Credit requirements for Email and Collaboration Security

Views:

Understand what features or apps are provided in the Email and Collaboration Security packages and how many Trend Vision One credits are required to enable each feature or app.

The following table describes the available packages for Email and Collaboration Security, including their corresponding deployment features and credit requirements.

Package	Description	Features	Credit requirement
Email and Collaboration Security - Core	Complete email security solution that includes anti-phishing, malware and spam filtering, Data Loss Prevention, account takeover, internal message scanning, file sandboxing, retro-scanning and more. Supports the API-based (Cloud Email and Collaboration Protection) or MX-based (Cloud Email Gateway Protection) deployment.	Standard features of Cloud Email and Collaboration Protection Or Standard features of Cloud Email Gateway Protection	Monthly: 2.08 credits per user Yearly: 25 credits per user
Email and Collaboration Security - Essentials	Advanced email security protection that includes all Email and Collaboration Security Core features, plus URL sandboxing, Email Continuity, Email Encryption, advanced DMARC analysis and more. Supports the API-based (Cloud Email and Collaboration Protection) or MX-based (Cloud Email Gateway Protection) deployment.	All Core features of Cloud Email and Collaboration Protection Exchange Online (Inline Mode) Gmail (Inline Mode) Virtual Analyzer for URLs (URL sandboxing) Or All Core features of Cloud Email Gateway Protection Virtual Analyzer for URLs (URL sandboxing) Email Encryption Email Continuity Extra Large Message Size DMARC Report Analysis	Monthly: 4.17 credits per user Yearly: 50 credits per user
Email and Collaboration Security - Pro	In addition to all features included in Email and Collaboration Security Essentials, Pro adds XDR for Email – correlating user email, threat logs, and user behavior for deeper visibility into suspicious activity. Supports both the API-based (Cloud Email and Collaboration Protection) and MX-based (Cloud Email Gateway Protection) deployments.	XDR for Email All Essential features of Cloud Email and Collaboration Protection All Essential features of Cloud Email Gateway Protection	Monthly: 8.75 credits per user Yearly: 105 credits per user
XDR for Email	Add Trend Vision One XDR to correlate email threats with broader attack patterns and stop phishing, BEC, and malware before they spread.	XDR for Email	Monthly: 0.42 credits per user Yearly: 5 credits per user

The total number of monthly credits required for each deployment is calculated by multiplying the required credits per unit by the number of eligible unique users or email addresses in each deployment.

Email and Collaboration Security captures daily snapshots of how many units of the solution you are using. Your credit drawdown for the month corresponds to the snapshot with the highest usage, after excluding the highest 15% of outlier snapshots. For more information, see How Trend Vision One calculates your credit usage.

Tip

Your usage and credit information updates daily at 5:00 (UTC).

To view the latest estimated total credit drawdown for the current month, go to the corresponding feature or app and click Manage usage. You can also go to Platform Usage and Credits → Credits overview → Credit usage overview.

Email and Collaboration Sensor

The following table describes the available Email and Collaboration Sensor features and required credits.

Feature

Required credits

Email Sensor

Monthly: 0.42 credits per user

Yearly: 5 credits per user

Collaboration Sensor

No credits required

Important

This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.

The users that are counted in the credit usage calculation are the users added as Email Sensor targets in the Email and Collaboration Sensor app.

Cloud Email and Collaboration Protection

The following table describes the available features and required credits of the Cloud Email and Collaboration Protection deployment.

Features	Description
Standard protection	Standard protection for your email and collaboration services, including services in Microsoft 365 and Google Workspace, Box, and Dropbox
Advanced protection	Advanced protection features including: Exchange Online (Inline Mode) Gmail (Inline Mode) Virtual Analyzer for URLs (URL sandboxing)

The users counted in the credit usage calculation are as follows:

Microsoft 365 services: The non-duplicated users that are added as targets of enabled policies for Exchange Online, OneDrive, or Teams Chat
Microsoft 365 services (SharePoint Online or Teams only): The users that are synchronized from your organization's identity provider if only policies for SharePoint Online or Teams (Teams) are enabled
Box, Dropbox, Gmail, Google Drive: The non-duplicated users that are added as targets of enabled policies for each service
Certain users are excluded from credit usage calculation, for example, unlicensed users, guest users, disabled users, and shared mailboxes in Microsoft Entra ID.
Policies include Advanced Threat Protection policies and Data Loss Prevention policies.
For advanced protection charges, only users that are added in the policies with an advanced protection feature enabled are counted.

For example, your organization uses Exchange Online and SharePoint Online and has 500 users stored in Microsoft Entra ID. You add 100 users in several policies for Exchange Online without Virtual Analyzer for URLs enabled, another 100 users in other policies for Exchange Online with this feature enabled, and 2 SharePoint sites in several policies for SharePoint Online. The total number of credits for the daily snapshot is calculated as follows: 2.08 * 100 + 4.17 * 100 = 625

Advanced protection charges occur when any of the advanced protection features is enabled. Enabling multiple advanced protection features still costs 4.17 credits per user. If you do not wish to use advanced protection, disable all advanced protection features.

Important

For customers having updated from Cloud App Security, if Virtual Analyzer for URLs was used in Cloud App Security, advanced protection is automatically enabled after the update, with credits for advanced protection automatically drawn down on the first of the following month.

If you no longer need to use Cloud Email and Collaboration Protection, disable all Advanced Threat Protection and Data Loss Prevention policies.

Cloud Email Gateway Protection

The following table describes the available features and required credits of the Cloud Email Gateway Protection deployment.

Features	Description
Standard protection	Standard protection to safeguard your emails against phishing, ransomware, BEC, other advanced email threats, and spam
Advanced protection	Advanced protection features including: Virtual Analyzer for URLs (URL sandboxing) Email Encryption Email Continuity Extra Large Message Size DMARC Report Analysis

Depending on whether you have integrated your user directories, for example, Microsoft Entra ID, OpenLDAP, with Trend Vision One through Workflow and Automation → Third-Party Integrations and synchronized users to Trend Vision One, you may have three credit usage calculation modes that use different units, that is, active users and/or unique active email addresses.

Mode	User directory integration	Credit usage calculation unit	Description	Example
Active users mode	Fully integrated	Active user	A user is treated as an active user if: The domain part of the user's email address is added to and managed by Cloud Email Gateway Protection, and At least one email has been successfully delivered to or sent out from the user's email address over the past 30 days. Certain users are excluded from credit usage calculation, for example, unlicensed users, guest users, disabled users, and shared mailboxes in Microsoft Entra ID.	You have added four domains to Cloud Email Gateway Protection and integrated the user directories for these domains with Trend Vision One. There are 1,000 active users on these domains. Credit usage calculation units: 1,000
Active email addresses mode	Not integrated	Unique active email address	An email address is treated as a unique active email address if: The domain part of the email address is added to and managed by Cloud Email Gateway Protection, and Duplicate email addresses with the same local part are removed. For example, the following two email addresses are treated as one email address for credit usage calculation: john.doe@example.com, john.doe@example.jp, and The email address matches one of the following conditions: At least three emails have been delivered successfully to the email address over the past 30 days At least one email has been sent out successfully from the email address over the past 30 days	You have added four domains to Cloud Email Gateway Protection but have not integrated the user directories for these domains with Trend Vision One. There are 2,000 unique active email addresses on these domains. Credit usage calculation units: 2,000
Mixed mode	Partially integrated	Active user and unique active email address depending on user directory integration	For domains with user directory integrated: Follow the active users mode. For domains without user directory integrated: Follow the active email addresses mode.	You have added two domains to Cloud Email Gateway Protection and integrated the user directories for these domains with Trend Vision One. There are 500 active users on these domains. You have added another two domains to Cloud Email Gateway Protection but have not integrated the user directories for these domains with Trend Vision One. There are 1,000 unique active email addresses on these domains. Credit usage calculation units: 500 + 1,000 = 1500

Advanced protection charges occur when any of the advanced protection features is enabled on even one user and will apply to all eligible users or email addresses on all managed domains. Enabling multiple advanced protection features still costs 4.17 credits per user or email address.

For example, you have added 3 domains with 500 users in Cloud Email Gateway Protection, 300 of which are active users over the past 30 days. You have enable URL sandboxing and Email Continuity on one domain, which means that advanced protection is enabled on all active users of the three domains. Therefore, the total number of credits required for the daily snapshot is calculated as follows: 4.17 * 300 = 1,251

If you do not wish to use advanced protection, disable all advanced protection features.

Important

For customers having updated from Trend Micro Email Security, if Email Encryption was used in Trend Micro Email Security, advanced protection is automatically enabled after the update, with credits for advanced protection automatically drawn down on the first of the following month.

If you no longer need to use Cloud Email Gateway Protection, delete all managed domains in the Domains screen.