provides a global setting to let the administrator add high-profile domains, for example, your partners’ domains or domains of famous brands, to leverage the improved Trend Micro Antispam Engine to detect cousin domains. A cousin domain looks deceptively similar to a legitimate target domain and is often used in phishing attacks to steal sensitive or confidential information from users.

Approved file list in Virtual Analyzer settings

Cloud App Security adds an approved file list in the Virtual Analyzer settings of ATP policies. This will enable the administrator to configure the files in your organization that can skip from being sent to Virtual Analyzer for further analysis.

In this release, this feature is available only for supported Office 365 services.

Threat Mitigation API enhancement to support Gmail

Cloud App Security extends the usage of its Threat Mitigation API to Gmail, which allows you to delete Gmail messages containing security risks through the API or the Vision One console.

Language support for European Portuguese

In addition to English, Japanese, Italian, and German, the Cloud App Security management console adds language support for European Portuguese.

Password-protected PDF file detection in Malware Scanning

Cloud App Security enhances its Malware Scanning function to not only detect password-protected files in the PDF format (this format was not supported before) for all protected cloud services, but also add one more action Tag subject to take on Exchange Online email messages upon detection of not-compressed password-protected files.

This enhancement is not available for Gmail.

Protection for Salesforce (Preview)

Cloud App Security adds Salesforce into its protected application family, and provides real-time ATP and DLP scanning to safeguard confidential data in all objects and protect against malicious URLs and files posted to Chatter and Community in the customer' Salesforce Sandbox environment.

New pre-defined DLP policy for Box shared links control

Cloud App Security provides a pre-defined DLP policy for Box that lets the administrator to manage the creation of open shared links to files and folders in the customer's Box user accounts.

One more action in Virtual Analyzer for unrated samples in Exchange Online

Cloud App Security adds the Move to Junk Email folder action to the Virtual Analyzer security filter in ATP policies for Exchange Online. This provides the administrator with one more option to take on email messages if they contain samples unable to be analyzed by Virtual Analyzer.

Extension of Office 365 service accounts (with partial targets selected) to protect all targets

Cloud App Security provides an option for the service account for Exchange Online, SharePoint Online, and OneDrive to extend its protection from selected targets to all targets under the corresponding service. As such, the administrator does not need to remove the current service account and create a new one.

Log Retrieval API to support the Microsoft Exchange service

Besides logs from its own service, Cloud App Security extends the Log Retrieval API to allow you to also get security event logs from ScanMail for Microsoft Exchange (if registered to Cloud App Security).

Revoking of access to Office 365 services on the management console

Cloud App Security allows the administrator to revoke access to Exchange Online, SharePoint Online, and OneDrive by manually removing the corresponding accounts on the Service Account page of the management console, so that they can create new service accounts as needed with another Office 365 tenant or using another CLP account.

Graymail and scam detection for Exchange Online

Cloud App Security leverages the enhanced Trend Micro Antispam Engine to detect graymail and email messages containing advance-fee scams (for example, 419 schemes, lottery scams) received in Exchange Online, and allows the administrator to take separate actions on these two categories.

Access token revalidation for the Box service account

Cloud App Security provides an option for the administrator to recreate a new access token when the access token for the Box service account becomes invalid, to ensure the availability of the service account.

Language support for German

In addition to English, Japanese, and Italian, the Cloud App Security management console adds language support for German.

Multiple authentication tokens for Automation and Integration APIs

Cloud App Security supports creation of more than one authentication token for external and Trend Micro platforms, products, and services to use the available Automation and Integration APIs based on customer needs.

If you have already created a token before this feature is deployed, you can still use it for all the supported external applications and Trend Micro product/service.

Log Retrieval API to support the Microsoft Teams service

Cloud App Security extends its Log Retrieval API to allow the administrator to get Microsoft Teams related security event logs to your SIEM or syslog platform for further threat detection and security analytics.

Launch of the Canada serving site

In addition to the EU, U.S., Japan, Australia and New Zealand, and UK sites, Cloud App Security opens a new serving site on April 28 to provide its advanced protection for new customers in Canada.

Language support for Italian

In addition to English and Japanese, the Cloud App Security management console adds language support for Italian.

Get Started wizard on Dashboard

Cloud App Security provides a Get Started wizard on Dashboard to get first-time administrators set up quickly to use the service.

Migration to use Modern Authentication for Exchange Online protection

Cloud App Security supports migrating the customers currently with a Delegate Account away from basic authentication and to use modern authentication. This enables Cloud App Security to continue its protection for Exchange Online after Microsoft fully decommissions the basic authentication for EWS to access Exchange Online in 2020.

Central management of email messages quarantined on integrated ScanMail servers

Cloud App Security allows the Trend Micro ScanMail for Microsoft Exchange ("ScanMail") server administrator to manage quarantined email messages on the Cloud App Security management console after the ScanMail server (installed with 14.0 Patch 3) deployed within your organization is successfully integrated with Cloud App Security.

New access grant approach for SharePoint Online and OneDrive (preview)

Cloud App Security uses OAuth authentication to provide one more approach for you to grant Cloud App Security access to SharePoint Online and OneDrive (initial access grant only), which does not require creation of an SharePoint Online Delegate Account.

Launch of the UK serving site

In addition to the EU, U.S., Japan, and Australia and New Zealand sites, Cloud App Security opens a new serving site to provide its advanced protection for new customers in the United Kingdom and Ireland.

Improvements to Approved Header Field

Cloud App Security improves the Approved Header Field feature, and adds it into both Advanced Spam Protection and Web Reputation of Advanced Threat Protection policies for Exchange Online.

Branding support for Licensing Management Platform (LMP) customers

Cloud App Security accepts the customized banner image set by service providers and other partners via the Licensing Management Platform console to display on the Cloud App Security management console.